feat: add support for TLS termination policies to OpenShift Routes (#…

…1089) * feat: add support for TLS termination policies to OpenShift Routes * fix: resolve logical error with switch case statements * fix: requested changes Signed-off-by: Soumil Paranjpay <[email protected]>
konveyor · Nov 29, 2023 · 6b5badd · 6b5badd
1 parent d05661f
commit 6b5badd
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 2 deletions.
diff --git a/common/constants.go b/common/constants.go
@@ -143,6 +143,16 @@ const (
 	ConfigIngressHostKeySuffix = IngressKey + d + "host"
 	//ConfigIngressTLSKeySuffix represents ingress tls Key
 	ConfigIngressTLSKeySuffix = IngressKey + d + "tls"
+	//RouteKey represents route keyword
+	RouteKey = "route"
+	//TLSKey represents TLS keyword
+	TLSKey = "tls"
+	//ConfigRouteTLSTerminationPolicy represents the Route's TLS Termination Policy
+	ConfigRouteTLSTerminationPolicy = RouteKey + d + TLSKey + d + "terminationpolicy"
+	//ConfigRouteTLSKeyKey represents the Route's TLS Key
+	ConfigRouteTLSKeyKey = RouteKey + d + TLSKey + d + "key"
+	//ConfigRouteTLSCertificateKey represents the Route's TLS Certificate
+	ConfigRouteTLSCertificateKey = RouteKey + d + TLSKey + d + "certificate"
 	//ConfigTargetClusterTypeKey represents target cluster type key
 	ConfigTargetClusterTypeKey = ConfigTargetKey + d + "clustertype"
 	//ConfigImageRegistryKey represents image registry Key

diff --git a/transformer/kubernetes/apiresource/service.go b/transformer/kubernetes/apiresource/service.go
@@ -300,7 +300,10 @@ func (d *Service) createRoutes(service irtypes.Service, ir irtypes.EnhancedIR, t
 		if relPaths[i] == "" {
 			continue
 		}
-		route := d.createRoute(ir.Name, service, servicePort, hostPrefixes[i], relPaths[i], ir, targetCluster)
+		desc := "Select a TLS termination policy for the route. (default: passthrough)"
+		options := []string{string(okdroutev1.TLSTerminationEdge), string(okdroutev1.TLSTerminationPassthrough), string(okdroutev1.TLSTerminationReencrypt)}
+		terminationPolicy := qaengine.FetchSelectAnswer(common.ConfigRouteTLSTerminationPolicy, desc, nil, string(okdroutev1.TLSTerminationPassthrough), options, nil)
+		route := d.createRoute(ir.Name, service, servicePort, hostPrefixes[i], relPaths[i], ir, targetCluster, okdroutev1.TLSTerminationType(terminationPolicy))
 		routes = append(routes, route)
 	}
 	return routes
@@ -311,7 +314,7 @@ func (d *Service) createRoutes(service irtypes.Service, ir irtypes.EnhancedIR, t
 // [https://bugzilla.redhat.com/show_bug.cgi?id=1773682]
 // Can't use https because of this https://github.com/openshift/origin/issues/2162
 // When service has multiple ports,the route needs a port name. Port number doesn't seem to work.
-func (d *Service) createRoute(irName string, service irtypes.Service, port core.ServicePort, hostprefix, path string, ir irtypes.EnhancedIR, targetCluster collecttypes.ClusterMetadata) *okdroutev1.Route {
+func (d *Service) createRoute(irName string, service irtypes.Service, port core.ServicePort, hostprefix, path string, ir irtypes.EnhancedIR, targetCluster collecttypes.ClusterMetadata, tlsTerminationKind okdroutev1.TLSTerminationType) *okdroutev1.Route {
 	weight := int32(1)                                    //Hard-coded to 1 to avoid Helm v3 errors
 	ingressArray := []okdroutev1.RouteIngress{{Host: ""}} //Hard-coded to empty string to avoid Helm v3 errors
 
@@ -340,6 +343,7 @@ func (d *Service) createRoute(irName string, service irtypes.Service, port core.
 				Name:   service.Name,
 				Weight: &weight,
 			},
+			TLS:  d.getTlsConfig(tlsTerminationKind),
 			Port: &okdroutev1.RoutePort{TargetPort: intstr.IntOrString{Type: intstr.String, StrVal: port.Name}},
 		},
 		Status: okdroutev1.RouteStatus{
@@ -534,3 +538,25 @@ func (d *Service) getExposeInfo(service irtypes.Service) (servicePorts []core.Se
 func (d *Service) getHostName(irName string) string {
 	return irName + ".com"
 }
+
+func (d *Service) getTlsConfig(tlsTerminationKind okdroutev1.TLSTerminationType) *okdroutev1.TLSConfig {
+	switch tlsTerminationKind {
+	case okdroutev1.TLSTerminationPassthrough, okdroutev1.TLSTerminationReencrypt:
+		return &okdroutev1.TLSConfig{
+			Termination: tlsTerminationKind,
+		}
+	case okdroutev1.TLSTerminationEdge:
+		keyDesc := "Enter the contents of the TLS Key. (PEM Format)"
+		key := qaengine.FetchMultilineInputAnswer(common.ConfigRouteTLSKeyKey, keyDesc, nil, "", nil)
+		certDesc := "Enter the contents of the TLS Certificate. (PEM Format)"
+		cert := qaengine.FetchMultilineInputAnswer(common.ConfigRouteTLSCertificateKey, certDesc, nil, "", nil)
+
+		return &okdroutev1.TLSConfig{
+			Termination: tlsTerminationKind,
+			Key:         key,
+			Certificate: cert,
+		}
+	}
+
+	return nil // unreachable
+}