Support file path as input param for Kubernetes token value
This commit is contained in:
Suyash Choudhary
GitHub
parent
ff7966f9cd
commit
980dac4572
37 changed files with 292 additions and 256 deletions
|
|
@ -6,11 +6,11 @@ import (
|
|||
"errors"
|
||||
"fmt"
|
||||
"net/url"
|
||||
"os"
|
||||
"sort"
|
||||
"strings"
|
||||
|
||||
"github.com/rs/zerolog/log"
|
||||
"github.com/traefik/traefik/v3/pkg/types"
|
||||
)
|
||||
|
||||
var (
|
||||
|
|
@ -48,8 +48,8 @@ var (
|
|||
// Certificate holds a SSL cert/key pair
|
||||
// Certs and Key could be either a file path, or the file content itself.
|
||||
type Certificate struct {
|
||||
CertFile FileOrContent `json:"certFile,omitempty" toml:"certFile,omitempty" yaml:"certFile,omitempty"`
|
||||
KeyFile FileOrContent `json:"keyFile,omitempty" toml:"keyFile,omitempty" yaml:"keyFile,omitempty" loggable:"false"`
|
||||
CertFile types.FileOrContent `json:"certFile,omitempty" toml:"certFile,omitempty" yaml:"certFile,omitempty"`
|
||||
KeyFile types.FileOrContent `json:"keyFile,omitempty" toml:"keyFile,omitempty" yaml:"keyFile,omitempty" loggable:"false"`
|
||||
}
|
||||
|
||||
// Certificates defines traefik certificates type
|
||||
|
|
@ -73,33 +73,6 @@ func (c Certificates) GetCertificates() []tls.Certificate {
|
|||
return certs
|
||||
}
|
||||
|
||||
// FileOrContent hold a file path or content.
|
||||
type FileOrContent string
|
||||
|
||||
func (f FileOrContent) String() string {
|
||||
return string(f)
|
||||
}
|
||||
|
||||
// IsPath returns true if the FileOrContent is a file path, otherwise returns false.
|
||||
func (f FileOrContent) IsPath() bool {
|
||||
_, err := os.Stat(f.String())
|
||||
return err == nil
|
||||
}
|
||||
|
||||
func (f FileOrContent) Read() ([]byte, error) {
|
||||
var content []byte
|
||||
if f.IsPath() {
|
||||
var err error
|
||||
content, err = os.ReadFile(f.String())
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
} else {
|
||||
content = []byte(f)
|
||||
}
|
||||
return content, nil
|
||||
}
|
||||
|
||||
// AppendCertificate appends a Certificate to a certificates map keyed by store name.
|
||||
func (c *Certificate) AppendCertificate(certs map[string]map[string]*tls.Certificate, storeName string) error {
|
||||
certContent, err := c.CertFile.Read()
|
||||
|
|
@ -229,8 +202,8 @@ func (c *Certificates) Set(value string) error {
|
|||
return fmt.Errorf("bad certificates format: %s", value)
|
||||
}
|
||||
*c = append(*c, Certificate{
|
||||
CertFile: FileOrContent(files[0]),
|
||||
KeyFile: FileOrContent(files[1]),
|
||||
CertFile: types.FileOrContent(files[0]),
|
||||
KeyFile: types.FileOrContent(files[1]),
|
||||
})
|
||||
}
|
||||
return nil
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ const certificateHeader = "-----BEGIN CERTIFICATE-----\n"
|
|||
|
||||
// ClientAuth defines the parameters of the client authentication part of the TLS connection, if any.
|
||||
type ClientAuth struct {
|
||||
CAFiles []FileOrContent `json:"caFiles,omitempty" toml:"caFiles,omitempty" yaml:"caFiles,omitempty"`
|
||||
CAFiles []types.FileOrContent `json:"caFiles,omitempty" toml:"caFiles,omitempty" yaml:"caFiles,omitempty"`
|
||||
// ClientAuthType defines the client authentication type to apply.
