aboutsummaryrefslogtreecommitdiffhomepage
path: root/modules/caddytls
diff options
context:
space:
mode:
authorFrancis Lavoie <[email protected]>2024-01-23 19:36:59 -0500
committerGitHub <[email protected]>2024-01-23 19:36:59 -0500
commit750d0b83319ac0ea6b7f057b8270c19404c3d6fa (patch)
treed0c3fb610cde8ae9d73a0a2caba94542af099770 /modules/caddytls
parent54823f52bc9aed66a1a37f820daf6e494181211a (diff)
downloadcaddy-750d0b83319ac0ea6b7f057b8270c19404c3d6fa.tar.gz
caddy-750d0b83319ac0ea6b7f057b8270c19404c3d6fa.zip
caddyfile: Normalize & flatten all unmarshalers (#6037)
Diffstat (limited to 'modules/caddytls')
-rw-r--r--modules/caddytls/acmeissuer.go383
-rw-r--r--modules/caddytls/certmanagers.go30
-rw-r--r--modules/caddytls/internalissuer.go45
-rw-r--r--modules/caddytls/zerosslissuer.go23
4 files changed, 240 insertions, 241 deletions
diff --git a/modules/caddytls/acmeissuer.go b/modules/caddytls/acmeissuer.go
index a7dbd26ec..036e79b1b 100644
--- a/modules/caddytls/acmeissuer.go
+++ b/modules/caddytls/acmeissuer.go
@@ -277,218 +277,219 @@ func (iss *ACMEIssuer) GetACMEIssuer() *ACMEIssuer { return iss }
// }
// }
func (iss *ACMEIssuer) UnmarshalCaddyfile(d *caddyfile.Dispenser) error {
- for d.Next() {
+ d.Next() // consume issuer name
+
+ if d.NextArg() {
+ iss.CA = d.Val()
if d.NextArg() {
- iss.CA = d.Val()
- if d.NextArg() {
- return d.ArgErr()
- }
+ return d.ArgErr()
}
- for nesting := d.Nesting(); d.NextBlock(nesting); {
- switch d.Val() {
- case "dir":
- if iss.CA != "" {
- return d.Errf("directory is already specified: %s", iss.CA)
- }
- if !d.AllArgs(&iss.CA) {
- return d.ArgErr()
- }
-
- case "test_dir":
- if !d.AllArgs(&iss.TestCA) {
- return d.ArgErr()
- }
+ }
- case "email":
- if !d.AllArgs(&iss.Email) {
- return d.ArgErr()
- }
+ for d.NextBlock(0) {
+ switch d.Val() {
+ case "dir":
+ if iss.CA != "" {
+ return d.Errf("directory is already specified: %s", iss.CA)
+ }
+ if !d.AllArgs(&iss.CA) {
+ return d.ArgErr()
+ }
- case "timeout":
- var timeoutStr string
- if !d.AllArgs(&timeoutStr) {
- return d.ArgErr()
- }
- timeout, err := caddy.ParseDuration(timeoutStr)
- if err != nil {
- return d.Errf("invalid timeout duration %s: %v", timeoutStr, err)
- }
- iss.ACMETimeout = caddy.Duration(timeout)
+ case "test_dir":
+ if !d.AllArgs(&iss.TestCA) {
+ return d.ArgErr()
+ }
- case "disable_http_challenge":
- if d.NextArg() {
- return d.ArgErr()
- }
- if iss.Challenges == nil {
- iss.Challenges = new(ChallengesConfig)
- }
- if iss.Challenges.HTTP == nil {
- iss.Challenges.HTTP = new(HTTPChallengeConfig)
- }
- iss.Challenges.HTTP.Disabled = true
+ case "email":
+ if !d.AllArgs(&iss.Email) {
+ return d.ArgErr()
+ }
- case "disable_tlsalpn_challenge":
- if d.NextArg() {
- return d.ArgErr()
- }
- if iss.Challenges == nil {
- iss.Challenges = new(ChallengesConfig)
- }
- if iss.Challenges.TLSALPN == nil {
- iss.Challenges.TLSALPN = new(TLSALPNChallengeConfig)
- }
- iss.Challenges.TLSALPN.Disabled = true
