MINOR: global: add ssl provider options

haproxytech · Sep 13, 2023 · c3078a2 · c3078a2
1 parent 047194c
commit c3078a2
Show file tree

Hide file tree

Showing 8 changed files with 98 additions and 2 deletions.
diff --git a/configuration/configuration_test.go b/configuration/configuration_test.go
@@ -211,6 +211,9 @@ global
   ssl-default-bind-client-sigalgs ECDSA+SHA256:RSA+SHA256
   ssl-default-server-sigalgs RSA+SHA256
   ssl-default-server-client-sigalgs ECDSA+SHA256:RSA+SHA256
+  ssl-propquery provider
+  ssl-provider default
+  ssl-provider-path test
 
 defaults test_defaults
   maxconn 2000

diff --git a/configuration/global.go b/configuration/global.go
@@ -619,6 +619,21 @@ func ParseGlobalSection(p parser.Parser) (*models.Global, error) { //nolint:goco
 		sslDhParamFile = sslDhParamFileParser.Value
 	}
 
+	sslPropquery, err := parseStringOption(p, "ssl-propquery")
+	if err != nil {
+		return nil, err
+	}
+
+	sslProvider, err := parseStringOption(p, "ssl-provider")
+	if err != nil {
+		return nil, err
+	}
+
+	sslProviderPath, err := parseStringOption(p, "ssl-provider-path")
+	if err != nil {
+		return nil, err
+	}
+
 	var sslServerVerify string
 	data, err = p.Get(parser.Global, parser.GlobalSectionName, "ssl-server-verify")
 	if err == nil {
@@ -1167,6 +1182,9 @@ func ParseGlobalSection(p parser.Parser) (*models.Global, error) { //nolint:goco
 		SslDefaultServerCiphersuites:      sslServerCiphersuites,
 		SslDefaultServerOptions:           sslServerOptions,
 		SslModeAsync:                      sslModeAsync,
+		SslPropquery:                      sslPropquery,
+		SslProvider:                       sslProvider,
+		SslProviderPath:                   sslProviderPath,
 		SslSkipSelfIssuedCa:               sslSkipSelfIssuedCa,
 		TuneOptions:                       tuneOptions,
 		TuneSslDefaultDhParam:             dhParam,
@@ -1659,6 +1677,18 @@ func SerializeGlobalSection(p parser.Parser, data *models.Global) error { //noli
 		return err
 	}
 
+	if err := serializeStringOption(p, "ssl-propquery", data.SslPropquery); err != nil {
+		return err
+	}
+
+	if err := serializeStringOption(p, "ssl-provider", data.SslProvider); err != nil {
+		return err
+	}
+
+	if err := serializeStringOption(p, "ssl-provider-path", data.SslProviderPath); err != nil {
+		return err
+	}
+
 	luaPrependPath := []types.LuaPrependPath{}
 	for _, l := range data.LuaPrependPath {
 		lpp := types.LuaPrependPath{

diff --git a/configuration/global_test.go b/configuration/global_test.go
@@ -638,6 +638,15 @@ func TestGetGlobal(t *testing.T) {
 	if global.SslDefaultServerClientSigalgs != "ECDSA+SHA256:RSA+SHA256" {
 		t.Errorf("SslDefaultServerClientSigalgs is %v, expected ECDSA+SHA256:RSA+SHA256", global.SslDefaultServerClientSigalgs)
 	}
+	if global.SslPropquery != "provider" {
+		t.Errorf("SslPropquery is %v, expected provider", global.SslPropquery)
+	}
+	if global.SslProvider != "default" {
+		t.Errorf("SslProvider is %v, expected default", global.SslProvider)
+	}
+	if global.SslProviderPath != "test" {
+		t.Errorf("SslProviderPath is %v, expected test", global.SslProviderPath)
+	}
 }
 
 func TestPutGlobal(t *testing.T) {
@@ -717,6 +726,9 @@ func TestPutGlobal(t *testing.T) {
 		ClusterSecret:                 "",
 		SslDefaultServerSigalgs:       "ECDSA+SHA256",
 		SslDefaultServerClientSigalgs: "ECDSA+SHA256",
+		SslPropquery:                  "foo",
+		SslProvider:                   "my_provider",
+		SslProviderPath:               "providers/",
 	}
 
 	err := clientTest.PushGlobalConfiguration(g, "", version)

diff --git a/models/global.go b/models/global.go
diff --git a/models/global_compare.go b/models/global_compare.go
diff --git a/models/global_compare_test.go b/models/global_compare_test.go
diff --git a/specification/build/haproxy_spec.yaml b/specification/build/haproxy_spec.yaml
@@ -1505,6 +1505,15 @@ definitions:
                   - disabled
               type: string
               x-display-name: Asynchronous TLS I/O operations
+          ssl_propquery:
+              type: string
+              x-display-name: SSL Query String Property
+          ssl_provider:
+              type: string
+              x-display-name: SSL Provider
+          ssl_provider_path:
+              type: string
+              x-display-name: SSL Provider Path
           ssl_server_verify:
               enum:
                   - none

diff --git a/specification/models/configuration/global.yaml b/specification/models/configuration/global.yaml
@@ -578,6 +578,15 @@ global:
       x-display-name: Asynchronous TLS I/O operations
     ssl_dh_param_file:
       type: string
+    ssl_propquery:
+      type: string
+      x-display-name: SSL Query String Property
+    ssl_provider:
+      type: string
+      x-display-name: SSL Provider
+    ssl_provider_path:
+      type: string
+      x-display-name: SSL Provider Path
     ssl_server_verify:
       type: string
       enum: [none, required]