Update linter
This commit is contained in:
parent
f12c27aa7c
commit
328611c619
157 changed files with 489 additions and 508 deletions
|
@ -14,7 +14,7 @@ import (
|
|||
)
|
||||
|
||||
var (
|
||||
// MinVersion Map of allowed TLS minimum versions
|
||||
// MinVersion Map of allowed TLS minimum versions.
|
||||
MinVersion = map[string]uint16{
|
||||
`VersionTLS10`: tls.VersionTLS10,
|
||||
`VersionTLS11`: tls.VersionTLS11,
|
||||
|
@ -22,7 +22,7 @@ var (
|
|||
`VersionTLS13`: tls.VersionTLS13,
|
||||
}
|
||||
|
||||
// MaxVersion Map of allowed TLS maximum versions
|
||||
// MaxVersion Map of allowed TLS maximum versions.
|
||||
MaxVersion = map[string]uint16{
|
||||
`VersionTLS10`: tls.VersionTLS10,
|
||||
`VersionTLS11`: tls.VersionTLS11,
|
||||
|
@ -46,24 +46,24 @@ var (
|
|||
)
|
||||
|
||||
// Certificate holds a SSL cert/key pair
|
||||
// Certs and Key could be either a file path, or the file content itself
|
||||
// Certs and Key could be either a file path, or the file content itself.
|
||||
type Certificate struct {
|
||||
CertFile FileOrContent `json:"certFile,omitempty" toml:"certFile,omitempty" yaml:"certFile,omitempty"`
|
||||
KeyFile FileOrContent `json:"keyFile,omitempty" toml:"keyFile,omitempty" yaml:"keyFile,omitempty"`
|
||||
}
|
||||
|
||||
// Certificates defines traefik certificates type
|
||||
// Certs and Keys could be either a file path, or the file content itself
|
||||
// Certs and Keys could be either a file path, or the file content itself.
|
||||
type Certificates []Certificate
|
||||
|
||||
// FileOrContent hold a file path or content
|
||||
// FileOrContent hold a file path or content.
|
||||
type FileOrContent string
|
||||
|
||||
func (f FileOrContent) String() string {
|
||||
return string(f)
|
||||
}
|
||||
|
||||
// IsPath returns true if the FileOrContent is a file path, otherwise returns false
|
||||
// IsPath returns true if the FileOrContent is a file path, otherwise returns false.
|
||||
func (f FileOrContent) IsPath() bool {
|
||||
_, err := os.Stat(f.String())
|
||||
return err == nil
|
||||
|
@ -83,7 +83,7 @@ func (f FileOrContent) Read() ([]byte, error) {
|
|||
return content, nil
|
||||
}
|
||||
|
||||
// CreateTLSConfig creates a TLS config from Certificate structures
|
||||
// CreateTLSConfig creates a TLS config from Certificate structures.
|
||||
func (c *Certificates) CreateTLSConfig(entryPointName string) (*tls.Config, error) {
|
||||
config := &tls.Config{}
|
||||
domainsCertificates := make(map[string]map[string]*tls.Certificate)
|
||||
|
@ -115,7 +115,7 @@ func (c *Certificates) CreateTLSConfig(entryPointName string) (*tls.Config, erro
|
|||
return config, nil
|
||||
}
|
||||
|
||||
// isEmpty checks if the certificates list is empty
|
||||
// isEmpty checks if the certificates list is empty.
|
||||
func (c *Certificates) isEmpty() bool {
|
||||
if len(*c) == 0 {
|
||||
return true
|
||||
|
@ -134,16 +134,16 @@ func (c *Certificates) isEmpty() bool {
|
|||
func (c *Certificate) AppendCertificate(certs map[string]map[string]*tls.Certificate, ep string) error {
|
||||
certContent, err := c.CertFile.Read()
|
||||
if err != nil {
|
||||
return fmt.Errorf("unable to read CertFile : %v", err)
|
||||
return fmt.Errorf("unable to read CertFile : %w", err)
|
||||
}
|
||||
|
||||
keyContent, err := c.KeyFile.Read()
|
||||
if err != nil {
|
||||
return fmt.Errorf("unable to read KeyFile : %v", err)
|
||||
return fmt.Errorf("unable to read KeyFile : %w", err)
|
||||
}
|
||||
tlsCert, err := tls.X509KeyPair(certContent, keyContent)
|
||||
if err != nil {
|
||||
return fmt.Errorf("unable to generate TLS certificate : %v", err)
|
||||
return fmt.Errorf("unable to generate TLS certificate : %w", err)
|
||||
}
|
||||
|
||||
parsedCert, _ := x509.ParseCertificate(tlsCert.Certificate[0])
|
||||
|
@ -190,7 +190,7 @@ func (c *Certificate) AppendCertificate(certs map[string]map[string]*tls.Certifi
|
|||
return err
|
||||
}
|
||||
|
||||
// GetTruncatedCertificateName truncates the certificate name
|
||||
// GetTruncatedCertificateName truncates the certificate name.
