Merge v2.10 into v3.0
This commit is contained in:
romain
commit
e29a142f6a
118 changed files with 1324 additions and 1290 deletions
|
|
@ -11,11 +11,9 @@ import (
|
|||
"sync"
|
||||
"time"
|
||||
|
||||
"github.com/cenkalti/backoff/v4"
|
||||
"github.com/go-acme/lego/v4/challenge/http01"
|
||||
"github.com/rs/zerolog/log"
|
||||
"github.com/traefik/traefik/v3/pkg/logs"
|
||||
"github.com/traefik/traefik/v3/pkg/safe"
|
||||
)
|
||||
|
||||
// ChallengeHTTP HTTP challenge provider implements challenge.Provider.
|
||||
|
|
@ -105,35 +103,18 @@ func (c *ChallengeHTTP) getTokenValue(ctx context.Context, token, domain string)
|
|||
logger := log.Ctx(ctx)
|
||||
logger.Debug().Msgf("Retrieving the ACME challenge for %s (token %q)...", domain, token)
|
||||
|
||||
var result []byte
|
||||
|
||||
operation := func() error {
|
||||
c.lock.RLock()
|
||||
defer c.lock.RUnlock()
|
||||
|
||||
if _, ok := c.httpChallenges[token]; !ok {
|
||||
return fmt.Errorf("cannot find challenge for token %q (%s)", token, domain)
|
||||
}
|
||||
|
||||
var ok bool
|
||||
result, ok = c.httpChallenges[token][domain]
|
||||
if !ok {
|
||||
return fmt.Errorf("cannot find challenge for %s (token %q)", domain, token)
|
||||
}
|
||||
c.lock.RLock()
|
||||
defer c.lock.RUnlock()
|
||||
|
||||
if _, ok := c.httpChallenges[token]; !ok {
|
||||
logger.Error().Msgf("Cannot retrieve the ACME challenge for %s (token %q)", domain, token)
|
||||
return nil
|
||||
}
|
||||
|
||||
notify := func(err error, time time.Duration) {
|
||||
logger.Error().Msgf("Error getting challenge for token retrying in %s", time)
|
||||
}
|
||||
|
||||
ebo := backoff.NewExponentialBackOff()
|
||||
ebo.MaxElapsedTime = 60 * time.Second
|
||||
err := backoff.RetryNotify(safe.OperationWithRecover(operation), ebo, notify)
|
||||
if err != nil {
|
||||
logger.Error().Err(err).Msgf("Cannot retrieve the ACME challenge for %s (token %q)", domain, token)
|
||||
return []byte{}
|
||||
result, ok := c.httpChallenges[token][domain]
|
||||
if !ok {
|
||||
logger.Error().Msgf("Cannot retrieve the ACME challenge for %s (token %q)", domain, token)
|
||||
return nil
|
||||
}
|
||||
|
||||
return result
|
||||
|
|
|
|||
|
|
@ -31,6 +31,8 @@ import (
|
|||
"github.com/traefik/traefik/v3/pkg/version"
|
||||
)
|
||||
|
||||
const resolverSuffix = ".acme"
|
||||
|
||||
// ocspMustStaple enables OCSP stapling as from https://github.com/go-acme/lego/issues/270.
|
||||
var ocspMustStaple = false
|
||||
|
||||
|
|
@ -132,7 +134,7 @@ func (p *Provider) ListenConfiguration(config dynamic.Configuration) {
|
|||
|
||||
// Init for compatibility reason the BaseProvider implements an empty Init.
|
||||
func (p *Provider) Init() error {
|
||||
logger := log.With().Str(logs.ProviderName, p.ResolverName+".acme").Logger()
|
||||
logger := log.With().Str(logs.ProviderName, p.ResolverName+resolverSuffix).Logger()
|
||||
|
||||
if len(p.Configuration.Storage) == 0 {
|
||||
return errors.New("unable to initialize ACME provider with no storage location for the certificates")
|
||||
|
|
@ -194,7 +196,7 @@ func (p *Provider) ThrottleDuration() time.Duration {
|
|||
// Provide allows the file provider to provide configurations to traefik
|
||||
// using the given Configuration channel.
|
||||
func (p *Provider) Provide(configurationChan chan<- dynamic.Message, pool *safe.Pool) error {
|
||||
logger := log.With().Str(logs.ProviderName, p.ResolverName+".acme").Str("acmeCA", p.Configuration.CAServer).
|
||||
logger := log.With().Str(logs.ProviderName, p.ResolverName+resolverSuffix).Str("acmeCA", p.Configuration.CAServer).
|
||||
Logger()
|
||||
ctx := logger.WithContext(context.Background())
|
||||
|
||||
|
|
@ -236,7 +238,7 @@ func (p *Provider) getClient() (*lego.Client, error) {
|
|||
p.clientMutex.Lock()
|
||||
defer p.clientMutex.Unlock()
|
||||
|
||||
logger := log.With().Str(logs.ProviderName, p.ResolverName+".acme").Logger()
|
||||
logger := log.With().Str(logs.ProviderName, p.ResolverName+resolverSuffix).Logger()
|
||||
|
||||
ctx := logger.WithContext(context.Background())
|
||||
|
||||
|
|
@ -407,7 +409,7 @@ func (p *Provider) resolveDomains(ctx context.Context, domains []string, tlsStor
|
|||
}
|
||||
|
||||
func (p *Provider) watchNewDomains(ctx context.Context) {
|
||||
rootLogger := log.Ctx(ctx).With().Str(logs.ProviderName, p.ResolverName+".acme").Logger()
|
||||
rootLogger := log.Ctx(ctx).With().Str(logs.ProviderName, p.ResolverName+resolverSuffix).Str("ACME CA", p.Configuration.CAServer).Logger()
|
||||
ctx = rootLogger.WithContext(ctx)
|
||||
|
||||
p.pool.GoCtx(func(ctxPool context.Context) {
|
||||
|
|
|
|||
|
|
@ -580,7 +580,7 @@ func TestInitAccount(t *testing.T) {
|
|||
acmeProvider := Provider{account: test.account, Configuration: &Configuration{Email: test.email, KeyType: test.keyType}}
|
||||
|
||||
actualAccount, err := acmeProvider.initAccount(context.Background())
|
||||
assert.Nil(t, err, "Init account in error")
|
||||
assert.NoError(t, err, "Init account in error")
|
||||
assert.Equal(t, test.expectedAccount.Email, actualAccount.Email, "unexpected email account")
|
||||
assert.Equal(t, test.expectedAccount.KeyType, actualAccount.KeyType, "unexpected keyType account")
|
||||
})
|
||||
|
|
|
|||
|
|
@ -8,8 +8,8 @@ type StoredData struct {
|
|||
|
||||
// Store is a generic interface that represents a storage.
|
||||
type Store interface {
|
||||
GetAccount(string) (*Account, error)
|
||||
SaveAccount(string, *Account) error
|
||||
GetCertificates(string) ([]*CertAndStore, error)
|
||||
SaveCertificates(string, []*CertAndStore) error
|
||||
GetAccount(resolverName string) (*Account, error)
|
||||
SaveAccount(resolverName string, account *Account) error
|
||||
GetCertificates(resolverName string) ([]*CertAndStore, error)
|
||||
SaveCertificates(resolverName string, certificates []*CertAndStore) error
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue