fix crl not reload when crl got updated in the ca secret

internal/ingress/controller/store/store.go

@@ -457,8 +457,8 @@ func New(
 							klog.ErrorS(err, "could not find Ingress in local store", "ingress", ingKey)
 							continue
 						}
-						store.syncIngress(ing)
 						store.syncSecrets(ing)
+						store.syncIngress(ing)
 					}
 					updateCh.In() <- Event{
 						Type: UpdateEvent,

internal/ingress/types_equals.go

@@ -549,6 +549,9 @@ func (s1 *SSLCert) Equal(s2 *SSLCert) bool {
 	if s1.CASHA != s2.CASHA {
 		return false
 	}
+	if s1.CRLSHA != s2.CRLSHA {
+		return false
+	}
 	if s1.PemSHA != s2.PemSHA {
 		return false
 	}

internal/ingress/types_equals_test.go

@@ -21,6 +21,7 @@ import (
 	"os"
 	"path/filepath"
 	"testing"
+	"time"
 )
 
 func TestEqualConfiguration(t *testing.T) {
@@ -142,3 +143,153 @@ func TestIntElementsMatch(t *testing.T) {
 		}
 	}
 }
+
+func TestSSLCertMatch(t *testing.T) {
+	now := time.Now()
+	cert := &SSLCert{
+		UID:        "1",
+		Name:       "nameA",
+		Namespace:  "namespaceA",
+		CASHA:      "CASHA_A",
+		CN:         []string{"CommonNameA"},
+		CRLSHA:     "CRLSHA_A",
+		PemSHA:     "PemSHA_A",
+		PemCertKey: "PemKeyA",
+		ExpireTime: now,
+	}
+
+	testCases := []struct {
+		sslCertA *SSLCert
+		sslCertB *SSLCert
+		expected bool
+	}{
+		{cert, cert, true},
+		{
+			cert,
+			&SSLCert{
+				UID:        "1",
+				Name:       "nameA",
+				Namespace:  "namespaceA",
+				CASHA:      "CASHA_A",
+				CN:         []string{"CommonNameA"},
+				CRLSHA:     "CRLSHA_A",
+				PemSHA:     "PemSHA_A",
+				PemCertKey: "PemKeyA",
+				ExpireTime: now,
+			},
+			true,
+		},
+		{
+			cert,
+			&SSLCert{
+				UID:        "1",
+				Name:       "nameA",
+				Namespace:  "namespaceA",
+				CASHA:      "CASHA_New",
+				CN:         []string{"CommonNameA"},
+				CRLSHA:     "CRLSHA_A",
+				PemSHA:     "PemSHA_A",
+				PemCertKey: "PemKeyA",
+				ExpireTime: now,
+			},
+			false,
+		},
+		{
+			cert,
+			&SSLCert{
+				UID:        "1",
+				Name:       "nameA",
+				Namespace:  "namespaceA",
+				CASHA:      "CASHA_A",
+				CN:         []string{"CommonNameA"},
+				CRLSHA:     "CRLSHA_NEW",
+				PemSHA:     "PemSHA_A",
+				PemCertKey: "PemKeyA",
+				ExpireTime: now,
+			},
+			false,
+		},
+		{
+			cert,
+			&SSLCert{
+				UID:        "1",
+				Name:       "nameA",
+				Namespace:  "namespaceA",
+				CASHA:      "CASHA_A",
+				CN:         []string{"CommonNameA"},
+				CRLSHA:     "CRLSHA_A",
+				PemSHA:     "PemSHA_New",
+				PemCertKey: "PemKeyA",
+				ExpireTime: now,
+			},
+			false,
+		},
+		{
+			cert,
+			&SSLCert{
+				UID:        "1",
+				Name:       "nameA",
+				Namespace:  "namespaceA",
+				CASHA:      "CASHA_A",
+				CN:         []string{"CommonNameNew"},
+				CRLSHA:     "CRLSHA_A",
+				PemSHA:     "PemSHA_A",
+				PemCertKey: "PemKeyA",
+				ExpireTime: now,
+			},
+			false,
+		},
+		{
+			cert,
+			&SSLCert{
+				UID:        "1",
+				Name:       "nameA",
+				Namespace:  "namespaceA",
+				CASHA:      "CASHA_A",
+				CN:         []string{"CommonNameA"},
+				CRLSHA:     "CRLSHA_A",
+				PemSHA:     "PemSHA_A",
+				PemCertKey: "PemKeyA",
+				ExpireTime: now.Add(time.Minute),
+			},
+			false,
+		},
+		{
+			cert,
+			&SSLCert{
+				UID:        "1",
+				Name:       "nameA",
+				Namespace:  "namespaceA",
+				CASHA:      "CASHA_A",
+				CN:         []string{"CommonNameA"},
+				CRLSHA:     "CRLSHA_A",
+				PemSHA:     "PemSHA_A",
+				PemCertKey: "PemKeyNew",
+				ExpireTime: now,
+			},
+			false,
+		},
+		{
+			cert,
+			&SSLCert{
+				UID:        "2",
+				Name:       "nameA",
+				Namespace:  "namespaceA",
+				CASHA:      "CASHA_A",
+				CN:         []string{"CommonNameA"},
+				CRLSHA:     "CRLSHA_A",
+				PemSHA:     "PemSHA_A",
+				PemCertKey: "PemKeyA",
+				ExpireTime: now,
+			},
+			false,
+		},
+	}
+
+	for _, testCase := range testCases {
+		result := testCase.sslCertA.Equal(testCase.sslCertB)
+		if result != testCase.expected {
+			t.Errorf("expected %v but returned %v (%v - %v)", testCase.expected, result, testCase.sslCertA, testCase.sslCertB)
+		}
+	}
+}