Skip to content

Commit

Permalink
config: embed protocolparameters into tlsconfig
Browse files Browse the repository at this point in the history 
Signed-off-by: Clay Kauzlaric <ckauzlaric@vmware.com>
  • Loading branch information
@KauzClay
KauzClay committed Dec 14, 2023
1 parent c5230ab commit c9b4c92
Show file tree
Hide file tree
Showing 3 changed files with 13 additions and 15 deletions.
6 changes: 3 additions & 3 deletions cmd/contour/servecontext.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -307,7 +307,7 @@ func (ctx *serveContext) convertToContourConfigurationSpec() contour_api_v1alpha
}

var cipherSuites []string
for _, suite := range ctx.Config.TLS.ProtocolParameters.CipherSuites {
for _, suite := range ctx.Config.TLS.CipherSuites {
cipherSuites = append(cipherSuites, suite)
}

Expand Down Expand Up @@ -531,8 +531,8 @@ func (ctx *serveContext) convertToContourConfigurationSpec() contour_api_v1alpha
MaxRequestsPerIOCycle: ctx.Config.Listener.MaxRequestsPerIOCycle,
HTTP2MaxConcurrentStreams: ctx.Config.Listener.HTTP2MaxConcurrentStreams,
TLS: &contour_api_v1alpha1.EnvoyTLS{
MinimumProtocolVersion: ctx.Config.TLS.ProtocolParameters.MinimumProtocolVersion,
MaximumProtocolVersion: ctx.Config.TLS.ProtocolParameters.MaximumProtocolVersion,
MinimumProtocolVersion: ctx.Config.TLS.MinimumProtocolVersion,
MaximumProtocolVersion: ctx.Config.TLS.MaximumProtocolVersion,
CipherSuites: cipherSuites,
},
SocketOptions: &contour_api_v1alpha1.SocketOptions{
Expand Down
2 changes: 1 addition & 1 deletion pkg/config/parameters.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -182,7 +182,7 @@ func (n NamespacedName) Validate() error {

// TLSParameters holds configuration file TLS configuration details.
type TLSParameters struct {
ProtocolParameters ProtocolParameters `yaml:"protocol"`
ProtocolParameters `yaml:",inline"`

// FallbackCertificate defines the namespace/name of the Kubernetes secret to
// use as fallback when a non-SNI request is received.
Expand Down
20 changes: 9 additions & 11 deletions pkg/config/parameters_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -368,9 +368,8 @@ tls:

check(`
tls:
protocol:
cipher-suites:
- NOTVALID
cipher-suites:
- NOTVALID
`)

check(`
Expand Down Expand Up @@ -423,16 +422,15 @@ tls:
`)

check(func(t *testing.T, conf *Parameters) {
assert.Equal(t, "1.2", conf.TLS.ProtocolParameters.MinimumProtocolVersion)
assert.Equal(t, "1.3", conf.TLS.ProtocolParameters.MaximumProtocolVersion)
assert.Equal(t, TLSCiphers{"ECDHE-RSA-AES256-GCM-SHA384"}, conf.TLS.ProtocolParameters.CipherSuites)
assert.Equal(t, "1.2", conf.TLS.MinimumProtocolVersion)
assert.Equal(t, "1.3", conf.TLS.MaximumProtocolVersion)
assert.Equal(t, TLSCiphers{"ECDHE-RSA-AES256-GCM-SHA384"}, conf.TLS.CipherSuites)
}, `
tls:
protocol:
minimum-protocol-version: 1.2
maximum-protocol-version: 1.3
cipher-suites:
- ECDHE-RSA-AES256-GCM-SHA384
minimum-protocol-version: 1.2
maximum-protocol-version: 1.3
cipher-suites:
- ECDHE-RSA-AES256-GCM-SHA384
`)

check(func(t *testing.T, conf *Parameters) {
Expand Down

0 comments on commit c9b4c92

Please sign in to comment.