Support file path as input param for Kubernetes token value

2024-01-11 21:36:06 +05:30 · 2024-01-11 21:36:06 +05:30 · 980dac4572
commit 980dac4572
parent ff7966f9cd
37 changed files with 292 additions and 256 deletions
--- a/pkg/server/configurationwatcher.go
+++ b/pkg/server/configurationwatcher.go
@ -12,6 +12,7 @@ import (
 	"github.com/traefik/traefik/v3/pkg/provider"
 	"github.com/traefik/traefik/v3/pkg/safe"
 	"github.com/traefik/traefik/v3/pkg/tls"
+	"github.com/traefik/traefik/v3/pkg/types"
 )

 // ConfigurationWatcher watches configuration changes.
@ -188,7 +189,7 @@ func logConfiguration(logger zerolog.Logger, configMsg dynamic.Message) {
 		if copyConf.TLS.Options != nil {
 			cleanedOptions := make(map[string]tls.Options, len(copyConf.TLS.Options))
 			for name, option := range copyConf.TLS.Options {
-				option.ClientAuth.CAFiles = []tls.FileOrContent{}
+				option.ClientAuth.CAFiles = []types.FileOrContent{}
 				cleanedOptions[name] = option
 			}

@ -205,7 +206,7 @@ func logConfiguration(logger zerolog.Logger, configMsg dynamic.Message) {
 	if copyConf.HTTP != nil {
 		for _, transport := range copyConf.HTTP.ServersTransports {
 			transport.Certificates = tls.Certificates{}
-			transport.RootCAs = []tls.FileOrContent{}
+			transport.RootCAs = []types.FileOrContent{}
 		}
 	}

@ -213,7 +214,7 @@ func logConfiguration(logger zerolog.Logger, configMsg dynamic.Message) {
 		for _, transport := range copyConf.TCP.ServersTransports {
 			if transport.TLS != nil {
 				transport.TLS.Certificates = tls.Certificates{}
-				transport.TLS.RootCAs = []tls.FileOrContent{}
+				transport.TLS.RootCAs = []types.FileOrContent{}
 			}
 		}
 	}
--- a/pkg/server/server_entrypoint_tcp_http3_test.go
+++ b/pkg/server/server_entrypoint_tcp_http3_test.go
@ -12,7 +12,7 @@ import (
 	"github.com/stretchr/testify/require"
 	"github.com/traefik/traefik/v3/pkg/config/static"
 	tcprouter "github.com/traefik/traefik/v3/pkg/server/router/tcp"
-	traefiktls "github.com/traefik/traefik/v3/pkg/tls"
+	"github.com/traefik/traefik/v3/pkg/types"
 )

 // LocalhostCert is a PEM-encoded TLS cert with SAN IPs
@ -20,7 +20,7 @@ import (
 // generated from src/crypto/tls:
 // go run generate_cert.go  --rsa-bits 2048 --host 127.0.0.1,::1,example.com --ca --start-date "Jan 1 00:00:00 1970" --duration=1000000h
 var (
-	localhostCert = traefiktls.FileOrContent(`-----BEGIN CERTIFICATE-----
+	localhostCert = types.FileOrContent(`-----BEGIN CERTIFICATE-----
 MIIDOTCCAiGgAwIBAgIQSRJrEpBGFc7tNb1fb5pKFzANBgkqhkiG9w0BAQsFADAS
 MRAwDgYDVQQKEwdBY21lIENvMCAXDTcwMDEwMTAwMDAwMFoYDzIwODQwMTI5MTYw
 MDAwWjASMRAwDgYDVQQKEwdBY21lIENvMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
@ -42,7 +42,7 @@ WkBKOclmOV2xlTVuPw==
 -----END CERTIFICATE-----`)

 	// LocalhostKey is the private key for localhostCert.
-	localhostKey = traefiktls.FileOrContent(`-----BEGIN RSA PRIVATE KEY-----
+	localhostKey = types.FileOrContent(`-----BEGIN RSA PRIVATE KEY-----
 MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDoZtrm0dXV0Aqi
 4Bpc7f95sNRTiu/AJSD8I1onY9PnEsPg3VVxvytsVJbYdcqr4w99V3AgpH/UNzMS
 gAZ/8lZBNbsSDOVesJ3euVqMRfYPvd9pYl6QPRRpSDPm+2tNdn3QFAvta9EgJ3sW
--- a/pkg/server/service/roundtripper.go
+++ b/pkg/server/service/roundtripper.go
@ -18,6 +18,7 @@ import (
 	"github.com/spiffe/go-spiffe/v2/svid/x509svid"
 	"github.com/traefik/traefik/v3/pkg/config/dynamic"
 	traefiktls "github.com/traefik/traefik/v3/pkg/tls"
+	"github.com/traefik/traefik/v3/pkg/types"
 	"golang.org/x/net/http2"
 )

@ -185,7 +186,7 @@ func (r *RoundTripperManager) createRoundTripper(cfg *dynamic.ServersTransport)
 	return newSmartRoundTripper(transport, cfg.ForwardingTimeouts)
 }

-func createRootCACertPool(rootCAs []traefiktls.FileOrContent) *x509.CertPool {
+func createRootCACertPool(rootCAs []types.FileOrContent) *x509.CertPool {
 	if len(rootCAs) == 0 {
 		return nil
 	}
--- a/pkg/server/service/roundtripper_test.go
+++ b/pkg/server/service/roundtripper_test.go
@ -23,6 +23,7 @@ import (
 	"github.com/stretchr/testify/require"
 	"github.com/traefik/traefik/v3/pkg/config/dynamic"
 	traefiktls "github.com/traefik/traefik/v3/pkg/tls"
+	"github.com/traefik/traefik/v3/pkg/types"
 )

 func Int32(i int32) *int32 {
@ -144,7 +145,7 @@ func TestKeepConnectionWhenSameConfiguration(t *testing.T) {
 	dynamicConf := map[string]*dynamic.ServersTransport{
 		"test": {
 			ServerName: "example.com",
-			RootCAs:    []traefiktls.FileOrContent{traefiktls.FileOrContent(LocalhostCert)},
+			RootCAs:    []types.FileOrContent{types.FileOrContent(LocalhostCert)},
 		},
 	}

@ -167,7 +168,7 @@ func TestKeepConnectionWhenSameConfiguration(t *testing.T) {
 	dynamicConf = map[string]*dynamic.ServersTransport{
 		"test": {
 			ServerName: "www.example.com",
-			RootCAs:    []traefiktls.FileOrContent{traefiktls.FileOrContent(LocalhostCert)},
+			RootCAs:    []types.FileOrContent{types.FileOrContent(LocalhostCert)},
 		},
 	}

@ -213,13 +214,13 @@ func TestMTLS(t *testing.T) {
 		"test": {
 			ServerName: "example.com",
 			// For TLS
-			RootCAs: []traefiktls.FileOrContent{traefiktls.FileOrContent(LocalhostCert)},
+			RootCAs: []types.FileOrContent{types.FileOrContent(LocalhostCert)},

 			// For mTLS
 			Certificates: traefiktls.Certificates{
 				traefiktls.Certificate{
-					CertFile: traefiktls.FileOrContent(mTLSCert),
-					KeyFile:  traefiktls.FileOrContent(mTLSKey),
+					CertFile: types.FileOrContent(mTLSCert),
+					KeyFile:  types.FileOrContent(mTLSKey),
 				},
 			},
 		},