caddytls: Support tags for manually-loaded certificates

This commit is contained in:
Matthew Holt 2019-06-24 12:16:10 -06:00
parent d49f762f6d
commit 38677aaa58
6 changed files with 33 additions and 20 deletions

7
go.mod
View file

@ -6,7 +6,7 @@ require (
github.com/DataDog/zstd v1.4.0 // indirect github.com/DataDog/zstd v1.4.0 // indirect
github.com/Masterminds/goutils v1.1.0 // indirect github.com/Masterminds/goutils v1.1.0 // indirect
github.com/Masterminds/semver v1.4.2 // indirect github.com/Masterminds/semver v1.4.2 // indirect
github.com/Masterminds/sprig v2.20.0+incompatible // indirect github.com/Masterminds/sprig v2.20.0+incompatible
github.com/andybalholm/brotli v0.0.0-20190430215306-5c318f9037cb github.com/andybalholm/brotli v0.0.0-20190430215306-5c318f9037cb
github.com/dustin/go-humanize v1.0.0 github.com/dustin/go-humanize v1.0.0
github.com/go-acme/lego v2.6.0+incompatible github.com/go-acme/lego v2.6.0+incompatible
@ -16,14 +16,15 @@ require (
github.com/imdario/mergo v0.3.7 // indirect github.com/imdario/mergo v0.3.7 // indirect
github.com/klauspost/compress v1.7.1-0.20190613161414-0b31f265a57b github.com/klauspost/compress v1.7.1-0.20190613161414-0b31f265a57b
github.com/klauspost/cpuid v1.2.1 github.com/klauspost/cpuid v1.2.1
github.com/mholt/certmagic v0.6.2-0.20190621004807-be4f86a2eb60 github.com/mholt/certmagic v0.6.2-0.20190624175158-6a42ef9fe8c2
github.com/rs/cors v1.6.0 github.com/rs/cors v1.6.0
github.com/shurcooL/sanitized_anchor_name v1.0.0 // indirect github.com/shurcooL/sanitized_anchor_name v1.0.0 // indirect
github.com/starlight-go/starlight v0.0.0-20181207205707-b06f321544f3 github.com/starlight-go/starlight v0.0.0-20181207205707-b06f321544f3
go.starlark.net v0.0.0-20190604130855-6ddc71c0ba77 go.starlark.net v0.0.0-20190604130855-6ddc71c0ba77
golang.org/x/net v0.0.0-20190603091049-60506f45cf65 golang.org/x/net v0.0.0-20190603091049-60506f45cf65
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4 // indirect golang.org/x/time v0.0.0-20190308202827-9d24e82272b4
gopkg.in/russross/blackfriday.v2 v2.0.1 gopkg.in/russross/blackfriday.v2 v2.0.1
gopkg.in/yaml.v2 v2.2.2 // indirect
) )
replace gopkg.in/russross/blackfriday.v2 v2.0.1 => github.com/russross/blackfriday/v2 v2.0.1 replace gopkg.in/russross/blackfriday.v2 v2.0.1 => github.com/russross/blackfriday/v2 v2.0.1

12
go.sum
View file

@ -32,12 +32,8 @@ github.com/klauspost/compress v1.7.1-0.20190613161414-0b31f265a57b/go.mod h1:RyI
github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek=
github.com/klauspost/cpuid v1.2.1 h1:vJi+O/nMdFt0vqm8NZBI6wzALWdA2X+egi0ogNyrC/w= github.com/klauspost/cpuid v1.2.1 h1:vJi+O/nMdFt0vqm8NZBI6wzALWdA2X+egi0ogNyrC/w=
github.com/klauspost/cpuid v1.2.1/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek= github.com/klauspost/cpuid v1.2.1/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek=
github.com/mholt/certmagic v0.5.2-0.20190605043235-e49d0d405641 h1:wNqOQ0DFxcZDNpPChhHfL8KscFMnxARN6Q2FiX4/VKI= github.com/mholt/certmagic v0.6.2-0.20190624175158-6a42ef9fe8c2 h1:xKE9kZ5C8gelJC3+BNM6LJs1x21rivK7yxfTZMAuY2s=
github.com/mholt/certmagic v0.5.2-0.20190605043235-e49d0d405641/go.mod h1:g4cOPxcjV0oFq3qwpjSA30LReKD8AoIfwAY9VvG35NY= github.com/mholt/certmagic v0.6.2-0.20190624175158-6a42ef9fe8c2/go.mod h1:g4cOPxcjV0oFq3qwpjSA30LReKD8AoIfwAY9VvG35NY=
github.com/mholt/certmagic v0.6.0 h1:gZwuBuONw2v8/fZh2nd39kvjFNjnSF2uIR4GzKaaryw=
github.com/mholt/certmagic v0.6.0/go.mod h1:g4cOPxcjV0oFq3qwpjSA30LReKD8AoIfwAY9VvG35NY=
github.com/mholt/certmagic v0.6.2-0.20190621004807-be4f86a2eb60 h1:SALetD3LrWGNvna2JIwY1dG4W6rBKtoBehQtHjEKTpo=
github.com/mholt/certmagic v0.6.2-0.20190621004807-be4f86a2eb60/go.mod h1:g4cOPxcjV0oFq3qwpjSA30LReKD8AoIfwAY9VvG35NY=
github.com/miekg/dns v1.1.3 h1:1g0r1IvskvgL8rR+AcHzUA+oFmGcQlaIm4IqakufeMM= github.com/miekg/dns v1.1.3 h1:1g0r1IvskvgL8rR+AcHzUA+oFmGcQlaIm4IqakufeMM=
github.com/miekg/dns v1.1.3/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= github.com/miekg/dns v1.1.3/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
@ -70,5 +66,9 @@ golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4 h1:SvFZT6jyqRaOeXpc5h/JSfZenJ2O330aBsf7JfSUXmQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4 h1:SvFZT6jyqRaOeXpc5h/JSfZenJ2O330aBsf7JfSUXmQ=
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/square/go-jose.v2 v2.2.2 h1:orlkJ3myw8CN1nVQHBFfloD+L3egixIa4FvUP6RosSA= gopkg.in/square/go-jose.v2 v2.2.2 h1:orlkJ3myw8CN1nVQHBFfloD+L3egixIa4FvUP6RosSA=
gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=

View file

@ -243,6 +243,7 @@ func (app *App) automaticHTTPS() error {
}) })
// manage their certificates // manage their certificates
log.Printf("[INFO] Enabling automatic HTTPS for %v", domains)
err := tlsApp.Manage(domains) err := tlsApp.Manage(domains)
if err != nil { if err != nil {
return fmt.Errorf("%s: managing certificate for %s: %s", srvName, domains, err) return fmt.Errorf("%s: managing certificate for %s: %s", srvName, domains, err)

View file

@ -24,11 +24,12 @@ type CertKeyFilePair struct {
Certificate string `json:"certificate"` Certificate string `json:"certificate"`
Key string `json:"key"` Key string `json:"key"`
Format string `json:"format,omitempty"` // "pem" is default Format string `json:"format,omitempty"` // "pem" is default
Tags []string `json:"tags,omitempty"`
} }
// LoadCertificates returns the certificates to be loaded by fl. // LoadCertificates returns the certificates to be loaded by fl.
func (fl fileLoader) LoadCertificates() ([]tls.Certificate, error) { func (fl fileLoader) LoadCertificates() ([]Certificate, error) {
var certs []tls.Certificate var certs []Certificate
for _, pair := range fl { for _, pair := range fl {
certData, err := ioutil.ReadFile(pair.Certificate) certData, err := ioutil.ReadFile(pair.Certificate)
if err != nil { if err != nil {
@ -52,7 +53,7 @@ func (fl fileLoader) LoadCertificates() ([]tls.Certificate, error) {
return nil, err return nil, err
} }
certs = append(certs, cert) certs = append(certs, Certificate{Certificate: cert, Tags: pair.Tags})
} }
return certs, nil return certs, nil
} }

View file

@ -29,8 +29,8 @@ type folderLoader []string
// listed in fl from all files ending with .pem. This method of loading // listed in fl from all files ending with .pem. This method of loading
// certificates expects the certificate and key to be bundled into the // certificates expects the certificate and key to be bundled into the
// same file. // same file.
func (fl folderLoader) LoadCertificates() ([]tls.Certificate, error) { func (fl folderLoader) LoadCertificates() ([]Certificate, error) {
var certs []tls.Certificate var certs []Certificate
for _, dir := range fl { for _, dir := range fl {
err := filepath.Walk(dir, func(fpath string, info os.FileInfo, err error) error { err := filepath.Walk(dir, func(fpath string, info os.FileInfo, err error) error {
if err != nil { if err != nil {
@ -48,7 +48,7 @@ func (fl folderLoader) LoadCertificates() ([]tls.Certificate, error) {
return err return err
} }
certs = append(certs, cert) certs = append(certs, Certificate{Certificate: cert})
return nil return nil
}) })
@ -120,3 +120,5 @@ func x509CertFromCertAndKeyPEMFile(fpath string) (tls.Certificate, error) {
return cert, nil return cert, nil
} }
var _ CertificateLoader = (folderLoader)(nil)

View file

@ -98,7 +98,7 @@ func (t *TLS) Start() error {
Storage: t.ctx.Storage(), Storage: t.ctx.Storage(),
}) })
for _, cert := range certs { for _, cert := range certs {
err := magic.CacheUnmanagedTLSCertificate(cert) err := magic.CacheUnmanagedTLSCertificate(cert.Certificate, cert.Tags)
if err != nil { if err != nil {
return fmt.Errorf("caching unmanaged certificate: %v", err) return fmt.Errorf("caching unmanaged certificate: %v", err)
} }
@ -182,8 +182,16 @@ func (t *TLS) getAutomationPolicyForName(name string) AutomationPolicy {
} }
// CertificateLoader is a type that can load certificates. // CertificateLoader is a type that can load certificates.
// Certificates can optionally be associated with tags.
type CertificateLoader interface { type CertificateLoader interface {
LoadCertificates() ([]tls.Certificate, error) LoadCertificates() ([]Certificate, error)
}
// Certificate is a TLS certificate, optionally
// associated with arbitrary tags.
type Certificate struct {
tls.Certificate
Tags []string
} }
// AutomationConfig designates configuration for the // AutomationConfig designates configuration for the