Merge pull request #139 from hbagdi/feat/sni-entity

Add native support for SNI entity
Kong · Apr 4, 2020 · c4a21c9 · c4a21c9
2 parents 4c679f6 + 0aad92a
commit c4a21c9
Show file tree

Hide file tree

Showing 16 changed files with 1,105 additions and 213 deletions.
diff --git a/diff/diff.go b/diff/diff.go
@@ -45,6 +45,7 @@ func NewSyncer(current, target *state.KongState) (*Syncer, error) {
 	s.postProcess.MustRegister("upstream", &upstreamPostAction{current})
 	s.postProcess.MustRegister("target", &targetPostAction{current})
 	s.postProcess.MustRegister("certificate", &certificatePostAction{current})
+	s.postProcess.MustRegister("sni", &sniPostAction{current})
 	s.postProcess.MustRegister("ca_certificate", &caCertificatePostAction{current})
 	s.postProcess.MustRegister("plugin", &pluginPostAction{current})
 	s.postProcess.MustRegister("consumer", &consumerPostAction{current})
@@ -139,13 +140,6 @@ func (sc *Syncer) delete() error {
 		return err
 	}
 	sc.wait()
-	// TODO  Handle the following:
-	// If a cert is changed but SNIs are the same,
-	// the operation order will be to create the new cert and delete the old
-	// cert. Creation will fail because the SNIs will still
-	// be associated with the old cert.
-	// This can be solved if SNI are also treated as a resource in this
-	// codebase.
 	err = sc.deleteCertificates()
 	if err != nil {
 		return err
@@ -169,6 +163,10 @@ func (sc *Syncer) createUpdate() error {
 		return err
 	}
 	sc.wait()
+	err = sc.createUpdateSNIs()
+	if err != nil {
+		return err
+	}
 	err = sc.createUpdateServices()
 	if err != nil {
 		return err

diff --git a/diff/postProcess.go b/diff/postProcess.go
@@ -86,6 +86,23 @@ func (crud *certificatePostAction) Update(args ...crud.Arg) (crud.Arg, error) {
 	return nil, crud.currentState.Certificates.Update(*args[0].(*state.Certificate))
 }
 
+type sniPostAction struct {
+	currentState *state.KongState
+}
+
+func (crud *sniPostAction) Create(args ...crud.Arg) (crud.Arg, error) {
+	return nil, crud.currentState.SNIs.Add(*args[0].(*state.SNI))
+}
+
+func (crud *sniPostAction) Delete(args ...crud.Arg) (crud.Arg, error) {
+	sni := args[0].(*state.SNI)
+	return nil, crud.currentState.SNIs.Delete(*sni.ID)
+}
+
+func (crud *sniPostAction) Update(args ...crud.Arg) (crud.Arg, error) {
+	return nil, crud.currentState.SNIs.Update(*args[0].(*state.SNI))
+}
+
 type caCertificatePostAction struct {
 	currentState *state.KongState
 }

