Add basic auth to kubernetes provider

2017-04-23 16:17:20 +02:00 · 2017-04-23 16:17:20 +02:00 · 89da3b15a4
commit 89da3b15a4
parent dcc4d92983
4 changed files with 267 additions and 0 deletions
--- a/provider/kubernetes/kubernetes_test.go
+++ b/provider/kubernetes/kubernetes_test.go
@ -1466,6 +1466,35 @@ func TestIngressAnnotations(t *testing.T) {
 				},
 			},
 		},
+		{
+			ObjectMeta: v1.ObjectMeta{
+				Namespace: "testing",
+				Annotations: map[string]string{
+					"ingress.kubernetes.io/auth-type":   "basic",
+					"ingress.kubernetes.io/auth-secret": "mySecret",
+				},
+			},
+			Spec: v1beta1.IngressSpec{
+				Rules: []v1beta1.IngressRule{
+					{
+						Host: "basic",
+						IngressRuleValue: v1beta1.IngressRuleValue{
+							HTTP: &v1beta1.HTTPIngressRuleValue{
+								Paths: []v1beta1.HTTPIngressPath{
+									{
+										Path: "/auth",
+										Backend: v1beta1.IngressBackend{
+											ServiceName: "service1",
+											ServicePort: intstr.FromInt(80),
+										},
+									},
+								},
+							},
+						},
+					},
+				},
+			},
+		},
 		{
 			ObjectMeta: v1.ObjectMeta{
 				Namespace: "testing",
@ -1515,12 +1544,25 @@ func TestIngressAnnotations(t *testing.T) {
 			},
 		},
 	}
+	secrets := []*v1.Secret{
+		{
+			ObjectMeta: v1.ObjectMeta{
+				Name:      "mySecret",
+				UID:       "1",
+				Namespace: "testing",
+			},
+			Data: map[string][]byte{
+				"auth": []byte("myUser:myEncodedPW"),
+			},
+		},
+	}

 	endpoints := []*v1.Endpoints{}
 	watchChan := make(chan interface{})
 	client := clientMock{
 		ingresses: ingresses,
 		services:  services,
+		secrets:   secrets,
 		endpoints: endpoints,
 		watchChan: watchChan,
 	}
@ -1558,6 +1600,19 @@ func TestIngressAnnotations(t *testing.T) {
 					Method: "wrr",
 				},
 			},
+			"basic/auth": {
+				Servers: map[string]types.Server{
+					"http://example.com": {
+						URL:    "http://example.com",
+						Weight: 1,
+					},
+				},
+				CircuitBreaker: nil,
+				LoadBalancer: &types.LoadBalancer{
+					Sticky: false,
+					Method: "wrr",
+				},
+			},
 		},
 		Frontends: map[string]*types.Frontend{
 			"foo/bar": {
@ -1586,6 +1641,20 @@ func TestIngressAnnotations(t *testing.T) {
 					},
 				},
 			},
+			"basic/auth": {
+				Backend:        "basic/auth",
+				PassHostHeader: true,
+				Priority:       len("/auth"),
+				Routes: map[string]types.Route{
+					"/auth": {
+						Rule: "PathPrefix:/auth",
+					},
+					"basic": {
+						Rule: "Host:basic",
+					},
+				},
+				BasicAuth: []string{"myUser:myEncodedPW"},
+			},
 		},
 	}

@ -2030,13 +2099,102 @@ func TestMissingResources(t *testing.T) {
 	}
 }

+func TestBasicAuthInTemplate(t *testing.T) {
+	ingresses := []*v1beta1.Ingress{
+		{
+			ObjectMeta: v1.ObjectMeta{
+				Namespace: "testing",
+				Annotations: map[string]string{
+					"ingress.kubernetes.io/auth-type":   "basic",
+					"ingress.kubernetes.io/auth-secret": "mySecret",
+				},
+			},
+			Spec: v1beta1.IngressSpec{
+				Rules: []v1beta1.IngressRule{
+					{
+						Host: "basic",
+						IngressRuleValue: v1beta1.IngressRuleValue{
+							HTTP: &v1beta1.HTTPIngressRuleValue{
+								Paths: []v1beta1.HTTPIngressPath{
+									{
+										Path: "/auth",
+										Backend: v1beta1.IngressBackend{
+											ServiceName: "service1",
+											ServicePort: intstr.FromInt(80),
+										},
+									},
+								},
+							},
+						},
+					},
+				},
+			},
+		},
+	}
+	services := []*v1.Service{
+		{
+			ObjectMeta: v1.ObjectMeta{
+				Name:      "service1",
+				UID:       "1",
+				Namespace: "testing",
+			},
+			Spec: v1.ServiceSpec{
+				ClusterIP:    "10.0.0.1",
+				Type:         "ExternalName",
+				ExternalName: "example.com",
+				Ports: []v1.ServicePort{
+					{
+						Name: "http",
+						Port: 80,
+					},
+				},
+			},
+		},
+	}
+	secrets := []*v1.Secret{
+		{
+			ObjectMeta: v1.ObjectMeta{
+				Name:      "mySecret",
+				UID:       "1",
+				Namespace: "testing",
+			},
+			Data: map[string][]byte{
+				"auth": []byte("myUser:myEncodedPW"),
+			},
+		},
+	}
+
+	endpoints := []*v1.Endpoints{}
+	watchChan := make(chan interface{})
+	client := clientMock{
+		ingresses: ingresses,
+		services:  services,
+		secrets:   secrets,
+		endpoints: endpoints,
+		watchChan: watchChan,
+	}
+	provider := Provider{}
+	actual, err := provider.loadIngresses(client)
+	if err != nil {
+		t.Fatalf("error %+v", err)
+	}
+
+	actual = provider.loadConfig(*actual)
+	got := actual.Frontends["basic/auth"].BasicAuth
+	if !reflect.DeepEqual(got, []string{"myUser:myEncodedPW"}) {
+		t.Fatalf("unexpected credentials: %+v", got)
+	}
+}
+
 type clientMock struct {
 	ingresses []*v1beta1.Ingress
 	services  []*v1.Service
+	secrets   []*v1.Secret
 	endpoints []*v1.Endpoints
 	watchChan chan interface{}

 	apiServiceError   error
+	apiSecretError    error
 	apiEndpointsError error
 }

@ -2064,6 +2222,19 @@ func (c clientMock) GetService(namespace, name string) (*v1.Service, bool, error
 	return nil, false, nil
 }

+func (c clientMock) GetSecret(namespace, name string) (*v1.Secret, bool, error) {
+	if c.apiSecretError != nil {
+		return nil, false, c.apiSecretError
+	}
+
+	for _, secret := range c.secrets {
+		if secret.Namespace == namespace && secret.Name == name {
+			return secret, true, nil
+		}
+	}
+	return nil, false, nil
+}
+
 func (c clientMock) GetEndpoints(namespace, name string) (*v1.Endpoints, bool, error) {
 	if c.apiEndpointsError != nil {
 		return nil, false, c.apiEndpointsError