|
||||
// The available values are: "NoClientCert", "RequestClientCert", "VerifyClientCertIfGiven" and "RequireAndVerifyClientCert".
|
||||
ClientAuthType string `json:"clientAuthType,omitempty" toml:"clientAuthType,omitempty" yaml:"clientAuthType,omitempty" export:"true"`
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ import (
|
|||
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
"github.com/traefik/traefik/v3/pkg/types"
|
||||
)
|
||||
|
||||
// LocalhostCert is a PEM-encoded TLS cert with SAN IPs
|
||||
|
|
@ -16,7 +17,7 @@ import (
|
|||
// generated from src/crypto/tls:
|
||||
// go run generate_cert.go --rsa-bits 1024 --host 127.0.0.1,::1,example.com --ca --start-date "Jan 1 00:00:00 1970" --duration=1000000h
|
||||
var (
|
||||
localhostCert = FileOrContent(`-----BEGIN CERTIFICATE-----
|
||||
localhostCert = types.FileOrContent(`-----BEGIN CERTIFICATE-----
|
||||
MIIDOTCCAiGgAwIBAgIQSRJrEpBGFc7tNb1fb5pKFzANBgkqhkiG9w0BAQsFADAS
|
||||
MRAwDgYDVQQKEwdBY21lIENvMCAXDTcwMDEwMTAwMDAwMFoYDzIwODQwMTI5MTYw
|
||||
MDAwWjASMRAwDgYDVQQKEwdBY21lIENvMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
|
||||
|
|
@ -38,7 +39,7 @@ WkBKOclmOV2xlTVuPw==
|
|||
-----END CERTIFICATE-----`)
|
||||
|
||||
// LocalhostKey is the private key for localhostCert.
|
||||
localhostKey = FileOrContent(`-----BEGIN RSA PRIVATE KEY-----
|
||||
localhostKey = types.FileOrContent(`-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDoZtrm0dXV0Aqi
|
||||
4Bpc7f95sNRTiu/AJSD8I1onY9PnEsPg3VVxvytsVJbYdcqr4w99V3AgpH/UNzMS
|
||||
gAZ/8lZBNbsSDOVesJ3euVqMRfYPvd9pYl6QPRRpSDPm+2tNdn3QFAvta9EgJ3sW
|
||||
|
|
@ -197,7 +198,7 @@ func TestClientAuth(t *testing.T) {
|
|||
},
|
||||
"vccig": {
|
||||
ClientAuth: ClientAuth{
|
||||
CAFiles: []FileOrContent{localhostCert},
|
||||
CAFiles: []types.FileOrContent{localhostCert},
|
||||
ClientAuthType: "VerifyClientCertIfGiven",
|
||||
},
|
||||
},
|
||||
|
|
@ -209,13 +210,13 @@ func TestClientAuth(t *testing.T) {
|
|||
},
|
||||
"ravccwca": {
|
||||
ClientAuth: ClientAuth{
|
||||
CAFiles: []FileOrContent{localhostCert},
|
||||
CAFiles: []types.FileOrContent{localhostCert},
|
||||
ClientAuthType: "RequireAndVerifyClientCert",
|
||||
},
|
||||
},
|
||||
"ravccwbca": {
|
||||
ClientAuth: ClientAuth{
|
||||
CAFiles: []FileOrContent{"Bad content"},
|
||||
CAFiles: []types.FileOrContent{"Bad content"},
|
||||
ClientAuthType: "RequireAndVerifyClientCert",
|
||||
},
|
||||
},
|
||||
|
|
|
|||
|
|
@ -60,7 +60,7 @@ func (in *ClientAuth) DeepCopyInto(out *ClientAuth) {
|
|||
*out = *in
|
||||
if in.CAFiles != nil {
|
||||
in, out := &in.CAFiles, &out.CAFiles
|
||||
*out = make([]FileOrContent, len(*in))
|
||||
*out = make([]types.FileOrContent, len(*in))
|
||||
copy(*out, *in)
|
||||
}
|
||||
return
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue