From b2e5d441d25aae7be87e612ced9b4c91ffdc009c Mon Sep 17 00:00:00 2001 From: Nick Sardo Date: Wed, 26 Apr 2017 11:09:43 -0700 Subject: [PATCH] Early return instead of large code block --- .../gce/loadbalancers/loadbalancers.go | 48 ++++++++++--------- 1 file changed, 26 insertions(+), 22 deletions(-) diff --git a/controllers/gce/loadbalancers/loadbalancers.go b/controllers/gce/loadbalancers/loadbalancers.go index df32b7ba9..24c7bd07f 100644 --- a/controllers/gce/loadbalancers/loadbalancers.go +++ b/controllers/gce/loadbalancers/loadbalancers.go @@ -436,30 +436,34 @@ func (l *L7) checkSSLCert() error { // PrivateKey is write only, so compare certs alone. We're assuming that // no one will change just the key. We can remember the key and compare, // but a bug could end up leaking it, which feels worse. - if l.sslCert == nil || ingCert != l.sslCert.Certificate { - newCertName := l.nextCertificateName() - - // Perform a delete in case a certificate exists with the exact name - // This certificate should be unused since we check the target proxy's certificate prior - // to this point. Although, it's possible an actor pointed a target proxy to this certificate. - if err := utils.IgnoreHTTPNotFound(l.cloud.DeleteSslCertificate(newCertName)); err != nil { - return fmt.Errorf("unable to delete ssl certificate with name %q, expected it to be unused. err: %v", newCertName, err) - } - - glog.V(2).Infof("Creating new sslCertificate %v for %v", newCertName, l.Name) - cert, err := l.cloud.CreateSslCertificate(&compute.SslCertificate{ - Name: newCertName, - Certificate: ingCert, - PrivateKey: ingKey, - }) - if err != nil { - return err - } - // Save the current cert for cleanup after we update the target proxy. - l.oldSSLCert = l.sslCert - l.sslCert = cert + if l.sslCert != nil && ingCert == l.sslCert.Certificate { + return nil } + // Controller needs to create or update the certificate. + // Generate the next certificate name to use. + newCertName := l.nextCertificateName() + + // Perform a delete in case a certificate exists with the exact name + // This certificate should be unused since we check the target proxy's certificate prior + // to this point. Although, it's possible an actor pointed a target proxy to this certificate. + if err := utils.IgnoreHTTPNotFound(l.cloud.DeleteSslCertificate(newCertName)); err != nil { + return fmt.Errorf("unable to delete ssl certificate with name %q, expected it to be unused. err: %v", newCertName, err) + } + + glog.V(2).Infof("Creating new sslCertificate %v for %v", newCertName, l.Name) + cert, err := l.cloud.CreateSslCertificate(&compute.SslCertificate{ + Name: newCertName, + Certificate: ingCert, + PrivateKey: ingKey, + }) + if err != nil { + return err + } + // Save the current cert for cleanup after we update the target proxy. + l.oldSSLCert = l.sslCert + l.sslCert = cert + return nil }