Fix interface duplication
This commit is contained in:
Manuel de Brito Fontes
parent
9085e24a29
commit
8191245eee
6 changed files with 37 additions and 35 deletions
|
|
@ -21,6 +21,7 @@ import (
|
|||
|
||||
"k8s.io/ingress/core/pkg/ingress/annotations/parser"
|
||||
ing_errors "k8s.io/ingress/core/pkg/ingress/errors"
|
||||
"k8s.io/ingress/core/pkg/ingress/resolver"
|
||||
"k8s.io/ingress/core/pkg/k8s"
|
||||
)
|
||||
|
||||
|
|
@ -29,28 +30,12 @@ const (
|
|||
authTLSSecret = "ingress.kubernetes.io/auth-tls-secret"
|
||||
)
|
||||
|
||||
// AuthCertificate has a method that searchs for a secret
|
||||
// that contains a SSL certificate.
|
||||
// The secret must contain 3 keys named:
|
||||
type AuthCertificate interface {
|
||||
GetAuthCertificate(string) (*SSLCert, error)
|
||||
}
|
||||
|
||||
// SSLCert returns external authentication configuration for an Ingress rule
|
||||
type SSLCert struct {
|
||||
Secret string `json:"secret"`
|
||||
CertFileName string `json:"certFilename"`
|
||||
KeyFileName string `json:"keyFilename"`
|
||||
CAFileName string `json:"caFilename"`
|
||||
PemSHA string `json:"pemSha"`
|
||||
}
|
||||
|
||||
type authTLS struct {
|
||||
certResolver AuthCertificate
|
||||
certResolver resolver.AuthCertificate
|
||||
}
|
||||
|
||||
// NewParser creates a new TLS authentication annotation parser
|
||||
func NewParser(resolver AuthCertificate) parser.IngressAnnotation {
|
||||
func NewParser(resolver resolver.AuthCertificate) parser.IngressAnnotation {
|
||||
return authTLS{resolver}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -23,8 +23,8 @@ import (
|
|||
"k8s.io/kubernetes/pkg/apis/extensions"
|
||||
"k8s.io/kubernetes/pkg/util/intstr"
|
||||
|
||||
"k8s.io/ingress/core/pkg/ingress/annotations/authtls"
|
||||
"k8s.io/ingress/core/pkg/ingress/defaults"
|
||||
"k8s.io/ingress/core/pkg/ingress/resolver"
|
||||
)
|
||||
|
||||
type mockCfg struct {
|
||||
|
|
@ -38,7 +38,7 @@ func (m mockCfg) GetSecret(string) (*api.Secret, error) {
|
|||
return nil, nil
|
||||
}
|
||||
|
||||
func (m mockCfg) GetAuthCertificate(string) (*authtls.SSLCert, error) {
|
||||
func (m mockCfg) GetAuthCertificate(string) (*resolver.AuthSSLCert, error) {
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -39,11 +39,11 @@ import (
|
|||
|
||||
cache_store "k8s.io/ingress/core/pkg/cache"
|
||||
"k8s.io/ingress/core/pkg/ingress"
|
||||
"k8s.io/ingress/core/pkg/ingress/annotations/authtls"
|
||||
"k8s.io/ingress/core/pkg/ingress/annotations/healthcheck"
|
||||
"k8s.io/ingress/core/pkg/ingress/annotations/proxy"
|
||||
"k8s.io/ingress/core/pkg/ingress/annotations/service"
|
||||
"k8s.io/ingress/core/pkg/ingress/defaults"
|
||||
"k8s.io/ingress/core/pkg/ingress/resolver"
|
||||
"k8s.io/ingress/core/pkg/ingress/status"
|
||||
"k8s.io/ingress/core/pkg/k8s"
|
||||
local_strings "k8s.io/ingress/core/pkg/strings"
|
||||
|
|
@ -668,13 +668,13 @@ func (ic *GenericController) getBackendServers() ([]*ingress.Backend, []*ingress
|
|||
}
|
||||
|
||||
// GetAuthCertificate ...
|
||||
func (ic GenericController) GetAuthCertificate(secretName string) (*authtls.SSLCert, error) {
|
||||
func (ic GenericController) GetAuthCertificate(secretName string) (*resolver.AuthSSLCert, error) {
|
||||
bc, exists := ic.sslCertTracker.Get(secretName)
|
||||
if !exists {
|
||||
return &authtls.SSLCert{}, fmt.Errorf("secret %v does not exists", secretName)
|
||||
return &resolver.AuthSSLCert{}, fmt.Errorf("secret %v does not exists", secretName)
|
||||
}
|
||||
cert := bc.(*ingress.SSLCert)
|
||||
return &authtls.SSLCert{
|
||||
return &resolver.AuthSSLCert{
|
||||
Secret: secretName,
|
||||
CertFileName: cert.PemFileName,
|
||||
CAFileName: cert.CAFileName,
|
||||
|
|
|
|||
|
|
@ -28,6 +28,9 @@ import (
|
|||
"k8s.io/ingress/core/pkg/ingress/annotations/parser"
|
||||
)
|
||||
|
||||
// DeniedKeyName name of the key that contains the reason to deny a location
|
||||
const DeniedKeyName = "Denied"
|
||||
|
||||
// newDefaultServer return an BackendServer to be use as default server that returns 503.
