Define a TLS section to group TLS, TLSOptions, and TLSStores.

Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com>
2019-06-27 23:58:03 +02:00 · 2019-06-27 23:58:03 +02:00 · 4245096be4
commit 4245096be4
parent c9b2a07bc7
52 changed files with 717 additions and 628 deletions
--- a/pkg/provider/file/file.go
+++ b/pkg/provider/file/file.go
@ -182,28 +182,36 @@ func (p *Provider) loadFileConfig(filename string, parseTemplate bool) (*config.
 		return nil, err
 	}

-	var tlsConfigs []*tls.Configuration
-	for _, conf := range configuration.TLS {
-		bytes, err := conf.Certificate.CertFile.Read()
-		if err != nil {
-			log.Error(err)
-			continue
-		}
-		conf.Certificate.CertFile = tls.FileOrContent(string(bytes))
-
-		bytes, err = conf.Certificate.KeyFile.Read()
-		if err != nil {
-			log.Error(err)
-			continue
-		}
-		conf.Certificate.KeyFile = tls.FileOrContent(string(bytes))
-		tlsConfigs = append(tlsConfigs, conf)
+	if configuration.TLS != nil {
+		configuration.TLS.Certificates = flattenCertificates(configuration.TLS)
 	}
-	configuration.TLS = tlsConfigs

 	return configuration, nil
 }

+func flattenCertificates(tlsConfig *config.TLSConfiguration) []*tls.CertAndStores {
+	var certs []*tls.CertAndStores
+	for _, cert := range tlsConfig.Certificates {
+		content, err := cert.Certificate.CertFile.Read()
+		if err != nil {
+			log.Error(err)
+			continue
+		}
+		cert.Certificate.CertFile = tls.FileOrContent(string(content))
+
+		content, err = cert.Certificate.KeyFile.Read()
+		if err != nil {
+			log.Error(err)
+			continue
+		}
+		cert.Certificate.KeyFile = tls.FileOrContent(string(content))
+
+		certs = append(certs, cert)
+	}
+
+	return certs
+}
+
 func (p *Provider) loadFileConfigFromDirectory(ctx context.Context, directory string, configuration *config.Configuration) (*config.Configuration, error) {
 	logger := log.FromContext(ctx)

@ -223,13 +231,16 @@ func (p *Provider) loadFileConfigFromDirectory(ctx context.Context, directory st
 				Routers:  make(map[string]*config.TCPRouter),
 				Services: make(map[string]*config.TCPService),
 			},
+			TLS: &config.TLSConfiguration{
+				Stores:  make(map[string]tls.Store),
+				Options: make(map[string]tls.Options),
+			},
 		}
 	}

-	configTLSMaps := make(map[*tls.Configuration]struct{})
+	configTLSMaps := make(map[*tls.CertAndStores]struct{})

 	for _, item := range fileList {
-
 		if item.IsDir() {
 			configuration, err = p.loadFileConfigFromDirectory(ctx, filepath.Join(directory, item.Name()), configuration)
 			if err != nil {
@ -291,7 +302,7 @@ func (p *Provider) loadFileConfigFromDirectory(ctx context.Context, directory st
 			}
 		}

-		for _, conf := range c.TLS {
+		for _, conf := range c.TLS.Certificates {
 			if _, exists := configTLSMaps[conf]; exists {
 				logger.Warnf("TLS configuration %v already configured, skipping", conf)
 			} else {
@ -300,9 +311,14 @@ func (p *Provider) loadFileConfigFromDirectory(ctx context.Context, directory st
 		}
 	}

-	for conf := range configTLSMaps {
-		configuration.TLS = append(configuration.TLS, conf)
+	if len(configTLSMaps) > 0 {
+		configuration.TLS = &config.TLSConfiguration{}
 	}
+
+	for conf := range configTLSMaps {
+		configuration.TLS.Certificates = append(configuration.TLS.Certificates, conf)
+	}
+
 	return configuration, nil
 }

