Make ssl-passthrough tristate

We differentiate between not-set, true and false.  We will merge a set
value into an existing server, but ignore an unset one.

Fix #206

core/pkg/ingress/controller/annotations.go

@@ -111,7 +111,11 @@ func (e *annotationExtractor) HealthCheck(ing *extensions.Ingress) *healthcheck.
 	return val.(*healthcheck.Upstream)
 }
 
-func (e *annotationExtractor) SSLPassthrough(ing *extensions.Ingress) bool {
+func (e *annotationExtractor) SSLPassthrough(ing *extensions.Ingress) *bool {
-	val, _ := e.annotations[sslPassthrough].Parse(ing)
+	val, err := e.annotations[sslPassthrough].Parse(ing)
-	return val.(bool)
+	if errors.IsMissingAnnotations(err) {
+		return nil
+	}
+	b := val.(bool)
+	return &b
 }

core/pkg/ingress/controller/annotations_test.go

@@ -156,26 +156,36 @@ func TestHealthCheck(t *testing.T) {
 	}
 }
 
+func Bool(v bool) *bool {
+	return &v
+}
+
 func TestSSLPassthrough(t *testing.T) {
 	ec := newAnnotationExtractor(mockCfg{})
 	ing := buildIngress()
 
 	fooAnns := []struct {
 		annotations map[string]string
-		er          bool
+		expected    *bool
 	}{
-		{map[string]string{annotation_passthrough: "true"}, true},
+		{map[string]string{annotation_passthrough: "true"}, Bool(true)},
-		{map[string]string{annotation_passthrough: "false"}, false},
+		{map[string]string{annotation_passthrough: "false"}, Bool(false)},
-		{map[string]string{annotation_passthrough + "_no": "true"}, false},
+		{map[string]string{annotation_passthrough + "_no": "true"}, nil},
-		{map[string]string{}, false},
+		{map[string]string{}, nil},
-		{nil, false},
+		{nil, nil},
 	}
 
 	for _, foo := range fooAnns {
 		ing.SetAnnotations(foo.annotations)
 		r := ec.SSLPassthrough(ing)
-		if r != foo.er {
+		if r == nil && foo.expected != nil {
-			t.Errorf("Returned %v but expected %v", r, foo.er)
+			t.Errorf("Returned nil but expected %v", *foo.expected)
+		}
+		if r != nil && foo.expected == nil {
+			t.Errorf("Returned %v but expected nil", *r)
+		}
+		if r != nil && foo.expected != nil && *r != *foo.expected {
+			t.Errorf("Returned %v but expected %v", *r, *foo.expected)
 		}
 	}
 }

core/pkg/ingress/controller/controller.go

@@ -872,20 +872,24 @@ func (ic *GenericController) createServers(data []interface{}, upstreams map[str
 			if host == "" {
 				host = defServerName
 			}
-			if _, ok := servers[host]; ok {
+			server := servers[host]
-				// server already configured
+			if server == nil {
-				continue
+				server = &ingress.Server{
-			}
+					Hostname: host,
-			servers[host] = &ingress.Server{
+					Locations: []*ingress.Location{
-				Hostname: host,
+						{
-				Locations: []*ingress.Location{
+							Path:         rootLocation,
-					{
+							IsDefBackend: true,
-						Path:         rootLocation,
+							Backend:      dun,
-						IsDefBackend: true,
+							Proxy:        ngxProxy,
-						Backend:      dun,
+						},
-						Proxy:        ngxProxy,
 					},
-				}, SSLPassthrough: sslpt}
+				}
+				servers[host] = server
+			}
+			if sslpt != nil {
+				server.SSLPassthrough = *sslpt
+			}
 		}
 	}