+ case "timeout":
+ var timeoutStr string
+ if !d.AllArgs(&timeoutStr) {
+ return d.ArgErr()
+ }
+ timeout, err := caddy.ParseDuration(timeoutStr)
+ if err != nil {
+ return d.Errf("invalid timeout duration %s: %v", timeoutStr, err)
+ }
+ iss.ACMETimeout = caddy.Duration(timeout)
- case "alt_http_port":
- if !d.NextArg() {
- return d.ArgErr()
- }
- port, err := strconv.Atoi(d.Val())
- if err != nil {
- return d.Errf("invalid port %s: %v", d.Val(), err)
- }
- if iss.Challenges == nil {
- iss.Challenges = new(ChallengesConfig)
- }
- if iss.Challenges.HTTP == nil {
- iss.Challenges.HTTP = new(HTTPChallengeConfig)
- }
- iss.Challenges.HTTP.AlternatePort = port
+ case "disable_http_challenge":
+ if d.NextArg() {
+ return d.ArgErr()
+ }
+ if iss.Challenges == nil {
+ iss.Challenges = new(ChallengesConfig)
+ }
+ if iss.Challenges.HTTP == nil {
+ iss.Challenges.HTTP = new(HTTPChallengeConfig)
+ }
+ iss.Challenges.HTTP.Disabled = true
- case "alt_tlsalpn_port":
- if !d.NextArg() {
- return d.ArgErr()
- }
- port, err := strconv.Atoi(d.Val())
- if err != nil {
- return d.Errf("invalid port %s: %v", d.Val(), err)
- }
- if iss.Challenges == nil {
- iss.Challenges = new(ChallengesConfig)
- }
- if iss.Challenges.TLSALPN == nil {
- iss.Challenges.TLSALPN = new(TLSALPNChallengeConfig)
- }
- iss.Challenges.TLSALPN.AlternatePort = port
+ case "disable_tlsalpn_challenge":
+ if d.NextArg() {
+ return d.ArgErr()
+ }
+ if iss.Challenges == nil {
+ iss.Challenges = new(ChallengesConfig)
+ }
+ if iss.Challenges.TLSALPN == nil {
+ iss.Challenges.TLSALPN = new(TLSALPNChallengeConfig)
+ }
+ iss.Challenges.TLSALPN.Disabled = true
- case "eab":
- iss.ExternalAccount = new(acme.EAB)
- if !d.AllArgs(&iss.ExternalAccount.KeyID, &iss.ExternalAccount.MACKey) {
- return d.ArgErr()
- }
+ case "alt_http_port":
+ if !d.NextArg() {
+ return d.ArgErr()
+ }
+ port, err := strconv.Atoi(d.Val())
+ if err != nil {
+ return d.Errf("invalid port %s: %v", d.Val(), err)
+ }
+ if iss.Challenges == nil {
+ iss.Challenges = new(ChallengesConfig)
+ }
+ if iss.Challenges.HTTP == nil {
+ iss.Challenges.HTTP = new(HTTPChallengeConfig)
+ }
+ iss.Challenges.HTTP.AlternatePort = port
- case "trusted_roots":
- iss.TrustedRootsPEMFiles = d.RemainingArgs()
+ case "alt_tlsalpn_port":
+ if !d.NextArg() {
+ return d.ArgErr()
+ }
+ port, err := strconv.Atoi(d.Val())
+ if err != nil {
+ return d.Errf("invalid port %s: %v", d.Val(), err)
+ }
+ if iss.Challenges == nil {
+ iss.Challenges = new(ChallengesConfig)
+ }
+ if iss.Challenges.TLSALPN == nil {
+ iss.Challenges.TLSALPN = new(TLSALPNChallengeConfig)
+ }
+ iss.Challenges.TLSALPN.AlternatePort = port
- case "dns":
- if !d.NextArg() {
- return d.ArgErr()
- }
- provName := d.Val()
- if iss.Challenges == nil {
- iss.Challenges = new(ChallengesConfig)
- }
- if iss.Challenges.DNS == nil {
- iss.Challenges.DNS = new(DNSChallengeConfig)
- }
- unm, err := caddyfile.UnmarshalModule(d, "dns.providers."+provName)
