Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix:tls configuration for letsencrypt and secret #354

Merged
merged 2 commits into from
May 2, 2024
Merged

fix:tls configuration for letsencrypt and secret #354

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
0980f32
fix:tls configuration for letsencrypt and secret
mohamed-abdelrhman May 2, 2024
8ba76cb
feat:add endpoints SAN to tls certificate
mohamed-abdelrhman May 2, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions api/handler/endpoint/handler_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,13 +83,18 @@ var (
settingConfigureDomainFunc func(dto *setting.ConfigureDomainRequestDto) restErrors.IRestErr
settingIsDomainConfiguredFunc func() bool
settingConfigureRegistrationFunc func(dto *setting.ConfigureRegistrationRequestDto) restErrors.IRestErr
settingGetDomainFunc func() (string, restErrors.IRestErr)
settingIsRegistrationEnabledFunc func() bool
settingConfigureActivationKeyFunc func(key string) restErrors.IRestErr
settingGetActivationKeyFunc func() (string, restErrors.IRestErr)
)

type settingServiceMock struct{}

func (s settingServiceMock) GetDomain() (string, restErrors.IRestErr) {
return settingGetDomainFunc()
}

func (s settingServiceMock) ConfigureActivationKey(key string) restErrors.IRestErr {
return settingConfigureActivationKeyFunc(key)
}
Expand Down
14 changes: 10 additions & 4 deletions api/handler/setting/handler.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -106,7 +106,7 @@ func ConfigureDomain(c *fiber.Ctx) error {
}

//configure lets encrypt
restErr = tlsCertificateService.ConfigureLetsEncrypt(setting.KotalLetsEncryptResolverName, userDetails.Email)
restErr = tlsCertificateService.ConfigureLetsEncrypt(dto.Domain, setting.KotalLetsEncryptResolverName, userDetails.Email)
if restErr != nil {
logger.Error("CONFIGURE_TLS", restErr)
sqlclient.Rollback(txHandle)
Expand Down Expand Up @@ -148,8 +148,14 @@ func ConfigureTLS(c *fiber.Ctx) error {
if restErr != nil {
return c.Status(restErr.StatusCode()).JSON(restErr)
}
//get domain
mainDomain, restErr := settingService.GetDomain()
if restErr != nil {
return c.Status(restErr.StatusCode()).JSON(restErr)
}

//Sets LetsEncrypt static Configuration
restErr = tlsCertificateService.ConfigureLetsEncrypt(setting.KotalLetsEncryptResolverName, userDetails.Email)
restErr = tlsCertificateService.ConfigureLetsEncrypt(mainDomain, setting.KotalLetsEncryptResolverName, userDetails.Email)
if restErr != nil {
logger.Error("CONFIGURE_TLS", restErr)
return c.Status(restErr.StatusCode()).JSON(restErr)
Expand Down Expand Up @@ -178,12 +184,12 @@ func ConfigureTLS(c *fiber.Ctx) error {
return c.Status(badReq.StatusCode()).JSON(badReq)
}

_ = secretService.Delete(setting.CustomTLSSecretName, config.Environment.KotalNamespace)
_ = secretService.Delete(setting.CustomTLSSecretName, config.Environment.TraefikNamespace)

restErr := secretService.Create(&secret.CreateSecretDto{
ObjectMeta: metav1.ObjectMeta{
Name: setting.CustomTLSSecretName,
Namespace: config.Environment.KotalNamespace,
Namespace: config.Environment.TraefikNamespace,
},
Type: corev1.SecretTypeTLS,
Data: map[string][]byte{
Expand Down
14 changes: 9 additions & 5 deletions api/handler/setting/handler_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,13 +33,17 @@ var (
settingConfigureDomainFunc func(dto *setting.ConfigureDomainRequestDto) restErrors.IRestErr
settingIsDomainConfiguredFunc func() bool
settingConfigureRegistrationFunc func(dto *setting.ConfigureRegistrationRequestDto) restErrors.IRestErr
settingGetDomainFunc func() (string, restErrors.IRestErr)
settingIsRegistrationEnabledFunc func() bool
settingConfigureActivationKeyFunc func(key string) restErrors.IRestErr
settingGetActivationKey func() (string, restErrors.IRestErr)
)

type settingServiceMocks struct{}

func (s settingServiceMocks) GetDomain() (string, restErrors.IRestErr) {
return settingGetDomainFunc()
}
func (s settingServiceMocks) ConfigureActivationKey(key string) restErrors.IRestErr {
return settingConfigureActivationKeyFunc(key)
}
Expand Down Expand Up @@ -138,15 +142,15 @@ type tlsCertificateServiceMock struct{}

var (
tlsGetTraefikDeploymentFunc func() (*appsv1.Deployment, restErrors.IRestErr)
tlsConfigureLetsEncryptFunc func(resolverNme string, acmeEmail string) restErrors.IRestErr
tlsConfigureLetsEncryptFunc func(domain string, resolverNme string, acmeEmail string) restErrors.IRestErr
tlsConfigureCustomCertificateFunc func(secretName string) restErrors.IRestErr
)