|
||||
func newDefaultServer() ingress.Endpoint {
|
||||
return ingress.Endpoint{Address: "127.0.0.1", Port: "8181"}
|
||||
|
|
@ -97,13 +100,11 @@ func IsValidClass(ing *extensions.Ingress, class string) bool {
|
|||
return cc == class
|
||||
}
|
||||
|
||||
const denied = "Denied"
|
||||
|
||||
func mergeLocationAnnotations(loc *ingress.Location, anns map[string]interface{}) {
|
||||
if _, ok := anns[denied]; ok {
|
||||
loc.Denied = anns[denied].(error)
|
||||
if _, ok := anns[DeniedKeyName]; ok {
|
||||
loc.Denied = anns[DeniedKeyName].(error)
|
||||
}
|
||||
delete(anns, denied)
|
||||
delete(anns, DeniedKeyName)
|
||||
err := mergo.Map(loc, anns)
|
||||
if err != nil {
|
||||
glog.Errorf("unexpected error merging extracted annotations in location type: %v", err)
|
||||
|
|
|
|||
|
|
@ -19,7 +19,6 @@ package resolver
|
|||
import (
|
||||
"k8s.io/kubernetes/pkg/api"
|
||||
|
||||
"k8s.io/ingress/core/pkg/ingress/annotations/authtls"
|
||||
"k8s.io/ingress/core/pkg/ingress/defaults"
|
||||
)
|
||||
|
||||
|
|
@ -35,9 +34,26 @@ type Secret interface {
|
|||
GetSecret(string) (*api.Secret, error)
|
||||
}
|
||||
|
||||
// AuthCertificate has a method that searchs for a secret
|
||||
// that contains a SSL certificate.
|
||||
// AuthCertificate resolves a given secret name into an SSL certificate.
|
||||
// The secret must contain 3 keys named:
|
||||
// ca.crt: contains the certificate chain used for authentication
|
||||
// tls.crt: (ignored) contains the tls certificate chain, or any other valid base64 data
|
||||
// tls.key: (ignored) contains the tls secret key, or any other valid base64 data
|
||||
type AuthCertificate interface {
|
||||
GetAuthCertificate(string) (*authtls.SSLCert, error)
|
||||
GetAuthCertificate(string) (*AuthSSLCert, error)
|
||||
}
|
||||
|
||||
// AuthSSLCert contains the necessary information to do certificate based
|
||||
// authentication of an ingress location
|
||||
type AuthSSLCert struct {
|
||||
// Secret contains the name of the secret this was fetched from
|
||||
Secret string `json:"secret"`
|
||||
// CertFileName contains the filename the secret's 'tls.crt' was saved to
|
||||
CertFileName string `json:"certFilename"`
|
||||
// KeyFileName contains the path the secret's 'tls.key'
|
||||
KeyFileName string `json:"keyFilename"`
|
||||
// CAFileName contains the path to the secrets 'ca.crt'
|
||||
CAFileName string `json:"caFilename"`
|
||||
// PemSHA contains the SHA1 hash of the 'tls.crt' value
|
||||
PemSHA string `json:"pemSha"`
|
||||
}
|
||||
|
|
|
|||
|
|
@ -22,12 +22,12 @@ import (
|
|||
|
||||
"k8s.io/ingress/core/pkg/ingress/annotations/auth"
|
||||
"k8s.io/ingress/core/pkg/ingress/annotations/authreq"
|
||||
"k8s.io/ingress/core/pkg/ingress/annotations/authtls"
|
||||
"k8s.io/ingress/core/pkg/ingress/annotations/ipwhitelist"
|
||||
"k8s.io/ingress/core/pkg/ingress/annotations/proxy"
|
||||
"k8s.io/ingress/core/pkg/ingress/annotations/ratelimit"
|
||||
"k8s.io/ingress/core/pkg/ingress/annotations/rewrite"
|
||||
"k8s.io/ingress/core/pkg/ingress/defaults"
|
||||
"k8s.io/ingress/core/pkg/ingress/resolver"
|
||||
)
|
||||
|
||||
var (
|
||||
|
|
@ -232,7 +232,7 @@ type Location struct {
|
|||
// CertificateAuth indicates the access to this location requires
|
||||
// external authentication
|
||||
// +optional
|
||||
CertificateAuth authtls.SSLCert `json:"certificateAuth,omitempty"`
|
||||
CertificateAuth resolver.AuthSSLCert `json:"certificateAuth,omitempty"`
|
||||
}
|
||||
|
||||
// SSLPassthroughBackend describes a SSL upstream server configured
|
||||
|
|
|
|||
Loading…
Reference in a new issue