- if err != nil {
- return err
- }
- iss.Challenges.DNS.ProviderRaw = caddyconfig.JSONModuleObject(unm, "name", provName, nil)
+ case "eab":
+ iss.ExternalAccount = new(acme.EAB)
+ if !d.AllArgs(&iss.ExternalAccount.KeyID, &iss.ExternalAccount.MACKey) {
+ return d.ArgErr()
+ }
- case "propagation_delay":
- if !d.NextArg() {
- return d.ArgErr()
- }
- delayStr := d.Val()
- delay, err := caddy.ParseDuration(delayStr)
- if err != nil {
- return d.Errf("invalid propagation_delay duration %s: %v", delayStr, err)
- }
- if iss.Challenges == nil {
- iss.Challenges = new(ChallengesConfig)
- }
- if iss.Challenges.DNS == nil {
- iss.Challenges.DNS = new(DNSChallengeConfig)
- }
- iss.Challenges.DNS.PropagationDelay = caddy.Duration(delay)
+ case "trusted_roots":
+ iss.TrustedRootsPEMFiles = d.RemainingArgs()
- case "propagation_timeout":
- if !d.NextArg() {
- return d.ArgErr()
- }
- timeoutStr := d.Val()
- var timeout time.Duration
- if timeoutStr == "-1" {
- timeout = time.Duration(-1)
- } else {
- var err error
- timeout, err = caddy.ParseDuration(timeoutStr)
- if err != nil {
- return d.Errf("invalid propagation_timeout duration %s: %v", timeoutStr, err)
- }
- }
- if iss.Challenges == nil {
- iss.Challenges = new(ChallengesConfig)
- }
- if iss.Challenges.DNS == nil {
- iss.Challenges.DNS = new(DNSChallengeConfig)
- }
- iss.Challenges.DNS.PropagationTimeout = caddy.Duration(timeout)
+ case "dns":
+ if !d.NextArg() {
+ return d.ArgErr()
+ }
+ provName := d.Val()
+ if iss.Challenges == nil {
+ iss.Challenges = new(ChallengesConfig)
+ }
+ if iss.Challenges.DNS == nil {
+ iss.Challenges.DNS = new(DNSChallengeConfig)
+ }
+ unm, err := caddyfile.UnmarshalModule(d, "dns.providers."+provName)
+ if err != nil {
+ return err
+ }
+ iss.Challenges.DNS.ProviderRaw = caddyconfig.JSONModuleObject(unm, "name", provName, nil)
- case "resolvers":
- if iss.Challenges == nil {
- iss.Challenges = new(ChallengesConfig)
- }
- if iss.Challenges.DNS == nil {
- iss.Challenges.DNS = new(DNSChallengeConfig)
- }
- iss.Challenges.DNS.Resolvers = d.RemainingArgs()
- if len(iss.Challenges.DNS.Resolvers) == 0 {
- return d.ArgErr()
- }
+ case "propagation_delay":
+ if !d.NextArg() {
+ return d.ArgErr()
+ }
+ delayStr := d.Val()
+ delay, err := caddy.ParseDuration(delayStr)
+ if err != nil {
+ return d.Errf("invalid propagation_delay duration %s: %v", delayStr, err)
+ }
+ if iss.Challenges == nil {
+ iss.Challenges = new(ChallengesConfig)
+ }
+ if iss.Challenges.DNS == nil {
+ iss.Challenges.DNS = new(DNSChallengeConfig)
+ }
+ iss.Challenges.DNS.PropagationDelay = caddy.Duration(delay)
- case "dns_ttl":
- if !d.NextArg() {
- return d.ArgErr()
- }
- ttlStr := d.Val()
- ttl, err := caddy.ParseDuration(ttlStr)
+ case "propagation_timeout":
+ if !d.NextArg() {
+ return d.ArgErr()
+ }
+ timeoutStr := d.Val()
+ var timeout time.Duration
+ if timeoutStr == "-1" {
+ timeout = time.Duration(-1)
+ } else {
+ var err error
+ timeout, err = caddy.ParseDuration(timeoutStr)
if err != nil {
- return d.Errf("invalid dns_ttl duration %s: %v", ttlStr, err)
- }
- if iss.Challenges == nil {
- iss.Challenges = new(ChallengesConfig)
+ return d.Errf("invalid propagation_timeout duration %s: %v", timeoutStr, err)
}
- if iss.Challenges.DNS == nil {
- iss.Challenges.DNS = new(DNSChallengeConfig)
- }
- iss.Challenges.DNS.TTL = caddy.Duration(ttl)
+ }
+ if iss.Challenges == nil {
+ iss.Challenges = new(ChallengesConfig)
+ }
+ if iss.Challenges.DNS == nil {
+ iss.Challenges.DNS = new(DNSChallengeConfig)
+ }
+ iss.Challenges.DNS.PropagationTimeout = caddy.Duration(timeout)
- case "dns_challenge_override_domain":
- arg := d.RemainingArgs()
- if len(arg) != 1 {
- return d.ArgErr()
- }
- if iss.Challenges == nil {
- iss.Challenges = new(ChallengesConfig)
- }
- if iss.Challenges.DNS == nil {
- iss.Challenges.DNS = new(DNSChallengeConfig)
- }
- iss.Challenges.DNS.OverrideDomain = arg[0]
+ case "resolvers":
+ if iss.Challenges == nil {
+ iss.Challenges = new(ChallengesConfig)
+ }
+ if iss.Challenges.DNS == nil {
+ iss.Challenges.DNS = new(DNSChallengeConfig)
+ }
+ iss.Challenges.DNS.Resolvers = d.RemainingArgs()
+ if len(iss.Challenges.DNS.Resolvers) == 0 {
+ return d.ArgErr()
+ }
- case "preferred_chains":
- chainPref, err := ParseCaddyfilePreferredChainsOptions(d)
- if err != nil {
- return err
- }
- iss.PreferredChains = chainPref
+ case "dns_ttl":
+ if !d.NextArg() {
+ return d.ArgErr()
+ }
+ ttlStr := d.Val()
+ ttl, err := caddy.ParseDuration(ttlStr)
+ if err != nil {
+ return d.Errf("invalid dns_ttl duration %s: %v", ttlStr, err)
+ }
+ if iss.Challenges == nil {
+ iss.Challenges = new(ChallengesConfig)
+ }
+ if iss.Challenges.DNS == nil {
+ iss.Challenges.DNS = new(DNSChallengeConfig)
+ }
+ iss.Challenges.DNS.TTL = caddy.Duration(ttl)
- default:
- return d.Errf("unrecognized ACME issuer property: %s", d.Val())
+ case "dns_challenge_override_domain":
+ arg := d.RemainingArgs()
+ if len(arg) != 1 {
+ return d.ArgErr()
}
+ if iss.Challenges == nil {
+ iss.Challenges = new(ChallengesConfig)
+ }
+ if iss.Challenges.DNS == nil {
+ iss.Challenges.DNS = new(DNSChallengeConfig)
+ }
+ iss.Challenges.DNS.OverrideDomain = arg[0]
+
+ case "preferred_chains":
+ chainPref, err := ParseCaddyfilePreferredChainsOptions(d)
+ if err != nil {
+ return err
+ }
+ iss.PreferredChains = chainPref
+
+ default:
+ return d.Errf("unrecognized ACME issuer property: %s", d.Val())
}
}
return nil
diff --git a/modules/caddytls/certmanagers.go b/modules/caddytls/certmanagers.go
index ad26468a9..9bb436a37 100644
--- a/modules/caddytls/certmanagers.go
+++ b/modules/caddytls/certmanagers.go
@@ -72,10 +72,9 @@ func (ts Tailscale) canHazCertificate(ctx context.Context, hello *tls.ClientHell
//
// ... tailscale
func (Tailscale) UnmarshalCaddyfile(d *caddyfile.Dispenser) error {
- for d.Next() {
- if d.NextArg() {
- return d.ArgErr()
- }
+ d.Next() // consume cert manager name
