diff --git a/app/scripts/controllers/edit/route.js b/app/scripts/controllers/edit/route.js index c8a8de98ad..478281632d 100644 --- a/app/scripts/controllers/edit/route.js +++ b/app/scripts/controllers/edit/route.js @@ -125,10 +125,6 @@ angular.module('openshiftConsole') if (_.get($scope, 'routing.tls.termination')) { updated.spec.tls = $scope.routing.tls; - if (updated.spec.tls.termination !== 'edge') { - // insecureEdgeTerminationPolicy only applies to edge routes. - delete updated.spec.tls.insecureEdgeTerminationPolicy; - } if (updated.spec.tls.termination === 'passthrough') { delete updated.spec.path; diff --git a/app/scripts/directives/oscRouting.js b/app/scripts/directives/oscRouting.js index 8ed78165ac..c178b2ec62 100644 --- a/app/scripts/directives/oscRouting.js +++ b/app/scripts/directives/oscRouting.js @@ -69,6 +69,14 @@ angular.module("openshiftConsole") _.set(scope, 'route.tls.insecureEdgeTerminationPolicy', ''); } + var validateInsecureTerminationPolicy = function() { + var insecureTrafficValid = _.get(scope, 'route.tls.termination') !== 'passthrough' || + _.get(scope, 'route.tls.insecureEdgeTerminationPolicy') !== 'Allow'; + scope.routeForm.insecureTraffic.$setValidity('passthrough', insecureTrafficValid); + }; + scope.$watchGroup([ 'route.tls.termination', 'route.tls.insecureEdgeTerminationPolicy' ], + validateInsecureTerminationPolicy); + scope.nameValidation = DNS1123_SUBDOMAIN_VALIDATION; // Use different patterns for validating hostnames if wildcard subdomains are supported. diff --git a/app/scripts/services/applicationGenerator.js b/app/scripts/services/applicationGenerator.js index cd2d29a94a..5ca08fbb49 100644 --- a/app/scripts/services/applicationGenerator.js +++ b/app/scripts/services/applicationGenerator.js @@ -157,10 +157,11 @@ angular.module("openshiftConsole") termination: tls.termination }; + if (tls.insecureEdgeTerminationPolicy) { + route.spec.tls.insecureEdgeTerminationPolicy = tls.insecureEdgeTerminationPolicy; + } + if (tls.termination !== 'passthrough') { - if (tls.termination === 'edge' && tls.insecureEdgeTerminationPolicy) { - route.spec.tls.insecureEdgeTerminationPolicy = tls.insecureEdgeTerminationPolicy; - } if (tls.certificate) { route.spec.tls.certificate = tls.certificate; } diff --git a/app/views/browse/route.html b/app/views/browse/route.html index ff5f676d12..1c10b2f179 100644 --- a/app/views/browse/route.html +++ b/app/views/browse/route.html @@ -147,8 +147,8 @@

TLS Settings

Termination Type:
{{route.spec.tls.termination | humanizeTLSTermination}}
-
Insecure Traffic:
-
{{route.spec.tls.insecureEdgeTerminationPolicy || 'None'}}
+
Insecure Traffic:
+
{{route.spec.tls.insecureEdgeTerminationPolicy || 'None'}}
Certificate:
diff --git a/app/views/directives/osc-routing.html b/app/views/directives/osc-routing.html index f1d87bc727..3ecbf840dd 100644 --- a/app/views/directives/osc-routing.html +++ b/app/views/directives/osc-routing.html @@ -247,15 +247,28 @@

Security

- + + + {{$select.selected.label}} - + {{option.label}}
- Policy for traffic on insecure schemes like HTTP for edge termination. + Policy for traffic on insecure schemes like HTTP. + +
+
+ + Passthrough routes can't use the insecure traffic policy Allow.
