DevFW-CICD/ingress-nginx-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add new fields to proxyssl.Config

Browse source
This commit is contained in:
Julio Camarero 2024-12-06 16:04:43 +01:00
parent 76624fcbb1
commit 7e70470f18
No known key found for this signature in database
GPG key ID: 13D4414ED5D08C25
2 changed files with 82 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
internal/ingress/annotations/proxyssl/main.go
View file

@ -128,16 +128,18 @@ var proxySSLAnnotation = parser.Annotation{
}, },
} }
// Config contains the AuthSSLCert used for mutual authentication // Config contains the Proxy SSL certificates and CAs used for mutual authentication
// and the configured VerifyDepth // and the configured VerifyDepth
type Config struct { type Config struct {
resolver.AuthSSLCert resolver.AuthSSLCert
Ciphers string `json:"ciphers"` ProxySSLClientCert resolver.SSLClientCert `json:"proxySSLClientCert"`
Protocols string `json:"protocols"` ProxySSLCA resolver.SSLCA `json:"proxySSLCA"`
ProxySSLName string `json:"proxySSLName"` Ciphers string `json:"ciphers"`
Verify string `json:"verify"` Protocols string `json:"protocols"`
VerifyDepth int `json:"verifyDepth"` ProxySSLName string `json:"proxySSLName"`
ProxySSLServerName string `json:"proxySSLServerName"` Verify string `json:"verify"`
VerifyDepth int `json:"verifyDepth"`
ProxySSLServerName string `json:"proxySSLServerName"`
} }
// Equal tests for equality between two Config types // Equal tests for equality between two Config types
@ -151,6 +153,12 @@ func (pssl1 *Config) Equal(pssl2 *Config) bool {
if !(&pssl1.AuthSSLCert).Equal(&pssl2.AuthSSLCert) { if !(&pssl1.AuthSSLCert).Equal(&pssl2.AuthSSLCert) {
return false return false
} }
if !(&pssl1.ProxySSLClientCert).Equal(&pssl2.ProxySSLClientCert) {
return false
}
if !(&pssl1.ProxySSLCA).Equal(&pssl2.ProxySSLCA) {
return false
}
if pssl1.Ciphers != pssl2.Ciphers { if pssl1.Ciphers != pssl2.Ciphers {
return false return false
} }

67
internal/ingress/resolver/main.go
View file

@ -91,3 +91,70 @@ func (asslc1 *AuthSSLCert) Equal(assl2 *AuthSSLCert) bool {
return true return true
} }
// SSLClientCert contains the clients certificate information
type SSLClientCert struct {
// Secret contains the name of the secret this was fetched from
Secret string `json:"secret"`
// PemFileName contains the path to the secrets 'tls.crt' and 'tls.key'
PemFileName string `json:"pemFilename"`
}
// Equal tests for equality between two SSLClientCert types
func (sslcc1 *SSLClientCert) Equal(sslcc2 *SSLClientCert) bool {
if sslcc1 == sslcc2 {
return true
}
if sslcc1 == nil || sslcc2 == nil {
return false
}
if sslcc1.Secret != sslcc2.Secret {
return false
}
return true
}
// SSLCA contains the CAs used to validate client certificates
type SSLCA struct {
// ConfigMap contains the name of the configMap this was fetched from
ConfigMap string `json:"configmap"`
// CAFileName contains the path to the secrets 'ca.crt'
CAFileName string `json:"caFilename"`
// CASHA contains the SHA1 hash of the 'ca.crt'
CASHA string `json:"caSha"`
// CRLFileName contains the path to the secrets 'ca.crl'
CRLFileName string `json:"crlFileName"`
// CRLSHA contains the SHA1 hash of the 'ca.crl' file
CRLSHA string `json:"crlSha"`
}
// Equal tests for equality between two SSLCA types
func (sslc1 *SSLCA) Equal(sslc2 *SSLCA) bool {
if sslc1 == sslc2 {
return true
}
if sslc1 == nil || sslc2 == nil {
return false
}
if sslc1.ConfigMap != sslc2.ConfigMap {
return false
}
if sslc1.CAFileName != sslc2.CAFileName {
return false
}
if sslc1.CASHA != sslc2.CASHA {
return false
}
if sslc1.CRLFileName != sslc2.CRLFileName {
return false
}
if sslc1.CRLSHA != sslc2.CRLSHA {
return false
}
return true
}