+ if d.NextArg() {
+ return d.ArgErr()
}
return nil
}
@@ -169,17 +168,18 @@ func (hcg HTTPCertGetter) GetCertificate(ctx context.Context, hello *tls.ClientH
//
// ... http <url>
func (hcg *HTTPCertGetter) UnmarshalCaddyfile(d *caddyfile.Dispenser) error {
- for d.Next() {
- if !d.NextArg() {
- return d.ArgErr()
- }
- hcg.URL = d.Val()
- if d.NextArg() {
- return d.ArgErr()
- }
- for nesting := d.Nesting(); d.NextBlock(nesting); {
- return d.Err("block not allowed here")
- }
+ d.Next() // consume cert manager name
+
+ if !d.NextArg() {
+ return d.ArgErr()
+ }
+ hcg.URL = d.Val()
+
+ if d.NextArg() {
+ return d.ArgErr()
+ }
+ if d.NextBlock(0) {
+ return d.Err("block not allowed here")
}
return nil
}
diff --git a/modules/caddytls/internalissuer.go b/modules/caddytls/internalissuer.go
index 1cf2461ab..cdc4f493b 100644
--- a/modules/caddytls/internalissuer.go
+++ b/modules/caddytls/internalissuer.go
@@ -155,31 +155,30 @@ func (iss InternalIssuer) Issue(ctx context.Context, csr *x509.CertificateReques
// sign_with_root
// }
func (iss *InternalIssuer) UnmarshalCaddyfile(d *caddyfile.Dispenser) error {
- for d.Next() {
- for d.NextBlock(0) {
- switch d.Val() {
- case "ca":
- if !d.AllArgs(&iss.CA) {
- return d.ArgErr()
- }
-
- case "lifetime":
- if !d.NextArg() {
- return d.ArgErr()
- }
- dur, err := caddy.ParseDuration(d.Val())
- if err != nil {
- return err
- }
- iss.Lifetime = caddy.Duration(dur)
-
- case "sign_with_root":
- if d.NextArg() {
- return d.ArgErr()
- }
- iss.SignWithRoot = true
+ d.Next() // consume issuer name
+ for d.NextBlock(0) {
+ switch d.Val() {
+ case "ca":
+ if !d.AllArgs(&iss.CA) {
+ return d.ArgErr()
+ }
+ case "lifetime":
+ if !d.NextArg() {
+ return d.ArgErr()
+ }
+ dur, err := caddy.ParseDuration(d.Val())
+ if err != nil {
+ return err
}
+ iss.Lifetime = caddy.Duration(dur)
+
+ case "sign_with_root":
+ if d.NextArg() {
+ return d.ArgErr()
+ }
+ iss.SignWithRoot = true
+
}
}
return nil
diff --git a/modules/caddytls/zerosslissuer.go b/modules/caddytls/zerosslissuer.go
index 697bab07d..1c091a076 100644
--- a/modules/caddytls/zerosslissuer.go
+++ b/modules/caddytls/zerosslissuer.go
@@ -208,21 +208,20 @@ func (iss *ZeroSSLIssuer) Revoke(ctx context.Context, cert certmagic.Certificate
//
// Any of the subdirectives for the ACME issuer can be used in the block.
func (iss *ZeroSSLIssuer) UnmarshalCaddyfile(d *caddyfile.Dispenser) error {
- for d.Next() {
+ d.Next() // consume issuer name
+ if d.NextArg() {
+ iss.APIKey = d.Val()
if d.NextArg() {
- iss.APIKey = d.Val()
- if d.NextArg() {
- return d.ArgErr()
- }
+ return d.ArgErr()
}
+ }
- if iss.ACMEIssuer == nil {
- iss.ACMEIssuer = new(ACMEIssuer)
- }
- err := iss.ACMEIssuer.UnmarshalCaddyfile(d.NewFromNextSegment())
- if err != nil {
- return err
- }
+ if iss.ACMEIssuer == nil {
+ iss.ACMEIssuer = new(ACMEIssuer)
+ }
+ err := iss.ACMEIssuer.UnmarshalCaddyfile(d.NewFromNextSegment())
+ if err != nil {
+ return err
}
return nil
}