From ff6ca577ec7196e2cf3991c817d3655754de4b24 Mon Sep 17 00:00:00 2001
From: Alban Lecocq <alban@lempire.co>
Date: Thu, 29 Apr 2021 18:56:01 +0200
Subject: httpcaddyfile: Fix unexpectedly removed policy (#4128)

* httpcaddyfile: Fix unexpectedly removed policy

When user set on_demand tls option in a catch-all (:443) policy,
we expect other policies to not have the on_demand enabled
See ex in tls_automation_policies_5.txt

Btw, we can remove policies if they are **all** empty.

* Update caddyconfig/httpcaddyfile/tlsapp.go

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
---
 .../caddyfile_adapt/tls_automation_policies_5.txt  | 62 ++++++++++++++++++++++
 1 file changed, 62 insertions(+)
 create mode 100644 caddytest/integration/caddyfile_adapt/tls_automation_policies_5.txt

(limited to 'caddytest/integration/caddyfile_adapt')

diff --git a/caddytest/integration/caddyfile_adapt/tls_automation_policies_5.txt b/caddytest/integration/caddyfile_adapt/tls_automation_policies_5.txt
new file mode 100644
index 0000000..87d278d
--- /dev/null
+++ b/caddytest/integration/caddyfile_adapt/tls_automation_policies_5.txt
@@ -0,0 +1,62 @@
+a.example.com {
+}
+
+b.example.com {
+}
+
+:443 {
+	tls {
+		on_demand
+	}
+}
+----------
+{
+	"apps": {
+		"http": {
+			"servers": {
+				"srv0": {
+					"listen": [
+						":443"
+					],
+					"routes": [
+						{
+							"match": [
+								{
+									"host": [
+										"a.example.com"
+									]
+								}
+							],
+							"terminal": true
+						},
+						{
+							"match": [
+								{
+									"host": [
+										"b.example.com"
+									]
+								}
+							],
+							"terminal": true
+						}
+					]
+				}
+			}
+		},
+		"tls": {
+			"automation": {
+				"policies": [
+					{
+						"subjects": [
+							"a.example.com",
+							"b.example.com"
+						]
+					},
+					{
+						"on_demand": true
+					}
+				]
+			}
+		}
+	}
+}
\ No newline at end of file
-- 
cgit v1.2.3