adding support for customized ingress tls (#13184)

api/consul.go

@@ -358,7 +358,10 @@ func (p *ConsulGatewayProxy) Copy() *ConsulGatewayProxy {
 
 // ConsulGatewayTLSConfig is used to configure TLS for a gateway.
 type ConsulGatewayTLSConfig struct {
-	Enabled bool `hcl:"enabled,optional"`
+	Enabled       bool     `hcl:"enabled,optional"`
+	TLSMinVersion string   `hcl:"tls_min_version,optional" mapstructure:"tls_min_version"`
+	TLSMaxVersion string   `hcl:"tls_max_version,optional" mapstructure:"tls_max_version"`
+	CipherSuites  []string `hcl:"cipher_suites,optional" mapstructure:"cipher_suites"`
 }
 
 func (tc *ConsulGatewayTLSConfig) Canonicalize() {
@@ -369,9 +372,18 @@ func (tc *ConsulGatewayTLSConfig) Copy() *ConsulGatewayTLSConfig {
 		return nil
 	}
 
-	return &ConsulGatewayTLSConfig{
-		Enabled: tc.Enabled,
+	result := &ConsulGatewayTLSConfig{
+		Enabled:       tc.Enabled,
+		TLSMinVersion: tc.TLSMinVersion,
+		TLSMaxVersion: tc.TLSMaxVersion,
 	}
+	if len(tc.CipherSuites) != 0 {
+		cipherSuites := make([]string, len(tc.CipherSuites))
+		copy(cipherSuites, tc.CipherSuites)
+		result.CipherSuites = cipherSuites
+	}
+
+	return result
 }
 
 // ConsulIngressService is used to configure a service fronted by the ingress gateway.

api/consul_test.go

@@ -516,3 +516,32 @@ func TestConsulMeshGateway_Copy(t *testing.T) {
 		require.Equal(t, c, result)
 	})
 }
+
+func TestConsulGatewayTLSConfig_Copy(t *testing.T) {
+	testutil.Parallel(t)
+
+	t.Run("nil", func(t *testing.T) {
+		c := (*ConsulGatewayTLSConfig)(nil)
+		result := c.Copy()
+		require.Nil(t, result)
+	})
+
+	t.Run("enabled", func(t *testing.T) {
+		c := &ConsulGatewayTLSConfig{
+			Enabled: true,
+		}
+		result := c.Copy()
+		require.Equal(t, c, result)
+	})
+
+	t.Run("customized", func(t *testing.T) {
+		c := &ConsulGatewayTLSConfig{
+			Enabled:       true,
+			TLSMinVersion: "TLSv1_2",
+			TLSMaxVersion: "TLSv1_3",
+			CipherSuites:  []string{"foo", "bar"},
+		}
+		result := c.Copy()
+		require.Equal(t, c, result)
+	})
+}