Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
K
k3s
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Jacklull
k3s
Commits
69949dda
Commit
69949dda
authored
Oct 30, 2019
by
Darren Shepherd
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Update vendor
parent
609c5e5f
Expand all
Hide whitespace changes
Inline
Side-by-side
Showing
20 changed files
with
873 additions
and
289 deletions
+873
-289
go.mod
go.mod
+1
-1
go.sum
go.sum
+3
-7
README.md
...hub.com/konsorten/go-windows-terminal-sequences/README.md
+0
-1
sequences_dummy.go
...onsorten/go-windows-terminal-sequences/sequences_dummy.go
+0
-11
ca.go
vendor/github.com/rancher/dynamiclistener/factory/ca.go
+80
-0
cert_utils.go
.../github.com/rancher/dynamiclistener/factory/cert_utils.go
+105
-0
gen.go
vendor/github.com/rancher/dynamiclistener/factory/gen.go
+164
-0
go.mod
vendor/github.com/rancher/dynamiclistener/go.mod
+4
-11
go.sum
vendor/github.com/rancher/dynamiclistener/go.sum
+0
-0
listener.go
vendor/github.com/rancher/dynamiclistener/listener.go
+198
-0
read.go
vendor/github.com/rancher/dynamiclistener/read.go
+0
-50
redirect.go
vendor/github.com/rancher/dynamiclistener/redirect.go
+46
-0
server.go
vendor/github.com/rancher/dynamiclistener/server.go
+0
-0
file.go
...r/github.com/rancher/dynamiclistener/storage/file/file.go
+42
-0
controller.go
.../rancher/dynamiclistener/storage/kubernetes/controller.go
+109
-0
memory.go
...thub.com/rancher/dynamiclistener/storage/memory/memory.go
+42
-0
tcp.go
vendor/github.com/rancher/dynamiclistener/tcp.go
+38
-0
types.go
vendor/github.com/rancher/dynamiclistener/types.go
+0
-63
client.go
vendor/github.com/rancher/kine/pkg/client/client.go
+0
-107
modules.txt
vendor/modules.txt
+41
-38
No files found.
go.mod
View file @
69949dda
...
...
@@ -96,7 +96,7 @@ require (
github.com/opencontainers/runc v1.0.0-rc2.0.20190611121236-6cc515888830
github.com/pkg/errors v0.8.1
github.com/rakelkar/gonetsh v0.0.0-20190719023240-501daadcadf8 // indirect
github.com/rancher/dynamiclistener v0.1.1-0.201910
10011134-8a2488bc860a
github.com/rancher/dynamiclistener v0.1.1-0.201910
31022009-6224794ef3cb
github.com/rancher/helm-controller v0.2.2
github.com/rancher/kine v0.0.0-00010101000000-000000000000
github.com/rancher/remotedialer v0.2.0
...
...
go.sum
View file @
69949dda
...
...
@@ -418,9 +418,8 @@ github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgo
github.com/knative/build v0.6.0/go.mod h1:/sU74ZQkwlYA5FwYDJhYTy61i/Kn+5eWfln2jDbw3Qo=
github.com/knative/pkg v0.0.0-20190514205332-5e4512dcb2ca/go.mod h1:7Ijfhw7rfB+H9VtosIsDYvZQ+qYTz7auK3fHW/5z4ww=
github.com/knative/serving v0.6.1/go.mod h1:ljvMfwQy2qanaM/8xnBSK4Mz3Vv2NawC2fo5kFRJS1A=
github.com/konsorten/go-windows-terminal-sequences v1.0.1 h1:mweAR1A6xJ3oS2pRaGiHgQ4OO8tzTaLawm8vnODuwDk=
github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
github.com/konsorten/go-windows-terminal-sequences v1.0.2 h1:DB17ag19krx9CFsz4o3enTrPXyIXCl+2iCXH/aMAp9s=
github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
...
...
@@ -563,8 +562,8 @@ github.com/rancher/containerd v1.3.0-k3s.4 h1:Vq9EJQEm01eeWaBtgU35KxWeuVU5LwW43E
github.com/rancher/containerd v1.3.0-k3s.4/go.mod h1:ZMfzmqce2Z+QSEqdHMfeJs1TZ/UeJ1aDrazjpQT4ehM=
github.com/rancher/cri-tools v1.16.1-k3s.1 h1:iporgQ46noE6dtLzq6fWcIO2qjyPZy2m42d2P+UnGJg=
github.com/rancher/cri-tools v1.16.1-k3s.1/go.mod h1:TEKhKv2EJIZp+p9jnEy4C63g8CosJzsI4kyKKkHag+8=
github.com/rancher/dynamiclistener v0.1.1-0.201910
10011134-8a2488bc860a h1:1bUYAv5U/Ky4YJ9o8gWxX+vNcjpIL3JWNBao70OlkFE
=
github.com/rancher/dynamiclistener v0.1.1-0.201910
10011134-8a2488bc860a/go.mod h1:8hbGf35mB7ormKEFqsAgjgeI5rLbj5N764jG41dNhp
s=
github.com/rancher/dynamiclistener v0.1.1-0.201910
31022009-6224794ef3cb h1:bMoA9UHr1QNTWVrf0fSJCba6YDU1xmt2jmeohpiugKg
=
github.com/rancher/dynamiclistener v0.1.1-0.201910
31022009-6224794ef3cb/go.mod h1:fs/dxyNcB3YT6W9fVz4bDGfhmSQS17QQup6BIcGF++
s=
github.com/rancher/flannel v0.11.0-k3s.1 h1:mIwnfWDafjzQgFkZeJ1AkFrrAT3EdBaA1giE0eLJKo8=
github.com/rancher/flannel v0.11.0-k3s.1/go.mod h1:Hn4ZV+eq0LhLZP63xZnxdGwXEoRSxs5sxELxu27M3UA=
github.com/rancher/helm-controller v0.2.2 h1:MUqisy53/Ay1EYOF2uTCYBbGpgtZLNKKrI01BdxIbQo=
...
...
@@ -682,7 +681,6 @@ github.com/stretchr/testify v0.0.0-20151208002404-e3a8ff8ce365/go.mod h1:a8OnRci
github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0Q=
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
github.com/stripe/safesql v0.2.0/go.mod h1:q7b2n0JmzM1mVGfcYpanfVb2j23cXZeWFxcILPn3JV4=
github.com/syndtr/gocapability v0.0.0-20160928074757-e7cb7fa329f4/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8 h1:zLV6q4e8Jv9EHjNg/iHfzwDkCve6Ua5jCygptrtXHvI=
github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
...
...
@@ -741,7 +739,6 @@ golang.org/x/crypto v0.0.0-20190228161510-8dd112bcdc25/go.mod h1:djNgcEr1/C05ACk
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20190313024323-a1f597ede03a/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20190320223903-b7391e95e576/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20190506204251-e1dfcc566284/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8 h1:1wopBVtVdWnn03fZelqdXTqk7U7zPQCb+T4rbU9ZEoU=
golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
...
...
@@ -808,7 +805,6 @@ golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7w
golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190509141414-a5b02f93d862/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190616124812-15dcb6c0061f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190730183949-1393eb018365/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3 h1:7TYNF4UdlohbFwpNH04CoPMp1cHUZgO1Ebq5r2hIjfo=
...
...
vendor/github.com/konsorten/go-windows-terminal-sequences/README.md
View file @
69949dda
...
...
@@ -26,7 +26,6 @@ The tool is sponsored by the [marvin + konsorten GmbH](http://www.konsorten.de).
We thank all the authors who provided code to this library:
*
Felix Kollmann
*
Nicolas Perraut
## License
...
...
vendor/github.com/konsorten/go-windows-terminal-sequences/sequences_dummy.go
deleted
100644 → 0
View file @
609c5e5f
// +build linux darwin
package
sequences
import
(
"fmt"
)
func
EnableVirtualTerminalProcessing
(
stream
uintptr
,
enable
bool
)
error
{
return
fmt
.
Errorf
(
"windows only package"
)
}
vendor/github.com/rancher/dynamiclistener/factory/ca.go
0 → 100644
View file @
69949dda
package
factory
import
(
"crypto/ecdsa"
"crypto/x509"
"io/ioutil"
"os"
)
func
GenCA
()
(
*
x509
.
Certificate
,
*
ecdsa
.
PrivateKey
,
error
)
{
caKey
,
err
:=
NewPrivateKey
()
if
err
!=
nil
{
return
nil
,
nil
,
err
}
caCert
,
err
:=
NewSelfSignedCACert
(
caKey
,
"dynamiclistener-ca"
,
"dynamiclistener-org"
)
if
err
!=
nil
{
return
nil
,
nil
,
err
}
return
caCert
,
caKey
,
nil
}
func
LoadOrGenCA
()
(
*
x509
.
Certificate
,
*
ecdsa
.
PrivateKey
,
error
)
{
cert
,
key
,
err
:=
loadCA
()
if
err
==
nil
{
return
cert
,
key
,
nil
}
cert
,
key
,
err
=
GenCA
()
if
err
!=
nil
{
return
nil
,
nil
,
err
}
certBytes
,
keyBytes
,
err
:=
Marshal
(
cert
,
key
)
if
err
!=
nil
{
return
nil
,
nil
,
err
}
if
err
:=
os
.
MkdirAll
(
"./certs"
,
0700
);
err
!=
nil
{
return
nil
,
nil
,
err
}
if
err
:=
ioutil
.
WriteFile
(
"./certs/ca.pem"
,
certBytes
,
0600
);
err
!=
nil
{
return
nil
,
nil
,
err
}
if
err
:=
ioutil
.
WriteFile
(
"./certs/ca.key"
,
keyBytes
,
0600
);
err
!=
nil
{
return
nil
,
nil
,
err
}
return
cert
,
key
,
nil
}
func
loadCA
()
(
*
x509
.
Certificate
,
*
ecdsa
.
PrivateKey
,
error
)
{
return
LoadCerts
(
"./certs/ca.pem"
,
"./certs/ca.key"
)
}
func
LoadCerts
(
certFile
,
keyFile
string
)
(
*
x509
.
Certificate
,
*
ecdsa
.
PrivateKey
,
error
)
{
caPem
,
err
:=
ioutil
.
ReadFile
(
certFile
)
if
err
!=
nil
{
return
nil
,
nil
,
err
}
caKey
,
err
:=
ioutil
.
ReadFile
(
keyFile
)
if
err
!=
nil
{
return
nil
,
nil
,
err
}
key
,
err
:=
ParseECPrivateKeyPEM
(
caKey
)
if
err
!=
nil
{
return
nil
,
nil
,
err
}
cert
,
err
:=
ParseCertPEM
(
caPem
)
if
err
!=
nil
{
return
nil
,
nil
,
err
}
return
cert
,
key
,
nil
}
vendor/github.com/rancher/dynamiclistener/factory/cert_utils.go
0 → 100644
View file @
69949dda
package
factory
import
(
"crypto"
"crypto/ecdsa"
"crypto/rand"
"crypto/x509"
"crypto/x509/pkix"
"encoding/pem"
"fmt"
"math"
"math/big"
"net"
"time"
)
const
(
ECPrivateKeyBlockType
=
"EC PRIVATE KEY"
CertificateBlockType
=
"CERTIFICATE"
)
func
NewSelfSignedCACert
(
key
crypto
.
Signer
,
cn
string
,
org
...
string
)
(
*
x509
.
Certificate
,
error
)
{
now
:=
time
.
Now
()
tmpl
:=
x509
.
Certificate
{
BasicConstraintsValid
:
true
,
IsCA
:
true
,
KeyUsage
:
x509
.
KeyUsageKeyEncipherment
|
x509
.
KeyUsageDigitalSignature
|
x509
.
KeyUsageCertSign
,
NotAfter
:
now
.
Add
(
time
.
Hour
*
24
*
365
*
10
)
.
UTC
(),
NotBefore
:
now
.
UTC
(),
SerialNumber
:
new
(
big
.
Int
)
.
SetInt64
(
0
),
Subject
:
pkix
.
Name
{
CommonName
:
cn
,
Organization
:
org
,
},
}
certDERBytes
,
err
:=
x509
.
CreateCertificate
(
rand
.
Reader
,
&
tmpl
,
&
tmpl
,
key
.
Public
(),
key
)
if
err
!=
nil
{
return
nil
,
err
}
return
x509
.
ParseCertificate
(
certDERBytes
)
}
func
NewSignedCert
(
signer
crypto
.
Signer
,
caCert
*
x509
.
Certificate
,
caKey
crypto
.
Signer
,
cn
string
,
orgs
[]
string
,
domains
[]
string
,
ips
[]
net
.
IP
)
(
*
x509
.
Certificate
,
error
)
{
serialNumber
,
err
:=
rand
.
Int
(
rand
.
Reader
,
new
(
big
.
Int
)
.
SetInt64
(
math
.
MaxInt64
))
if
err
!=
nil
{
return
nil
,
err
}
parent
:=
x509
.
Certificate
{
DNSNames
:
domains
,
ExtKeyUsage
:
[]
x509
.
ExtKeyUsage
{
x509
.
ExtKeyUsageServerAuth
},
IPAddresses
:
ips
,
KeyUsage
:
x509
.
KeyUsageKeyEncipherment
|
x509
.
KeyUsageDigitalSignature
,
NotAfter
:
time
.
Now
()
.
Add
(
time
.
Hour
*
24
*
365
)
.
UTC
(),
NotBefore
:
caCert
.
NotBefore
,
SerialNumber
:
serialNumber
,
Subject
:
pkix
.
Name
{
CommonName
:
cn
,
Organization
:
orgs
,
},
}
cert
,
err
:=
x509
.
CreateCertificate
(
rand
.
Reader
,
&
parent
,
caCert
,
signer
.
Public
(),
caKey
)
if
err
!=
nil
{
return
nil
,
err
}
return
x509
.
ParseCertificate
(
cert
)
}
func
ParseECPrivateKeyPEM
(
keyData
[]
byte
)
(
*
ecdsa
.
PrivateKey
,
error
)
{
var
privateKeyPemBlock
*
pem
.
Block
for
{
privateKeyPemBlock
,
keyData
=
pem
.
Decode
(
keyData
)
if
privateKeyPemBlock
==
nil
{
break
}
if
privateKeyPemBlock
.
Type
==
ECPrivateKeyBlockType
{
return
x509
.
ParseECPrivateKey
(
privateKeyPemBlock
.
Bytes
)
}
}
return
nil
,
fmt
.
Errorf
(
"pem does not include a valid EC private key"
)
}
func
ParseCertPEM
(
pemCerts
[]
byte
)
(
*
x509
.
Certificate
,
error
)
{
var
pemBlock
*
pem
.
Block
for
{
pemBlock
,
pemCerts
=
pem
.
Decode
(
pemCerts
)
if
pemBlock
==
nil
{
break
}
if
pemBlock
.
Type
==
CertificateBlockType
{
return
x509
.
ParseCertificate
(
pemBlock
.
Bytes
)
}
}
return
nil
,
fmt
.
Errorf
(
"pem does not include a valid x509 cert"
)
}
vendor/github.com/rancher/dynamiclistener/factory/gen.go
0 → 100644
View file @
69949dda
package
factory
import
(
"crypto"
"crypto/ecdsa"
"crypto/elliptic"
"crypto/rand"
"crypto/sha256"
"crypto/x509"
"encoding/hex"
"encoding/pem"
"net"
"sort"
"strings"
v1
"k8s.io/api/core/v1"
)
const
(
cnPrefix
=
"listener.cattle.io/cn-"
static
=
"listener.cattle.io/static"
hashKey
=
"listener.cattle.io/hash"
)
type
TLS
struct
{
CACert
*
x509
.
Certificate
CAKey
crypto
.
Signer
CN
string
Organization
[]
string
}
func
collectCNs
(
secret
*
v1
.
Secret
)
(
domains
[]
string
,
ips
[]
net
.
IP
,
hash
string
,
err
error
)
{
var
(
cns
[]
string
digest
=
sha256
.
New
()
)
for
k
,
v
:=
range
secret
.
Annotations
{
if
strings
.
HasPrefix
(
k
,
cnPrefix
)
{
cns
=
append
(
cns
,
v
)
}
}
sort
.
Strings
(
cns
)
for
_
,
v
:=
range
cns
{
digest
.
Write
([]
byte
(
v
))
ip
:=
net
.
ParseIP
(
v
)
if
ip
==
nil
{
domains
=
append
(
domains
,
v
)
}
else
{
ips
=
append
(
ips
,
ip
)
}
}
hash
=
hex
.
EncodeToString
(
digest
.
Sum
(
nil
))
return
}
func
(
t
*
TLS
)
AddCN
(
secret
*
v1
.
Secret
,
cn
...
string
)
(
*
v1
.
Secret
,
bool
,
error
)
{
var
(
err
error
)
if
!
NeedsUpdate
(
secret
,
cn
...
)
{
return
secret
,
false
,
nil
}
secret
=
populateCN
(
secret
,
cn
...
)
privateKey
,
err
:=
getPrivateKey
(
secret
)
if
err
!=
nil
{
return
nil
,
false
,
err
}
domains
,
ips
,
hash
,
err
:=
collectCNs
(
secret
)
if
err
!=
nil
{
return
nil
,
false
,
err
}
newCert
,
err
:=
t
.
newCert
(
domains
,
ips
,
privateKey
)
if
err
!=
nil
{
return
nil
,
false
,
err
}
certBytes
,
keyBytes
,
err
:=
Marshal
(
newCert
,
privateKey
)
if
err
!=
nil
{
return
nil
,
false
,
err
}
if
secret
.
Data
==
nil
{
secret
.
Data
=
map
[
string
][]
byte
{}
}
secret
.
Data
[
v1
.
TLSCertKey
]
=
certBytes
secret
.
Data
[
v1
.
TLSPrivateKeyKey
]
=
keyBytes
secret
.
Annotations
[
hashKey
]
=
hash
return
secret
,
true
,
nil
}
func
(
t
*
TLS
)
newCert
(
domains
[]
string
,
ips
[]
net
.
IP
,
privateKey
*
ecdsa
.
PrivateKey
)
(
*
x509
.
Certificate
,
error
)
{
return
NewSignedCert
(
privateKey
,
t
.
CACert
,
t
.
CAKey
,
t
.
CN
,
t
.
Organization
,
domains
,
ips
)
}
func
populateCN
(
secret
*
v1
.
Secret
,
cn
...
string
)
*
v1
.
Secret
{
secret
=
secret
.
DeepCopy
()
if
secret
.
Annotations
==
nil
{
secret
.
Annotations
=
map
[
string
]
string
{}
}
for
_
,
cn
:=
range
cn
{
secret
.
Annotations
[
cnPrefix
+
cn
]
=
cn
}
return
secret
}
func
NeedsUpdate
(
secret
*
v1
.
Secret
,
cn
...
string
)
bool
{
if
secret
.
Annotations
[
static
]
==
"true"
{
return
false
}
for
_
,
cn
:=
range
cn
{
if
secret
.
Annotations
[
cnPrefix
+
cn
]
==
""
{
return
true
}
}
return
false
}
func
getPrivateKey
(
secret
*
v1
.
Secret
)
(
*
ecdsa
.
PrivateKey
,
error
)
{
keyBytes
:=
secret
.
Data
[
v1
.
TLSPrivateKeyKey
]
if
len
(
keyBytes
)
==
0
{
return
NewPrivateKey
()
}
privateKey
,
err
:=
ParseECPrivateKeyPEM
(
keyBytes
)
if
err
==
nil
{
return
privateKey
,
nil
}
return
NewPrivateKey
()
}
func
Marshal
(
x509Cert
*
x509
.
Certificate
,
privateKey
*
ecdsa
.
PrivateKey
)
([]
byte
,
[]
byte
,
error
)
{
certBlock
:=
pem
.
Block
{
Type
:
CertificateBlockType
,
Bytes
:
x509Cert
.
Raw
,
}
keyBytes
,
err
:=
x509
.
MarshalECPrivateKey
(
privateKey
)
if
err
!=
nil
{
return
nil
,
nil
,
err
}
keyBlock
:=
pem
.
Block
{
Type
:
ECPrivateKeyBlockType
,
Bytes
:
keyBytes
,
}
return
pem
.
EncodeToMemory
(
&
certBlock
),
pem
.
EncodeToMemory
(
&
keyBlock
),
nil
}
func
NewPrivateKey
()
(
*
ecdsa
.
PrivateKey
,
error
)
{
return
ecdsa
.
GenerateKey
(
elliptic
.
P256
(),
rand
.
Reader
)
}
vendor/github.com/rancher/dynamiclistener/go.mod
View file @
69949dda
...
...
@@ -3,16 +3,9 @@ module github.com/rancher/dynamiclistener
go 1.12
require (
github.com/hashicorp/golang-lru v0.5.1
github.com/kisielk/gotool v1.0.0 // indirect
github.com/konsorten/go-windows-terminal-sequences v1.0.2 // indirect
github.com/rancher/wrangler v0.1.4
github.com/rancher/wrangler-api v0.2.0
github.com/sirupsen/logrus v1.4.1
github.com/stretchr/testify v1.3.0 // indirect
github.com/stripe/safesql v0.2.0 // indirect
golang.org/x/crypto v0.0.0-20190506204251-e1dfcc566284
golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c // indirect
golang.org/x/sys v0.0.0-20190509141414-a5b02f93d862 // indirect
golang.org/x/text v0.3.2 // indirect
mvdan.cc/interfacer v0.0.0-20180901003855-c20040233aed // indirect
mvdan.cc/lint v0.0.0-20170908181259-adc824a0674b // indirect
k8s.io/api v0.0.0-20190409021203-6e4e0e4f393b
k8s.io/apimachinery v0.0.0-20190404173353-6a84e37a896d
)
vendor/github.com/rancher/dynamiclistener/go.sum
View file @
69949dda
This diff is collapsed.
Click to expand it.
vendor/github.com/rancher/dynamiclistener/listener.go
0 → 100644
View file @
69949dda
package
dynamiclistener
import
(
"crypto"
"crypto/tls"
"crypto/x509"
"net"
"net/http"
"sync"
"github.com/rancher/dynamiclistener/factory"
"github.com/sirupsen/logrus"
v1
"k8s.io/api/core/v1"
)
type
TLSStorage
interface
{
Get
()
(
*
v1
.
Secret
,
error
)
Update
(
secret
*
v1
.
Secret
)
error
}
type
Config
struct
{
CN
string
Organization
[]
string
TLSConfig
tls
.
Config
SANs
[]
string
}
func
NewListener
(
l
net
.
Listener
,
storage
TLSStorage
,
caCert
*
x509
.
Certificate
,
caKey
crypto
.
Signer
,
config
Config
)
(
net
.
Listener
,
http
.
Handler
,
error
)
{
if
config
.
CN
==
""
{
config
.
CN
=
"dynamic"
}
if
len
(
config
.
Organization
)
==
0
{
config
.
Organization
=
[]
string
{
"dynamic"
}
}
dynamicListener
:=
&
listener
{
factory
:
&
factory
.
TLS
{
CACert
:
caCert
,
CAKey
:
caKey
,
CN
:
config
.
CN
,
Organization
:
config
.
Organization
,
},
Listener
:
l
,
storage
:
&
nonNil
{
storage
:
storage
},
sans
:
config
.
SANs
,
tlsConfig
:
config
.
TLSConfig
,
}
dynamicListener
.
tlsConfig
.
GetCertificate
=
dynamicListener
.
getCertificate
return
tls
.
NewListener
(
dynamicListener
,
&
dynamicListener
.
tlsConfig
),
dynamicListener
.
cacheHandler
(),
nil
}
type
listener
struct
{
sync
.
RWMutex
net
.
Listener
factory
*
factory
.
TLS
storage
TLSStorage
version
string
tlsConfig
tls
.
Config
cert
*
tls
.
Certificate
sans
[]
string
}
func
(
l
*
listener
)
Accept
()
(
net
.
Conn
,
error
)
{
conn
,
err
:=
l
.
Listener
.
Accept
()
if
err
!=
nil
{
return
conn
,
err
}
addr
:=
conn
.
RemoteAddr
()
if
addr
==
nil
{
return
conn
,
nil
}
host
,
_
,
err
:=
net
.
SplitHostPort
(
addr
.
String
())
if
err
!=
nil
{
logrus
.
Errorf
(
"failed to parse network %s: %v"
,
addr
.
Network
(),
err
)
return
conn
,
nil
}
return
conn
,
l
.
updateCert
(
host
)
}
func
(
l
*
listener
)
getCertificate
(
hello
*
tls
.
ClientHelloInfo
)
(
*
tls
.
Certificate
,
error
)
{
if
hello
.
ServerName
!=
""
{
if
err
:=
l
.
updateCert
(
hello
.
ServerName
);
err
!=
nil
{
return
nil
,
err
}
}
return
l
.
loadCert
()
}
func
(
l
*
listener
)
updateCert
(
cn
string
)
error
{
l
.
RLock
()
defer
l
.
RUnlock
()
secret
,
err
:=
l
.
storage
.
Get
()
if
err
!=
nil
{
return
err
}
if
!
factory
.
NeedsUpdate
(
secret
,
append
(
l
.
sans
,
cn
)
...
)
{
return
nil
}
l
.
RUnlock
()
l
.
Lock
()
defer
l
.
RLock
()
defer
l
.
Unlock
()
secret
,
updated
,
err
:=
l
.
factory
.
AddCN
(
secret
,
append
(
l
.
sans
,
cn
)
...
)
if
err
!=
nil
{
return
err
}
if
updated
{
if
err
:=
l
.
storage
.
Update
(
secret
);
err
!=
nil
{
return
err
}
// clear version to force cert reload
l
.
version
=
""
}
return
nil
}
func
(
l
*
listener
)
loadCert
()
(
*
tls
.
Certificate
,
error
)
{
l
.
RLock
()
defer
l
.
RUnlock
()
secret
,
err
:=
l
.
storage
.
Get
()
if
err
!=
nil
{
return
nil
,
err
}
if
l
.
cert
!=
nil
&&
l
.
version
==
secret
.
ResourceVersion
{
return
l
.
cert
,
nil
}
defer
l
.
RLock
()
l
.
RUnlock
()
l
.
Lock
()
defer
l
.
Unlock
()
secret
,
err
=
l
.
storage
.
Get
()
if
err
!=
nil
{
return
nil
,
err
}
if
l
.
cert
!=
nil
&&
l
.
version
==
secret
.
ResourceVersion
{
return
l
.
cert
,
nil
}
cert
,
err
:=
tls
.
X509KeyPair
(
secret
.
Data
[
v1
.
TLSCertKey
],
secret
.
Data
[
v1
.
TLSPrivateKeyKey
])
if
err
!=
nil
{
return
nil
,
err
}
l
.
cert
=
&
cert
return
l
.
cert
,
nil
}
func
(
l
*
listener
)
cacheHandler
()
http
.
Handler
{
return
http
.
HandlerFunc
(
func
(
resp
http
.
ResponseWriter
,
req
*
http
.
Request
)
{
h
,
_
,
err
:=
net
.
SplitHostPort
(
req
.
Host
)
if
err
!=
nil
{
h
=
req
.
Host
}
ip
:=
net
.
ParseIP
(
h
)
if
len
(
ip
)
>
0
{
l
.
updateCert
(
h
)
}
})
}
type
nonNil
struct
{
sync
.
Mutex
storage
TLSStorage
}
func
(
n
*
nonNil
)
Get
()
(
*
v1
.
Secret
,
error
)
{
n
.
Lock
()
defer
n
.
Unlock
()
s
,
err
:=
n
.
storage
.
Get
()
if
err
!=
nil
||
s
==
nil
{
return
&
v1
.
Secret
{},
err
}
return
s
,
nil
}
func
(
n
*
nonNil
)
Update
(
secret
*
v1
.
Secret
)
error
{
n
.
Lock
()
defer
n
.
Unlock
()
return
n
.
storage
.
Update
(
secret
)
}
vendor/github.com/rancher/dynamiclistener/read.go
deleted
100644 → 0
View file @
609c5e5f
package
dynamiclistener
import
(
"fmt"
"io/ioutil"
"path/filepath"
)
func
ReadTLSConfig
(
userConfig
*
UserConfig
)
error
{
var
err
error
path
:=
userConfig
.
CertPath
userConfig
.
CACerts
,
err
=
readPEM
(
filepath
.
Join
(
path
,
"cacerts.pem"
))
if
err
!=
nil
{
return
err
}
userConfig
.
Key
,
err
=
readPEM
(
filepath
.
Join
(
path
,
"key.pem"
))
if
err
!=
nil
{
return
err
}
userConfig
.
Cert
,
err
=
readPEM
(
filepath
.
Join
(
path
,
"cert.pem"
))
if
err
!=
nil
{
return
err
}
valid
:=
false
if
userConfig
.
Key
!=
""
&&
userConfig
.
Cert
!=
""
{
valid
=
true
}
else
if
userConfig
.
Key
==
""
&&
userConfig
.
Cert
==
""
{
valid
=
true
}
if
!
valid
{
return
fmt
.
Errorf
(
"invalid SSL configuration found, please set cert/key, cert/key/cacerts, cacerts only, or none"
)
}
return
nil
}
func
readPEM
(
path
string
)
(
string
,
error
)
{
content
,
err
:=
ioutil
.
ReadFile
(
path
)
if
err
!=
nil
{
return
""
,
nil
}
return
string
(
content
),
nil
}
vendor/github.com/rancher/dynamiclistener/redirect.go
0 → 100644
View file @
69949dda
package
dynamiclistener
import
(
"fmt"
"net"
"net/http"
"strconv"
"strings"
)
// Approach taken from letsencrypt, except manglePort is specific to us
func
HTTPRedirect
(
next
http
.
Handler
)
http
.
Handler
{
return
http
.
HandlerFunc
(
func
(
rw
http
.
ResponseWriter
,
r
*
http
.
Request
)
{
fmt
.
Println
(
"!!!!!"
,
r
.
URL
.
String
(),
r
.
Header
)
if
r
.
Header
.
Get
(
"x-Forwarded-Proto"
)
==
"https"
||
r
.
Header
.
Get
(
"x-Forwarded-Proto"
)
==
"wss"
||
strings
.
HasPrefix
(
r
.
URL
.
Path
,
"/ping"
)
||
strings
.
HasPrefix
(
r
.
URL
.
Path
,
"/health"
)
{
next
.
ServeHTTP
(
rw
,
r
)
return
}
if
r
.
Method
!=
"GET"
&&
r
.
Method
!=
"HEAD"
{
http
.
Error
(
rw
,
"Use HTTPS"
,
http
.
StatusBadRequest
)
return
}
target
:=
"https://"
+
manglePort
(
r
.
Host
)
+
r
.
URL
.
RequestURI
()
http
.
Redirect
(
rw
,
r
,
target
,
http
.
StatusFound
)
})
}
func
manglePort
(
hostport
string
)
string
{
host
,
port
,
err
:=
net
.
SplitHostPort
(
hostport
)
if
err
!=
nil
{
return
hostport
}
portInt
,
err
:=
strconv
.
Atoi
(
port
)
if
err
!=
nil
{
return
hostport
}
portInt
=
((
portInt
/
1000
)
*
1000
)
+
443
return
net
.
JoinHostPort
(
host
,
strconv
.
Itoa
(
portInt
))
}
vendor/github.com/rancher/dynamiclistener/server.go
deleted
100644 → 0
View file @
609c5e5f
This diff is collapsed.
Click to expand it.
vendor/github.com/rancher/dynamiclistener/storage/file/file.go
0 → 100644
View file @
69949dda
package
file
import
(
"encoding/json"
"github.com/rancher/dynamiclistener"
"k8s.io/api/core/v1"
"os"
)
func
New
(
file
string
)
dynamiclistener
.
TLSStorage
{
return
&
storage
{
file
:
file
,
}
}
type
storage
struct
{
file
string
}
func
(
s
*
storage
)
Get
()
(
*
v1
.
Secret
,
error
)
{
f
,
err
:=
os
.
Open
(
s
.
file
)
if
os
.
IsNotExist
(
err
)
{
return
nil
,
nil
}
else
if
err
!=
nil
{
return
nil
,
err
}
defer
f
.
Close
()
secret
:=
v1
.
Secret
{}
return
&
secret
,
json
.
NewDecoder
(
f
)
.
Decode
(
&
secret
)
}
func
(
s
*
storage
)
Update
(
secret
*
v1
.
Secret
)
error
{
f
,
err
:=
os
.
Create
(
s
.
file
)
if
err
!=
nil
{
return
err
}
defer
f
.
Close
()
return
json
.
NewEncoder
(
f
)
.
Encode
(
secret
)
}
vendor/github.com/rancher/dynamiclistener/storage/kubernetes/controller.go
0 → 100644
View file @
69949dda
package
kubernetes
import
(
"context"
"sync"
"time"
"github.com/rancher/dynamiclistener"
"github.com/rancher/wrangler-api/pkg/generated/controllers/core"
v1controller
"github.com/rancher/wrangler-api/pkg/generated/controllers/core/v1"
"github.com/rancher/wrangler/pkg/start"
v1
"k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/equality"
)
type
CoreGetter
func
()
*
core
.
