Skip to content

Commit

Permalink
Merge pull request #354 from kotalco/tls-configuration
Browse files Browse the repository at this point in the history
fix:tls configuration for letsencrypt and secret
  • Loading branch information
mFarghaly authored May 2, 2024
2 parents 8de50f5 + 8ba76cb commit 05f3594
Show file tree
Hide file tree
Showing 6 changed files with 40 additions and 12 deletions.
5 changes: 5 additions & 0 deletions api/handler/endpoint/handler_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -83,13 +83,18 @@ var (
settingConfigureDomainFunc func(dto *setting.ConfigureDomainRequestDto) restErrors.IRestErr
settingIsDomainConfiguredFunc func() bool
settingConfigureRegistrationFunc func(dto *setting.ConfigureRegistrationRequestDto) restErrors.IRestErr
settingGetDomainFunc func() (string, restErrors.IRestErr)
settingIsRegistrationEnabledFunc func() bool
settingConfigureActivationKeyFunc func(key string) restErrors.IRestErr
settingGetActivationKeyFunc func() (string, restErrors.IRestErr)
)

type settingServiceMock struct{}

func (s settingServiceMock) GetDomain() (string, restErrors.IRestErr) {
return settingGetDomainFunc()
}

func (s settingServiceMock) ConfigureActivationKey(key string) restErrors.IRestErr {
return settingConfigureActivationKeyFunc(key)
}
Expand Down
14 changes: 10 additions & 4 deletions api/handler/setting/handler.go
Original file line number Diff line number Diff line change
Expand Up @@ -106,7 +106,7 @@ func ConfigureDomain(c *fiber.Ctx) error {
}

//configure lets encrypt
restErr = tlsCertificateService.ConfigureLetsEncrypt(setting.KotalLetsEncryptResolverName, userDetails.Email)
restErr = tlsCertificateService.ConfigureLetsEncrypt(dto.Domain, setting.KotalLetsEncryptResolverName, userDetails.Email)
if restErr != nil {
logger.Error("CONFIGURE_TLS", restErr)
sqlclient.Rollback(txHandle)
Expand Down Expand Up @@ -148,8 +148,14 @@ func ConfigureTLS(c *fiber.Ctx) error {
if restErr != nil {
return c.Status(restErr.StatusCode()).JSON(restErr)
}
//get domain
mainDomain, restErr := settingService.GetDomain()
if restErr != nil {
return c.Status(restErr.StatusCode()).JSON(restErr)
}

//Sets LetsEncrypt static Configuration
restErr = tlsCertificateService.ConfigureLetsEncrypt(setting.KotalLetsEncryptResolverName, userDetails.Email)
restErr = tlsCertificateService.ConfigureLetsEncrypt(mainDomain, setting.KotalLetsEncryptResolverName, userDetails.Email)
if restErr != nil {
logger.Error("CONFIGURE_TLS", restErr)
return c.Status(restErr.StatusCode()).JSON(restErr)
Expand Down Expand Up @@ -178,12 +184,12 @@ func ConfigureTLS(c *fiber.Ctx) error {
return c.Status(badReq.StatusCode()).JSON(badReq)
}

_ = secretService.Delete(setting.CustomTLSSecretName, config.Environment.KotalNamespace)
_ = secretService.Delete(setting.CustomTLSSecretName, config.Environment.TraefikNamespace)

restErr := secretService.Create(&secret.CreateSecretDto{
ObjectMeta: metav1.ObjectMeta{
Name: setting.CustomTLSSecretName,
Namespace: config.Environment.KotalNamespace,
Namespace: config.Environment.TraefikNamespace,
},
Type: corev1.SecretTypeTLS,
Data: map[string][]byte{
Expand Down
14 changes: 9 additions & 5 deletions api/handler/setting/handler_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -33,13 +33,17 @@ var (
settingConfigureDomainFunc func(dto *setting.ConfigureDomainRequestDto) restErrors.IRestErr
settingIsDomainConfiguredFunc func() bool
settingConfigureRegistrationFunc func(dto *setting.ConfigureRegistrationRequestDto) restErrors.IRestErr
settingGetDomainFunc func() (string, restErrors.IRestErr)
settingIsRegistrationEnabledFunc func() bool
settingConfigureActivationKeyFunc func(key string) restErrors.IRestErr
settingGetActivationKey func() (string, restErrors.IRestErr)
)

