DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Move secretTracker updating to GetAuthCertificate()

Browse source
This commit is contained in:
Joao Morais 2017-05-23 14:20:31 -03:00
parent 2ddf6c91df
commit c4d8011fa4
3 changed files with 4 additions and 105 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
core/pkg/ingress/controller/annotations.go
View file

@ -17,13 +17,8 @@ limitations under the License.
package controller package controller
import ( import (
"fmt"
"github.com/golang/glog" "github.com/golang/glog"
api "k8s.io/client-go/pkg/api/v1"
extensions "k8s.io/client-go/pkg/apis/extensions/v1beta1" extensions "k8s.io/client-go/pkg/apis/extensions/v1beta1"
"k8s.io/ingress/core/pkg/ingress/annotations/auth" "k8s.io/ingress/core/pkg/ingress/annotations/auth"
"k8s.io/ingress/core/pkg/ingress/annotations/authreq" "k8s.io/ingress/core/pkg/ingress/annotations/authreq"
"k8s.io/ingress/core/pkg/ingress/annotations/authtls" "k8s.io/ingress/core/pkg/ingress/annotations/authtls"
@ -134,17 +129,3 @@ func (e *annotationExtractor) SessionAffinity(ing *extensions.Ingress) *sessiona
val, _ := e.annotations[sessionAffinity].Parse(ing) val, _ := e.annotations[sessionAffinity].Parse(ing)
return val.(*sessionaffinity.AffinityConfig) return val.(*sessionaffinity.AffinityConfig)
} }
func (e *annotationExtractor) ContainsCertificateAuth(ing *extensions.Ingress) bool {
val, _ := parser.GetStringAnnotation("ingress.kubernetes.io/auth-tls-secret", ing)
return val != ""
}
func (e *annotationExtractor) CertificateAuthSecret(ing *extensions.Ingress) (*api.Secret, error) {
val, _ := parser.GetStringAnnotation("ingress.kubernetes.io/auth-tls-secret", ing)
if val == "" {
return nil, fmt.Errorf("ingress rule %v/%v does not contain the auth-tls-secret annotation", ing.Namespace, ing.Name)
}
return e.secretResolver.GetSecret(val)
}

76
core/pkg/ingress/controller/annotations_test.go
View file

@ -264,79 +264,3 @@ func TestAffinitySession(t *testing.T) {
} }
} }
} }
func TestContainsCertificateAuth(t *testing.T) {
ec := newAnnotationExtractor(mockCfg{})
foos := []struct {
name string
annotations map[string]string
result bool
}{
{"nil_annotations", nil, false},
{"empty_annotations", map[string]string{}, false},
{"not_exist_annotations", map[string]string{annotationAffinityType: "cookie"}, false},
{"exist_annotations", map[string]string{annotationAuthTlsSecret: "default/foo_secret"}, true},
}
for _, foo := range foos {
t.Run(foo.name, func(t *testing.T) {
ing := buildIngress()
ing.SetAnnotations(foo.annotations)
r := ec.ContainsCertificateAuth(ing)
if r != foo.result {
t.Errorf("Returned %t but expected %t for %s", r, foo.result, foo.name)
}
})
}
}
func TestCertificateAuthSecret(t *testing.T) {
resolver := mockCfg{}
resolver.MockSecrets = map[string]*api.Secret{
"default/foo_secret": {
ObjectMeta: meta_v1.ObjectMeta{
Name: "foo_secret_name",
},
},
}
ec := newAnnotationExtractor(resolver)
foos := []struct {
name string
annotations map[string]string
eerr bool
ename string
}{
{"nil_annotations", nil, true, ""},
{"empty_annotations", map[string]string{}, true, ""},
{"not_exist_annotations", map[string]string{annotationAffinityType: "cookie"}, true, ""},
{"exist_annotations", map[string]string{annotationAuthTlsSecret: "default/foo_secret"}, false, "foo_secret_name"},
}
for _, foo := range foos {
t.Run(foo.name, func(t *testing.T) {
ing := buildIngress()
ing.SetAnnotations(foo.annotations)
r, err := ec.CertificateAuthSecret(ing)
if foo.eerr {
if err == nil {
t.Fatalf("Exepected error for %s", foo.name)
}
} else {
if err != nil {
t.Fatalf("Unexpected error %v for %s", err, foo.name)
}
rname := ""
if r != nil {
rname = r.GetName()
}
if rname != foo.ename {
t.Errorf("Returned %s but expected %s for %s", rname, foo.ename, foo.name)
}
}
})
}
}

14
core/pkg/ingress/controller/controller.go
View file

@ -713,6 +713,10 @@ func (ic *GenericController) getBackendServers() ([]*ingress.Backend, []*ingress
// GetAuthCertificate ... // GetAuthCertificate ...
func (ic GenericController) GetAuthCertificate(secretName string) (*resolver.AuthSSLCert, error) { func (ic GenericController) GetAuthCertificate(secretName string) (*resolver.AuthSSLCert, error) {
if _, exists := ic.secretTracker.Get(secretName); !exists {
ic.secretTracker.Add(secretName, secretName)
}
_, err := ic.GetSecret(secretName) _, err := ic.GetSecret(secretName)
if err != nil { if err != nil {
return &resolver.AuthSSLCert{}, fmt.Errorf("unexpected error: %v", err) return &resolver.AuthSSLCert{}, fmt.Errorf("unexpected error: %v", err)
@ -1114,16 +1118,6 @@ func (ic *GenericController) getEndpoints(
// extractSecretNames extracts information about secrets inside the Ingress rule // extractSecretNames extracts information about secrets inside the Ingress rule
func (ic GenericController) extractSecretNames(ing *extensions.Ingress) { func (ic GenericController) extractSecretNames(ing *extensions.Ingress) {
if ic.annotations.ContainsCertificateAuth(ing) {
key, _ := parser.GetStringAnnotation("ingress.kubernetes.io/auth-tls-secret", ing)
if key != "" {
_, exists := ic.secretTracker.Get(key)
if !exists {
ic.secretTracker.Add(key, key)
}
}
}
for _, tls := range ing.Spec.TLS { for _, tls := range ing.Spec.TLS {
if tls.SecretName == "" { if tls.SecretName == "" {
continue continue