|
||||
func (c *Certificate) GetTruncatedCertificateName() string {
|
||||
certName := c.CertFile.String()
|
||||
|
||||
|
@ -233,7 +233,7 @@ func (c *Certificates) Set(value string) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
// Type is type of the struct
|
||||
// Type is type of the struct.
|
||||
func (c *Certificates) Type() string {
|
||||
return "certificates"
|
||||
}
|
||||
|
|
|
@ -13,14 +13,14 @@ import (
|
|||
"github.com/patrickmn/go-cache"
|
||||
)
|
||||
|
||||
// CertificateStore store for dynamic and static certificates
|
||||
// CertificateStore store for dynamic and static certificates.
|
||||
type CertificateStore struct {
|
||||
DynamicCerts *safe.Safe
|
||||
DefaultCertificate *tls.Certificate
|
||||
CertCache *cache.Cache
|
||||
}
|
||||
|
||||
// NewCertificateStore create a store for dynamic and static certificates
|
||||
// NewCertificateStore create a store for dynamic and static certificates.
|
||||
func NewCertificateStore() *CertificateStore {
|
||||
return &CertificateStore{
|
||||
DynamicCerts: &safe.Safe{},
|
||||
|
@ -54,7 +54,7 @@ func (c CertificateStore) getDefaultCertificateDomains() []string {
|
|||
return allCerts
|
||||
}
|
||||
|
||||
// GetAllDomains return a slice with all the certificate domain
|
||||
// GetAllDomains return a slice with all the certificate domain.
|
||||
func (c CertificateStore) GetAllDomains() []string {
|
||||
allCerts := c.getDefaultCertificateDomains()
|
||||
|
||||
|
@ -67,7 +67,7 @@ func (c CertificateStore) GetAllDomains() []string {
|
|||
return allCerts
|
||||
}
|
||||
|
||||
// GetBestCertificate returns the best match certificate, and caches the response
|
||||
// GetBestCertificate returns the best match certificate, and caches the response.
|
||||
func (c CertificateStore) GetBestCertificate(clientHello *tls.ClientHelloInfo) *tls.Certificate {
|
||||
domainToCheck := strings.ToLower(strings.TrimSpace(clientHello.ServerName))
|
||||
if len(domainToCheck) == 0 {
|
||||
|
@ -110,14 +110,14 @@ func (c CertificateStore) GetBestCertificate(clientHello *tls.ClientHelloInfo) *
|
|||
return nil
|
||||
}
|
||||
|
||||
// ResetCache clears the cache in the store
|
||||
// ResetCache clears the cache in the store.
|
||||
func (c CertificateStore) ResetCache() {
|
||||
if c.CertCache != nil {
|
||||
c.CertCache.Flush()
|
||||
}
|
||||
}
|
||||
|
||||
// MatchDomain return true if a domain match the cert domain
|
||||
// MatchDomain return true if a domain match the cert domain.
|
||||
func MatchDomain(domain string, certDomain string) bool {
|
||||
if domain == certDomain {
|
||||
return true
|
||||
|
|
|
@ -14,10 +14,10 @@ import (
|
|||
"time"
|
||||
)
|
||||
|
||||
// DefaultDomain Traefik domain for the default certificate
|
||||
// DefaultDomain Traefik domain for the default certificate.
|
||||
const DefaultDomain = "TRAEFIK DEFAULT CERT"
|
||||
|
||||
// DefaultCertificate generates random TLS certificates
|
||||
// DefaultCertificate generates random TLS certificates.
|
||||
func DefaultCertificate() (*tls.Certificate, error) {
|
||||
randomBytes := make([]byte, 100)
|
||||
_, err := rand.Read(randomBytes)
|
||||
|
@ -41,7 +41,7 @@ func DefaultCertificate() (*tls.Certificate, error) {
|
|||
return &certificate, nil
|
||||
}
|
||||
|
||||
// KeyPair generates cert and key files
|
||||
// KeyPair generates cert and key files.
|
||||
func KeyPair(domain string, expiration time.Time) ([]byte, []byte, error) {
|
||||
rsaPrivKey, err := rsa.GenerateKey(rand.Reader, 2048)
|
||||
if err != nil {
|
||||
|
@ -56,7 +56,7 @@ func KeyPair(domain string, expiration time.Time) ([]byte, []byte, error) {
|
|||
return certPEM, keyPEM, nil
|
||||
}
|
||||
|
||||
// PemCert generates PEM cert file
|
||||
// PemCert generates PEM cert file.