@ -364,9 +380,10 @@ func (p *Provider) decodeConfiguration(filePath string, content string) (*config
 			Routers:  make(map[string]*config.TCPRouter),
 			Services: make(map[string]*config.TCPService),
 		},
-		TLS:        make([]*tls.Configuration, 0),
-		TLSStores:  make(map[string]tls.Store),
-		TLSOptions: make(map[string]tls.TLS),
+		TLS: &config.TLSConfiguration{
+			Stores:  make(map[string]tls.Store),
+			Options: make(map[string]tls.Options),
+		},
 	}

 	switch strings.ToLower(filepath.Ext(filePath)) {
--- a/pkg/provider/file/file_test.go
+++ b/pkg/provider/file/file_test.go
@ -37,10 +37,9 @@ func TestTLSContent(t *testing.T) {
 	require.NoError(t, err)

 	content := `
-[[tls]]
-  [tls.certificate]
-    certFile = "` + fileTLS.Name() + `"
-    keyFile = "` + fileTLS.Name() + `"
+[[tls.certificates]]
+  certFile = "` + fileTLS.Name() + `"
+  keyFile = "` + fileTLS.Name() + `"
 `

 	_, err = fileConfig.Write([]byte(content))
@ -50,8 +49,8 @@ func TestTLSContent(t *testing.T) {
 	configuration, err := provider.loadFileConfig(fileConfig.Name(), true)
 	require.NoError(t, err)

-	require.Equal(t, "CONTENT", configuration.TLS[0].Certificate.CertFile.String())
-	require.Equal(t, "CONTENT", configuration.TLS[0].Certificate.KeyFile.String())
+	require.Equal(t, "CONTENT", configuration.TLS.Certificates[0].Certificate.CertFile.String())
+	require.Equal(t, "CONTENT", configuration.TLS.Certificates[0].Certificate.KeyFile.String())
 }

 func TestErrorWhenEmptyConfig(t *testing.T) {
@ -91,9 +90,11 @@ func TestProvideWithoutWatch(t *testing.T) {
 			timeout := time.After(time.Second)
 			select {
 			case conf := <-configChan:
+				require.NotNil(t, conf.Configuration.HTTP)
 				assert.Len(t, conf.Configuration.HTTP.Services, test.expectedNumService)
 				assert.Len(t, conf.Configuration.HTTP.Routers, test.expectedNumRouter)
-				assert.Len(t, conf.Configuration.TLS, test.expectedNumTLSConf)
+				require.NotNil(t, conf.Configuration.TLS)
+				assert.Len(t, conf.Configuration.TLS.Certificates, test.expectedNumTLSConf)
 			case <-timeout:
 				t.Errorf("timeout while waiting for config")
 			}
@ -116,9 +117,11 @@ func TestProvideWithWatch(t *testing.T) {
 			timeout := time.After(time.Second)
 			select {
 			case conf := <-configChan:
+				require.NotNil(t, conf.Configuration.HTTP)
 				assert.Len(t, conf.Configuration.HTTP.Services, 0)
 				assert.Len(t, conf.Configuration.HTTP.Routers, 0)
-				assert.Len(t, conf.Configuration.TLS, 0)
+				require.NotNil(t, conf.Configuration.TLS)
+				assert.Len(t, conf.Configuration.TLS.Certificates, 0)
 			case <-timeout:
 				t.Errorf("timeout while waiting for config")
 			}
@ -148,7 +151,7 @@ func TestProvideWithWatch(t *testing.T) {
 					numUpdates++
 					numServices = len(conf.Configuration.HTTP.Services)
 					numRouters = len(conf.Configuration.HTTP.Routers)
-					numTLSConfs = len(conf.Configuration.TLS)
+					numTLSConfs = len(conf.Configuration.TLS.Certificates)
 					t.Logf("received update #%d: services %d/%d, routers %d/%d, TLS configs %d/%d", numUpdates, numServices, test.expectedNumService, numRouters, test.expectedNumRouter, numTLSConfs, test.expectedNumTLSConf)

 					if numServices == test.expectedNumService && numRouters == test.expectedNumRouter && numTLSConfs == test.expectedNumTLSConf {
--- a/pkg/provider/file/fixtures/toml/dir01_file03.toml
+++ b/pkg/provider/file/fixtures/toml/dir01_file03.toml
@ -1,16 +1,17 @@
-[[TLS]]
-	[TLS.Certificate]
-	CertFile = "integration/fixtures/https/snitest1.com.cert"
-	KeyFile = "integration/fixtures/https/snitest1.com.key"
-[[TLS]]
-	[TLS.Certificate]
-	CertFile = "integration/fixtures/https/snitest2.com.cert"
-	KeyFile = "integration/fixtures/https/snitest2.com.key"
-[[TLS]]
-	[TLS.Certificate]
-	CertFile = "integration/fixtures/https/snitest3.com.cert"
-	KeyFile = "integration/fixtures/https/snitest3.com.key"
-[[TLS]]
-	[TLS.Certificate]
-	CertFile = "integration/fixtures/https/snitest4.com.cert"
-	KeyFile = "integration/fixtures/https/snitest4.com.key"
+[TLS]
+
+[[TLS.Certificates]]
+  CertFile = "integration/fixtures/https/snitest1.com.cert"
+  KeyFile = "integration/fixtures/https/snitest1.com.key"
+
+[[TLS.Certificates]]
+  CertFile = "integration/fixtures/https/snitest2.com.cert"
+  KeyFile = "integration/fixtures/https/snitest2.com.key"
+
+[[TLS.Certificates]]
+  CertFile = "integration/fixtures/https/snitest3.com.cert"
+  KeyFile = "integration/fixtures/https/snitest3.com.key"
+
+[[TLS.Certificates]]
+  CertFile = "integration/fixtures/https/snitest4.com.cert"
+  KeyFile = "integration/fixtures/https/snitest4.com.key"
--- a/pkg/provider/file/fixtures/toml/simple_file_01.toml
+++ b/pkg/provider/file/fixtures/toml/simple_file_01.toml
@ -33,23 +33,25 @@
 [http.services.application-6.loadbalancer]
   [[http.services.application-6.loadbalancer.servers]]
     url = "http://172.17.0.6:80"
-[[TLS]]
-	[TLS.Certificate]
-	CertFile = "integration/fixtures/https/snitest1.com.cert"
-	KeyFile = "integration/fixtures/https/snitest1.com.key"
-[[TLS]]
-	[TLS.Certificate]
-	CertFile = "integration/fixtures/https/snitest2.com.cert"
-	KeyFile = "integration/fixtures/https/snitest2.com.key"
-[[TLS]]
-	[TLS.Certificate]
-	CertFile = "integration/fixtures/https/snitest3.com.cert"
-	KeyFile = "integration/fixtures/https/snitest3.com.key"
-[[TLS]]
-	[TLS.Certificate]
-	CertFile = "integration/fixtures/https/snitest4.com.cert"
-	KeyFile = "integration/fixtures/https/snitest4.com.key"
-[[TLS]]
-	[TLS.Certificate]
-	CertFile = "integration/fixtures/https/snitest5.com.cert"
-	KeyFile = "integration/fixtures/https/snitest5.com.key"
+
+[TLS]
+
+[[TLS.Certificates]]
+  CertFile = "integration/fixtures/https/snitest1.com.cert"
+  KeyFile = "integration/fixtures/https/snitest1.com.key"
+
+[[TLS.Certificates]]
+  CertFile = "integration/fixtures/https/snitest2.com.cert"
+  KeyFile = "integration/fixtures/https/snitest2.com.key"
+
+[[TLS.Certificates]]
+  CertFile = "integration/fixtures/https/snitest3.com.cert"
+  KeyFile = "integration/fixtures/https/snitest3.com.key"
+
+[[TLS.Certificates]]
+  CertFile = "integration/fixtures/https/snitest4.com.cert"
+  KeyFile = "integration/fixtures/https/snitest4.com.key"
+
+[[TLS.Certificates]]
+  CertFile = "integration/fixtures/https/snitest5.com.cert"
+  KeyFile = "integration/fixtures/https/snitest5.com.key"
--- a/pkg/provider/file/fixtures/toml/simple_file_02.toml
