diff --git a/internal/ingress/controller/store/store.go b/internal/ingress/controller/store/store.go index 9e8ca06a4..ad3aef5ad 100644 --- a/internal/ingress/controller/store/store.go +++ b/internal/ingress/controller/store/store.go @@ -457,8 +457,8 @@ func New( klog.ErrorS(err, "could not find Ingress in local store", "ingress", ingKey) continue } - store.syncIngress(ing) store.syncSecrets(ing) + store.syncIngress(ing) } updateCh.In() <- Event{ Type: UpdateEvent, diff --git a/internal/ingress/types_equals.go b/internal/ingress/types_equals.go index 15a1ad710..87af2bcfc 100644 --- a/internal/ingress/types_equals.go +++ b/internal/ingress/types_equals.go @@ -549,6 +549,9 @@ func (s1 *SSLCert) Equal(s2 *SSLCert) bool { if s1.CASHA != s2.CASHA { return false } + if s1.CRLSHA != s2.CRLSHA { + return false + } if s1.PemSHA != s2.PemSHA { return false } diff --git a/internal/ingress/types_equals_test.go b/internal/ingress/types_equals_test.go index 273a4acdd..8119d26c7 100644 --- a/internal/ingress/types_equals_test.go +++ b/internal/ingress/types_equals_test.go @@ -21,6 +21,7 @@ import ( "os" "path/filepath" "testing" + "time" ) func TestEqualConfiguration(t *testing.T) { @@ -142,3 +143,153 @@ func TestIntElementsMatch(t *testing.T) { } } } + +func TestSSLCertMatch(t *testing.T) { + now := time.Now() + cert := &SSLCert{ + UID: "1", + Name: "nameA", + Namespace: "namespaceA", + CASHA: "CASHA_A", + CN: []string{"CommonNameA"}, + CRLSHA: "CRLSHA_A", + PemSHA: "PemSHA_A", + PemCertKey: "PemKeyA", + ExpireTime: now, + } + + testCases := []struct { + sslCertA *SSLCert + sslCertB *SSLCert + expected bool + }{ + {cert, cert, true}, + { + cert, + &SSLCert{ + UID: "1", + Name: "nameA", + Namespace: "namespaceA", + CASHA: "CASHA_A", + CN: []string{"CommonNameA"}, + CRLSHA: "CRLSHA_A", + PemSHA: "PemSHA_A", + PemCertKey: "PemKeyA", + ExpireTime: now, + }, + true, + }, + { + cert, + &SSLCert{ + UID: "1", + Name: "nameA", + Namespace: "namespaceA", + CASHA: "CASHA_New", + CN: []string{"CommonNameA"}, + CRLSHA: "CRLSHA_A", + PemSHA: "PemSHA_A", + PemCertKey: "PemKeyA", + ExpireTime: now, + }, + false, + }, + { + cert, + &SSLCert{ + UID: "1", + Name: "nameA", + Namespace: "namespaceA", + CASHA: "CASHA_A", + CN: []string{"CommonNameA"}, + CRLSHA: "CRLSHA_NEW", + PemSHA: "PemSHA_A", + PemCertKey: "PemKeyA", + ExpireTime: now, + }, + false, + }, + { + cert, + &SSLCert{ + UID: "1", + Name: "nameA", + Namespace: "namespaceA", + CASHA: "CASHA_A", + CN: []string{"CommonNameA"}, + CRLSHA: "CRLSHA_A", + PemSHA: "PemSHA_New", + PemCertKey: "PemKeyA", + ExpireTime: now, + }, + false, + }, + { + cert, + &SSLCert{ + UID: "1", + Name: "nameA", + Namespace: "namespaceA", + CASHA: "CASHA_A", + CN: []string{"CommonNameNew"}, + CRLSHA: "CRLSHA_A", + PemSHA: "PemSHA_A", + PemCertKey: "PemKeyA", + ExpireTime: now, + }, + false, + }, + { + cert, + &SSLCert{ + UID: "1", + Name: "nameA", + Namespace: "namespaceA", + CASHA: "CASHA_A", + CN: []string{"CommonNameA"}, + CRLSHA: "CRLSHA_A", + PemSHA: "PemSHA_A", + PemCertKey: "PemKeyA", + ExpireTime: now.Add(time.Minute), + }, + false, + }, + { + cert, + &SSLCert{ + UID: "1", + Name: "nameA", + Namespace: "namespaceA", + CASHA: "CASHA_A", + CN: []string{"CommonNameA"}, + CRLSHA: "CRLSHA_A", + PemSHA: "PemSHA_A", + PemCertKey: "PemKeyNew", + ExpireTime: now, + }, + false, + }, + { + cert, + &SSLCert{ + UID: "2", + Name: "nameA", + Namespace: "namespaceA", + CASHA: "CASHA_A", + CN: []string{"CommonNameA"}, + CRLSHA: "CRLSHA_A", + PemSHA: "PemSHA_A", + PemCertKey: "PemKeyA", + ExpireTime: now, + }, + false, + }, + } + + for _, testCase := range testCases { + result := testCase.sslCertA.Equal(testCase.sslCertB) + if result != testCase.expected { + t.Errorf("expected %v but returned %v (%v - %v)", testCase.expected, result, testCase.sslCertA, testCase.sslCertB) + } + } +}