DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix crl not reload when crl got updated in the ca secret

Browse source
This commit is contained in:
anthonyho007 2021-03-18 00:44:55 -04:00
parent 5f1a37a624
commit 4ddb0c724a
3 changed files with 155 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
internal/ingress/controller/store/store.go
View file

@ -457,8 +457,8 @@ func New(
klog.ErrorS(err, "could not find Ingress in local store", "ingress", ingKey)
continue
}
store.syncIngress(ing)
store.syncSecrets(ing)
store.syncIngress(ing)
}
updateCh.In() <- Event{
Type: UpdateEvent,

3
internal/ingress/types_equals.go
View file

@ -549,6 +549,9 @@ func (s1 *SSLCert) Equal(s2 *SSLCert) bool {
if s1.CASHA != s2.CASHA {
return false
}
if s1.CRLSHA != s2.CRLSHA {
return false
}
if s1.PemSHA != s2.PemSHA {
return false
}

151
internal/ingress/types_equals_test.go
View file

@ -21,6 +21,7 @@ import (
"os"
"path/filepath"
"testing"
"time"
)
func TestEqualConfiguration(t *testing.T) {
@ -142,3 +143,153 @@ func TestIntElementsMatch(t *testing.T) {
}
}
}
func TestSSLCertMatch(t *testing.T) {
now := time.Now()
cert := &SSLCert{
UID: "1",
Name: "nameA",
Namespace: "namespaceA",
CASHA: "CASHA_A",
CN: []string{"CommonNameA"},
CRLSHA: "CRLSHA_A",
PemSHA: "PemSHA_A",
PemCertKey: "PemKeyA",
ExpireTime: now,
}
testCases := []struct {
sslCertA *SSLCert
sslCertB *SSLCert
expected bool
}{
{cert, cert, true},
{
cert,
&SSLCert{
UID: "1",
Name: "nameA",
Namespace: "namespaceA",
CASHA: "CASHA_A",
CN: []string{"CommonNameA"},
CRLSHA: "CRLSHA_A",
PemSHA: "PemSHA_A",
PemCertKey: "PemKeyA",
ExpireTime: now,
},
true,
},
{
cert,
&SSLCert{
UID: "1",
Name: "nameA",
Namespace: "namespaceA",
CASHA: "CASHA_New",
CN: []string{"CommonNameA"},
CRLSHA: "CRLSHA_A",
PemSHA: "PemSHA_A",
PemCertKey: "PemKeyA",
ExpireTime: now,
},
false,
},
{
cert,
&SSLCert{
UID: "1",
Name: "nameA",
Namespace: "namespaceA",
CASHA: "CASHA_A",
CN: []string{"CommonNameA"},
CRLSHA: "CRLSHA_NEW",
PemSHA: "PemSHA_A",
PemCertKey: "PemKeyA",
ExpireTime: now,
},
false,
},
{
cert,
&SSLCert{
UID: "1",
Name: "nameA",
Namespace: "namespaceA",
CASHA: "CASHA_A",
CN: []string{"CommonNameA"},
CRLSHA: "CRLSHA_A",
PemSHA: "PemSHA_New",
PemCertKey: "PemKeyA",
ExpireTime: now,
},
false,
},
{
cert,
&SSLCert{
UID: "1",
Name: "nameA",
Namespace: "namespaceA",
CASHA: "CASHA_A",
CN: []string{"CommonNameNew"},
CRLSHA: "CRLSHA_A",
PemSHA: "PemSHA_A",
PemCertKey: "PemKeyA",
ExpireTime: now,
},
false,
},
{
cert,
&SSLCert{
UID: "1",
Name: "nameA",
Namespace: "namespaceA",
CASHA: "CASHA_A",
CN: []string{"CommonNameA"},
CRLSHA: "CRLSHA_A",
PemSHA: "PemSHA_A",
PemCertKey: "PemKeyA",
ExpireTime: now.Add(time.Minute),
},
false,
},
{
cert,
&SSLCert{
UID: "1",
Name: "nameA",
Namespace: "namespaceA",
CASHA: "CASHA_A",
CN: []string{"CommonNameA"},
CRLSHA: "CRLSHA_A",
PemSHA: "PemSHA_A",
PemCertKey: "PemKeyNew",
ExpireTime: now,
},
false,
},
{
cert,
&SSLCert{
UID: "2",
Name: "nameA",
Namespace: "namespaceA",
CASHA: "CASHA_A",
CN: []string{"CommonNameA"},
CRLSHA: "CRLSHA_A",
PemSHA: "PemSHA_A",
PemCertKey: "PemKeyA",
ExpireTime: now,
},
false,
},
}
for _, testCase := range testCases {
result := testCase.sslCertA.Equal(testCase.sslCertB)
if result != testCase.expected {
t.Errorf("expected %v but returned %v (%v - %v)", testCase.expected, result, testCase.sslCertA, testCase.sslCertB)
}
}
}