forked from openshift/origin
-
Notifications
You must be signed in to change notification settings - Fork 1
/
routereenecrypt.go
145 lines (122 loc) · 5.28 KB
/
routereenecrypt.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
package create
import (
"fmt"
"github.com/spf13/cobra"
"k8s.io/kubernetes/pkg/kubectl/cmd/templates"
kcmdutil "k8s.io/kubernetes/pkg/kubectl/cmd/util"
"k8s.io/kubernetes/pkg/kubectl/genericclioptions"
routev1 "github.com/openshift/api/route/v1"
"github.com/openshift/origin/pkg/oc/cli/create/route"
fileutil "github.com/openshift/origin/pkg/util/file"
)
var (
reencryptRouteLong = templates.LongDesc(`
Create a route that uses reencrypt TLS termination
Specify the service (either just its name or using type/name syntax) that the
generated route should expose via the --service flag. A destination CA certificate
is needed for reencrypt routes, specify one with the --dest-ca-cert flag.`)
reencryptRouteExample = templates.Examples(`
# Create a route named "my-route" that exposes the frontend service.
%[1]s create route reencrypt my-route --service=frontend --dest-ca-cert cert.cert
# Create a reencrypt route that exposes the frontend service and re-use
# the service name as the route name.
%[1]s create route reencrypt --service=frontend --dest-ca-cert cert.cert`)
)
type CreateReencryptRouteOptions struct {
CreateRouteSubcommandOptions *CreateRouteSubcommandOptions
Hostname string
Port string
InsecurePolicy string
Service string
Path string
Cert string
Key string
CACert string
DestCACert string
WildcardPolicy string
}
// NewCmdCreateReencryptRoute is a macro command to create a reencrypt route.
func NewCmdCreateReencryptRoute(fullName string, f kcmdutil.Factory, streams genericclioptions.IOStreams) *cobra.Command {
o := &CreateReencryptRouteOptions{
CreateRouteSubcommandOptions: NewCreateRouteSubcommandOptions(streams),
}
cmd := &cobra.Command{
Use: "reencrypt [NAME] --dest-ca-cert=FILENAME --service=SERVICE",
Short: "Create a route that uses reencrypt TLS termination",
Long: reencryptRouteLong,
Example: fmt.Sprintf(reencryptRouteExample, fullName),
Run: func(cmd *cobra.Command, args []string) {
kcmdutil.CheckErr(o.Complete(f, cmd, args))
kcmdutil.CheckErr(o.Run())
},
}
cmd.Flags().StringVar(&o.Hostname, "hostname", o.Hostname, "Set a hostname for the new route")
cmd.Flags().StringVar(&o.Port, "port", o.Port, "Name of the service port or number of the container port the route will route traffic to")
cmd.Flags().StringVar(&o.InsecurePolicy, "insecure-policy", o.InsecurePolicy, "Set an insecure policy for the new route")
cmd.Flags().StringVar(&o.Service, "service", o.Service, "Name of the service that the new route is exposing")
cmd.MarkFlagRequired("service")
cmd.Flags().StringVar(&o.Path, "path", o.Path, "Path that the router watches to route traffic to the service.")
cmd.Flags().StringVar(&o.Cert, "cert", o.Cert, "Path to a certificate file.")
cmd.MarkFlagFilename("cert")
cmd.Flags().StringVar(&o.Key, "key", o.Key, "Path to a key file.")
cmd.MarkFlagFilename("key")
cmd.Flags().StringVar(&o.CACert, "ca-cert", o.CACert, "Path to a CA certificate file.")
cmd.MarkFlagFilename("ca-cert")
cmd.Flags().StringVar(&o.DestCACert, "dest-ca-cert", o.DestCACert, "Path to a CA certificate file, used for securing the connection from the router to the destination.")
cmd.MarkFlagFilename("dest-ca-cert")
cmd.Flags().StringVar(&o.WildcardPolicy, "wildcard-policy", o.WildcardPolicy, "Sets the WilcardPolicy for the hostname, the default is \"None\". valid values are \"None\" and \"Subdomain\"")
kcmdutil.AddValidateFlags(cmd)
o.CreateRouteSubcommandOptions.PrintFlags.AddFlags(cmd)
kcmdutil.AddDryRunFlag(cmd)
return cmd
}
func (o *CreateReencryptRouteOptions) Complete(f kcmdutil.Factory, cmd *cobra.Command, args []string) error {
return o.CreateRouteSubcommandOptions.Complete(f, cmd, args)
}
func (o *CreateReencryptRouteOptions) Run() error {
serviceName, err := resolveServiceName(o.CreateRouteSubcommandOptions.Mapper, o.Service)
if err != nil {
return err
}
route, err := route.UnsecuredRoute(o.CreateRouteSubcommandOptions.KubeClient, o.CreateRouteSubcommandOptions.Namespace, o.CreateRouteSubcommandOptions.Name, serviceName, o.Port, false)
if err != nil {
return err
}
if len(o.WildcardPolicy) > 0 {
route.Spec.WildcardPolicy = routev1.WildcardPolicyType(o.WildcardPolicy)
}
route.Spec.Host = o.Hostname
route.Spec.Path = o.Path
route.Spec.TLS = new(routev1.TLSConfig)
route.Spec.TLS.Termination = routev1.TLSTerminationReencrypt
cert, err := fileutil.LoadData(o.Cert)
if err != nil {
return err
}
route.Spec.TLS.Certificate = string(cert)
key, err := fileutil.LoadData(o.Key)
if err != nil {
return err
}
route.Spec.TLS.Key = string(key)
caCert, err := fileutil.LoadData(o.CACert)
if err != nil {
return err
}
route.Spec.TLS.CACertificate = string(caCert)
destCACert, err := fileutil.LoadData(o.DestCACert)
if err != nil {
return err
}
route.Spec.TLS.DestinationCACertificate = string(destCACert)
if len(o.InsecurePolicy) > 0 {
route.Spec.TLS.InsecureEdgeTerminationPolicy = routev1.InsecureEdgeTerminationPolicyType(o.InsecurePolicy)
}
if !o.CreateRouteSubcommandOptions.DryRun {
route, err = o.CreateRouteSubcommandOptions.Client.Routes(o.CreateRouteSubcommandOptions.Namespace).Create(route)
if err != nil {
return err
}
}
return o.CreateRouteSubcommandOptions.Printer.PrintObj(route, o.CreateRouteSubcommandOptions.Out)
}