From c3078a2c5d6135461c7cb70cabcaca6625291e6c Mon Sep 17 00:00:00 2001 From: Marko Juraga Date: Wed, 13 Sep 2023 15:14:27 +0200 Subject: [PATCH] MINOR: global: add ssl provider options --- configuration/configuration_test.go | 3 ++ configuration/global.go | 30 +++++++++++++++++++ configuration/global_test.go | 12 ++++++++ models/global.go | 9 ++++++ models/global_compare.go | 24 +++++++++++++++ models/global_compare_test.go | 4 +-- specification/build/haproxy_spec.yaml | 9 ++++++ .../models/configuration/global.yaml | 9 ++++++ 8 files changed, 98 insertions(+), 2 deletions(-) diff --git a/configuration/configuration_test.go b/configuration/configuration_test.go index cdd17a75..19d17e8f 100644 --- a/configuration/configuration_test.go +++ b/configuration/configuration_test.go @@ -211,6 +211,9 @@ global ssl-default-bind-client-sigalgs ECDSA+SHA256:RSA+SHA256 ssl-default-server-sigalgs RSA+SHA256 ssl-default-server-client-sigalgs ECDSA+SHA256:RSA+SHA256 + ssl-propquery provider + ssl-provider default + ssl-provider-path test defaults test_defaults maxconn 2000 diff --git a/configuration/global.go b/configuration/global.go index 24fcb2df..6366b242 100644 --- a/configuration/global.go +++ b/configuration/global.go @@ -619,6 +619,21 @@ func ParseGlobalSection(p parser.Parser) (*models.Global, error) { //nolint:goco sslDhParamFile = sslDhParamFileParser.Value } + sslPropquery, err := parseStringOption(p, "ssl-propquery") + if err != nil { + return nil, err + } + + sslProvider, err := parseStringOption(p, "ssl-provider") + if err != nil { + return nil, err + } + + sslProviderPath, err := parseStringOption(p, "ssl-provider-path") + if err != nil { + return nil, err + } + var sslServerVerify string data, err = p.Get(parser.Global, parser.GlobalSectionName, "ssl-server-verify") if err == nil { @@ -1167,6 +1182,9 @@ func ParseGlobalSection(p parser.Parser) (*models.Global, error) { //nolint:goco SslDefaultServerCiphersuites: sslServerCiphersuites, SslDefaultServerOptions: sslServerOptions, SslModeAsync: sslModeAsync, + SslPropquery: sslPropquery, + SslProvider: sslProvider, + SslProviderPath: sslProviderPath, SslSkipSelfIssuedCa: sslSkipSelfIssuedCa, TuneOptions: tuneOptions, TuneSslDefaultDhParam: dhParam, @@ -1659,6 +1677,18 @@ func SerializeGlobalSection(p parser.Parser, data *models.Global) error { //noli return err } + if err := serializeStringOption(p, "ssl-propquery", data.SslPropquery); err != nil { + return err + } + + if err := serializeStringOption(p, "ssl-provider", data.SslProvider); err != nil { + return err + } + + if err := serializeStringOption(p, "ssl-provider-path", data.SslProviderPath); err != nil { + return err + } + luaPrependPath := []types.LuaPrependPath{} for _, l := range data.LuaPrependPath { lpp := types.LuaPrependPath{ diff --git a/configuration/global_test.go b/configuration/global_test.go index aaf05d06..ae81ef1d 100644 --- a/configuration/global_test.go +++ b/configuration/global_test.go @@ -638,6 +638,15 @@ func TestGetGlobal(t *testing.T) { if global.SslDefaultServerClientSigalgs != "ECDSA+SHA256:RSA+SHA256" { t.Errorf("SslDefaultServerClientSigalgs is %v, expected ECDSA+SHA256:RSA+SHA256", global.SslDefaultServerClientSigalgs) } + if global.SslPropquery != "provider" { + t.Errorf("SslPropquery is %v, expected provider", global.SslPropquery) + } + if global.SslProvider != "default" { + t.Errorf("SslProvider is %v, expected default", global.SslProvider) + } + if global.SslProviderPath != "test" { + t.Errorf("SslProviderPath is %v, expected test", global.SslProviderPath) + } } func TestPutGlobal(t *testing.T) { @@ -717,6 +726,9 @@ func TestPutGlobal(t *testing.T) { ClusterSecret: "", SslDefaultServerSigalgs: "ECDSA+SHA256", SslDefaultServerClientSigalgs: "ECDSA+SHA256", + SslPropquery: "foo", + SslProvider: "my_provider", + SslProviderPath: "providers/", } err := clientTest.PushGlobalConfiguration(g, "", version) diff --git a/models/global.go b/models/global.go index 06303171..01bd10ea 100644 --- a/models/global.go +++ b/models/global.go @@ -336,6 +336,15 @@ type Global struct { // Enum: [enabled disabled] SslModeAsync string `json:"ssl_mode_async,omitempty"` + // ssl propquery + SslPropquery string `json:"ssl_propquery,omitempty"` + + // ssl provider + SslProvider string `json:"ssl_provider,omitempty"` + + // ssl provider path + SslProviderPath string `json:"ssl_provider_path,omitempty"` + // ssl server verify // Enum: [none required] SslServerVerify string `json:"ssl_server_verify,omitempty"` diff --git a/models/global_compare.go b/models/global_compare.go index 4561fbd3..e44ef597 100644 --- a/models/global_compare.go +++ b/models/global_compare.go @@ -479,6 +479,18 @@ func (s Global) Equal(t Global, opts ...Options) bool { return false } + if s.SslPropquery != t.SslPropquery { + return false + } + + if s.SslProvider != t.SslProvider { + return false + } + + if s.SslProviderPath != t.SslProviderPath { + return false + } + if s.SslServerVerify != t.SslServerVerify { return false } @@ -1074,6 +1086,18 @@ func (s Global) Diff(t Global, opts ...Options) map[string][]interface{} { diff["SslModeAsync"] = []interface{}{s.SslModeAsync, t.SslModeAsync} } + if s.SslPropquery != t.SslPropquery { + diff["SslPropquery"] = []interface{}{s.SslPropquery, t.SslPropquery} + } + + if s.SslProvider != t.SslProvider { + diff["SslProvider"] = []interface{}{s.SslProvider, t.SslProvider} + } + + if s.SslProviderPath != t.SslProviderPath { + diff["SslProviderPath"] = []interface{}{s.SslProviderPath, t.SslProviderPath} + } + if s.SslServerVerify != t.SslServerVerify { diff["SslServerVerify"] = []interface{}{s.SslServerVerify, t.SslServerVerify} } diff --git a/models/global_compare_test.go b/models/global_compare_test.go index 7626f574..0077b2c2 100644 --- a/models/global_compare_test.go +++ b/models/global_compare_test.go @@ -267,7 +267,7 @@ func TestGlobalDiffFalse(t *testing.T) { for _, sample := range samples { result := sample.a.Diff(sample.b) - if len(result) != 108 { + if len(result) != 111 { json := jsoniter.ConfigCompatibleWithStandardLibrary a, err := json.Marshal(&sample.a) if err != nil { @@ -277,7 +277,7 @@ func TestGlobalDiffFalse(t *testing.T) { if err != nil { t.Errorf(err.Error()) } - t.Errorf("Expected Global to be different in 108 cases, but it is not (%d) %s %s", len(result), a, b) + t.Errorf("Expected Global to be different in 111 cases, but it is not (%d) %s %s", len(result), a, b) } } } diff --git a/specification/build/haproxy_spec.yaml b/specification/build/haproxy_spec.yaml index 737bb721..d83c3e4b 100644 --- a/specification/build/haproxy_spec.yaml +++ b/specification/build/haproxy_spec.yaml @@ -1505,6 +1505,15 @@ definitions: - disabled type: string x-display-name: Asynchronous TLS I/O operations + ssl_propquery: + type: string + x-display-name: SSL Query String Property + ssl_provider: + type: string + x-display-name: SSL Provider + ssl_provider_path: + type: string + x-display-name: SSL Provider Path ssl_server_verify: enum: - none diff --git a/specification/models/configuration/global.yaml b/specification/models/configuration/global.yaml index 48e1819f..dc1a0cde 100644 --- a/specification/models/configuration/global.yaml +++ b/specification/models/configuration/global.yaml @@ -578,6 +578,15 @@ global: x-display-name: Asynchronous TLS I/O operations ssl_dh_param_file: type: string + ssl_propquery: + type: string + x-display-name: SSL Query String Property + ssl_provider: + type: string + x-display-name: SSL Provider + ssl_provider_path: + type: string + x-display-name: SSL Provider Path ssl_server_verify: type: string enum: [none, required]