type settingServiceMocks struct{}

func (s settingServiceMocks) GetDomain() (string, restErrors.IRestErr) {
return settingGetDomainFunc()
}
func (s settingServiceMocks) ConfigureActivationKey(key string) restErrors.IRestErr {
return settingConfigureActivationKeyFunc(key)
}
Expand Down Expand Up @@ -138,15 +142,15 @@ type tlsCertificateServiceMock struct{}

var (
tlsGetTraefikDeploymentFunc func() (*appsv1.Deployment, restErrors.IRestErr)
tlsConfigureLetsEncryptFunc func(resolverNme string, acmeEmail string) restErrors.IRestErr
tlsConfigureLetsEncryptFunc func(domain string, resolverNme string, acmeEmail string) restErrors.IRestErr
tlsConfigureCustomCertificateFunc func(secretName string) restErrors.IRestErr
)

func (tls tlsCertificateServiceMock) GetTraefikDeployment() (*appsv1.Deployment, restErrors.IRestErr) {
return tlsGetTraefikDeploymentFunc()
}
func (tls tlsCertificateServiceMock) ConfigureLetsEncrypt(resolverNme string, acmeEmail string) restErrors.IRestErr {
return tlsConfigureLetsEncryptFunc(resolverNme, acmeEmail)
func (tls tlsCertificateServiceMock) ConfigureLetsEncrypt(domain string, resolverNme string, acmeEmail string) restErrors.IRestErr {
return tlsConfigureLetsEncryptFunc(domain, resolverNme, acmeEmail)
}
func (tls tlsCertificateServiceMock) ConfigureCustomCertificate(secretName string) restErrors.IRestErr {
return tlsConfigureCustomCertificateFunc(secretName)
Expand Down Expand Up @@ -297,7 +301,7 @@ func TestConfigureDomain(t *testing.T) {
GetByIdFunc = func(Id string) (*user.User, restErrors.IRestErr) {
return &user.User{Email: "email.com"}, nil
}
tlsConfigureLetsEncryptFunc = func(resolverNme string, acmeEmail string) restErrors.IRestErr {
tlsConfigureLetsEncryptFunc = func(domain string, resolverNme string, acmeEmail string) restErrors.IRestErr {
return nil
}
networkIdentifiers = func() (ip string, hostName string, restErr restErrors.IRestErr) {
Expand Down Expand Up @@ -343,7 +347,7 @@ func TestConfigureDomain(t *testing.T) {
GetByIdFunc = func(Id string) (*user.User, restErrors.IRestErr) {
return &user.User{Email: "email.com"}, nil
}
tlsConfigureLetsEncryptFunc = func(resolverNme string, acmeEmail string) restErrors.IRestErr {
tlsConfigureLetsEncryptFunc = func(domain string, resolverNme string, acmeEmail string) restErrors.IRestErr {
return nil
}
networkIdentifiers = func() (ip string, hostName string, restErr restErrors.IRestErr) {
Expand Down
5 changes: 5 additions & 0 deletions api/handler/user/handler_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -253,13 +253,18 @@ var (
settingConfigureDomainFunc func(dto *setting.ConfigureDomainRequestDto) restErrors.IRestErr
settingIsDomainConfiguredFunc func() bool
settingConfigureRegistrationFunc func(dto *setting.ConfigureRegistrationRequestDto) restErrors.IRestErr
settingGetDomainFunc func() (string, restErrors.IRestErr)
settingIsRegistrationEnabledFunc func() bool
settingConfigureActivationKeyFunc func(key string) restErrors.IRestErr
settingGetActivationKey func() (string, restErrors.IRestErr)
)

