Skip to content

Commit

Permalink
enable setup common name whitelist for tls checking
Browse files Browse the repository at this point in the history 
Signed-off-by: Frank Yang <[email protected]>
  • Loading branch information
@yyb196
yyb196 committed Apr 3, 2018
1 parent 5f1ce33 commit f2a4b42
Showing 1 changed file with 25 additions and 8 deletions.
33 changes: 25 additions & 8 deletions apis/server/server.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ import (
"net/http"
"os"
"strings"
"sync"
"syscall"

"github.com/alibaba/pouch/apis/plugins"
Expand All @@ -19,14 +20,16 @@ import (

// Server is a http server which serves restful api to client.
type Server struct {
Config *config.Config
ContainerMgr mgr.ContainerMgr
SystemMgr mgr.SystemMgr
ImageMgr mgr.ImageMgr
VolumeMgr mgr.VolumeMgr
NetworkMgr mgr.NetworkMgr
listeners []net.Listener
ContainerPlugin plugins.ContainerPlugin
Config *config.Config
ContainerMgr mgr.ContainerMgr
SystemMgr mgr.SystemMgr
ImageMgr mgr.ImageMgr
VolumeMgr mgr.VolumeMgr
NetworkMgr mgr.NetworkMgr
listeners []net.Listener
ContainerPlugin plugins.ContainerPlugin
ManagerWhiteList map[string]struct{}
lock sync.RWMutex
}

// Start setup route table and listen to specified address which currently only supports unix socket and tcp address.
Expand All @@ -51,6 +54,7 @@ func (s *Server) Start() (err error) {
if s.Config.TLS.VerifyRemote {
tlsConfig.ClientAuth = tls.RequireAndVerifyClientCert
}
SetupManagerWhitelist(s)
}

for _, one := range s.Config.Listen {
Expand All @@ -70,6 +74,19 @@ func (s *Server) Start() (err error) {
return <-errCh
}

// SetupManagerWhitelist enables users to setup which common name can access this server
func SetupManagerWhitelist(server *Server) {
if server.Config.TLS.ManagerWhiteList != "" {
server.lock.Lock()
defer server.lock.Unlock()
arr := strings.Split(server.Config.TLS.ManagerWhiteList, ",")
server.ManagerWhiteList = make(map[string]struct{}, len(arr))
for _, cn := range arr {
server.ManagerWhiteList[cn] = struct{}{}
}
}
}

// Stop will shutdown http server by closing all listeners.
func (s *Server) Stop() error {
for _, one := range s.listeners {
Expand Down

0 comments on commit f2a4b42

Please sign in to comment.