Merge pull request #1986 from coreos-inc/external-tls

Add option to properly handle external TLS
2016-10-15 16:05:28 -04:00 · 2016-10-15 16:05:28 -04:00 · 78f87d96bc
commit 78f87d96bc
parent 95ced00457 5a8200f17a
3 changed files with 59 additions and 16 deletions
--- a/util/config/validator.py
+++ b/util/config/validator.py
@ -242,9 +242,15 @@ def _validate_google_login(config, _):

 def _validate_ssl(config, _):
  """ Validates the SSL configuration (if enabled). """
+
+  # Skip if non-SSL.
  if config.get('PREFERRED_URL_SCHEME', 'http') != 'https':
    return

+  # Skip if externally terminated.
+  if config.get('EXTERNAL_TLS_TERMINATION', False) == True:
+    return
+
  for filename in SSL_FILENAMES:
    if not config_provider.volume_file_exists(filename):
      raise Exception('Missing required SSL file: %s' % filename)