type settingServiceMocks struct{}

func (s settingServiceMocks) GetDomain() (string, restErrors.IRestErr) {
return settingGetDomainFunc()
}

func (s settingServiceMocks) ConfigureActivationKey(key string) restErrors.IRestErr {
return settingConfigureActivationKeyFunc(key)
}
Expand Down
4 changes: 4 additions & 0 deletions core/setting/service.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ type IService interface {
WithoutTransaction() IService
Settings() ([]*Setting, restErrors.IRestErr)
ConfigureDomain(dto *ConfigureDomainRequestDto) restErrors.IRestErr
GetDomain() (string, restErrors.IRestErr)
IsDomainConfigured() bool
ConfigureRegistration(dto *ConfigureRegistrationRequestDto) restErrors.IRestErr
IsRegistrationEnabled() bool
Expand Down Expand Up @@ -53,6 +54,9 @@ func (s service) ConfigureDomain(dto *ConfigureDomainRequestDto) restErrors.IRes
//record exits update it
return settingRepo.Update(DomainKey, dto.Domain)
}
func (s service) GetDomain() (string, restErrors.IRestErr) {
return settingRepo.Get(DomainKey)
}

func (s service) IsDomainConfigured() bool {
value, _ := settingRepo.Get(DomainKey)
Expand Down
10 changes: 7 additions & 3 deletions k8s/tlscertificate/service.go
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ import (
"github.com/kotalco/core-api/pkg/logger"
traefikv1alpha1 "github.com/traefik/traefik/v2/pkg/provider/kubernetes/crd/traefik/v1alpha1"
"github.com/traefik/traefik/v2/pkg/tls"
types2 "github.com/traefik/traefik/v2/pkg/types"
appsv1 "k8s.io/api/apps/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/types"
Expand All @@ -20,7 +21,7 @@ var k8sClient = k8s.NewClientService()

type TLSCertificate interface {
GetTraefikDeployment() (*appsv1.Deployment, restErrors.IRestErr)
ConfigureLetsEncrypt(resolverNme string, acmeEmail string) restErrors.IRestErr
ConfigureLetsEncrypt(domain string, resolverNme string, acmeEmail string) restErrors.IRestErr
ConfigureCustomCertificate(secretName string) restErrors.IRestErr
}

Expand All @@ -39,7 +40,7 @@ func (t *tlsCertificate) GetTraefikDeployment() (*appsv1.Deployment, restErrors.
return record, nil
}

func (t *tlsCertificate) ConfigureLetsEncrypt(resolverNme string, acmeEmail string) restErrors.IRestErr {
func (t *tlsCertificate) ConfigureLetsEncrypt(domain string, resolverNme string, acmeEmail string) restErrors.IRestErr {
//delete default tls-store if exists
tlsStore := &traefikv1alpha1.TLSStore{
ObjectMeta: metav1.ObjectMeta{
Expand All @@ -56,7 +57,10 @@ func (t *tlsCertificate) ConfigureLetsEncrypt(resolverNme string, acmeEmail stri
Namespace: config.Environment.TraefikNamespace,
},
Spec: traefikv1alpha1.TLSStoreSpec{
DefaultGeneratedCert: &tls.GeneratedCert{Resolver: setting.KotalLetsEncryptResolverName},
DefaultGeneratedCert: &tls.GeneratedCert{Resolver: setting.KotalLetsEncryptResolverName, Domain: &types2.Domain{
Main: domain,
SANs: []string{fmt.Sprintf("app.%s", domain), fmt.Sprintf("endpoints.%s", domain)},
}},
},
}
_ = k8sClient.Create(context.Background(), tlsStore)
Expand Down

0 comments on commit 05f3594

Please sign in to comment.