|
||||
func PemCert(privKey *rsa.PrivateKey, domain string, expiration time.Time) ([]byte, error) {
|
||||
derBytes, err := derCert(privKey, expiration, domain)
|
||||
if err != nil {
|
||||
|
|
|
@ -14,7 +14,7 @@ type ClientAuth struct {
|
|||
|
||||
// +k8s:deepcopy-gen=true
|
||||
|
||||
// Options configures TLS for an entry point
|
||||
// Options configures TLS for an entry point.
|
||||
type Options struct {
|
||||
MinVersion string `json:"minVersion,omitempty" toml:"minVersion,omitempty" yaml:"minVersion,omitempty" export:"true"`
|
||||
MaxVersion string `json:"maxVersion,omitempty" toml:"maxVersion,omitempty" yaml:"maxVersion,omitempty" export:"true"`
|
||||
|
@ -27,7 +27,7 @@ type Options struct {
|
|||
|
||||
// +k8s:deepcopy-gen=true
|
||||
|
||||
// Store holds the options for a given Store
|
||||
// Store holds the options for a given Store.
|
||||
type Store struct {
|
||||
DefaultCertificate *Certificate `json:"defaultCertificate,omitempty" toml:"defaultCertificate,omitempty" yaml:"defaultCertificate,omitempty"`
|
||||
}
|
||||
|
|
|
@ -18,7 +18,7 @@ import (
|
|||
// DefaultTLSOptions the default TLS options.
|
||||
var DefaultTLSOptions = Options{}
|
||||
|
||||
// Manager is the TLS option/store/configuration factory
|
||||
// Manager is the TLS option/store/configuration factory.
|
||||
type Manager struct {
|
||||
storesConfig map[string]Store
|
||||
stores map[string]*CertificateStore
|
||||
|
@ -28,7 +28,7 @@ type Manager struct {
|
|||
lock sync.RWMutex
|
||||
}
|
||||
|
||||
// NewManager creates a new Manager
|
||||
// NewManager creates a new Manager.
|
||||
func NewManager() *Manager {
|
||||
return &Manager{
|
||||
stores: map[string]*CertificateStore{},
|
||||
|
@ -38,7 +38,7 @@ func NewManager() *Manager {
|
|||
}
|
||||
}
|
||||
|
||||
// UpdateConfigs updates the TLS* configuration options
|
||||
// UpdateConfigs updates the TLS* configuration options.
|
||||
func (m *Manager) UpdateConfigs(ctx context.Context, stores map[string]Store, configs map[string]Options, certs []*CertAndStores) {
|
||||
m.lock.Lock()
|
||||
defer m.lock.Unlock()
|
||||
|
@ -80,7 +80,7 @@ func (m *Manager) UpdateConfigs(ctx context.Context, stores map[string]Store, co
|
|||
}
|
||||
}
|
||||
|
||||
// Get gets the TLS configuration to use for a given store / configuration
|
||||
// Get gets the TLS configuration to use for a given store / configuration.
|
||||
func (m *Manager) Get(storeName string, configName string) (*tls.Config, error) {
|
||||
m.lock.RLock()
|
||||
defer m.lock.RUnlock()
|
||||
|
@ -141,7 +141,7 @@ func (m *Manager) getStore(storeName string) *CertificateStore {
|
|||
return m.stores[storeName]
|
||||
}
|
||||
|
||||
// GetStore gets the certificate store of a given name
|
||||
// GetStore gets the certificate store of a given name.
|
||||
func (m *Manager) GetStore(storeName string) *CertificateStore {
|
||||
m.lock.RLock()
|
||||
defer m.lock.RUnlock()
|
||||
|
@ -170,7 +170,7 @@ func buildCertificateStore(ctx context.Context, tlsStore Store) (*CertificateSto
|
|||
return certificateStore, nil
|
||||
}
|
||||
|
||||
// creates a TLS config that allows terminating HTTPS for multiple domains using SNI
|
||||
// creates a TLS config that allows terminating HTTPS for multiple domains using SNI.
|
||||
func buildTLSConfig(tlsOption Options) (*tls.Config, error) {
|
||||
conf := &tls.Config{}
|
||||
|
||||
|
@ -268,17 +268,17 @@ func buildTLSConfig(tlsOption Options) (*tls.Config, error) {
|
|||
func buildDefaultCertificate(defaultCertificate *Certificate) (*tls.Certificate, error) {
|
||||
certFile, err := defaultCertificate.CertFile.Read()
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to get cert file content: %v", err)
|
||||
return nil, fmt.Errorf("failed to get cert file content: %w", err)
|
||||
}
|
||||
|
||||
keyFile, err := defaultCertificate.KeyFile.Read()
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to get key file content: %v", err)
|
||||
return nil, fmt.Errorf("failed to get key file content: %w", err)
|
||||
}
|
||||
|
||||
cert, err := tls.X509KeyPair(certFile, keyFile)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to load X509 key pair: %v", err)
|
||||
return nil, fmt.Errorf("failed to load X509 key pair: %w", err)
|
||||
}
|
||||
return &cert, nil
|
||||
}
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue