Add TLSStores to Kubernetes CRD

2020-02-24 08:14:06 -08:00 · 2020-02-24 08:14:06 -08:00 · a474e196ea
commit a474e196ea
parent 101aefbfe8
34 changed files with 1560 additions and 6 deletions
--- a/pkg/server/aggregator.go
+++ b/pkg/server/aggregator.go
@ -29,6 +29,7 @@ func mergeConfiguration(configurations dynamic.Configurations) dynamic.Configura
 	}

 	var defaultTLSOptionProviders []string
+	var defaultTLSStoreProviders []string
 	for pvd, configuration := range configurations {
 		if configuration.HTTP != nil {
 			for routerName, router := range configuration.HTTP.Routers {
@ -64,6 +65,11 @@ func mergeConfiguration(configurations dynamic.Configurations) dynamic.Configura
 			conf.TLS.Certificates = append(conf.TLS.Certificates, configuration.TLS.Certificates...)

 			for key, store := range configuration.TLS.Stores {
+				if key != "default" {
+					key = provider.MakeQualifiedName(pvd, key)
+				} else {
+					defaultTLSStoreProviders = append(defaultTLSStoreProviders, pvd)
+				}
 				conf.TLS.Stores[key] = store
 			}

@ -79,6 +85,11 @@ func mergeConfiguration(configurations dynamic.Configurations) dynamic.Configura
 		}
 	}

+	if len(defaultTLSStoreProviders) > 1 {
+		log.WithoutContext().Errorf("Default TLS Stores defined multiple times in %v", defaultTLSOptionProviders)
+		delete(conf.TLS.Stores, "default")
+	}
+
 	if len(defaultTLSOptionProviders) == 0 {
 		conf.TLS.Options["default"] = tls.DefaultTLSOptions
 	} else if len(defaultTLSOptionProviders) > 1 {
--- a/pkg/server/aggregator_test.go
+++ b/pkg/server/aggregator_test.go
@ -294,3 +294,95 @@ func TestAggregator_tlsoptions(t *testing.T) {
 		})
 	}
 }
+
+func TestAggregator_tlsStore(t *testing.T) {
+	testCases := []struct {
+		desc     string
+		given    dynamic.Configurations
+		expected map[string]tls.Store
+	}{
+		{
+			desc: "Create a valid default tls store when appears only in one provider",
+			given: dynamic.Configurations{
+				"provider-1": &dynamic.Configuration{
+					TLS: &dynamic.TLSConfiguration{
+						Stores: map[string]tls.Store{
+							"default": {
+								DefaultCertificate: &tls.Certificate{
+									CertFile: "foo",
+									KeyFile:  "bar",
+								},
+							},
+						},
+					},
+				},
+				"provider-2": &dynamic.Configuration{
+					TLS: &dynamic.TLSConfiguration{
+						Stores: map[string]tls.Store{
+							"foo": {
+								DefaultCertificate: &tls.Certificate{
+									CertFile: "foo",
+									KeyFile:  "bar",
+								},
+							},
+						},
+					},
+				},
+			},
+			expected: map[string]tls.Store{
+				"default": {
+					DefaultCertificate: &tls.Certificate{
+						CertFile: "foo",
+						KeyFile:  "bar",
+					},
+				},
+				"foo@provider-2": {
+					DefaultCertificate: &tls.Certificate{
+						CertFile: "foo",
+						KeyFile:  "bar",
+					},
+				},
+			},
+		},
+		{
+			desc: "Don't default tls store when appears two times",
+			given: dynamic.Configurations{
+				"provider-1": &dynamic.Configuration{
+					TLS: &dynamic.TLSConfiguration{
+						Stores: map[string]tls.Store{
+							"default": {
+								DefaultCertificate: &tls.Certificate{
+									CertFile: "foo",
+									KeyFile:  "bar",
+								},
+							},
+						},
+					},
+				},
+				"provider-2": &dynamic.Configuration{
+					TLS: &dynamic.TLSConfiguration{
+						Stores: map[string]tls.Store{
+							"default": {
+								DefaultCertificate: &tls.Certificate{
+									CertFile: "foo",
+									KeyFile:  "bar",
+								},
+							},
+						},
+					},
+				},
+			},
+			expected: map[string]tls.Store{},
+		},
+	}
+
+	for _, test := range testCases {
+		test := test
+		t.Run(test.desc, func(t *testing.T) {
+			t.Parallel()
+
+			actual := mergeConfiguration(test.given)
+			assert.Equal(t, test.expected, actual.TLS.Stores)
+		})
+	}
+}