aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorMatthew Holt <[email protected]>2024-04-22 15:47:09 -0600
committerMatthew Holt <[email protected]>2024-04-22 15:47:09 -0600
commit6a0299905479083f250c39d5780c305f82863273 (patch)
tree820e8d2581151abc276d3b351ba6ee2021c12fc0
parent9f97df2275638ef80ca104dd0ca51e5a7ab93b21 (diff)
downloadcaddy-6a0299905479083f250c39d5780c305f82863273.tar.gz
caddy-6a0299905479083f250c39d5780c305f82863273.zip
caddytls: Add Caddyfile support for on-demand permission module (close #6260)
-rw-r--r--caddyconfig/httpcaddyfile/options.go25
-rw-r--r--caddyconfig/httploader.go10
-rw-r--r--modules/caddytls/ondemand.go12
3 files changed, 39 insertions, 8 deletions
diff --git a/caddyconfig/httpcaddyfile/options.go b/caddyconfig/httpcaddyfile/options.go
index bbc63ced8..6a8ba0bd3 100644
--- a/caddyconfig/httpcaddyfile/options.go
+++ b/caddyconfig/httpcaddyfile/options.go
@@ -345,9 +345,34 @@ func parseOptOnDemand(d *caddyfile.Dispenser, _ any) (any, error) {
if ond == nil {
ond = new(caddytls.OnDemandConfig)
}
+ if ond.PermissionRaw != nil {
+ return nil, d.Err("on-demand TLS permission module (or 'ask') already specified")
+ }
perm := caddytls.PermissionByHTTP{Endpoint: d.Val()}
ond.PermissionRaw = caddyconfig.JSONModuleObject(perm, "module", "http", nil)
+ case "permission":
+ if !d.NextArg() {
+ return nil, d.ArgErr()
+ }
+ if ond == nil {
+ ond = new(caddytls.OnDemandConfig)
+ }
+ if ond.PermissionRaw != nil {
+ return nil, d.Err("on-demand TLS permission module (or 'ask') already specified")
+ }
+ modName := d.Val()
+ modID := "tls.permission." + modName
+ unm, err := caddyfile.UnmarshalModule(d, modID)
+ if err != nil {
+ return nil, err
+ }
+ perm, ok := unm.(caddytls.OnDemandPermission)
+ if !ok {
+ return nil, d.Errf("module %s (%T) is not an on-demand TLS permission module", modID, unm)
+ }
+ ond.PermissionRaw = caddyconfig.JSONModuleObject(perm, "module", modName, nil)
+
case "interval":
if !d.NextArg() {
return nil, d.ArgErr()
diff --git a/caddyconfig/httploader.go b/caddyconfig/httploader.go
index e0ce4ebf7..528cea6c8 100644
--- a/caddyconfig/httploader.go
+++ b/caddyconfig/httploader.go
@@ -181,19 +181,13 @@ func (hl HTTPLoader) makeClient(ctx caddy.Context) (*http.Client, error) {
if err != nil {
return nil, fmt.Errorf("getting server identity credentials: %v", err)
}
- if tlsConfig == nil {
- tlsConfig = new(tls.Config)
- }
- tlsConfig.Certificates = certs
+ tlsConfig = &tls.Config{Certificates: certs}
} else if hl.TLS.ClientCertificateFile != "" && hl.TLS.ClientCertificateKeyFile != "" {
cert, err := tls.LoadX509KeyPair(hl.TLS.ClientCertificateFile, hl.TLS.ClientCertificateKeyFile)
if err != nil {
return nil, err
}
- if tlsConfig == nil {
- tlsConfig = new(tls.Config)
- }
- tlsConfig.Certificates = []tls.Certificate{cert}
+ tlsConfig = &tls.Config{Certificates: []tls.Certificate{cert}}
}
// trusted server certs
diff --git a/modules/caddytls/ondemand.go b/modules/caddytls/ondemand.go
index 31f6ef2dc..060a3ac6a 100644
--- a/modules/caddytls/ondemand.go
+++ b/modules/caddytls/ondemand.go
@@ -28,6 +28,7 @@ import (
"go.uber.org/zap"
"github.com/caddyserver/caddy/v2"
+ "github.com/caddyserver/caddy/v2/caddyconfig/caddyfile"
)
func init() {
@@ -117,6 +118,17 @@ func (PermissionByHTTP) CaddyModule() caddy.ModuleInfo {
}
}
+// UnmarshalCaddyfile implements caddyfile.Unmarshaler.
+func (p *PermissionByHTTP) UnmarshalCaddyfile(d *caddyfile.Dispenser) error {
+ if !d.Next() {
+ return nil
+ }
+ if !d.AllArgs(&p.Endpoint) {
+ return d.ArgErr()
+ }
+ return nil
+}
+
func (p *PermissionByHTTP) Provision(ctx caddy.Context) error {
p.logger = ctx.Logger()
p.replacer = caddy.NewReplacer()