refactor logic and check for error

controllers/gce/loadbalancers/loadbalancers.go

@@ -352,31 +352,32 @@ func (l *L7) deleteOldSSLCert() (err error) {
 }
 
 func (l *L7) checkSSLCert() (err error) {
-	// TODO: Currently, GCE only supports a single certificate per static IP
+	certName := l.runtimeInfo.TLSName
-	// so we don't need to bother with disambiguation. Naming the cert after
-	// the loadbalancer is a simplification.
-
-	namedCert := l.runtimeInfo.TLSName
 
 	// Use the named GCE cert when it is specified by the annotation.
-	if namedCert != "" {
+	if certName != "" {
-		certName := namedCert
+		// Use the targetHTTPSProxy's cert name if it already has one set.
-
-		// Use the targetHTTPSProxy's cert name if one already exists.
 		if l.sslCert != nil {
 			certName = l.sslCert.Name
 		}
-		cert, _ := l.cloud.GetSslCertificate(certName)
 
-		if cert != nil {
+		// Ask GCE for the cert, checking for problems and existence.
+		cert, err := l.cloud.GetSslCertificate(certName)
+		if err != nil {
+			return err
+		}
+		if cert == nil {
+			return fmt.Errorf("Cannot find existing sslCertificate %v for %v", certName, l.Name)
+		}
+
 		glog.Infof("Using existing sslCertificate %v for %v", certName, l.Name)
-
 		l.sslCert = cert
 		return nil
 	}
 
-		return fmt.Errorf("Cannot find existing sslCertificate %v for %v", certName, l.Name)
+	// TODO: Currently, GCE only supports a single certificate per static IP
-	}
+	// so we don't need to bother with disambiguation. Naming the cert after
+	// the loadbalancer is a simplification.
 
 	ingCert := l.runtimeInfo.TLS.Cert
 	ingKey := l.runtimeInfo.TLS.Key
@@ -387,7 +388,7 @@ func (l *L7) checkSSLCert() (err error) {
 	// TODO: Clean this code up into a ring buffer.
 	primaryCertName := l.namer.Truncate(fmt.Sprintf("%v-%v", sslCertPrefix, l.Name))
 	secondaryCertName := l.namer.Truncate(fmt.Sprintf("%v-%d-%v", sslCertPrefix, 1, l.Name))
-	certName := primaryCertName
+	certName = primaryCertName
 	if l.sslCert != nil {
 		certName = l.sslCert.Name
 	}