Factory
func
New
(
ctx
context
.
Context
,
core
CoreGetter
,
namespace
,
name
string
,
backing
dynamiclistener
.
TLSStorage
)
dynamiclistener
.
TLSStorage
{
storage
:=
&
storage
{
name
:
name
,
namespace
:
namespace
,
storage
:
backing
,
ctx
:
ctx
,
}
// lazy init
go
func
()
{
for
{
core
:=
core
()
if
core
!=
nil
{
storage
.
init
(
core
.
Core
()
.
V1
()
.
Secret
())
start
.
All
(
ctx
,
5
,
core
)
return
}
select
{
case
<-
ctx
.
Done
()
:
return
case
<-
time
.
After
(
time
.
Second
)
:
}
}
}()
return
storage
}
type
storage
struct
{
sync
.
Mutex
namespace
,
name
string
storage
dynamiclistener
.
TLSStorage
secrets
v1controller
.
SecretClient
ctx
context
.
Context
}
func
(
s
*
storage
)
init
(
secrets
v1controller
.
SecretController
)
{
s
.
Lock
()
defer
s
.
Unlock
()
secrets
.
OnChange
(
s
.
ctx
,
"tls-storage"
,
func
(
key
string
,
secret
*
v1
.
Secret
)
(
*
v1
.
Secret
,
error
)
{
if
secret
==
nil
{
return
nil
,
nil
}
if
secret
.
Namespace
==
s
.
namespace
&&
secret
.
Name
==
s
.
name
{
if
err
:=
s
.
Update
(
secret
);
err
!=
nil
{
return
nil
,
err
}
}
return
secret
,
nil
})
s
.
secrets
=
secrets
}
func
(
s
*
storage
)
Get
()
(
*
v1
.
Secret
,
error
)
{
s
.
Lock
()
defer
s
.
Unlock
()
return
s
.
storage
.
Get
()
}
func
(
s
*
storage
)
Update
(
secret
*
v1
.
Secret
)
(
err
error
)
{
s
.
Lock
()
defer
s
.
Unlock
()
if
s
.
secrets
!=
nil
{
if
secret
.
UID
==
""
{
secret
.
Name
=
s
.
name
secret
.
Namespace
=
s
.
namespace
secret
,
err
=
s
.
secrets
.
Create
(
secret
)
if
err
!=
nil
{
return
err
}
}
else
{
existingSecret
,
err
:=
s
.
storage
.
Get
()
if
err
!=
nil
{
return
err
}
if
!
equality
.
Semantic
.
DeepEqual
(
secret
.
Data
,
existingSecret
.
Data
)
{
secret
,
err
=
s
.
secrets
.
Update
(
secret
)
if
err
!=
nil
{
return
err
}
}
}
}
return
s
.
storage
.
Update
(
secret
)
}
vendor/github.com/rancher/dynamiclistener/storage/memory/memory.go
0 → 100644
View file @
69949dda
package
memory
import
(
"github.com/rancher/dynamiclistener"
v1
"k8s.io/api/core/v1"
)
func
New
()
dynamiclistener
.
TLSStorage
{
return
&
memory
{}
}
func
NewBacked
(
storage
dynamiclistener
.
TLSStorage
)
dynamiclistener
.
TLSStorage
{
return
&
memory
{
storage
:
storage
}
}
type
memory
struct
{
storage
dynamiclistener
.
TLSStorage
secret
*
v1
.
Secret
}
func
(
m
*
memory
)
Get
()
(
*
v1
.
Secret
,
error
)
{
if
m
.
secret
==
nil
&&
m
.
storage
!=
nil
{
secret
,
err
:=
m
.
storage
.
Get
()
if
err
!=
nil
{
return
nil
,
err
}
m
.
secret
=
secret
}
return
m
.
secret
,
nil
}
func
(
m
*
memory
)
Update
(
secret
*
v1
.
Secret
)
error
{
if
m
.
storage
!=
nil
{
if
err
:=
m
.
storage
.
Update
(
secret
);
err
!=
nil
{
return
err
}
}
m
.
secret
=
secret
return
nil
}
vendor/github.com/rancher/dynamiclistener/tcp.go
0 → 100644
View file @
69949dda
package
dynamiclistener
import
(
"fmt"
"net"
"reflect"
"time"
)
func
NewTCPListener
(
ip
string
,
port
int
)
(
net
.
Listener
,
error
)
{
l
,
err
:=
net
.
Listen
(
"tcp"
,
fmt
.
Sprintf
(
"%s:%d"
,
ip
,
port
))
if
err
!=
nil
{
return
nil
,
err
}
tcpListener
,
ok
:=
l
.
(
*
net
.
TCPListener
)
if
!
ok
{
return
nil
,
fmt
.
Errorf
(
"wrong listener type: %v"
,
reflect
.
TypeOf
(
tcpListener
))
}
return
tcpKeepAliveListener
{
TCPListener
:
tcpListener
,
},
nil
}
type
tcpKeepAliveListener
struct
{
*
net
.
TCPListener
}
func
(
ln
tcpKeepAliveListener
)
Accept
()
(
c
net
.
Conn
,
err
error
)
{
tc
,
err
:=
ln
.
AcceptTCP
()
if
err
!=
nil
{
return
}
tc
.
SetKeepAlive
(
true
)
tc
.
SetKeepAlivePeriod
(
3
*
time
.