diff --git a/dist/scripts/scripts.js b/dist/scripts/scripts.js index b73137d04a..172adc0aa5 100644 --- a/dist/scripts/scripts.js +++ b/dist/scripts/scripts.js @@ -1814,7 +1814,7 @@ targetPort:a.routing.targetPort var f = a.routing.tls; return f && f.termination && (d.spec.tls = { termination:f.termination -}, "passthrough" !== f.termination && ("edge" === f.termination && f.insecureEdgeTerminationPolicy && (d.spec.tls.insecureEdgeTerminationPolicy = f.insecureEdgeTerminationPolicy), f.certificate && (d.spec.tls.certificate = f.certificate), f.key && (d.spec.tls.key = f.key), f.caCertificate && (d.spec.tls.caCertificate = f.caCertificate), f.destinationCACertificate && "reencrypt" === f.termination && (d.spec.tls.destinationCACertificate = f.destinationCACertificate))), d; +}, f.insecureEdgeTerminationPolicy && (d.spec.tls.insecureEdgeTerminationPolicy = f.insecureEdgeTerminationPolicy), "passthrough" !== f.termination && (f.certificate && (d.spec.tls.certificate = f.certificate), f.key && (d.spec.tls.key = f.key), f.caCertificate && (d.spec.tls.caCertificate = f.caCertificate), f.destinationCACertificate && "reencrypt" === f.termination && (d.spec.tls.destinationCACertificate = f.destinationCACertificate))), d; }, f._generateDeploymentConfig = function(a, b, c) { var d = []; angular.forEach(a.deploymentConfig.envVars, function(a, b) { @@ -7893,7 +7893,7 @@ _.set(a, "spec.to.name", b); var c = _.get(d, "routing.to.weight"); isNaN(c) || _.set(a, "spec.to.weight", c), a.spec.path = d.routing.path; var e = d.routing.targetPort; -e ? _.set(a, "spec.port.targetPort", e) :delete a.spec.port, _.get(d, "routing.tls.termination") ? (a.spec.tls = d.routing.tls, "edge" !== a.spec.tls.termination && delete a.spec.tls.insecureEdgeTerminationPolicy, "passthrough" === a.spec.tls.termination && (delete a.spec.path, delete a.spec.tls.certificate, delete a.spec.tls.key, delete a.spec.tls.caCertificate), "reencrypt" !== a.spec.tls.termination && delete a.spec.tls.destinationCACertificate) :delete a.spec.tls; +e ? _.set(a, "spec.port.targetPort", e) :delete a.spec.port, _.get(d, "routing.tls.termination") ? (a.spec.tls = d.routing.tls, "passthrough" === a.spec.tls.termination && (delete a.spec.path, delete a.spec.tls.certificate, delete a.spec.tls.key, delete a.spec.tls.caCertificate), "reencrypt" !== a.spec.tls.termination && delete a.spec.tls.destinationCACertificate) :delete a.spec.tls; var f = _.get(d, "routing.alternateServices", []); return _.isEmpty(f) ? delete a.spec.alternateBackends :a.spec.alternateBackends = _.map(f, function(a) { return { @@ -10225,8 +10225,13 @@ label:"Allow" }, { value:"Redirect", label:"Redirect" -} ], _.has(c, "route.tls.insecureEdgeTerminationPolicy") || _.set(c, "route.tls.insecureEdgeTerminationPolicy", ""), c.nameValidation = b, c.disableWildcards ? c.hostnamePattern = b.pattern :c.hostnamePattern = /^(\*(\.[a-z0-9]([-a-z0-9]*[a-z0-9]))+|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*)$/, c.hostnameMaxLength = b.maxlength; -var g = function(a) { +} ], _.has(c, "route.tls.insecureEdgeTerminationPolicy") || _.set(c, "route.tls.insecureEdgeTerminationPolicy", ""); +var g = function() { +var a = "passthrough" !== _.get(c, "route.tls.termination") || "Allow" !== _.get(c, "route.tls.insecureEdgeTerminationPolicy"); +c.routeForm.insecureTraffic.$setValidity("passthrough", a); +}; +c.$watchGroup([ "route.tls.termination", "route.tls.insecureEdgeTerminationPolicy" ], g), c.nameValidation = b, c.disableWildcards ? c.hostnamePattern = b.pattern :c.hostnamePattern = /^(\*(\.[a-z0-9]([-a-z0-9]*[a-z0-9]))+|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*)$/, c.hostnameMaxLength = b.maxlength; +var h = function(a) { a && (c.unnamedServicePort = 1 === a.spec.ports.length && !a.spec.ports[0].name, a.spec.ports.length && !c.unnamedServicePort ? c.route.portOptions = _.map(a.spec.ports, function(a) { return { port:a.name, @@ -10235,7 +10240,7 @@ label:a.port + " → " + a.targetPort + " (" + a.protocol + ")" }) :c.route.portOptions = []); }; c.services && !c.route.service && (c.route.service = _.find(c.services)), c.