/
consumer.go
130 lines (121 loc) · 3.16 KB
/
consumer.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
package kongstate
import (
"fmt"
"github.com/blang/semver/v4"
"github.com/kong/go-kong/kong"
"github.com/kong/kubernetes-ingress-controller/v2/internal/versions"
kongv1 "github.com/kong/kubernetes-ingress-controller/v2/pkg/apis/configuration/v1"
)
// Consumer holds a Kong consumer and its plugins and credentials.
type Consumer struct {
kong.Consumer
Plugins []kong.Plugin
ConsumerGroups []kong.ConsumerGroup
KeyAuths []*KeyAuth
HMACAuths []*HMACAuth
JWTAuths []*JWTAuth
BasicAuths []*BasicAuth
ACLGroups []*ACLGroup
Oauth2Creds []*Oauth2Credential
MTLSAuths []*MTLSAuth
K8sKongConsumer kongv1.KongConsumer
}
// SanitizedCopy returns a shallow copy with sensitive values redacted best-effort.
func (c *Consumer) SanitizedCopy() *Consumer {
return &Consumer{
Consumer: c.Consumer,
Plugins: c.Plugins,
KeyAuths: func() (res []*KeyAuth) {
for _, v := range c.KeyAuths {
res = append(res, v.SanitizedCopy())
}
return
}(),
HMACAuths: func() (res []*HMACAuth) {
for _, v := range c.HMACAuths {
res = append(res, v.SanitizedCopy())
}
return
}(),
JWTAuths: func() (res []*JWTAuth) {
for _, v := range c.JWTAuths {
res = append(res, v.SanitizedCopy())
}
return
}(),
BasicAuths: func() (res []*BasicAuth) {
for _, v := range c.BasicAuths {
res = append(res, v.SanitizedCopy())
}
return
}(),
Oauth2Creds: func() (res []*Oauth2Credential) {
for _, v := range c.Oauth2Creds {
res = append(res, v.SanitizedCopy())
}
return
}(),
ACLGroups: c.ACLGroups,
MTLSAuths: c.MTLSAuths,
K8sKongConsumer: c.K8sKongConsumer,
}
}
func (c *Consumer) SetCredential(credType string, credConfig interface{}, tags []*string, kongVersion semver.Version) error {
switch credType {
case "key-auth", "keyauth_credential":
cred, err := NewKeyAuth(credConfig)
if err != nil {
return err
}
cred.Tags = tags
c.KeyAuths = append(c.KeyAuths, cred)
case "basic-auth", "basicauth_credential":
cred, err := NewBasicAuth(credConfig)
if err != nil {
return err
}
cred.Tags = tags
c.BasicAuths = append(c.BasicAuths, cred)
case "hmac-auth", "hmacauth_credential":
cred, err := NewHMACAuth(credConfig)
if err != nil {
return err
}
cred.Tags = tags
c.HMACAuths = append(c.HMACAuths, cred)
case "oauth2":
cred, err := NewOauth2Credential(credConfig)
if err != nil {
return err
}
cred.Tags = tags
c.Oauth2Creds = append(c.Oauth2Creds, cred)
case "jwt", "jwt_secret":
cred, err := NewJWTAuth(credConfig)
if err != nil {
return err
}
cred.Tags = tags
c.JWTAuths = append(c.JWTAuths, cred)
case "acl":
cred, err := NewACLGroup(credConfig)
if err != nil {
return err
}
cred.Tags = tags
c.ACLGroups = append(c.ACLGroups, cred)
case "mtls-auth":
if !kongVersion.GTE(versions.MTLSCredentialVersionCutoff) {
return fmt.Errorf("controller cannot support mtls-auth below version %v", versions.MTLSCredentialVersionCutoff)
}
cred, err := NewMTLSAuth(credConfig)
if err != nil {
return err
}
cred.Tags = tags
c.MTLSAuths = append(c.MTLSAuths, cred)
default:
return fmt.Errorf("invalid credential type: '%v'", credType)
}
return nil
}