+++ b/pkg/provider/file/fixtures/toml/simple_file_02.toml
@ -44,19 +44,21 @@
 [http.services.application-8.loadbalancer]
   [[http.services.application-8.loadbalancer.servers]]
     url = "http://172.17.0.8:80"
-[[TLS]]
-	[TLS.Certificate]
-	CertFile = "integration/fixtures/https/snitest1.com.cert"
-	KeyFile = "integration/fixtures/https/snitest1.com.key"
-[[TLS]]
-	[TLS.Certificate]
-	CertFile = "integration/fixtures/https/snitest2.com.cert"
-	KeyFile = "integration/fixtures/https/snitest2.com.key"
-[[TLS]]
-	[TLS.Certificate]
-	CertFile = "integration/fixtures/https/snitest3.com.cert"
-	KeyFile = "integration/fixtures/https/snitest3.com.key"
-[[TLS]]
-	[TLS.Certificate]
-	CertFile = "integration/fixtures/https/snitest4.com.cert"
-	KeyFile = "integration/fixtures/https/snitest4.com.key"
+
+[TLS]
+
+[[TLS.Certificates]]
+  CertFile = "integration/fixtures/https/snitest1.com.cert"
+  KeyFile = "integration/fixtures/https/snitest1.com.key"
+
+[[TLS.Certificates]]
+  CertFile = "integration/fixtures/https/snitest2.com.cert"
+  KeyFile = "integration/fixtures/https/snitest2.com.key"
+
+[[TLS.Certificates]]
+  CertFile = "integration/fixtures/https/snitest3.com.cert"
+  KeyFile = "integration/fixtures/https/snitest3.com.key"
+
+[[TLS.Certificates]]
+  CertFile = "integration/fixtures/https/snitest4.com.cert"
+  KeyFile = "integration/fixtures/https/snitest4.com.key"
--- a/pkg/provider/file/fixtures/toml/simple_traefik_file_01.toml
+++ b/pkg/provider/file/fixtures/toml/simple_traefik_file_01.toml
@ -1,3 +1,2 @@
-
 [log]
-	level = "DEBUG"
+  level = "DEBUG"
--- a/pkg/provider/file/fixtures/toml/simple_traefik_file_02.toml
+++ b/pkg/provider/file/fixtures/toml/simple_traefik_file_02.toml
@ -20,19 +20,21 @@
 [http.services.application-3.loadbalancer]
   [[http.services.application-3.loadbalancer.servers]]
     url = "http://172.17.0.3:80"
-[[TLS]]
-	[TLS.Certificate]
-	CertFile = "integration/fixtures/https/snitest1.com.cert"
-	KeyFile = "integration/fixtures/https/snitest1.com.key"
-[[TLS]]
-	[TLS.Certificate]
-	CertFile = "integration/fixtures/https/snitest2.com.cert"
-	KeyFile = "integration/fixtures/https/snitest2.com.key"
-[[TLS]]
-	[TLS.Certificate]
-	CertFile = "integration/fixtures/https/snitest3.com.cert"
-	KeyFile = "integration/fixtures/https/snitest3.com.key"
-[[TLS]]
-	[TLS.Certificate]
-	CertFile = "integration/fixtures/https/snitest4.com.cert"
-	KeyFile = "integration/fixtures/https/snitest4.com.key"
+
+[TLS]
+
+[[TLS.Certificates]]
+  CertFile = "integration/fixtures/https/snitest1.com.cert"
+  KeyFile = "integration/fixtures/https/snitest1.com.key"
+
+[[TLS.Certificates]]
+  CertFile = "integration/fixtures/https/snitest2.com.cert"
+  KeyFile = "integration/fixtures/https/snitest2.com.key"
+
+[[TLS.Certificates]]
+  CertFile = "integration/fixtures/https/snitest3.com.cert"
+  KeyFile = "integration/fixtures/https/snitest3.com.key"
+
+[[TLS.Certificates]]
+  CertFile = "integration/fixtures/https/snitest4.com.cert"
+  KeyFile = "integration/fixtures/https/snitest4.com.key"
--- a/pkg/provider/file/fixtures/toml/simple_traefik_file_with_templating.toml
+++ b/pkg/provider/file/fixtures/toml/simple_traefik_file_with_templating.toml
@ -1,7 +1,8 @@
+temp="{{ getTag \"test\" }}"

