Implement insecureEdgeTermination options for reencrypt and pasthrough routes #11953
Conversation
|
@openshift/networking PTAL |
|
Also, I presume there are docs that need to be updated too? |
| if _, ok := allowedValues[tls.InsecureEdgeTerminationPolicy]; !ok { | ||
| msg := fmt.Sprintf("invalid value for InsecureEdgeTerminationPolicy option, acceptable values are %s, %s, %s, or empty", routeapi.InsecureEdgeTerminationPolicyNone, routeapi.InsecureEdgeTerminationPolicyAllow, routeapi.InsecureEdgeTerminationPolicyRedirect) | ||
| return field.Invalid(fldPath, tls.InsecureEdgeTerminationPolicy, msg) | ||
| if routeapi.TLSTerminationEdge == tls.Termination || routeapi.TLSTerminationReencrypt == tls.Termination { |
There was a problem hiding this comment.
Style: Make this a switch statement on the termination field
JacobTanenbaum
force-pushed
the
v2Reencrypt-redirect
branch
from
9f54841 to
c68e954
Compare
| if _, ok := allowedValues[tls.InsecureEdgeTerminationPolicy]; !ok { | ||
| msg := fmt.Sprintf("invalid value for InsecureEdgeTerminationPolicy option, acceptable values are %s, %s, %s, or empty", routeapi.InsecureEdgeTerminationPolicyNone, routeapi.InsecureEdgeTerminationPolicyAllow, routeapi.InsecureEdgeTerminationPolicyRedirect) | ||
| return field.Invalid(fldPath, tls.InsecureEdgeTerminationPolicy, msg) | ||
| switch tls.Termination { |
There was a problem hiding this comment.
Consider updating the unit test for this function to ensure against regression.
There was a problem hiding this comment.
@marun updated the unit test
| @@ -1055,7 +1055,7 @@ func TestValidateTLS(t *testing.T) { | |||
| } | |||
| } | |||
|
|
|||
| func TestValidateTLSInsecureEdgeTerminationPolicy(t *testing.T) { | |||
| func TestValidatePassthroughInsecureEdgeTerminationPolicy(t *testing.T) { | |||
There was a problem hiding this comment.
I think your intent is reasonable here, but I think it is confusing to use a test table to define the single route used in each iteration of the test loop. Consider creating the route in the loop instead and getting ride of tests.
|
And are there docs we need to update? |
|
LGTM |
|
@marun are you good with the test case he added? |
|
@marun did I implement the kind of testing you where looking for? |
|
LGTM [test] |
routes reencrypt routes work the same as edge routes with Allow, Redirect, and None passthrough routes are only allowed Redirect or none change the name of the haproxy acl's and map files to makes sense map files os_edge_http_redirect -> os_route_http_redirect os_edge_http_expose -> os_route_http_expose acls edge_http_expose -> route_http_expose wildcard_edge_http_expose -> wildcard_route_http_expose
JacobTanenbaum
force-pushed
the
v2Reencrypt-redirect
branch
from
5d02f39 to
38c0198
Compare
|
[merge] |
|
[test] epel yum install failed |
|
Evaluated for origin test up to 38c0198 |
|
continuous-integration/openshift-jenkins/test SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pr_origin/11834/) (Base Commit: 166273b) |
|
continuous-integration/openshift-jenkins/merge SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pr_origin/11834/) (Image: devenv-rhel7_5458) |
|
[merge] Last flaked on #11004 (https://ci.openshift.redhat.com/jenkins/job/test_pr_origin/11848/) |
|
Evaluated for origin merge up to 38c0198 |
knobunc
changed the title
reencrypt routes work the same as edge routes with Allow, Redirect, and
None
passthrough routes are only allowed Redirect or None
change the name of the haproxy acl's and map files to makes sense
map files
os_edge_http_redirect -> os_route_http_redirect
os_edge_http_expose -> os_route_http_expose
acls
edge_http_expose -> route_http_expose
wildcard_edge_http_expose -> wildcard_route_http_expose
git issue: 11547
bug: 1317159 Link
docs: PR3244