1
0
Fork 0

Merge v2.10 into v3.0

This commit is contained in:
romain 2023-11-29 12:20:57 +01:00
commit e29a142f6a
118 changed files with 1324 additions and 1290 deletions

View file

@ -11,11 +11,9 @@ import (
"sync"
"time"
"github.com/cenkalti/backoff/v4"
"github.com/go-acme/lego/v4/challenge/http01"
"github.com/rs/zerolog/log"
"github.com/traefik/traefik/v3/pkg/logs"
"github.com/traefik/traefik/v3/pkg/safe"
)
// ChallengeHTTP HTTP challenge provider implements challenge.Provider.
@ -105,35 +103,18 @@ func (c *ChallengeHTTP) getTokenValue(ctx context.Context, token, domain string)
logger := log.Ctx(ctx)
logger.Debug().Msgf("Retrieving the ACME challenge for %s (token %q)...", domain, token)
var result []byte
operation := func() error {
c.lock.RLock()
defer c.lock.RUnlock()
if _, ok := c.httpChallenges[token]; !ok {
return fmt.Errorf("cannot find challenge for token %q (%s)", token, domain)
}
var ok bool
result, ok = c.httpChallenges[token][domain]
if !ok {
return fmt.Errorf("cannot find challenge for %s (token %q)", domain, token)
}
c.lock.RLock()
defer c.lock.RUnlock()
if _, ok := c.httpChallenges[token]; !ok {
logger.Error().Msgf("Cannot retrieve the ACME challenge for %s (token %q)", domain, token)
return nil
}
notify := func(err error, time time.Duration) {
logger.Error().Msgf("Error getting challenge for token retrying in %s", time)
}
ebo := backoff.NewExponentialBackOff()
ebo.MaxElapsedTime = 60 * time.Second
err := backoff.RetryNotify(safe.OperationWithRecover(operation), ebo, notify)
if err != nil {
logger.Error().Err(err).Msgf("Cannot retrieve the ACME challenge for %s (token %q)", domain, token)
return []byte{}
result, ok := c.httpChallenges[token][domain]
if !ok {
logger.Error().Msgf("Cannot retrieve the ACME challenge for %s (token %q)", domain, token)
return nil
}
return result

View file

@ -31,6 +31,8 @@ import (
"github.com/traefik/traefik/v3/pkg/version"
)
const resolverSuffix = ".acme"
// ocspMustStaple enables OCSP stapling as from https://github.com/go-acme/lego/issues/270.
var ocspMustStaple = false
@ -132,7 +134,7 @@ func (p *Provider) ListenConfiguration(config dynamic.Configuration) {
// Init for compatibility reason the BaseProvider implements an empty Init.
func (p *Provider) Init() error {
logger := log.With().Str(logs.ProviderName, p.ResolverName+".acme").Logger()
logger := log.With().Str(logs.ProviderName, p.ResolverName+resolverSuffix).Logger()
if len(p.Configuration.Storage) == 0 {
return errors.New("unable to initialize ACME provider with no storage location for the certificates")
@ -194,7 +196,7 @@ func (p *Provider) ThrottleDuration() time.Duration {
// Provide allows the file provider to provide configurations to traefik
// using the given Configuration channel.
func (p *Provider) Provide(configurationChan chan<- dynamic.Message, pool *safe.Pool) error {
logger := log.With().Str(logs.ProviderName, p.ResolverName+".acme").Str("acmeCA", p.Configuration.CAServer).
logger := log.With().Str(logs.ProviderName, p.ResolverName+resolverSuffix).Str("acmeCA", p.Configuration.CAServer).
Logger()
ctx := logger.WithContext(context.Background())
@ -236,7 +238,7 @@ func (p *Provider) getClient() (*lego.Client, error) {
p.clientMutex.Lock()
defer p.clientMutex.Unlock()
logger := log.With().Str(logs.ProviderName, p.ResolverName+".acme").Logger()
logger := log.With().Str(logs.ProviderName, p.ResolverName+resolverSuffix).Logger()
ctx := logger.WithContext(context.Background())
@ -407,7 +409,7 @@ func (p *Provider) resolveDomains(ctx context.Context, domains []string, tlsStor
}
func (p *Provider) watchNewDomains(ctx context.Context) {
rootLogger := log.Ctx(ctx).With().Str(logs.ProviderName, p.ResolverName+".acme").Logger()
rootLogger := log.Ctx(ctx).With().Str(logs.ProviderName, p.ResolverName+resolverSuffix).Str("ACME CA", p.Configuration.CAServer).Logger()
ctx = rootLogger.WithContext(ctx)
p.pool.GoCtx(func(ctxPool context.Context) {

View file

@ -580,7 +580,7 @@ func TestInitAccount(t *testing.T) {
acmeProvider := Provider{account: test.account, Configuration: &Configuration{Email: test.email, KeyType: test.keyType}}
actualAccount, err := acmeProvider.initAccount(context.Background())
assert.Nil(t, err, "Init account in error")
assert.NoError(t, err, "Init account in error")
assert.Equal(t, test.expectedAccount.Email, actualAccount.Email, "unexpected email account")
assert.Equal(t, test.expectedAccount.KeyType, actualAccount.KeyType, "unexpected keyType account")
})

View file

@ -8,8 +8,8 @@ type StoredData struct {
// Store is a generic interface that represents a storage.
type Store interface {
GetAccount(string) (*Account, error)
SaveAccount(string, *Account) error
GetCertificates(string) ([]*CertAndStore, error)
SaveCertificates(string, []*CertAndStore) error
GetAccount(resolverName string) (*Account, error)
SaveAccount(resolverName string, account *Account) error
GetCertificates(resolverName string) ([]*CertAndStore, error)
SaveCertificates(resolverName string, certificates []*CertAndStore) error
}