Merge 555c5eb04d into de1a4c463c
This commit is contained in:
Tamal Saha
GitHub
commit
22e338123e
1 changed files with 18 additions and 17 deletions
|
|
@ -17,6 +17,7 @@ limitations under the License.
|
||||||
package proxyssl
|
package proxyssl
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"regexp"
|
"regexp"
|
||||||
"sort"
|
"sort"
|
||||||
|
|
@ -190,28 +191,28 @@ func (p proxySSL) Parse(ing *networking.Ingress) (interface{}, error) {
|
||||||
config := &Config{}
|
config := &Config{}
|
||||||
|
|
||||||
proxysslsecret, err := parser.GetStringAnnotation(proxySSLSecretAnnotation, ing, p.annotationConfig.Annotations)
|
proxysslsecret, err := parser.GetStringAnnotation(proxySSLSecretAnnotation, ing, p.annotationConfig.Annotations)
|
||||||
if err != nil {
|
if err != nil && !errors.Is(err, ing_errors.ErrMissingAnnotations) {
|
||||||
return &Config{}, err
|
return &Config{}, err
|
||||||
}
|
} else if err == nil {
|
||||||
|
ns, _, err := k8s.ParseNameNS(proxysslsecret)
|
||||||
|
if err != nil {
|
||||||
|
return &Config{}, ing_errors.NewLocationDenied(err.Error())
|
||||||
|
}
|
||||||
|
|
||||||
ns, _, err := k8s.ParseNameNS(proxysslsecret)
|
secCfg := p.r.GetSecurityConfiguration()
|
||||||
if err != nil {
|
// We don't accept different namespaces for secrets.
|
||||||
return &Config{}, ing_errors.NewLocationDenied(err.Error())
|
if !secCfg.AllowCrossNamespaceResources && ns != ing.Namespace {
|
||||||
}
|
return &Config{}, ing_errors.NewLocationDenied("cross namespace secrets are not supported")
|
||||||
|
}
|
||||||
|
|
||||||
secCfg := p.r.GetSecurityConfiguration()
|
proxyCert, err := p.r.GetAuthCertificate(proxysslsecret)
|
||||||
// We don't accept different namespaces for secrets.
|
if err != nil {
|
||||||
if !secCfg.AllowCrossNamespaceResources && ns != ing.Namespace {
|
e := fmt.Errorf("error obtaining certificate: %w", err)
|
||||||
return &Config{}, ing_errors.NewLocationDenied("cross namespace secrets are not supported")
|
return &Config{}, ing_errors.LocationDeniedError{Reason: e}
|
||||||
|
}
|
||||||
|
config.AuthSSLCert = *proxyCert
|
||||||
}
|
}
|
||||||
|
|
||||||
proxyCert, err := p.r.GetAuthCertificate(proxysslsecret)
|
|
||||||
if err != nil {
|
|
||||||
e := fmt.Errorf("error obtaining certificate: %w", err)
|
|
||||||
return &Config{}, ing_errors.LocationDeniedError{Reason: e}
|
|
||||||
}
|
|
||||||
config.AuthSSLCert = *proxyCert
|
|
||||||
|
|
||||||
config.Ciphers, err = parser.GetStringAnnotation(proxySSLCiphersAnnotation, ing, p.annotationConfig.Annotations)
|
config.Ciphers, err = parser.GetStringAnnotation(proxySSLCiphersAnnotation, ing, p.annotationConfig.Annotations)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if ing_errors.IsValidationError(err) {
|
if ing_errors.IsValidationError(err) {
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue