-
Notifications
You must be signed in to change notification settings - Fork 193
/
backend.go
129 lines (116 loc) · 3.41 KB
/
backend.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
/*-
* Copyright (c) 2016-2021, F5 Networks, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package controller
import (
"fmt"
log "github.com/F5Networks/k8s-bigip-ctlr/v3/pkg/vlogger"
"sort"
"strconv"
"strings"
)
var baseAS3Config = `{
"$schema": "https://raw.githubusercontent.com/F5Networks/f5-appsvcs-extension/master/schema/%s/as3-schema-%s.json",
"class": "AS3",
"declaration": {
"class": "ADC",
"schemaVersion": "3.0.0",
"id": "urn:uuid:85626792-9ee7-46bb-8fc8-4ba708cfdc1d",
"label": "CIS Declaration",
"remark": "Auto-generated by CIS",
"controls": {
"class": "Controls",
"userAgent": "CIS Configured AS3"
}
}
}
`
var baseAS3Config2 = `{
"class": "ADC",
"schemaVersion": "3.0.0",
"id": "urn:uuid:85626792-9ee7-46bb-8fc8-4ba708cfdc1d",
"label": "CIS Declaration",
"remark": "Auto-generated by CIS",
"controls": {
"class": "Controls",
"userAgent": "CIS Configured AS3"
}
}
`
var DEFAULT_PARTITION string
var DEFAULT_GTM_PARTITION string
// Extract virtual address and port from host URL
func extractVirtualAddressAndPort(str string) (string, int) {
destination := strings.Split(str, "/")
// split separator is in accordance with SetVirtualAddress function - ipv4/6 format
ipPort := strings.Split(destination[len(destination)-1], ":")
if len(ipPort) != 2 {
ipPort = strings.Split(destination[len(destination)-1], ".")
}
// verify that ip address and port exists else log error.
if len(ipPort) == 2 {
port, _ := strconv.Atoi(ipPort[1])
return ipPort[0], port
} else {
log.Error("Invalid Virtual Server Destination IP address/Port.")
return "", 0
}
}
func createTLSClient(
prof CustomProfile,
svcName, caBundleName string,
app as3Application,
) *as3TLSClient {
// For TLSClient only Cert (DestinationCACertificate) is given and key is empty string
for _, certificate := range prof.Certificates {
if certificate.Key != "" {
return nil
}
}
if _, ok := app[svcName]; len(prof.Certificates) > 0 && ok {
svc := app[svcName].(*as3Service)
tlsClientName := fmt.Sprintf("%s_tls_client", svcName)
tlsClient := &as3TLSClient{
Class: "TLS_Client",
TrustCA: &as3ResourcePointer{
Use: caBundleName,
},
}
if prof.CipherGroup != "" {
tlsClient.CipherGroup = &as3ResourcePointer{BigIP: prof.CipherGroup}
tlsClient.TLS1_3Enabled = true
} else {
tlsClient.Ciphers = prof.Ciphers
}
app[tlsClientName] = tlsClient
svc.ClientTLS = tlsClientName
updateVirtualToHTTPS(svc)
return tlsClient
}
return nil
}
// getSortedCustomProfileKeys sorts customProfiles by names and returns secretKeys in that order
func getSortedCustomProfileKeys(customProfiles map[SecretKey]CustomProfile) []SecretKey {
keys := make([]SecretKey, len(customProfiles))
i := 0
for key := range customProfiles {
keys[i] = key
i++
}
sort.Slice(keys, func(i, j int) bool {
return customProfiles[keys[i]].Name < customProfiles[keys[j]].Name
})
return keys
}