This repository has been archived by the owner on Nov 7, 2023. It is now read-only.
/
originsecret.go
130 lines (118 loc) · 3.3 KB
/
originsecret.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
package cloudflare
import (
"fmt"
"io/ioutil"
"strings"
yaml "gopkg.in/yaml.v2"
"k8s.io/apimachinery/pkg/util/validation"
)
type multierror struct {
causes []error
detail string
}
// Error collapses the MultiError into a string
func (e *multierror) Error() string {
if e.detail == "" {
var a = make([]string, len(e.causes))
for i := 0; i < len(e.causes); i++ {
a[i] = e.causes[i].Error()
}
e.detail = strings.Join(a, ", ")
}
return e.detail
}
// ParseOriginSecrets parses a origin certificate mapping
func ParseOriginSecrets(b []byte) (*OriginSecrets, error) {
var oc OriginSecrets
if err := yaml.UnmarshalStrict(b, &oc); err != nil {
return nil, err
}
if errs := oc.Validate(); len(errs) > 0 {
return nil, &multierror{
causes: oc.Validate(),
}
}
return &oc, nil
}
// ParseOriginSecretsFile parses a origin certificate mapping file
func ParseOriginSecretsFile(file string) (oc *OriginSecrets, err error) {
b, err := ioutil.ReadFile(file)
if err != nil {
return
}
return ParseOriginSecrets(b)
}
// OriginSecrets is a mapping of origins to secrets
type OriginSecrets struct {
Groups []OriginSecretGroup `yaml:"groups"`
}
// Validate the OriginCerts content
func (oc *OriginSecrets) Validate() []error {
var errs []error
for i, group := range oc.Groups {
if es := group.Validate(); len(es) > 0 {
for _, e := range es {
errs = append(errs, fmt.Errorf("group at index %d, %s", i, e.Error()))
}
}
}
return errs
}
// OriginSecretGroup groups a set of origins to a secret
type OriginSecretGroup struct {
Hosts []string `yaml:"hosts"`
Secret OriginSecret `yaml:"secret"`
}
// Validate the OriginSecretGroup content
func (ocg *OriginSecretGroup) Validate() []error {
var errs []error
if len(ocg.Hosts) == 0 {
errs = append(errs, fmt.Errorf("hosts %s", validation.EmptyError()))
} else {
for i, host := range ocg.Hosts {
if len(host) == 0 {
errs = append(errs, fmt.Errorf("host at index %d %s", i, validation.EmptyError()))
} else if strings.Contains(host, "*") {
if host != "*" {
for _, msg := range validation.IsWildcardDNS1123Subdomain(host) {
errs = append(errs, fmt.Errorf("host %q at index %d %s", host, i, msg))
}
}
} else {
for _, msg := range validation.IsDNS1123Subdomain(host) {
errs = append(errs, fmt.Errorf("host %q at index %d %s", host, i, msg))
}
}
}
}
for _, e := range ocg.Secret.Validate() {
errs = append(errs, fmt.Errorf("secret %s", e.Error()))
}
return errs
}
// OriginSecret defines a secret
type OriginSecret struct {
Name string `yaml:"name"`
Namespace string `yaml:"namespace"`
}
// Validate the OriginSecret content
func (os *OriginSecret) Validate() []error {
var errs []error
if len(os.Name) == 0 {
errs = append(errs, fmt.Errorf("name %s", validation.EmptyError()))
} else if strings.Contains(os.Name, "/") {
errs = append(errs, fmt.Errorf("name %q must not contain '/'", os.Name))
} else {
for _, msg := range validation.IsQualifiedName(os.Name) {
errs = append(errs, fmt.Errorf("name %q %s", os.Name, msg))
}
}
if len(os.Namespace) == 0 {
errs = append(errs, fmt.Errorf("namespace %s", validation.EmptyError()))
} else {
for _, msg := range validation.IsDNS1123Subdomain(os.Namespace) {
errs = append(errs, fmt.Errorf("namespace %q %s", os.Namespace, msg))
}
}
return errs
}