Fix interface duplication

kubernetes · Jan 12, 2017 · 8191245 · 8191245
1 parent 9085e24
commit 8191245
Show file tree

Hide file tree

Showing 6 changed files with 37 additions and 35 deletions.
diff --git a/core/pkg/ingress/annotations/authtls/main.go b/core/pkg/ingress/annotations/authtls/main.go
@@ -21,6 +21,7 @@ import (
 
 	"k8s.io/ingress/core/pkg/ingress/annotations/parser"
 	ing_errors "k8s.io/ingress/core/pkg/ingress/errors"
+	"k8s.io/ingress/core/pkg/ingress/resolver"
 	"k8s.io/ingress/core/pkg/k8s"
 )
 
@@ -29,28 +30,12 @@ const (
 	authTLSSecret = "ingress.kubernetes.io/auth-tls-secret"
 )
 
-// AuthCertificate has a method that searchs for a secret
-// that contains a SSL certificate.
-// The secret must contain 3 keys named:
-type AuthCertificate interface {
-	GetAuthCertificate(string) (*SSLCert, error)
-}
-
-// SSLCert returns external authentication configuration for an Ingress rule
-type SSLCert struct {
-	Secret       string `json:"secret"`
-	CertFileName string `json:"certFilename"`
-	KeyFileName  string `json:"keyFilename"`
-	CAFileName   string `json:"caFilename"`
-	PemSHA       string `json:"pemSha"`
-}
-
 type authTLS struct {
-	certResolver AuthCertificate
+	certResolver resolver.AuthCertificate
 }
 
 // NewParser creates a new TLS authentication annotation parser
-func NewParser(resolver AuthCertificate) parser.IngressAnnotation {
+func NewParser(resolver resolver.AuthCertificate) parser.IngressAnnotation {
 	return authTLS{resolver}
 }
 

diff --git a/core/pkg/ingress/controller/annotations_test.go b/core/pkg/ingress/controller/annotations_test.go
@@ -23,8 +23,8 @@ import (
 	"k8s.io/kubernetes/pkg/apis/extensions"
 	"k8s.io/kubernetes/pkg/util/intstr"
 
-	"k8s.io/ingress/core/pkg/ingress/annotations/authtls"
 	"k8s.io/ingress/core/pkg/ingress/defaults"
+	"k8s.io/ingress/core/pkg/ingress/resolver"
 )
 
 type mockCfg struct {
@@ -38,7 +38,7 @@ func (m mockCfg) GetSecret(string) (*api.Secret, error) {
 	return nil, nil
 }
 
-func (m mockCfg) GetAuthCertificate(string) (*authtls.SSLCert, error) {
+func (m mockCfg) GetAuthCertificate(string) (*resolver.AuthSSLCert, error) {
 	return nil, nil
 }
 

diff --git a/core/pkg/ingress/controller/controller.go b/core/pkg/ingress/controller/controller.go
@@ -39,11 +39,11 @@ import (
 
 	cache_store "k8s.io/ingress/core/pkg/cache"
 	"k8s.io/ingress/core/pkg/ingress"
-	"k8s.io/ingress/core/pkg/ingress/annotations/authtls"
 	"k8s.io/ingress/core/pkg/ingress/annotations/healthcheck"
 	"k8s.io/ingress/core/pkg/ingress/annotations/proxy"
 	"k8s.io/ingress/core/pkg/ingress/annotations/service"
 	"k8s.io/ingress/core/pkg/ingress/defaults"
+	"k8s.io/ingress/core/pkg/ingress/resolver"
 	"k8s.io/ingress/core/pkg/ingress/status"
 	"k8s.io/ingress/core/pkg/k8s"
 	local_strings "k8s.io/ingress/core/pkg/strings"
@@ -668,13 +668,13 @@ func (ic *GenericController) getBackendServers() ([]*ingress.Backend, []*ingress
 }
 
 // GetAuthCertificate ...
-func (ic GenericController) GetAuthCertificate(secretName string) (*authtls.SSLCert, error) {
+func (ic GenericController) GetAuthCertificate(secretName string) (*resolver.AuthSSLCert, error) {
 	bc, exists := ic.sslCertTracker.Get(secretName)
 	if !exists {
-		return &authtls.SSLCert{}, fmt.Errorf("secret %v does not exists", secretName)
+		return &resolver.AuthSSLCert{}, fmt.Errorf("secret %v does not exists", secretName)
 	}
 	cert := bc.(*ingress.SSLCert)
-	return &authtls.SSLCert{
+	return &resolver.AuthSSLCert{
 		Secret:       secretName,
 		CertFileName: cert.PemFileName,
 		CAFileName:   cert.CAFileName,

diff --git a/core/pkg/ingress/controller/util.go b/core/pkg/ingress/controller/util.go
@@ -28,6 +28,9 @@ import (
 	"k8s.io/ingress/core/pkg/ingress/annotations/parser"
 )
 