$watch("route.to.service", function(a, b) { -g(a), a === b && c.route.targetPort || (c.route.targetPort = _.get(c, "route.portOptions[0].port")), c.services && (c.alternateServiceOptions = _.reject(c.services, function(b) { +h(a), a === b && c.route.targetPort || (c.route.targetPort = _.get(c, "route.portOptions[0].port")), c.services && (c.alternateServiceOptions = _.reject(c.services, function(b) { return a === b; })); }), c.$watch("route.alternateServices", function(a) { @@ -10243,17 +10248,17 @@ c.duplicateServices = _(a).map("service").filter(function(a, b, c) { return _.includes(c, a, b + 1); }).value(), f.$setValidity("duplicateServices", !c.duplicateServices.length), c.options.alternateServices = !_.isEmpty(a); }, !0); -var h = function() { +var i = function() { return !!c.route.tls && ((!c.route.tls.termination || "passthrough" === c.route.tls.termination) && (c.route.tls.certificate || c.route.tls.key || c.route.tls.caCertificate || c.route.tls.destinationCACertificate)); }; c.$watch("route.tls.termination", function() { -c.options.secureRoute = !!_.get(c, "route.tls.termination"), c.showCertificatesNotUsedWarning = h(); +c.options.secureRoute = !!_.get(c, "route.tls.termination"), c.showCertificatesNotUsedWarning = i(); }); -var i; +var j; c.$watch("options.secureRoute", function(a, b) { if (a !== b) { var d = _.get(c, "route.tls.termination"); -!c.securetRoute && d && (i = d, delete c.route.tls.termination), c.options.secureRoute && !d && _.set(c, "route.tls.termination", i || "edge"); +!c.securetRoute && d && (j = d, delete c.route.tls.termination), c.options.secureRoute && !d && _.set(c, "route.tls.termination", j || "edge"); } }), c.$watch("options.alternateServices", function(a, b) { a !== b && (a || (c.route.alternateServices = []), a && _.isEmpty(c.route.alternateServices) && c.addAlternateService()); @@ -10277,11 +10282,11 @@ d += _.get(a, "weight", 0); var e = a / d * 100; return b ? d3.round(e, 1) + "%" :e; }; -var j = !1; +var k = !1; c.$watch("route.alternateServices.length", function(a) { -0 === a && _.has(c, "route.to.weight") && delete c.route.to.weight, 1 === a && (j = !0, c.controls.rangeSlider = c.weightAsPercentage(c.route.to.weight)); +0 === a && _.has(c, "route.to.weight") && delete c.route.to.weight, 1 === a && (k = !0, c.controls.rangeSlider = c.weightAsPercentage(c.route.to.weight)); }), c.$watch("controls.rangeSlider", function(a, b) { -return j ? void (j = !1) :void (a !== b && (a = parseInt(a, 10), _.set(c, "route.to.weight", a), _.set(c, "route.alternateServices[0].weight", 100 - a))); +return k ? void (k = !1) :void (a !== b && (a = parseInt(a, 10), _.set(c, "route.to.weight", a), _.set(c, "route.alternateServices[0].weight", 100 - a))); }); } }; diff --git a/dist/scripts/templates.js b/dist/scripts/templates.js index d9d03dd911..db27e1934d 100644 --- a/dist/scripts/templates.js +++ b/dist/scripts/templates.js @@ -3730,8 +3730,8 @@ angular.module('openshiftConsoleTemplates', []).run(['$templateCache', function( "
\n" + "
Termination Type:
\n" + "
{{route.spec.tls.termination | humanizeTLSTermination}}
\n" + - "
Insecure Traffic:
\n" + - "
{{route.spec.tls.insecureEdgeTerminationPolicy || 'None'}}
\n" + + "
Insecure Traffic:
\n" + + "
{{route.spec.tls.insecureEdgeTerminationPolicy || 'None'}}
\n" + "
Certificate:
\n" + "
\n" + "\n" + @@ -8297,15 +8297,22 @@ angular.module('openshiftConsoleTemplates', []).run(['$templateCache', function( "\n" + "
\n" + "\n" + - "\n" + + "\n" + + "\n" + + "\n" + "{{$select.selected.label}}\n" + - "\n" + + "\n" + "{{option.label}}\n" + "\n" + "\n" + "
\n" + "\n" + - "Policy for traffic on insecure schemes like HTTP for edge termination.\n" + + "Policy for traffic on insecure schemes like HTTP.\n" + + "\n" + + "
\n" + + "
\n" + + "\n" + + "Passthrough routes can't use the insecure traffic policy Allow.\n" + "\n" + "
\n" + "
\n" +