diff --git a/diff/sni.go b/diff/sni.go
@@ -0,0 +1,92 @@
+package diff
+
+import (
+	"github.com/hbagdi/deck/crud"
+	"github.com/hbagdi/deck/state"
+	"github.com/pkg/errors"
+)
+
+func (sc *Syncer) deleteSNIs() error {
+	currentSNIs, err := sc.currentState.SNIs.GetAll()
+	if err != nil {
+		return errors.Wrap(err, "error fetching snis from state")
+	}
+
+	for _, sni := range currentSNIs {
+		n, err := sc.deleteSNI(sni)
+		if err != nil {
+			return err
+		}
+		if n != nil {
+			err = sc.queueEvent(*n)
+			if err != nil {
+				return err
+			}
+		}
+	}
+	return nil
+}
+
+func (sc *Syncer) deleteSNI(sni *state.SNI) (*Event, error) {
+	_, err := sc.targetState.SNIs.Get(*sni.ID)
+	if err == state.ErrNotFound {
+		return &Event{
+			Op:   crud.Delete,
+			Kind: "sni",
+			Obj:  sni,
+		}, nil
+	}
+	if err != nil {
+		return nil, errors.Wrapf(err, "looking up sni '%v'", *sni.Name)
+	}
+	return nil, nil
+}
+
+func (sc *Syncer) createUpdateSNIs() error {
+	sniSNIs, err := sc.targetState.SNIs.GetAll()
+	if err != nil {
+		return errors.Wrap(err, "error fetching snis from state")
+	}
+
+	for _, sni := range sniSNIs {
+		n, err := sc.createUpdateSNI(sni)
+		if err != nil {
+			return err
+		}
+		if n != nil {
+			err = sc.queueEvent(*n)
+			if err != nil {
+				return err
+			}
+		}
+	}
+	return nil
+}
+
+func (sc *Syncer) createUpdateSNI(sni *state.SNI) (*Event, error) {
+	sni = &state.SNI{SNI: *sni.DeepCopy()}
+	currentSNI, err := sc.currentState.SNIs.Get(*sni.ID)
+	if err == state.ErrNotFound {
+		// sni not present, create it
+
+		return &Event{
+			Op:   crud.Create,
+			Kind: "sni",
+			Obj:  sni,
+		}, nil
+	}
+	if err != nil {
+		return nil, errors.Wrapf(err, "error looking up sni %v", *sni.Name)
+	}
+	// found, check if update needed
+
+	if !currentSNI.EqualWithOpts(sni, false, true, false) {
+		return &Event{
+			Op:     crud.Update,
+			Kind:   "sni",
+			Obj:    sni,
+			OldObj: currentSNI,
+		}, nil
+	}
+	return nil, nil
+}
diff --git a/dump/dump.go b/dump/dump.go
@@ -199,7 +199,11 @@ func GetAllCertificates(client *kong.Client, tags []string) ([]*kong.Certificate
 		if err != nil {
 			return nil, err
 		}
-		certificates = append(certificates, s...)
+		for _, cert := range s {
+			c := cert
+			c.SNIs = nil
+			certificates = append(certificates, cert)
+		}
 		if nextopt == nil {
 			break
 		}

diff --git a/file/builder.go b/file/builder.go
@@ -69,7 +69,6 @@ func (b *stateBuilder) certificates() {
 	}
 
 	for _, c := range b.targetContent.Certificates {
-		c := c
 		if utils.Empty(c.ID) {
 			cert, err := b.currentState.Certificates.GetByCertKey(*c.Cert,
 				*c.Key)
@@ -82,17 +81,53 @@ func (b *stateBuilder) certificates() {
 				c.ID = kong.String(*cert.ID)
 			}
 		}
-		utils.MustMergeTags(&c.Certificate, b.selectTags)
-		if c.Certificate.SNIs == nil {
-			c.Certificate.SNIs = []*string{}
+		utils.MustMergeTags(&c, b.selectTags)
+
+		snisFromCert := c.SNIs
+
+		kongCert := kong.Certificate{
+			ID:        c.ID,
+			Key:       c.Key,
+			Cert:      c.Cert,
+			Tags:      c.Tags,
+			CreatedAt: c.CreatedAt,
+		}
+		b.rawState.Certificates = append(b.rawState.Certificates, &kongCert)
+
+		// snis associated with the certificate
+		var snis []kong.SNI
+		for _, sni := range snisFromCert {
+			sni.Certificate = &kong.Certificate{ID: kong.String(*c.ID)}
+			snis = append(snis, sni)
+		}
+		if err := b.ingestSNIs(snis); err != nil {
+			b.err = err
+			return
 		}
 
-		b.rawState.Certificates = append(b.rawState.Certificates,
-			&c.Certificate)
 		b.certIDs[*c.ID] = true
 	}
 }
 
+func (b *stateBuilder) ingestSNIs(snis []kong.SNI) error {
+	for _, sni := range snis {
+		sni := sni
+		if utils.Empty(sni.ID) {
+			currentSNI, err := b.currentState.SNIs.Get(*sni.Name)
+			if err == state.ErrNotFound {
+				sni.ID = uuid()
+			} else if err != nil {
+				return err
+			} else {
+				sni.ID = kong.String(*currentSNI.ID)
+			}
+		}
+		utils.MustMergeTags(&sni, b.selectTags)
+		b.rawState.SNIs = append(b.rawState.SNIs, &sni)
+	}
+	return nil
+}
+
 func (b *stateBuilder) caCertificates() {
 	if b.err != nil {
 		return