-				temp="{{ getTag \"test\" }}"
-				[providers.file]	
-				[http.routers]
+[providers.file]
+
+[http.routers]
 
 [http.routers."router1"]
 	service = "application-1"
@ -21,19 +22,21 @@
 [http.services.application-3.loadbalancer]
   [[http.services.application-3.loadbalancer.servers]]
     url = "http://172.17.0.3:80"
-[[TLS]]
-	[TLS.Certificate]
-	CertFile = "integration/fixtures/https/snitest1.com.cert"
-	KeyFile = "integration/fixtures/https/snitest1.com.key"
-[[TLS]]
-	[TLS.Certificate]
-	CertFile = "integration/fixtures/https/snitest2.com.cert"
-	KeyFile = "integration/fixtures/https/snitest2.com.key"
-[[TLS]]
-	[TLS.Certificate]
-	CertFile = "integration/fixtures/https/snitest3.com.cert"
-	KeyFile = "integration/fixtures/https/snitest3.com.key"
-[[TLS]]
-	[TLS.Certificate]
-	CertFile = "integration/fixtures/https/snitest4.com.cert"
-	KeyFile = "integration/fixtures/https/snitest4.com.key"
+
+[TLS]
+
+[[TLS.Certificates]]
+  CertFile = "integration/fixtures/https/snitest1.com.cert"
+  KeyFile = "integration/fixtures/https/snitest1.com.key"
+
+[[TLS.Certificates]]
+  CertFile = "integration/fixtures/https/snitest2.com.cert"
+  KeyFile = "integration/fixtures/https/snitest2.com.key"
+
+[[TLS.Certificates]]
+  CertFile = "integration/fixtures/https/snitest3.com.cert"
+  KeyFile = "integration/fixtures/https/snitest3.com.key"
+
+[[TLS.Certificates]]
+  CertFile = "integration/fixtures/https/snitest4.com.cert"
+  KeyFile = "integration/fixtures/https/snitest4.com.key"
--- a/pkg/provider/file/fixtures/toml/template_file.toml
+++ b/pkg/provider/file/fixtures/toml/template_file.toml
@ -1,4 +1,3 @@
-
 [http.routers]
 {{ range $i, $e := until 20 }}
  [http.routers.router{{ $e }}]
--- a/pkg/provider/file/fixtures/yaml/dir01_file03.yml
+++ b/pkg/provider/file/fixtures/yaml/dir01_file03.yml
@ -1,13 +1,10 @@
 tls:
-  - certificate:
-      certfile: integration/fixtures/https/snitest1.com.cert
-      keyfile: integration/fixtures/https/snitest1.com.key
-  - certificate:
-      certfile: integration/fixtures/https/snitest2.com.cert
-      keyfile: integration/fixtures/https/snitest2.com.key
-  - certificate:
-      certfile: integration/fixtures/https/snitest3.com.cert
-      keyfile: integration/fixtures/https/snitest3.com.key
-  - certificate:
-      certfile: integration/fixtures/https/snitest4.com.cert
-      keyfile: integration/fixtures/https/snitest4.com.key
+  certificates:
+  - certfile: integration/fixtures/https/snitest1.com.cert
+    keyfile: integration/fixtures/https/snitest1.com.key
+  - certfile: integration/fixtures/https/snitest2.com.cert
+    keyfile: integration/fixtures/https/snitest2.com.key
+  - certfile: integration/fixtures/https/snitest3.com.cert
+    keyfile: integration/fixtures/https/snitest3.com.key
+  - certfile: integration/fixtures/https/snitest4.com.cert
+    keyfile: integration/fixtures/https/snitest4.com.key
--- a/pkg/provider/file/fixtures/yaml/simple_file_01.yml
+++ b/pkg/provider/file/fixtures/yaml/simple_file_01.yml
@ -33,18 +33,14 @@ http:
          - url: 'http://172.17.0.6:80'

