DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

In case of TLS errors do not allow traffic (#2146)

Browse source
This commit is contained in:
Manuel Alejandro de Brito Fontes 2018-02-25 17:20:14 -03:00 committed by GitHub
parent 216fe01a07
commit 3c67976969
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 23 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

8
internal/ingress/annotations/annotations.go
View file

@ -150,6 +150,14 @@ func (e Extractor) Extract(ing *extensions.Ingress) *Ingress {
continue
}
if name == "CertificateAuth" && data[name] == nil {
data[name] = authtls.Config{
AuthTLSError: err.Error(),
}
// avoid mapping the result from the annotation
val = nil
}
_, alreadyDenied := data[DeniedKeyName]
if !alreadyDenied {
data[DeniedKeyName] = err

6
internal/ingress/annotations/authtls/main.go
View file

@ -45,6 +45,7 @@ type Config struct {
ValidationDepth int `json:"validationDepth"`
ErrorPage string `json:"errorPage"`
PassCertToUpstream bool `json:"passCertToUpstream"`
AuthTLSError string
}
// Equal tests for equality between two Config types
@ -113,9 +114,8 @@ func (a authTLS) Parse(ing *extensions.Ingress) (interface{}, error) {
authCert, err := a.r.GetAuthCertificate(tlsauthsecret)
if err != nil {
return &Config{}, ing_errors.LocationDenied{
Reason: errors.Wrap(err, "error obtaining certificate"),
}
e := errors.Wrap(err, "error obtaining certificate")
return &Config{}, ing_errors.LocationDenied{Reason: e}
}
errorpage, err := parser.GetStringAnnotation("auth-tls-error-page", ing)