github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2026-01-04 15:05:20 +00:00
Code Issues Projects Releases Wiki Activity

Basic TLS support.

Browse Source
This commit is contained in:
Prashanth Balasubramanian
2016-01-16 16:06:40 -08:00
parent 87fbfdc953
commit c56bebf594
17 changed files with 8683 additions and 7494 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
pkg/apis/extensions/validation/validation.go
View File

@@ -459,6 +459,20 @@ func ValidateIngressName(name string, prefix bool) (bool, string) {
return apivalidation.NameIsDNSSubdomain(name, prefix)
}
func validateIngressTLS(spec *extensions.IngressSpec, fldPath *field.Path) field.ErrorList {
allErrs := field.ErrorList{}
// Currently the Ingress only supports HTTP(S), so a secretName is required.
// This will not be the case if we support SSL routing at L4 via SNI.
for i, t := range spec.TLS {
if t.SecretName == "" {
allErrs = append(allErrs, field.Required(fldPath.Index(i).Child("secretName"), spec.TLS[i].SecretName))
}
}
// TODO: Perform a more thorough validation of spec.TLS.Hosts that takes
// the wildcard spec from RFC 6125 into account.
return allErrs
}
// ValidateIngressSpec tests if required fields in the IngressSpec are set.
func ValidateIngressSpec(spec *extensions.IngressSpec, fldPath *field.Path) field.ErrorList {
allErrs := field.ErrorList{}
@@ -471,6 +485,9 @@ func ValidateIngressSpec(spec *extensions.IngressSpec, fldPath *field.Path) fiel
if len(spec.Rules) > 0 {
allErrs = append(allErrs, validateIngressRules(spec.Rules, fldPath.Child("rules"))...)
}
if len(spec.TLS) > 0 {
allErrs = append(allErrs, validateIngressTLS(spec, fldPath.Child("tls"))...)
}
return allErrs
}

3
pkg/apis/extensions/validation/validation_test.go
View File

@@ -1211,6 +1211,8 @@ func TestValidateIngress(t *testing.T) {
badHostIP := newValid()
badHostIP.Spec.Rules[0].Host = hostIP
badHostIPErr := fmt.Sprintf("spec.rules[0].host: Invalid value: '%v'", hostIP)
noSecretName := newValid()
noSecretName.Spec.TLS = []extensions.IngressTLS{{SecretName: ""}}
errorCases := map[string]extensions.Ingress{
"spec.backend.serviceName: Required value": servicelessBackend,
@@ -1219,6 +1221,7 @@ func TestValidateIngress(t *testing.T) {
"spec.rules[0].host: Invalid value": badHost,
"spec.rules[0].http.paths: Required value": noPaths,
"spec.rules[0].http.paths[0].path: Invalid value": noForwardSlashPath,
"spec.tls[0].secretName: Required value": noSecretName,
}
errorCases[badPathErr] = badRegexPath
errorCases[badHostIPErr] = badHostIP