adding support for customized ingress tls (#13184)

2026-01-08 03:15:42 +03:00 · 2022-06-02 16:43:58 -06:00
parent 97cc819241
commit b6e07487c2
17 changed files with 273 additions and 34 deletions
--- a/command/agent/job_endpoint.go
+++ b/command/agent/job_endpoint.go
@@ -1503,7 +1503,10 @@ func apiConnectGatewayTLSConfig(in *api.ConsulGatewayTLSConfig) *structs.ConsulG
 	}

 	return &structs.ConsulGatewayTLSConfig{
-		Enabled: in.Enabled,
+		Enabled:       in.Enabled,
+		TLSMinVersion: in.TLSMinVersion,
+		TLSMaxVersion: in.TLSMaxVersion,
+		CipherSuites:  helper.CopySliceString(in.CipherSuites),
 	}
 }

--- a/command/agent/job_endpoint_test.go
+++ b/command/agent/job_endpoint_test.go
@@ -3817,7 +3817,12 @@ func TestConversion_ApiConsulConnectToStructs(t *testing.T) {
 		require.Equal(t, &structs.ConsulConnect{
 			Gateway: &structs.ConsulGateway{
 				Ingress: &structs.ConsulIngressConfigEntry{
-					TLS: &structs.ConsulGatewayTLSConfig{Enabled: true},
+					TLS: &structs.ConsulGatewayTLSConfig{
+						Enabled:       true,
+						TLSMinVersion: "TLSv1_2",
+						TLSMaxVersion: "TLSv1_3",
+						CipherSuites:  []string{"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"},
+					},
 					Listeners: []*structs.ConsulIngressListener{{
 						Port:     1111,
 						Protocol: "http",
@@ -3832,7 +3837,12 @@ func TestConversion_ApiConsulConnectToStructs(t *testing.T) {
 			&api.ConsulConnect{
 				Gateway: &api.ConsulGateway{
 					Ingress: &api.ConsulIngressConfigEntry{
-						TLS: &api.ConsulGatewayTLSConfig{Enabled: true},
+						TLS: &api.ConsulGatewayTLSConfig{
+							Enabled:       true,
+							TLSMinVersion: "TLSv1_2",
+							TLSMaxVersion: "TLSv1_3",
+							CipherSuites:  []string{"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"},
+						},
 						Listeners: []*api.ConsulIngressListener{{
 							Port:     1111,
 							Protocol: "http",