Skip to content

Commit 6d34d04

Browse files
aburan28aburan28
committed
adding validate_upstream_certs
Signed-off-by: Adam Buran <aburan28@gmail.com>
1 parent bd0dbef commit 6d34d04

3 files changed

Lines changed: 14 additions & 1 deletion

File tree

pkg/api/getambassador.io/v2/crd_tlscontext.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -44,6 +44,7 @@ type TLSContextSpec struct {
4444
SecretNamespacing *bool `json:"secret_namespacing,omitempty"`
4545
RedirectCleartextFrom *int `json:"redirect_cleartext_from,omitempty"`
4646
SNI string `json:"sni,omitempty"`
47+
VerifyUpstreamCerts *bool `json:"verify_upstream_certs,omitempty"`
4748

4849
// +k8s:conversion-gen:rename=CRLSecret
4950
V3CRLSecret string `json:"v3CRLSecret,omitempty"`

python/ambassador/envoy/v3/v3tls.py

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -115,8 +115,15 @@ def update_validation(self, key: str, value: str) -> None:
115115
EnvoyValidationContext,
116116
self.get_common().setdefault("validation_context", empty_context),
117117
)
118-
119118
src: EnvoyCoreSource = {"filename": value}
119+
120+
# Create the 'match_subject_alt_names' dictionary if it doesn't exist
121+
match_san = validation.setdefault("match_subject_alt_names", {})
122+
123+
# Create the SAN type (e.g., DNS) dictionary if it doesn't exist
124+
san_type_dict = match_san.setdefault(san_type, [])
125+
san_type_dict.append(src)
126+
120127
validation[key] = src
121128

122129
def add_context(self, ctx: IRTLSContext) -> None:
@@ -142,6 +149,7 @@ def add_context(self, ctx: IRTLSContext) -> None:
142149
("min_tls_version", self.update_tls_version, "tls_minimum_protocol_version"),
143150
("max_tls_version", self.update_tls_version, "tls_maximum_protocol_version"),
144151
("sni", self.__setitem__, "sni"),
152+
("verify_upstream_certs", self.__setitem__, "verify_upstream_certs")
145153
]:
146154
value = ctx.get(ctxkey, None)
147155

python/ambassador/ir/irtlscontext.py

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -35,6 +35,7 @@ class IRTLSContext(IRResource):
3535
"redirect_cleartext_from",
3636
"secret_namespacing",
3737
"sni",
38+
"verify_upstream_certs",
3839
}
3940

4041
AllowedTLSVersions = ["v1.0", "v1.1", "v1.2", "v1.3"]
@@ -105,6 +106,9 @@ def setup(self, ir: "IR", aconf: Config) -> bool:
105106
if not self.get("_ambassador_enabled", False):
106107
spec_count = 0
107108
errors = 0
109+
if self.get("verify_upstream_certs", False):
110+
spec_count += 1
111+
108112

109113
if self.get("secret", None):
110114
spec_count += 1

0 commit comments

Comments
 (0)