 tls:
-  - certificate:
-      certfile: integration/fixtures/https/snitest1.com.cert
-      keyfile: integration/fixtures/https/snitest1.com.key
-  - certificate:
-      certfile: integration/fixtures/https/snitest2.com.cert
-      keyfile: integration/fixtures/https/snitest2.com.key
-  - certificate:
-      certfile: integration/fixtures/https/snitest3.com.cert
-      keyfile: integration/fixtures/https/snitest3.com.key
-  - certificate:
-      certfile: integration/fixtures/https/snitest4.com.cert
-      keyfile: integration/fixtures/https/snitest4.com.key
-  - certificate:
-      certfile: integration/fixtures/https/snitest5.com.cert
-      keyfile: integration/fixtures/https/snitest5.com.key
+  certificates:
+  - certfile: integration/fixtures/https/snitest1.com.cert
+    keyfile: integration/fixtures/https/snitest1.com.key
+  - certfile: integration/fixtures/https/snitest2.com.cert
+    keyfile: integration/fixtures/https/snitest2.com.key
+  - certfile: integration/fixtures/https/snitest3.com.cert
+    keyfile: integration/fixtures/https/snitest3.com.key
+  - certfile: integration/fixtures/https/snitest4.com.cert
+    keyfile: integration/fixtures/https/snitest4.com.key
+  - certfile: integration/fixtures/https/snitest5.com.cert
+    keyfile: integration/fixtures/https/snitest5.com.key
--- a/pkg/provider/file/fixtures/yaml/simple_file_02.yml
+++ b/pkg/provider/file/fixtures/yaml/simple_file_02.yml
@ -43,16 +43,12 @@ http:
          - url: 'http://172.17.0.8:80'

 tls:
-  - certificate:
-      certfile: integration/fixtures/https/snitest1.com.cert
+  certificates:
+    - certfile: integration/fixtures/https/snitest1.com.cert
      keyfile: integration/fixtures/https/snitest1.com.key
-  - certificate:
-      certfile: integration/fixtures/https/snitest2.com.cert
+    - certfile: integration/fixtures/https/snitest2.com.cert
      keyfile: integration/fixtures/https/snitest2.com.key
-  - certificate:
-      certfile: integration/fixtures/https/snitest3.com.cert
+    - certfile: integration/fixtures/https/snitest3.com.cert
      keyfile: integration/fixtures/https/snitest3.com.key
-  - certificate:
-      certfile: integration/fixtures/https/snitest4.com.cert
-      keyfile: integration/fixtures/https/snitest4.com.key
-
+    - certfile: integration/fixtures/https/snitest4.com.cert
+      keyfile: integration/fixtures/https/snitest4.com.key
--- a/pkg/provider/file/fixtures/yaml/simple_traefik_file_02.yml
+++ b/pkg/provider/file/fixtures/yaml/simple_traefik_file_02.yml
@ -21,15 +21,12 @@ http:
          - url: 'http://172.17.0.3:80'

 tls:
-  - certificate:
-      certfile: integration/fixtures/https/snitest1.com.cert
+  certificates:
+    - certfile: integration/fixtures/https/snitest1.com.cert
      keyfile: integration/fixtures/https/snitest1.com.key
-  - certificate:
-      certfile: integration/fixtures/https/snitest2.com.cert
+    - certfile: integration/fixtures/https/snitest2.com.cert
      keyfile: integration/fixtures/https/snitest2.com.key
-  - certificate:
-      certfile: integration/fixtures/https/snitest3.com.cert
+    - certfile: integration/fixtures/https/snitest3.com.cert
      keyfile: integration/fixtures/https/snitest3.com.key
-  - certificate:
-      certfile: integration/fixtures/https/snitest4.com.cert
-      keyfile: integration/fixtures/https/snitest4.com.key
+    - certfile: integration/fixtures/https/snitest4.com.cert
+      keyfile: integration/fixtures/https/snitest4.com.key