Remove acme provider dependency in server

2018-04-24 22:40:04 +02:00 · 2018-04-24 22:40:04 +02:00 · b4e3bca6fa
commit b4e3bca6fa
parent 9daae9c705
7 changed files with 124 additions and 101 deletions
--- a/provider/acme/provider.go
+++ b/provider/acme/provider.go
@ -20,7 +20,7 @@ import (
 	"github.com/containous/traefik/log"
 	"github.com/containous/traefik/rules"
 	"github.com/containous/traefik/safe"
-	traefikTLS "github.com/containous/traefik/tls"
+	traefiktls "github.com/containous/traefik/tls"
 	"github.com/containous/traefik/types"
 	"github.com/pkg/errors"
 	acme "github.com/xenolf/lego/acmev2"
@ -30,7 +30,6 @@ import (
 var (
 	// OSCPMustStaple enables OSCP stapling as from https://github.com/xenolf/lego/issues/270
 	OSCPMustStaple = false
-	provider       = &Provider{}
 )

 // Configuration holds ACME configuration provided by users
@ -56,8 +55,7 @@ type Provider struct {
 	client                 *acme.Client
 	certsChan              chan *Certificate
 	configurationChan      chan<- types.ConfigMessage
-	dynamicCerts           *safe.Safe
-	staticCerts            map[string]*tls.Certificate
+	certificateStore       traefiktls.CertificateStore
 	clientMutex            sync.Mutex
 	configFromListenerChan chan types.Configuration
 	pool                   *safe.Pool
@ -81,16 +79,6 @@ type HTTPChallenge struct {
 	EntryPoint string `description:"HTTP challenge EntryPoint"`
 }

-// Get returns the provider instance
-func Get() *Provider {
-	return provider
-}
-
-// IsEnabled returns true if the provider instance and its configuration are not nil, otherwise false
-func IsEnabled() bool {
-	return provider != nil && provider.Configuration != nil
-}
-
 // SetConfigListenerChan initializes the configFromListenerChan
 func (p *Provider) SetConfigListenerChan(configFromListenerChan chan types.Configuration) {
 	p.configFromListenerChan = configFromListenerChan
@ -196,14 +184,9 @@ func (p *Provider) watchNewDomains() {
 	})
 }

-// SetDynamicCertificates allow to initialize dynamicCerts map
-func (p *Provider) SetDynamicCertificates(safe *safe.Safe) {
-	p.dynamicCerts = safe
-}
-
-// SetStaticCertificates allow to initialize staticCerts map
-func (p *Provider) SetStaticCertificates(staticCerts map[string]*tls.Certificate) {
-	p.staticCerts = staticCerts
+// SetCertificateStore allow to initialize certificate store
+func (p *Provider) SetCertificateStore(certificateStore traefiktls.CertificateStore) {
+	p.certificateStore = certificateStore
 }

 func (p *Provider) resolveCertificate(domain types.Domain, domainFromConfigurationFile bool) (*acme.CertificateResource, error) {
@ -424,13 +407,13 @@ func (p *Provider) refreshCertificates() {
 		Configuration: &types.Configuration{
 			Backends:  map[string]*types.Backend{},
 			Frontends: map[string]*types.Frontend{},
-			TLS:       []*traefikTLS.Configuration{},
+			TLS:       []*traefiktls.Configuration{},
 		},
 	}

 	for _, cert := range p.certificates {
-		certificate := &traefikTLS.Certificate{CertFile: traefikTLS.FileOrContent(cert.Certificate), KeyFile: traefikTLS.FileOrContent(cert.Key)}
-		config.Configuration.TLS = append(config.Configuration.TLS, &traefikTLS.Configuration{Certificate: certificate, EntryPoints: []string{p.EntryPoint}})
+		certificate := &traefiktls.Certificate{CertFile: traefiktls.FileOrContent(cert.Certificate), KeyFile: traefiktls.FileOrContent(cert.Key)}
+		config.Configuration.TLS = append(config.Configuration.TLS, &traefiktls.Configuration{Certificate: certificate, EntryPoints: []string{p.EntryPoint}})
 	}
 	p.configurationChan <- config
 }
@ -507,33 +490,23 @@ func (p *Provider) AddRoutes(router *mux.Router) {
 // from static and dynamic provided certificates
 func (p *Provider) getUncheckedDomains(domainsToCheck []string, checkConfigurationDomains bool) []string {
 	log.Debugf("Looking for provided certificate(s) to validate %q...", domainsToCheck)
-	var allCerts []string
+	var allDomains []string

-	// Get static certificates
-	for domains := range p.staticCerts {
-		allCerts = append(allCerts, domains)
-	}
-
-	// Get dynamic certificates
-	if p.dynamicCerts != nil && p.dynamicCerts.Get() != nil {
-		for domains := range p.dynamicCerts.Get().(map[string]*tls.Certificate) {
-			allCerts = append(allCerts, domains)
-		}
-	}
+	allDomains = p.certificateStore.GetAllDomains()

 	// Get ACME certificates
 	for _, certificate := range p.certificates {
-		allCerts = append(allCerts, strings.Join(certificate.Domain.ToStrArray(), ","))
+		allDomains = append(allDomains, strings.Join(certificate.Domain.ToStrArray(), ","))
 	}

 	// Get Configuration Domains
 	if checkConfigurationDomains {
 		for i := 0; i < len(p.Domains); i++ {
-			allCerts = append(allCerts, strings.Join(p.Domains[i].ToStrArray(), ","))
+			allDomains = append(allDomains, strings.Join(p.Domains[i].ToStrArray(), ","))
 		}
 	}

-	return searchUncheckedDomains(domainsToCheck, allCerts)
+	return searchUncheckedDomains(domainsToCheck, allDomains)
 }

 func searchUncheckedDomains(domainsToCheck []string, existentDomains []string) []string {