func autoConvert_v1_TLSConfig_To_api_TLSConfig(in *TLSConfig, out *api.TLSConfig, s conversion.Scope) error {
out.Termination = api.TLSTerminationType(in.Termination)
out.Certificate = in.Certificate
out.Key = in.Key
out.CACertificate = in.CACertificate
out.DestinationCACertificate = in.DestinationCACertificate
out.InsecureEdgeTerminationPolicy = api.InsecureEdgeTerminationPolicyType(in.InsecureEdgeTerminationPolicy)
return nil
}
func autoConvert_v1_TLSConfig_To_api_TLSConfig(in *TLSConfig, out *route_api.TLSConfig, s conversion.Scope) error {
if defaulting, found := s.DefaultingInterface(reflect.TypeOf(*in)); found {
defaulting.(func(*TLSConfig))(in)
}
out.Termination = route_api.TLSTerminationType(in.Termination)
out.Certificate = in.Certificate
out.Key = in.Key
out.CACertificate = in.CACertificate
out.DestinationCACertificate = in.DestinationCACertificate
out.InsecureEdgeTerminationPolicy = route_api.InsecureEdgeTerminationPolicyType(in.InsecureEdgeTerminationPolicy)
return nil
}
// CreateEdgeRoute implements the behavior to run the create edge route command.
func CreateEdgeRoute(f *clientcmd.Factory, out io.Writer, cmd *cobra.Command, args []string) error {
oc, kc, err := f.Clients()
if err != nil {
return err
}
ns, _, err := f.DefaultNamespace()
if err != nil {
return err
}
serviceName, err := resolveServiceName(f, kcmdutil.GetFlagString(cmd, "service"))
if err != nil {
return err
}
routeName, err := resolveRouteName(args)
if err != nil {
return err
}
route, err := cmdutil.UnsecuredRoute(kc, ns, routeName, serviceName, kcmdutil.GetFlagString(cmd, "port"))
if err != nil {
return err
}
route.Spec.Host = kcmdutil.GetFlagString(cmd, "hostname")
route.Spec.Path = kcmdutil.GetFlagString(cmd, "path")
route.Spec.TLS = new(api.TLSConfig)
route.Spec.TLS.Termination = api.TLSTerminationEdge
cert, err := fileutil.LoadData(kcmdutil.GetFlagString(cmd, "cert"))
if err != nil {
return err
}
route.Spec.TLS.Certificate = string(cert)
key, err := fileutil.LoadData(kcmdutil.GetFlagString(cmd, "key"))
if err != nil {
return err
}
route.Spec.TLS.Key = string(key)
caCert, err := fileutil.LoadData(kcmdutil.GetFlagString(cmd, "ca-cert"))
if err != nil {
return err
}
route.Spec.TLS.CACertificate = string(caCert)
insecurePolicy := kcmdutil.GetFlagString(cmd, "insecure-policy")
if len(insecurePolicy) > 0 {
route.Spec.TLS.InsecureEdgeTerminationPolicy = api.InsecureEdgeTerminationPolicyType(insecurePolicy)
}
dryRun := kcmdutil.GetFlagBool(cmd, "dry-run")
actualRoute := route
if !dryRun {
actualRoute, err = oc.Routes(ns).Create(route)
if err != nil {
return err
}
}
mapper, typer := f.Object(false)
resourceMapper := &resource.Mapper{
ObjectTyper: typer,
RESTMapper: mapper,
ClientMapper: resource.ClientMapperFunc(f.ClientForMapping),
}
info, err := resourceMapper.InfoForObject(actualRoute, nil)
if err != nil {
return err
}
created := "created"
if dryRun {
created = "created (DRY RUN)"
}
shortOutput := kcmdutil.GetFlagString(cmd, "output") == "name"
kcmdutil.PrintSuccess(mapper, shortOutput, out, info.Mapping.Resource, info.Name, created)
return nil
}
// TestAddRouteEdgeTerminationInsecurePolicy tests adding an insecure edge
// terminated routes to a service unit
func TestAddRouteEdgeTerminationInsecurePolicy(t *testing.T) {
router := NewFakeTemplateRouter()
testCases := []struct {
Name string
InsecurePolicy routeapi.InsecureEdgeTerminationPolicyType
}{
{
Name: "none",
InsecurePolicy: routeapi.InsecureEdgeTerminationPolicyNone,
},
{
Name: "allow",
InsecurePolicy: routeapi.InsecureEdgeTerminationPolicyAllow,
},
{
Name: "redirect",
InsecurePolicy: routeapi.InsecureEdgeTerminationPolicyRedirect,
},
{
Name: "httpsec",
InsecurePolicy: routeapi.InsecureEdgeTerminationPolicyType("httpsec"),
},
{
Name: "hsts",
InsecurePolicy: routeapi.InsecureEdgeTerminationPolicyType("hsts"),
},
}
for _, tc := range testCases {
route := &routeapi.Route{
ObjectMeta: kapi.ObjectMeta{
Namespace: "foo",
Name: tc.Name,
},
Spec: routeapi.RouteSpec{
Host: fmt.Sprintf("%s-host", tc.Name),
Path: "path",
TLS: &routeapi.TLSConfig{
Termination: routeapi.TLSTerminationEdge,
Certificate: "abc",
Key: "def",
CACertificate: "ghi",
DestinationCACertificate: "jkl",
InsecureEdgeTerminationPolicy: tc.InsecurePolicy,
},
},
}
suKey := fmt.Sprintf("%s-test", tc.Name)
router.CreateServiceUnit(suKey)
// add route always returns true
added := router.AddRoute(suKey, 100, route, route.Spec.Host)
if !added {
t.Fatalf("InsecureEdgeTerminationPolicy test %s: expected AddRoute to return true but got false", tc.Name)
}
_, ok := router.FindServiceUnit(suKey)
if !ok {
t.Errorf("InsecureEdgeTerminationPolicy test %s: unable to find created service unit %s",
tc.Name, suKey)
} else {
routeKey := router.routeKey(route)
saCfg, ok := router.state[routeKey]
if !ok {
t.Errorf("InsecureEdgeTerminationPolicy test %s: unable to find created service alias config for route %s",
tc.Name, routeKey)
} else {
if saCfg.Host != route.Spec.Host || saCfg.Path != route.Spec.Path || !compareTLS(route, saCfg, t) || saCfg.InsecureEdgeTerminationPolicy != tc.InsecurePolicy {
t.Errorf("InsecureEdgeTerminationPolicy test %s: route %v did not match serivce alias config %v",
tc.Name, route, saCfg)
}
}
}
}
}