Minute
)
return
tc
,
nil
}
vendor/github.com/rancher/dynamiclistener/types.go
deleted
100644 → 0
View file @
609c5e5f
package
dynamiclistener
import
(
"net/http"
)
type
ListenerConfigStorage
interface
{
Set
(
*
ListenerStatus
)
(
*
ListenerStatus
,
error
)
Get
()
(
*
ListenerStatus
,
error
)
}
type
ServerInterface
interface
{
Update
(
status
*
ListenerStatus
)
error
CACert
()
(
string
,
error
)
}
type
UserConfig
struct
{
// Required fields
Handler
http
.
Handler
HTTPPort
int
HTTPSPort
int
CertPath
string
// Optional fields
KnownIPs
[]
string
Domains
[]
string
Mode
string
NoCACerts
bool
CACerts
string
CAKey
string
Cert
string
Key
string
BindAddress
string
}
type
ListenerStatus
struct
{
Revision
string
`json:"revision,omitempty"`
CACert
string
`json:"caCert,omitempty"`
CAKey
string
`json:"caKey,omitempty"`
GeneratedCerts
map
[
string
]
string
`json:"generatedCerts" norman:"nocreate,noupdate"`
KnownIPs
map
[
string
]
bool
`json:"knownIps" norman:"nocreate,noupdate"`
}
func
(
l
*
ListenerStatus
)
DeepCopyInto
(
t
*
ListenerStatus
)
{
t
.
Revision
=
l
.
Revision
t
.
CACert
=
l
.
CACert
t
.
CAKey
=
l
.
CAKey
t
.
GeneratedCerts
=
copyMap
(
t
.
GeneratedCerts
)
t
.
KnownIPs
=
map
[
string
]
bool
{}
for
k
,
v
:=
range
l
.
KnownIPs
{
t
.
KnownIPs
[
k
]
=
v
}
}
func
copyMap
(
m
map
[
string
]
string
)
map
[
string
]
string
{
ret
:=
map
[
string
]
string
{}
for
k
,
v
:=
range
m
{
ret
[
k
]
=
v
}
return
ret
}
vendor/github.com/rancher/kine/pkg/client/client.go
deleted
100644 → 0
View file @
609c5e5f
package
client
import
(
"context"
"fmt"
"time"
"github.com/coreos/etcd/clientv3"
"github.com/rancher/kine/pkg/endpoint"
)
type
Value
struct
{
Data
[]
byte
Modified
int64
}
type
Client
interface
{
Get
(
ctx
context
.
Context
,
key
string
)
(
Value
,
error
)
Put
(
ctx
context
.
Context
,
key
string
,
value
[]
byte
)
error
Create
(
ctx
context
.
Context
,
key
string
,
value
[]
byte
)
error
Update
(
ctx
context
.
Context
,
key
string
,
revision
int64
,
value
[]
byte
)
error
Close
()
error
}
type
client
struct
{
c
*
clientv3
.
Client
}
func
New
(
config
endpoint
.
ETCDConfig
)
(
Client
,
error
)
{
tlsConfig
,
err
:=
config
.
TLSConfig
.
ClientConfig
()
if
err
!=
nil
{
return
nil
,
err
}
c
,
err
:=
clientv3
.
New
(
clientv3
.
Config
{
Endpoints
:
config
.
Endpoints
,
DialTimeout
:
5
*
time
.
Second
,
TLS
:
tlsConfig
,
})
if
err
!=
nil
{
return
nil
,
err
}
return
&
client
{
c
:
c
,
},
nil
}
func
(
c
*
client
)
Get
(
ctx
context
.
Context
,
key
string
)
(
Value
,
error
)
{
resp
,
err
:=
c
.
c
.
Get
(
ctx
,
key
)
if
err
!=
nil
{
return
Value
{},
err
}
if
len
(
resp
.
Kvs
)
==
1
{
return
Value
{
Data
:
resp
.
Kvs
[
0
]
.
Value
,
Modified
:
resp
.
Kvs
[
0
]
.
ModRevision
,
},
nil
}
return
Value
{},
nil
}
func
(
c
*
client
)
Put
(
ctx
context
.
Context
,
key
string
,
value
[]
byte
)
error
{
val
,
err
:=
c
.
Get
(
ctx
,
key
)
if
err
!=
nil
{
return
err
}
if
val
.
Modified
==
0
{
return
c
.
Create
(
ctx
,
key
,
value
)
}
return
c
.
Update
(
ctx
,
key
,
val
.
Modified
,
value
)
}
func
(
c
*
client
)
Create
(
ctx
context
.
Context
,
key
string
,
value
[]
byte
)
error
{
resp
,
err
:=
c
.
c
.
Txn
(
ctx
)
.
If
(
clientv3
.
Compare
(
clientv3
.
ModRevision
(
key
),
"="
,
0
))
.
Then
(
clientv3
.
OpPut
(
key
,
string
(
value
)))
.
Commit
()
if
err
!=
nil
{
return
err
}
if
!
resp
.
Succeeded
{
return
fmt
.
Errorf
(
"key exists"
)
}
return
nil
}
func
(
c
*
client
)
Update
(
ctx
context
.
Context
,
key
string
,
revision
int64
,
value
[]
byte
)
error
{
resp
,
err
:=
c
.
c
.
Txn
(
ctx
)
.
If
(
clientv3
.
Compare
(
clientv3
.
ModRevision
(
key
),
"="
,
revision
))
.
Then
(
clientv3
.
OpPut
(
key
,
string
(
value
)))
.
Else
(
clientv3
.
OpGet
(
key
))
.
Commit
()
if
err
!=
nil
{
return
err
}
if
!
resp
.
Succeeded
{
return
fmt
.
Errorf
(
"revision %d doesnt match"
,
revision
)
}
return
nil
}
func
(
c
*
client
)
Close
()
error
{
return
c
.
c
.
Close
()
}
vendor/modules.txt
View file @
69949dda
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment