Define a TLS section to group TLS, TLSOptions, and TLSStores.

Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com>
2019-06-27 23:58:03 +02:00 · 2019-06-27 23:58:03 +02:00 · 4245096be4
commit 4245096be4
parent c9b2a07bc7
52 changed files with 717 additions and 628 deletions
--- a/pkg/server/aggregator.go
+++ b/pkg/server/aggregator.go
@ -18,8 +18,10 @@ func mergeConfiguration(configurations config.Configurations) config.Configurati
 			Routers:  make(map[string]*config.TCPRouter),
 			Services: make(map[string]*config.TCPService),
 		},
-		TLSOptions: make(map[string]tls.TLS),
-		TLSStores:  make(map[string]tls.Store),
+		TLS: &config.TLSConfiguration{
+			Stores:  make(map[string]tls.Store),
+			Options: make(map[string]tls.Options),
+		},
 	}

 	var defaultTLSOptionProviders []string
@ -44,30 +46,33 @@ func mergeConfiguration(configurations config.Configurations) config.Configurati
 				conf.TCP.Services[internal.MakeQualifiedName(provider, serviceName)] = service
 			}
 		}
-		conf.TLS = append(conf.TLS, configuration.TLS...)

-		for key, store := range configuration.TLSStores {
-			conf.TLSStores[key] = store
-		}
+		if configuration.TLS != nil {
+			conf.TLS.Certificates = append(conf.TLS.Certificates, configuration.TLS.Certificates...)

-		for tlsOptionsName, config := range configuration.TLSOptions {
-			if tlsOptionsName != "default" {
-				tlsOptionsName = internal.MakeQualifiedName(provider, tlsOptionsName)
-			} else {
-				defaultTLSOptionProviders = append(defaultTLSOptionProviders, provider)
+			for key, store := range configuration.TLS.Stores {
+				conf.TLS.Stores[key] = store
 			}

-			conf.TLSOptions[tlsOptionsName] = config
+			for tlsOptionsName, options := range configuration.TLS.Options {
+				if tlsOptionsName != "default" {
+					tlsOptionsName = internal.MakeQualifiedName(provider, tlsOptionsName)
+				} else {
+					defaultTLSOptionProviders = append(defaultTLSOptionProviders, provider)
+				}
+
+				conf.TLS.Options[tlsOptionsName] = options
+			}
 		}
 	}

 	if len(defaultTLSOptionProviders) == 0 {
-		conf.TLSOptions["default"] = tls.TLS{}
+		conf.TLS.Options["default"] = tls.Options{}
 	} else if len(defaultTLSOptionProviders) > 1 {
 		log.WithoutContext().Errorf("Default TLS Options defined multiple times in %v", defaultTLSOptionProviders)
 		// We do not set an empty tls.TLS{} as above so that we actually get a "cascading failure" later on,
 		// i.e. routers depending on this missing TLS option will fail to initialize as well.
-		delete(conf.TLSOptions, "default")
+		delete(conf.TLS.Options, "default")
 	}

 	return conf
--- a/pkg/server/aggregator_test.go
+++ b/pkg/server/aggregator_test.go
@ -114,12 +114,12 @@ func TestAggregator_tlsoptions(t *testing.T) {
 	testCases := []struct {
 		desc     string
 		given    config.Configurations
-		expected map[string]tls.TLS
+		expected map[string]tls.Options
 	}{
 		{
 			desc:  "Nil returns an empty configuration",
 			given: nil,
-			expected: map[string]tls.TLS{
+			expected: map[string]tls.Options{
 				"default": {},
 			},
 		},
@ -127,14 +127,16 @@ func TestAggregator_tlsoptions(t *testing.T) {
 			desc: "Returns fully qualified elements from a mono-provider configuration map",
 			given: config.Configurations{
 				"provider-1": &config.Configuration{
-					TLSOptions: map[string]tls.TLS{
-						"foo": {
-							MinVersion: "VersionTLS12",
+					TLS: &config.TLSConfiguration{
+						Options: map[string]tls.Options{
+							"foo": {
+								MinVersion: "VersionTLS12",
+							},
 						},
 					},
 				},
 			},
-			expected: map[string]tls.TLS{
+			expected: map[string]tls.Options{
 				"default": {},
 				"foo@provider-1": {
 					MinVersion: "VersionTLS12",
@ -145,21 +147,25 @@ func TestAggregator_tlsoptions(t *testing.T) {
 			desc: "Returns fully qualified elements from a multi-provider configuration map",
 			given: config.Configurations{
 				"provider-1": &config.Configuration{
-					TLSOptions: map[string]tls.TLS{
-						"foo": {
-							MinVersion: "VersionTLS13",
+					TLS: &config.TLSConfiguration{
+						Options: map[string]tls.Options{
+							"foo": {
+								MinVersion: "VersionTLS13",
+							},
 						},
 					},
 				},
 				"provider-2": &config.Configuration{
-					TLSOptions: map[string]tls.TLS{
-						"foo": {
-							MinVersion: "VersionTLS12",
+					TLS: &config.TLSConfiguration{
+						Options: map[string]tls.Options{
+							"foo": {
+								MinVersion: "VersionTLS12",
+							},
 						},
 					},
 				},
 			},
-			expected: map[string]tls.TLS{
+			expected: map[string]tls.Options{
 				"default": {},
 				"foo@provider-1": {
 					MinVersion: "VersionTLS13",
@ -173,24 +179,28 @@ func TestAggregator_tlsoptions(t *testing.T) {
 			desc: "Create a valid default tls option when appears only in one provider",
 			given: config.Configurations{
 				"provider-1": &config.Configuration{
-					TLSOptions: map[string]tls.TLS{
-						"foo": {
-							MinVersion: "VersionTLS13",
-						},
-						"default": {
-							MinVersion: "VersionTLS11",
+					TLS: &config.TLSConfiguration{
+						Options: map[string]tls.Options{
+							"foo": {
+								MinVersion: "VersionTLS13",
+							},
+							"default": {
+								MinVersion: "VersionTLS11",
+							},
 						},
 					},
 				},
 				"provider-2": &config.Configuration{
-					TLSOptions: map[string]tls.TLS{
-						"foo": {
-							MinVersion: "VersionTLS12",
+					TLS: &config.TLSConfiguration{
+						Options: map[string]tls.Options{
+							"foo": {
+								MinVersion: "VersionTLS12",
+							},
 						},
 					},
 				},
 			},
-			expected: map[string]tls.TLS{
+			expected: map[string]tls.Options{
 				"default": {
 					MinVersion: "VersionTLS11",
 				},
@ -206,27 +216,31 @@ func TestAggregator_tlsoptions(t *testing.T) {
 			desc: "No default tls option if it is defined in multiple providers",
 			given: config.Configurations{
 				"provider-1": &config.Configuration{
-					TLSOptions: map[string]tls.TLS{
-						"foo": {
-							MinVersion: "VersionTLS12",
-						},
-						"default": {
-							MinVersion: "VersionTLS11",
+					TLS: &config.TLSConfiguration{
+						Options: map[string]tls.Options{
+							"foo": {
+								MinVersion: "VersionTLS12",
+							},
+							"default": {
+								MinVersion: "VersionTLS11",
+							},
 						},
 					},
 				},
 				"provider-2": &config.Configuration{
-					TLSOptions: map[string]tls.TLS{
-						"foo": {
-							MinVersion: "VersionTLS13",
-						},
-						"default": {
-							MinVersion: "VersionTLS12",
+					TLS: &config.TLSConfiguration{
+						Options: map[string]tls.Options{
+							"foo": {
+								MinVersion: "VersionTLS13",
+							},
+							"default": {
+								MinVersion: "VersionTLS12",
+							},
 						},
 					},
 				},
 			},
-			expected: map[string]tls.TLS{
+			expected: map[string]tls.Options{
 				"foo@provider-1": {
 					MinVersion: "VersionTLS12",
 				},
@ -239,21 +253,25 @@ func TestAggregator_tlsoptions(t *testing.T) {
 			desc: "Create a default TLS Options configuration if none was provided",
 			given: config.Configurations{
 				"provider-1": &config.Configuration{
-					TLSOptions: map[string]tls.TLS{
-						"foo": {
-							MinVersion: "VersionTLS12",
+					TLS: &config.TLSConfiguration{
+						Options: map[string]tls.Options{
+							"foo": {
+								MinVersion: "VersionTLS12",
+							},
 						},
 					},
 				},
 				"provider-2": &config.Configuration{
-					TLSOptions: map[string]tls.TLS{
-						"foo": {
-							MinVersion: "VersionTLS13",
+					TLS: &config.TLSConfiguration{
+						Options: map[string]tls.Options{
+							"foo": {
+								MinVersion: "VersionTLS13",
+							},
 						},
 					},
 				},
 			},
-			expected: map[string]tls.TLS{
+			expected: map[string]tls.Options{
 				"default": {},
 				"foo@provider-1": {
 					MinVersion: "VersionTLS12",
@ -272,7 +290,7 @@ func TestAggregator_tlsoptions(t *testing.T) {
 			t.Parallel()

 			actual := mergeConfiguration(test.given)
-			assert.Equal(t, test.expected, actual.TLSOptions)
+			assert.Equal(t, test.expected, actual.TLS.Options)
 		})
 	}
 }
--- a/pkg/server/router/tcp/router_test.go
+++ b/pkg/server/router/tcp/router_test.go
@ -203,7 +203,7 @@ func TestRuntimeConfiguration(t *testing.T) {
 			tlsManager := tls.NewManager()
 			tlsManager.UpdateConfigs(
 				map[string]tls.Store{},
-				map[string]tls.TLS{
+				map[string]tls.Options{
 					"default": {
 						MinVersion: "VersionTLS10",
 					},
@ -214,7 +214,7 @@ func TestRuntimeConfiguration(t *testing.T) {
 						MinVersion: "VersionTLS11",
 					},
 				},
-				[]*tls.Configuration{})
+				[]*tls.CertAndStores{})

 			routerManager := NewManager(conf, serviceManager,
 				nil, nil, tlsManager)
--- a/pkg/server/server_configuration.go
+++ b/pkg/server/server_configuration.go
@ -66,7 +66,7 @@ func (s *Server) loadConfigurationTCP(configurations config.Configurations) map[

 	conf := mergeConfiguration(configurations)

-	s.tlsManager.UpdateConfigs(conf.TLSStores, conf.TLSOptions, conf.TLS)
+	s.tlsManager.UpdateConfigs(conf.TLS.Stores, conf.TLS.Options, conf.TLS.Certificates)

 	rtConf := config.NewRuntimeConfig(conf)
 	handlersNonTLS, handlersTLS := s.createHTTPHandlers(ctx, rtConf, entryPoints)
@ -167,7 +167,7 @@ func isEmptyConfiguration(conf *config.Configuration) bool {
 	return conf.HTTP.Routers == nil &&
 		conf.HTTP.Services == nil &&
 		conf.HTTP.Middlewares == nil &&
-		conf.TLS == nil &&
+		(conf.TLS == nil || conf.TLS.Certificates == nil && conf.TLS.Stores == nil && conf.TLS.Options == nil) &&
 		conf.TCP.Routers == nil &&
 		conf.TCP.Services == nil
 }