network.go

/*

Licensed under the GNU AFFERO GENERAL PUBLIC LICENSE Version 3 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    https://www.gnu.org/licenses/agpl-3.0.html

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package components

import (
	"fmt"
	"strings"

	networkingv1beta1 "k8s.io/api/networking/v1beta1"
	"k8s.io/apimachinery/pkg/util/intstr"

	meta "k8s.libre.sh/meta"
	ingress "k8s.libre.sh/objects/ingress"
	service "k8s.libre.sh/objects/service"
)

// +kubebuilder:object:generate=true
type Network struct {
	IngressMeta  *meta.ObjectMeta `json:"ingressMeta,omitempty"`
	ServiceMeta  *meta.ObjectMeta `json:"serviceMeta,omitempty"`
	*HTTPBackend `json:",inline"`
}

func (n *Network) GetService() *service.Service {
	return &service.Service{
		ObjectMeta:  n.ServiceMeta,
		ServiceSpec: n.ServiceSpec,
	}
}

func (n *Network) GetIngress() *ingress.Ingress {
	return &ingress.Ingress{
		ObjectMeta:  n.IngressMeta,
		IngressSpec: n.GetIngressSpec(),
	}
}

func (n *Network) Init() {
	if n.HTTPBackend == nil {
		n.HTTPBackend = &HTTPBackend{}
	}

	if n.HTTPBackend.ServiceSpec == nil {
		n.HTTPBackend.ServiceSpec = &service.ServiceSpec{}
	}

	if n.ServiceMeta == nil {
		n.ServiceMeta = &meta.ObjectMeta{}
	}

	if n.IngressMeta == nil {
		n.IngressMeta = &meta.ObjectMeta{}
	}
}

// +kubebuilder:object:generate=true
type HTTPBackend struct {
	*service.ServiceSpec `json:",inline"`
	// Specifies the name of the referenced service.
	// +optional
	ServiceName string `json:"serviceName,omitempty" protobuf:"bytes,1,opt,name=serviceName"`
	// Host is the fully qualified domain name of a network host, as defined by RFC 3986.
	// Note the following deviations from the "host" part of the
	// URI as defined in RFC 3986:
	// 1. IPs are not allowed. Currently an IngressRuleValue can only apply to
	//    the IP in the Spec of the parent Ingress.
	// 2. The `:` delimiter is not respected because ports are not allowed.
	//	  Currently the port of an Ingress is implicitly :80 for http and
	//	  :443 for https.
	// Both these may change in the future.
	// Incoming requests are matched against the host before the
	// IngressRuleValue. If the host is unspecified, the Ingress routes all
	// traffic based on the specified IngressRuleValue.
	//
	// Host can be "precise" which is a domain name without the terminating dot of
	// a network host (e.g. "foo.bar.com") or "wildcard", which is a domain name
	// prefixed with a single wildcard label (e.g. "*.foo.com").
	// The wildcard character '*' must appear by itself as the first DNS label and
	// matches only a single label. You cannot have a wildcard label by itself (e.g. Host == "*").
	// Requests will be matched against the Host field in the following way:
	// 1. If Host is precise, the request matches this rule if the http host header is equal to Host.
	// 2. If Host is a wildcard, then the request matches this rule if the http host header
	// is to equal to the suffix (removing the first label) of the wildcard rule.
	// +optional
	Host string `json:"host,omitempty" protobuf:"bytes,1,opt,name=host"`
	// Path is matched against the path of an incoming request. Currently it can
	// contain characters disallowed from the conventional "path" part of a URL
	// as defined by RFC 3986. Paths must begin with a '/'. When unspecified,
	// all paths from incoming requests are matched.
	// +optional
	Paths []string `json:"routes,omitempty"`
	// TLS specifies if tls is enabled
	TLS bool `json:"tls,omitempty"`
	// SecretName is the name of the secret used to terminate TLS traffic on
	// port 443. Field is left optional to allow TLS routing based on SNI
	// hostname alone. If the SNI host in a listener conflicts with the "Host"
	// header field used by an IngressRule, the SNI host is used for termination
	// and value of the Host header is used for routing.
	// +optional
	TLSSecretRef string `json:"tlsSecretRef,omitempty" protobuf:"bytes,2,opt,name=tlsSecretRef"`
}

func (b *HTTPBackend) GetIngressSpec() *networkingv1beta1.IngressSpec {

	tlsList := []networkingv1beta1.IngressTLS{}
	rules := []networkingv1beta1.IngressRule{}

	tlsList = append(tlsList, b.GetIngressTLS())
	rules = append(rules, b.GetIngressRule())

	return &networkingv1beta1.IngressSpec{
		Rules: rules,
		TLS:   tlsList,
	}

}

func (b *HTTPBackend) GetIngressBackendPaths() []networkingv1beta1.HTTPIngressPath {

	bkpaths := []networkingv1beta1.HTTPIngressPath{}

	for _, p := range b.Paths {
		path := networkingv1beta1.HTTPIngressPath{
			Path: p,
			Backend: networkingv1beta1.IngressBackend{
				ServiceName: b.ServiceName,
				ServicePort: intstr.FromString(b.Port.Name),
			},
		}

		bkpaths = append(bkpaths, path)
	}
	return bkpaths
}

func (b *HTTPBackend) GetIngressRule() networkingv1beta1.IngressRule {

	rule := networkingv1beta1.IngressRule{
		Host: b.Host,
		IngressRuleValue: networkingv1beta1.IngressRuleValue{
			HTTP: &networkingv1beta1.HTTPIngressRuleValue{
				Paths: b.GetIngressBackendPaths(),
			},
		},
	}

	return rule
}

func (b *HTTPBackend) GetIngressTLS() networkingv1beta1.IngressTLS {
	tls := networkingv1beta1.IngressTLS{}
	if b.TLS {
		if len(b.TLSSecretRef) == 0 {
			b.TLSSecretRef = fmt.Sprintf("%v-%v", strings.Replace(b.Host, ".", "-", -1), "tls")
		}

		tls = networkingv1beta1.IngressTLS{
			SecretName: b.TLSSecretRef,
		}

		tls.Hosts = append(tls.Hosts, b.Host)
	}
	return tls
}