implement new resolver methods

internal/ingress/controller/controller_test.go

@@ -121,6 +121,14 @@ func (fakeIngressStore) GetAuthCertificate(string) (*resolver.AuthSSLCert, error
 	return nil, fmt.Errorf("test error")
 }
 
+func (fakeIngressStore) GetSSLClientCert(string) (*resolver.SSLClientCert, error) {
+	return nil, fmt.Errorf("test error")
+}
+
+func (fakeIngressStore) GetSSLCA(string) (*resolver.SSLCA, error) {
+	return nil, fmt.Errorf("test error")
+}
+
 func (fakeIngressStore) GetDefaultBackend() defaults.Backend {
 	return defaults.Backend{}
 }

internal/ingress/controller/store/store.go

@@ -98,6 +98,12 @@ type Storer interface {
 	//   ca.crt: contains the certificate chain used for authentication
 	GetAuthCertificate(string) (*resolver.AuthSSLCert, error)
 
+	// GetSSLClientCert resolves a given secret name into an SSL certificate.
+	GetSSLClientCert(string) (*resolver.SSLClientCert, error)
+
+	// GetSSLCA resolves a given configMap name into an SSL CA.
+	GetSSLCA(string) (*resolver.SSLCA, error)
+
 	// GetDefaultBackend returns the default backend configuration
 	GetDefaultBackend() defaults.Backend
 
@@ -1156,6 +1162,43 @@ func (s *k8sStore) GetAuthCertificate(name string) (*resolver.AuthSSLCert, error
 	}, nil
 }
 
+// GetSSLClientCert is used by the proxy-ssl annotations to get a cert from a secret
+func (s *k8sStore) GetSSLClientCert(name string) (*resolver.SSLClientCert, error) {
+	if _, err := s.GetLocalSSLCert(name); err != nil {
+		s.syncClientCertSecret(name)
+	}
+
+	cert, err := s.GetLocalSSLCert(name)
+	if err != nil {
+		return nil, err
+	}
+
+	return &resolver.SSLClientCert{
+		Secret:      name,
+		PemFileName: cert.PemFileName,
+	}, nil
+}
+
+// GetSSLCA is used by the proxy-ssl annotations to get a ca from a configmap
+func (s *k8sStore) GetSSLCA(configMapName string) (*resolver.SSLCA, error) {
+	if _, err := s.GetLocalSSLCert(configMapName); err != nil {
+		s.syncCAConfigMap(configMapName)
+	}
+
+	cert, err := s.GetLocalSSLCert(configMapName)
+	if err != nil {
+		return nil, err
+	}
+
+	return &resolver.SSLCA{
+		ConfigMap:   configMapName,
+		CAFileName:  cert.CAFileName,
+		CASHA:       cert.CASHA,
+		CRLFileName: cert.CRLFileName,
+		CRLSHA:      cert.CRLSHA,
+	}, nil
+}
+
 func (s *k8sStore) writeSSLSessionTicketKey(cmap *corev1.ConfigMap, fileName string) {
 	ticketString := ngx_template.ReadConfig(cmap.Data).SSLSessionTicketKey
 	s.backendConfig.SSLSessionTicketKey = ""

internal/ingress/resolver/main.go

@@ -42,6 +42,12 @@ type Resolver interface {
 	//   ca.crl: contains the revocation list used for authentication
 	GetAuthCertificate(string) (*AuthSSLCert, error)
 
+	// GetSSLClientCert resolves a given secret name into an SSL certificate.
+	GetSSLClientCert(string) (*SSLClientCert, error)
+
+	// GetSSLCA resolves a given configMap name into an SSL CA.
+	GetSSLCA(string) (*SSLCA, error)
+
 	// GetService searches for services containing the namespace and name using the character /
 	GetService(string) (*apiv1.Service, error)
 }

internal/ingress/resolver/main_test.go

@@ -58,3 +58,5 @@ func TestAuthSSLCertEqual(t *testing.T) {
 		}
 	}
 }
+
+// TODO : implement tests for GetSSLClientCert and GetSSLCA

internal/ingress/resolver/mock.go

@@ -60,6 +60,16 @@ func (m Mock) GetAuthCertificate(string) (*AuthSSLCert, error) {
 	return nil, nil
 }
 
+// GetSSLClientCert resolves a given secret name into an SSL certificate.
+func (m Mock) GetSSLClientCert(string) (*SSLClientCert, error) {
+	return nil, nil
+}
+
+// GetSSLCA resolves a given configMap name into an SSL CA.
+func (m Mock) GetSSLCA(string) (*SSLCA, error) {
+	return nil, nil
+}
+
 // GetService searches for services containing the namespace and name using the character /
 func (m Mock) GetService(string) (*apiv1.Service, error) {
 	return nil, nil