Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add boundPath clientTls module. #102

Merged
merged 1 commit into from
Feb 16, 2016
Merged

Add boundPath clientTls module. #102

merged 1 commit into from
Feb 16, 2016

Conversation

adleong
Copy link
Member

@adleong adleong commented Feb 12, 2016

Fixes #64

boundPath is a client tls module that allows you to determine the common name based on the destination bound path.

e.g.

             |  client:
             |    tls:
             |      kind: io.l5d.clientTls.boundPath
             |      caCertPath: ${certs.caCert.getPath}
             |      names:
             |      - prefix: "/io.l5d.fs/{host}"
             |        commonNamePattern: "{host}.buoyant.io"

HttpsIntegrationTest is also split up and refactored to reduce duplication.

siggy
siggy reviewed Feb 12, 2016
View reviewed changes
docs/config.md
* *names* -- Required. A list of name matchers which each must contain:
* *prefix* -- A path prefix. All destinations which match this prefix
will use this entry to determine the common name. Wildcards are variable
capture are allowed (see: `io.buoyant.linkerd.util.PathMatcher`)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wildcards and variable capture are allowed ?

@siggy
Copy link
Member

siggy commented Feb 13, 2016

lgtm based on my limited understanding of tls. 👍 ⭐

esbie
esbie reviewed Feb 15, 2016
View reviewed changes
docs/config.md
capture are allowed (see: `io.buoyant.linkerd.util.PathMatcher`)
* *commonNamePattern* -- The common name to use for destinations matching
the above prefix. Variables captured in the prefix may be used in this
string.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

At this point the bullet indentations are making documentation hard to read. (eg, here we are documenting commonNamePattern which is a required option for a list of names, which is a required option for a tls plugin, whose class name is specified as a required option for tls.) Let's make separate headered sections for each tls plugin

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed. Fixed.

@esbie
Copy link
Contributor

esbie commented Feb 16, 2016

looks great! tioli: it could also be potentially useful to show some sample tls configurations in the docs, as this is one of the trickier config options ⭐

@adleong
Add boundPath clientTls module.
785d815 
boundPath is a client tls module that allows you to determine the common name
based on the destination bound path.
@adleong
Copy link
Member Author

adleong commented Feb 16, 2016

Add example and rebase ⭐

@esbie
Copy link
Contributor

esbie commented Feb 16, 2016

woop woop 👍

adleong added a commit that referenced this pull request Feb 16, 2016
@adleong
Merge pull request #102 from BuoyantIO/alex/bound-module
ea1f13c 
Add boundPath clientTls module.
@adleong adleong merged commit ea1f13c into master Feb 16, 2016
@adleong adleong deleted the alex/bound-module branch February 16, 2016 00:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@adleong adleong

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Implement a bound path matching TLS configurator
3 participants
@adleong @siggy @esbie