Define a TLS section to group TLS, TLSOptions, and TLSStores.

Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com>
2019-06-27 23:58:03 +02:00 · 2019-06-27 23:58:03 +02:00 · 4245096be4
commit 4245096be4
parent c9b2a07bc7
52 changed files with 717 additions and 628 deletions
--- a/pkg/tls/tls.go
+++ b/pkg/tls/tls.go
@ -9,8 +9,8 @@ type ClientCA struct {
 	Optional bool
 }

-// TLS configures TLS for an entry point
-type TLS struct {
+// Options configures TLS for an entry point
+type Options struct {
 	MinVersion   string `export:"true"`
 	CipherSuites []string
 	ClientCA     ClientCA
@ -22,8 +22,8 @@ type Store struct {
 	DefaultCertificate *Certificate
 }

-// Configuration allows mapping a TLS certificate to a list of entry points.
-type Configuration struct {
+// CertAndStores allows mapping a TLS certificate to a list of entry points.
+type CertAndStores struct {
+	Certificate `yaml:",inline"`
 	Stores      []string
-	Certificate *Certificate
 }
--- a/pkg/tls/tlsmanager.go
+++ b/pkg/tls/tlsmanager.go
@ -17,8 +17,8 @@ import (
 type Manager struct {
 	storesConfig  map[string]Store
 	stores        map[string]*CertificateStore
-	configs       map[string]TLS
-	certs         []*Configuration
+	configs       map[string]Options
+	certs         []*CertAndStores
 	TLSAlpnGetter func(string) (*tls.Certificate, error)
 	lock          sync.RWMutex
 }
@ -29,7 +29,7 @@ func NewManager() *Manager {
 }

 // UpdateConfigs updates the TLS* configuration options
-func (m *Manager) UpdateConfigs(stores map[string]Store, configs map[string]TLS, certs []*Configuration) {
+func (m *Manager) UpdateConfigs(stores map[string]Store, configs map[string]Options, certs []*CertAndStores) {
 	m.lock.Lock()
 	defer m.lock.Unlock()

@ -153,7 +153,7 @@ func buildCertificateStore(tlsStore Store) (*CertificateStore, error) {
 }

 // creates a TLS config that allows terminating HTTPS for multiple domains using SNI
-func buildTLSConfig(tlsOption TLS) (*tls.Config, error) {
+func buildTLSConfig(tlsOption Options) (*tls.Config, error) {
 	conf := &tls.Config{}

 	// ensure http2 enabled
--- a/pkg/tls/tlsmanager_test.go
+++ b/pkg/tls/tlsmanager_test.go
@ -46,15 +46,12 @@ f9Oeos0UUothgiDktdQHxdNEwLjQf7lJJBzV+5OtwswCWA==
 )

 func TestTLSInStore(t *testing.T) {
-	dynamicConfigs :=
-		[]*Configuration{
-			{
-				Certificate: &Certificate{
-					CertFile: localhostCert,
-					KeyFile:  localhostKey,
-				},
-			},
-		}
+	dynamicConfigs := []*CertAndStores{{
+		Certificate: Certificate{
+			CertFile: localhostCert,
+			KeyFile:  localhostKey,
+		},
+	}}

 	tlsManager := NewManager()
 	tlsManager.UpdateConfigs(nil, nil, dynamicConfigs)
@ -66,15 +63,12 @@ func TestTLSInStore(t *testing.T) {
 }

 func TestTLSInvalidStore(t *testing.T) {
-	dynamicConfigs :=
-		[]*Configuration{
-			{
-				Certificate: &Certificate{
-					CertFile: localhostCert,
-					KeyFile:  localhostKey,
-				},
-			},
-		}
+	dynamicConfigs := []*CertAndStores{{
+		Certificate: Certificate{
+			CertFile: localhostCert,
+			KeyFile:  localhostKey,
+		},
+	}}

 	tlsManager := NewManager()
 	tlsManager.UpdateConfigs(map[string]Store{
@ -93,16 +87,14 @@ func TestTLSInvalidStore(t *testing.T) {
 }

 func TestManager_Get(t *testing.T) {
-	dynamicConfigs :=
-		[]*Configuration{
-			{
-				Certificate: &Certificate{
-					CertFile: localhostCert,
-					KeyFile:  localhostKey,
-				},
-			},
-		}
-	tlsConfigs := map[string]TLS{
+	dynamicConfigs := []*CertAndStores{{
+		Certificate: Certificate{
+			CertFile: localhostCert,
+			KeyFile:  localhostKey,
+		},
+	}}
+
+	tlsConfigs := map[string]Options{
 		"foo": {MinVersion: "VersionTLS12"},
 		"bar": {MinVersion: "VersionTLS11"},
 	}
@ -153,5 +145,4 @@ func TestManager_Get(t *testing.T) {
 			assert.Equal(t, config.MinVersion, test.expectedMinVersion)
 		})
 	}
-
 }