+// DeniedKeyName name of the key that contains the reason to deny a location
+const DeniedKeyName = "Denied"
+
 // newDefaultServer return an BackendServer to be use as default server that returns 503.
 func newDefaultServer() ingress.Endpoint {
 	return ingress.Endpoint{Address: "127.0.0.1", Port: "8181"}
@@ -97,13 +100,11 @@ func IsValidClass(ing *extensions.Ingress, class string) bool {
 	return cc == class
 }
 
-const denied = "Denied"
-
 func mergeLocationAnnotations(loc *ingress.Location, anns map[string]interface{}) {
-	if _, ok := anns[denied]; ok {
-		loc.Denied = anns[denied].(error)
+	if _, ok := anns[DeniedKeyName]; ok {
+		loc.Denied = anns[DeniedKeyName].(error)
 	}
-	delete(anns, denied)
+	delete(anns, DeniedKeyName)
 	err := mergo.Map(loc, anns)
 	if err != nil {
 		glog.Errorf("unexpected error merging extracted annotations in location type: %v", err)

diff --git a/core/pkg/ingress/resolver/main.go b/core/pkg/ingress/resolver/main.go
@@ -19,7 +19,6 @@ package resolver
 import (
 	"k8s.io/kubernetes/pkg/api"
 
-	"k8s.io/ingress/core/pkg/ingress/annotations/authtls"
 	"k8s.io/ingress/core/pkg/ingress/defaults"
 )
 
@@ -35,9 +34,26 @@ type Secret interface {
 	GetSecret(string) (*api.Secret, error)
 }
 
-// AuthCertificate has a method that searchs for a secret
-// that contains a SSL certificate.
+// AuthCertificate resolves a given secret name into an SSL certificate.
 // The secret must contain 3 keys named:
+//   ca.crt: contains the certificate chain used for authentication
+//   tls.crt: (ignored) contains the tls certificate chain, or any other valid base64 data
+//   tls.key: (ignored) contains the tls secret key, or any other valid base64 data
 type AuthCertificate interface {
-	GetAuthCertificate(string) (*authtls.SSLCert, error)
+	GetAuthCertificate(string) (*AuthSSLCert, error)
+}
+
+// AuthSSLCert contains the necessary information to do certificate based
+// authentication of an ingress location
+type AuthSSLCert struct {
+	// Secret contains the name of the secret this was fetched from
+	Secret string `json:"secret"`
+	// CertFileName contains the filename the secret's 'tls.crt' was saved to
+	CertFileName string `json:"certFilename"`
+	// KeyFileName contains the path the secret's 'tls.key'
+	KeyFileName string `json:"keyFilename"`
+	// CAFileName contains the path to the secrets 'ca.crt'
+	CAFileName string `json:"caFilename"`
+	// PemSHA contains the SHA1 hash of the 'tls.crt' value
+	PemSHA string `json:"pemSha"`
 }
diff --git a/core/pkg/ingress/types.go b/core/pkg/ingress/types.go
@@ -22,12 +22,12 @@ import (
 
 	"k8s.io/ingress/core/pkg/ingress/annotations/auth"
 	"k8s.io/ingress/core/pkg/ingress/annotations/authreq"
-	"k8s.io/ingress/core/pkg/ingress/annotations/authtls"
 	"k8s.io/ingress/core/pkg/ingress/annotations/ipwhitelist"
 	"k8s.io/ingress/core/pkg/ingress/annotations/proxy"
 	"k8s.io/ingress/core/pkg/ingress/annotations/ratelimit"
 	"k8s.io/ingress/core/pkg/ingress/annotations/rewrite"
 	"k8s.io/ingress/core/pkg/ingress/defaults"
+	"k8s.io/ingress/core/pkg/ingress/resolver"
 )
 
 var (
@@ -232,7 +232,7 @@ type Location struct {
 	// CertificateAuth indicates the access to this location requires
 	// external authentication
 	// +optional
-	CertificateAuth authtls.SSLCert `json:"certificateAuth,omitempty"`
+	CertificateAuth resolver.AuthSSLCert `json:"certificateAuth,omitempty"`
 }
 
 // SSLPassthroughBackend describes a SSL upstream server configured