func (tls tlsCertificateServiceMock) GetTraefikDeployment() (*appsv1.Deployment, restErrors.IRestErr) {
return tlsGetTraefikDeploymentFunc()
}
func (tls tlsCertificateServiceMock) ConfigureLetsEncrypt(resolverNme string, acmeEmail string) restErrors.IRestErr {
return tlsConfigureLetsEncryptFunc(resolverNme, acmeEmail)
func (tls tlsCertificateServiceMock) ConfigureLetsEncrypt(domain string, resolverNme string, acmeEmail string) restErrors.IRestErr {
return tlsConfigureLetsEncryptFunc(domain, resolverNme, acmeEmail)
}
func (tls tlsCertificateServiceMock) ConfigureCustomCertificate(secretName string) restErrors.IRestErr {
return tlsConfigureCustomCertificateFunc(secretName)
Expand Down Expand Up @@ -297,7 +301,7 @@ func TestConfigureDomain(t *testing.T) {
GetByIdFunc = func(Id string) (*user.User, restErrors.IRestErr) {
return &user.User{Email: "email.com"}, nil
}
tlsConfigureLetsEncryptFunc = func(resolverNme string, acmeEmail string) restErrors.IRestErr {
tlsConfigureLetsEncryptFunc = func(domain string, resolverNme string, acmeEmail string) restErrors.IRestErr {
return nil
}
networkIdentifiers = func() (ip string, hostName string, restErr restErrors.IRestErr) {
Expand Down Expand Up @@ -343,7 +347,7 @@ func TestConfigureDomain(t *testing.T) {
GetByIdFunc = func(Id string) (*user.User, restErrors.IRestErr) {
return &user.User{Email: "email.com"}, nil
}
tlsConfigureLetsEncryptFunc = func(resolverNme string, acmeEmail string) restErrors.IRestErr {
tlsConfigureLetsEncryptFunc = func(domain string, resolverNme string, acmeEmail string) restErrors.IRestErr {
return nil
}
networkIdentifiers = func() (ip string, hostName string, restErr restErrors.IRestErr) {
Expand Down
5 changes: 5 additions & 0 deletions api/handler/user/handler_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -253,13 +253,18 @@ var (
settingConfigureDomainFunc func(dto *setting.ConfigureDomainRequestDto) restErrors.IRestErr
settingIsDomainConfiguredFunc func() bool
settingConfigureRegistrationFunc func(dto *setting.ConfigureRegistrationRequestDto) restErrors.IRestErr
settingGetDomainFunc func() (string, restErrors.IRestErr)
settingIsRegistrationEnabledFunc func() bool
settingConfigureActivationKeyFunc func(key string) restErrors.IRestErr
settingGetActivationKey func() (string, restErrors.IRestErr)
)

type settingServiceMocks struct{}

func (s settingServiceMocks) GetDomain() (string, restErrors.IRestErr) {
return settingGetDomainFunc()
}

func (s settingServiceMocks) ConfigureActivationKey(key string) restErrors.IRestErr {
return settingConfigureActivationKeyFunc(key)
}
Expand Down
4 changes: 4 additions & 0 deletions core/setting/service.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ type IService interface {
WithoutTransaction() IService
Settings() ([]*Setting, restErrors.IRestErr)
ConfigureDomain(dto *ConfigureDomainRequestDto) restErrors.IRestErr
GetDomain() (string, restErrors.IRestErr)
IsDomainConfigured() bool
ConfigureRegistration(dto *ConfigureRegistrationRequestDto) restErrors.IRestErr
IsRegistrationEnabled() bool
Expand Down Expand Up @@ -53,6 +54,9 @@ func (s service) ConfigureDomain(dto *ConfigureDomainRequestDto) restErrors.IRes
//record exits update it
return settingRepo.Update(DomainKey, dto.Domain)
}
func (s service) GetDomain() (string, restErrors.IRestErr) {
return settingRepo.Get(DomainKey)
}

func (s service) IsDomainConfigured() bool {
value, _ := settingRepo.Get(DomainKey)
Expand Down
10 changes: 7 additions & 3 deletions k8s/tlscertificate/service.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ import (
"github.com/kotalco/core-api/pkg/logger"
traefikv1alpha1 "github.com/traefik/traefik/v2/pkg/provider/kubernetes/crd/traefik/v1alpha1"
"github.com/traefik/traefik/v2/pkg/tls"
types2 "github.com/traefik/traefik/v2/pkg/types"
appsv1 "k8s.io/api/apps/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/types"
Expand All @@ -20,7 +21,7 @@ var k8sClient = k8s.NewClientService()

type TLSCertificate interface {
GetTraefikDeployment() (*appsv1.Deployment, restErrors.IRestErr)
ConfigureLetsEncrypt(resolverNme string, acmeEmail string) restErrors.IRestErr
ConfigureLetsEncrypt(domain string, resolverNme string, acmeEmail string) restErrors.IRestErr
ConfigureCustomCertificate(secretName string) restErrors.IRestErr
}

Expand All @@ -39,7 +40,7 @@ func (t *tlsCertificate) GetTraefikDeployment() (*appsv1.Deployment, restErrors.
return record, nil
}

func (t *tlsCertificate) ConfigureLetsEncrypt(resolverNme string, acmeEmail string) restErrors.IRestErr {
func (t *tlsCertificate) ConfigureLetsEncrypt(domain string, resolverNme string, acmeEmail string) restErrors.IRestErr {
//delete default tls-store if exists
tlsStore := &traefikv1alpha1.TLSStore{
ObjectMeta: metav1.ObjectMeta{
Expand All @@ -56,7 +57,10 @@ func (t *tlsCertificate) ConfigureLetsEncrypt(resolverNme string, acmeEmail stri
Namespace: config.Environment.TraefikNamespace,
},
Spec: traefikv1alpha1.TLSStoreSpec{
DefaultGeneratedCert: &tls.GeneratedCert{Resolver: setting.KotalLetsEncryptResolverName},
DefaultGeneratedCert: &tls.GeneratedCert{Resolver: setting.KotalLetsEncryptResolverName, Domain: &types2.Domain{
Main: domain,
SANs: []string{fmt.Sprintf("app.%s", domain)},
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

how about endpoints.domain ?

}},
},
}
_ = k8sClient.Create(context.Background(), tlsStore)
Expand Down
Loading