feat: show a warning if we detect a missing tls cert resolver (resolves

#35)
jittering · Jun 30, 2024 · b252703 · b252703
1 parent 1a0cdfd
commit b252703
Show file tree

Hide file tree

Showing 3 changed files with 39 additions and 0 deletions.
diff --git a/docker_test.go b/docker_test.go
@@ -56,6 +56,8 @@ func Test_helloWorld(t *testing.T) {
 
 	assert.Equal(t, "hello1", store.kv["traefik/http/routers/hello1/service"])
 	assert.Equal(t, "hello2", store.kv["traefik/http/routers/hello2/service"])
+	assert.NotNil(t, store.kv["traefik/http/routers/hello1/tls/certResolver"])
+	assert.NotNil(t, store.kv["traefik/http/routers/hello2/tls/certResolver"])
 
 	assertServiceIPs(t, store, []svc{
 		{"hello1", "http", "http://192.168.100.100:5555"},
@@ -109,3 +111,16 @@ func Test_TCPMQTT(t *testing.T) {
 		{"mqtt", "tcp", "192.168.100.100:1883"},
 	})
 }
+
+func Test_helloWorldNoCert(t *testing.T) {
+	store := doTest(t, "hello-no-cert.yml")
+
+	assert.Equal(t, "hello1", store.kv["traefik/http/routers/hello1/service"])
+	assert.Nil(t, store.kv["traefik/http/routers/hello1/tls/certResolver"])
+
+	assertServiceIPs(t, store, []svc{
+		{"hello1", "http", "http://192.168.100.100:5555"},
+	})
+
+	// assert.Fail(t, "TODO: check for no cert")
+}
diff --git a/fixtures/hello-no-cert.yml b/fixtures/hello-no-cert.yml
@@ -0,0 +1,16 @@
+
+services:
+  helloworld:
+    image: helloworld
+    restart: unless-stopped
+    ports:
+      - 5555:5555
+      - 5566:5566
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.hello1.rule=Host(`hello1.local`)"
+      - "traefik.http.routers.hello1.service=hello1"
+      - "traefik.http.routers.hello1.tls=true"
+      # - "traefik.http.routers.hello1.tls.certresolver=default"
+      - "traefik.http.services.hello1.loadbalancer.server.scheme=http"
+      - "traefik.http.services.hello1.loadbalancer.server.port=5555"
diff --git a/traefik_kop.go b/traefik_kop.go
@@ -174,6 +174,14 @@ func replaceIPs(dockerClient client.APIClient, conf *dynamic.Configuration, ip s
 				}
 				log.Infof("publishing %s", server.URL)
 			}
+
+			if conf.HTTP.Routers != nil {
+				for routerName, router := range conf.HTTP.Routers {
+					if router.Service+"@docker" == svcName && (router.TLS == nil || strings.TrimSpace(router.TLS.CertResolver) == "") {
+						log.Warnf("router %s has no TLS cert resolver", routerName)
+					}
+				}
+			}
 		}
 	}