Merge branch 'v1.7' into master

2018-09-07 18:19:32 +02:00 · 2018-09-07 18:19:32 +02:00 · bd4846aa9c
commit bd4846aa9c
parent 4055654e9b c68ebaa2ca
82 changed files with 3573 additions and 877 deletions
--- a/provider/kv/kv_config.go
+++ b/provider/kv/kv_config.go
@ -41,18 +41,19 @@ func (p *Provider) buildConfiguration() *types.Configuration {
 		"getTLSSection": p.getTLSSection,

 		// Frontend functions
-		"getBackendName":    p.getFuncString(pathFrontendBackend, ""),
-		"getPriority":       p.getFuncInt(pathFrontendPriority, label.DefaultFrontendPriority),
-		"getPassHostHeader": p.getFuncBool(pathFrontendPassHostHeader, label.DefaultPassHostHeader),
-		"getPassTLSCert":    p.getFuncBool(pathFrontendPassTLSCert, label.DefaultPassTLSCert),
-		"getEntryPoints":    p.getFuncList(pathFrontendEntryPoints),
-		"getAuth":           p.getAuth,
-		"getRoutes":         p.getRoutes,
-		"getRedirect":       p.getRedirect,
-		"getErrorPages":     p.getErrorPages,
-		"getRateLimit":      p.getRateLimit,
-		"getHeaders":        p.getHeaders,
-		"getWhiteList":      p.getWhiteList,
+		"getBackendName":       p.getFuncString(pathFrontendBackend, ""),
+		"getPriority":          p.getFuncInt(pathFrontendPriority, label.DefaultFrontendPriority),
+		"getPassHostHeader":    p.getFuncBool(pathFrontendPassHostHeader, label.DefaultPassHostHeader),
+		"getPassTLSCert":       p.getFuncBool(pathFrontendPassTLSCert, label.DefaultPassTLSCert),
+		"getPassTLSClientCert": p.getTLSClientCert,
+		"getEntryPoints":       p.getFuncList(pathFrontendEntryPoints),
+		"getAuth":              p.getAuth,
+		"getRoutes":            p.getRoutes,
+		"getRedirect":          p.getRedirect,
+		"getErrorPages":        p.getErrorPages,
+		"getRateLimit":         p.getRateLimit,
+		"getHeaders":           p.getHeaders,
+		"getWhiteList":         p.getWhiteList,

 		// Backend functions
 		"getServers":        p.getServers,
@ -334,6 +335,39 @@ func (p *Provider) getTLSSection(prefix string) []*tls.Configuration {
 	return tlsSection
 }

+// getTLSClientCert create TLS client header configuration from labels
+func (p *Provider) getTLSClientCert(rootPath string) *types.TLSClientHeaders {
+	if !p.hasPrefix(rootPath, pathFrontendPassTLSClientCert) {
+		return nil
+	}
+
+	tlsClientHeaders := &types.TLSClientHeaders{
+		PEM: p.getBool(false, rootPath, pathFrontendPassTLSClientCertPem),
+	}
+
+	if p.hasPrefix(rootPath, pathFrontendPassTLSClientCertInfos) {
+		infos := &types.TLSClientCertificateInfos{
+			NotAfter:  p.getBool(false, rootPath, pathFrontendPassTLSClientCertInfosNotAfter),
+			NotBefore: p.getBool(false, rootPath, pathFrontendPassTLSClientCertInfosNotBefore),
+			Sans:      p.getBool(false, rootPath, pathFrontendPassTLSClientCertInfosSans),
+		}
+
+		if p.hasPrefix(rootPath, pathFrontendPassTLSClientCertInfosSubject) {
+			subject := &types.TLSCLientCertificateSubjectInfos{
+				CommonName:   p.getBool(false, rootPath, pathFrontendPassTLSClientCertInfosSubjectCommonName),
+				Country:      p.getBool(false, rootPath, pathFrontendPassTLSClientCertInfosSubjectCountry),
+				Locality:     p.getBool(false, rootPath, pathFrontendPassTLSClientCertInfosSubjectLocality),
+				Organization: p.getBool(false, rootPath, pathFrontendPassTLSClientCertInfosSubjectOrganization),
+				Province:     p.getBool(false, rootPath, pathFrontendPassTLSClientCertInfosSubjectProvince),
+				SerialNumber: p.getBool(false, rootPath, pathFrontendPassTLSClientCertInfosSubjectSerialNumber),
+			}
+			infos.Subject = subject
+		}
+		tlsClientHeaders.Infos = infos
+	}
+	return tlsClientHeaders
+}
+
 // GetAuth Create auth from path
 func (p *Provider) getAuth(rootPath string) *types.Auth {
 	if p.hasPrefix(rootPath, pathFrontendAuth) {