func autoConvert_v1_TLSConfig_To_api_TLSConfig(in *TLSConfig, out *api.TLSConfig, s conversion.Scope) error {
	out.Termination = api.TLSTerminationType(in.Termination)
	out.Certificate = in.Certificate
	out.Key = in.Key
	out.CACertificate = in.CACertificate
	out.DestinationCACertificate = in.DestinationCACertificate
	out.InsecureEdgeTerminationPolicy = api.InsecureEdgeTerminationPolicyType(in.InsecureEdgeTerminationPolicy)
	return nil
}
Esempio n. 2
0
func autoConvert_v1_TLSConfig_To_api_TLSConfig(in *TLSConfig, out *route_api.TLSConfig, s conversion.Scope) error {
	if defaulting, found := s.DefaultingInterface(reflect.TypeOf(*in)); found {
		defaulting.(func(*TLSConfig))(in)
	}
	out.Termination = route_api.TLSTerminationType(in.Termination)
	out.Certificate = in.Certificate
	out.Key = in.Key
	out.CACertificate = in.CACertificate
	out.DestinationCACertificate = in.DestinationCACertificate
	out.InsecureEdgeTerminationPolicy = route_api.InsecureEdgeTerminationPolicyType(in.InsecureEdgeTerminationPolicy)
	return nil
}
Esempio n. 3
0
// CreateEdgeRoute implements the behavior to run the create edge route command.
func CreateEdgeRoute(f *clientcmd.Factory, out io.Writer, cmd *cobra.Command, args []string) error {
	oc, kc, err := f.Clients()
	if err != nil {
		return err
	}
	ns, _, err := f.DefaultNamespace()
	if err != nil {
		return err
	}
	serviceName, err := resolveServiceName(f, kcmdutil.GetFlagString(cmd, "service"))
	if err != nil {
		return err
	}
	routeName, err := resolveRouteName(args)
	if err != nil {
		return err
	}
	route, err := cmdutil.UnsecuredRoute(kc, ns, routeName, serviceName, kcmdutil.GetFlagString(cmd, "port"))
	if err != nil {
		return err
	}

	route.Spec.Host = kcmdutil.GetFlagString(cmd, "hostname")
	route.Spec.Path = kcmdutil.GetFlagString(cmd, "path")

	route.Spec.TLS = new(api.TLSConfig)
	route.Spec.TLS.Termination = api.TLSTerminationEdge
	cert, err := fileutil.LoadData(kcmdutil.GetFlagString(cmd, "cert"))
	if err != nil {
		return err
	}
	route.Spec.TLS.Certificate = string(cert)
	key, err := fileutil.LoadData(kcmdutil.GetFlagString(cmd, "key"))
	if err != nil {
		return err
	}
	route.Spec.TLS.Key = string(key)
	caCert, err := fileutil.LoadData(kcmdutil.GetFlagString(cmd, "ca-cert"))
	if err != nil {
		return err
	}
	route.Spec.TLS.CACertificate = string(caCert)

	insecurePolicy := kcmdutil.GetFlagString(cmd, "insecure-policy")
	if len(insecurePolicy) > 0 {
		route.Spec.TLS.InsecureEdgeTerminationPolicy = api.InsecureEdgeTerminationPolicyType(insecurePolicy)
	}

	dryRun := kcmdutil.GetFlagBool(cmd, "dry-run")
	actualRoute := route

	if !dryRun {
		actualRoute, err = oc.Routes(ns).Create(route)
		if err != nil {
			return err
		}
	}

	mapper, typer := f.Object(false)
	resourceMapper := &resource.Mapper{
		ObjectTyper:  typer,
		RESTMapper:   mapper,
		ClientMapper: resource.ClientMapperFunc(f.ClientForMapping),
	}
	info, err := resourceMapper.InfoForObject(actualRoute, nil)
	if err != nil {
		return err
	}

	created := "created"
	if dryRun {
		created = "created (DRY RUN)"
	}

	shortOutput := kcmdutil.GetFlagString(cmd, "output") == "name"
	kcmdutil.PrintSuccess(mapper, shortOutput, out, info.Mapping.Resource, info.Name, created)
	return nil
}
Esempio n. 4
0
// TestAddRouteEdgeTerminationInsecurePolicy tests adding an insecure edge
// terminated routes to a service unit
func TestAddRouteEdgeTerminationInsecurePolicy(t *testing.T) {
	router := NewFakeTemplateRouter()

	testCases := []struct {
		Name           string
		InsecurePolicy routeapi.InsecureEdgeTerminationPolicyType
	}{
		{
			Name:           "none",
			InsecurePolicy: routeapi.InsecureEdgeTerminationPolicyNone,
		},
		{
			Name:           "allow",
			InsecurePolicy: routeapi.InsecureEdgeTerminationPolicyAllow,
		},
		{
			Name:           "redirect",
			InsecurePolicy: routeapi.InsecureEdgeTerminationPolicyRedirect,
		},
		{
			Name:           "httpsec",
			InsecurePolicy: routeapi.InsecureEdgeTerminationPolicyType("httpsec"),
		},
		{
			Name:           "hsts",
			InsecurePolicy: routeapi.InsecureEdgeTerminationPolicyType("hsts"),
		},
	}

	for _, tc := range testCases {
		route := &routeapi.Route{
			ObjectMeta: kapi.ObjectMeta{
				Namespace: "foo",
				Name:      tc.Name,
			},
			Spec: routeapi.RouteSpec{
				Host: fmt.Sprintf("%s-host", tc.Name),
				Path: "path",
				TLS: &routeapi.TLSConfig{
					Termination:                   routeapi.TLSTerminationEdge,
					Certificate:                   "abc",
					Key:                           "def",
					CACertificate:                 "ghi",
					DestinationCACertificate:      "jkl",
					InsecureEdgeTerminationPolicy: tc.InsecurePolicy,
				},
			},
		}

		suKey := fmt.Sprintf("%s-test", tc.Name)
		router.CreateServiceUnit(suKey)

		// add route always returns true
		added := router.AddRoute(suKey, 100, route, route.Spec.Host)
		if !added {
			t.Fatalf("InsecureEdgeTerminationPolicy test %s: expected AddRoute to return true but got false", tc.Name)
		}

		_, ok := router.FindServiceUnit(suKey)

		if !ok {
			t.Errorf("InsecureEdgeTerminationPolicy test %s: unable to find created service unit %s",
				tc.Name, suKey)
		} else {
			routeKey := router.routeKey(route)
			saCfg, ok := router.state[routeKey]

			if !ok {
				t.Errorf("InsecureEdgeTerminationPolicy test %s: unable to find created service alias config for route %s",
					tc.Name, routeKey)
			} else {
				if saCfg.Host != route.Spec.Host || saCfg.Path != route.Spec.Path || !compareTLS(route, saCfg, t) || saCfg.InsecureEdgeTerminationPolicy != tc.InsecurePolicy {
					t.Errorf("InsecureEdgeTerminationPolicy test %s: route %v did not match serivce alias config %v",
						tc.Name, route, saCfg)
				}
			}
		}
	}
}