Enabling per-location proxy-ssl parameters, so locations of the same server but with own unique Ingress definitions can have different SSL configs

2019-10-17 09:23:42 +02:00 · 2019-10-17 09:23:42 +02:00 · 37fe9c9876
commit 37fe9c9876
parent a6815c36aa
5 changed files with 29 additions and 18 deletions
--- a/internal/ingress/controller/store/backend_ssl.go
+++ b/internal/ingress/controller/store/backend_ssl.go
@ -104,17 +104,19 @@ func (s *k8sStore) getPemCertificate(secretName string) (*ingress.SSLCert, error
 			return nil, fmt.Errorf("unexpected error creating SSL Cert: %v", err)
 		}

+		path, err := ssl.StoreSSLCertOnDisk(nsSecName, sslCert)
+		if err != nil {
+			return nil, fmt.Errorf("error while storing certificate and key: %v", err)
+		}
+
+		sslCert.PemFileName = path
+
 		if len(ca) > 0 {
 			caCert, err := ssl.CheckCACert(ca)
 			if err != nil {
 				return nil, fmt.Errorf("parsing CA certificate: %v", err)
 			}

-			path, err := ssl.StoreSSLCertOnDisk(nsSecName, sslCert)
-			if err != nil {
-				return nil, fmt.Errorf("error while storing certificate and key: %v", err)
-			}
-
 			sslCert.CACertificate = caCert
 			sslCert.CAFileName = path
 			sslCert.CASHA = file.SHA1(path)
--- a/internal/ingress/controller/store/store.go
+++ b/internal/ingress/controller/store/store.go
@ -843,6 +843,7 @@ func (s *k8sStore) GetAuthCertificate(name string) (*resolver.AuthSSLCert, error
 		CASHA:       cert.CASHA,
 		CRLFileName: cert.CRLFileName,
 		CRLSHA:      cert.CRLSHA,
+		PemFileName: cert.PemFileName,
 	}, nil
 }