Move secretTracker updating to GetAuthCertificate()
This commit is contained in:
Joao Morais
parent
2ddf6c91df
commit
c4d8011fa4
3 changed files with 4 additions and 105 deletions
|
|
@ -17,13 +17,8 @@ limitations under the License.
|
|||
package controller
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
|
||||
"github.com/golang/glog"
|
||||
|
||||
api "k8s.io/client-go/pkg/api/v1"
|
||||
extensions "k8s.io/client-go/pkg/apis/extensions/v1beta1"
|
||||
|
||||
"k8s.io/ingress/core/pkg/ingress/annotations/auth"
|
||||
"k8s.io/ingress/core/pkg/ingress/annotations/authreq"
|
||||
"k8s.io/ingress/core/pkg/ingress/annotations/authtls"
|
||||
|
|
@ -134,17 +129,3 @@ func (e *annotationExtractor) SessionAffinity(ing *extensions.Ingress) *sessiona
|
|||
val, _ := e.annotations[sessionAffinity].Parse(ing)
|
||||
return val.(*sessionaffinity.AffinityConfig)
|
||||
}
|
||||
|
||||
func (e *annotationExtractor) ContainsCertificateAuth(ing *extensions.Ingress) bool {
|
||||
val, _ := parser.GetStringAnnotation("ingress.kubernetes.io/auth-tls-secret", ing)
|
||||
return val != ""
|
||||
}
|
||||
|
||||
func (e *annotationExtractor) CertificateAuthSecret(ing *extensions.Ingress) (*api.Secret, error) {
|
||||
val, _ := parser.GetStringAnnotation("ingress.kubernetes.io/auth-tls-secret", ing)
|
||||
if val == "" {
|
||||
return nil, fmt.Errorf("ingress rule %v/%v does not contain the auth-tls-secret annotation", ing.Namespace, ing.Name)
|
||||
}
|
||||
|
||||
return e.secretResolver.GetSecret(val)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -264,79 +264,3 @@ func TestAffinitySession(t *testing.T) {
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
func TestContainsCertificateAuth(t *testing.T) {
|
||||
ec := newAnnotationExtractor(mockCfg{})
|
||||
|
||||
foos := []struct {
|
||||
name string
|
||||
annotations map[string]string
|
||||
result bool
|
||||
}{
|
||||
{"nil_annotations", nil, false},
|
||||
{"empty_annotations", map[string]string{}, false},
|
||||
{"not_exist_annotations", map[string]string{annotationAffinityType: "cookie"}, false},
|
||||
{"exist_annotations", map[string]string{annotationAuthTlsSecret: "default/foo_secret"}, true},
|
||||
}
|
||||
|
||||
for _, foo := range foos {
|
||||
t.Run(foo.name, func(t *testing.T) {
|
||||
ing := buildIngress()
|
||||
ing.SetAnnotations(foo.annotations)
|
||||
r := ec.ContainsCertificateAuth(ing)
|
||||
if r != foo.result {
|
||||
t.Errorf("Returned %t but expected %t for %s", r, foo.result, foo.name)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestCertificateAuthSecret(t *testing.T) {
|
||||
resolver := mockCfg{}
|
||||
resolver.MockSecrets = map[string]*api.Secret{
|
||||
"default/foo_secret": {
|
||||
ObjectMeta: meta_v1.ObjectMeta{
|
||||
Name: "foo_secret_name",
|
||||
},
|
||||
},
|
||||
}
|
||||
ec := newAnnotationExtractor(resolver)
|
||||
|
||||
foos := []struct {
|
||||
name string
|
||||
annotations map[string]string
|
||||
eerr bool
|
||||
ename string
|
||||
}{
|
||||
{"nil_annotations", nil, true, ""},
|
||||
{"empty_annotations", map[string]string{}, true, ""},
|
||||
{"not_exist_annotations", map[string]string{annotationAffinityType: "cookie"}, true, ""},
|
||||
{"exist_annotations", map[string]string{annotationAuthTlsSecret: "default/foo_secret"}, false, "foo_secret_name"},
|
||||
}
|
||||
|
||||
for _, foo := range foos {
|
||||
t.Run(foo.name, func(t *testing.T) {
|
||||
ing := buildIngress()
|
||||
ing.SetAnnotations(foo.annotations)
|
||||
r, err := ec.CertificateAuthSecret(ing)
|
||||
|
||||
if foo.eerr {
|
||||
if err == nil {
|
||||
t.Fatalf("Exepected error for %s", foo.name)
|
||||
}
|
||||
} else {
|
||||
if err != nil {
|
||||
t.Fatalf("Unexpected error %v for %s", err, foo.name)
|
||||
}
|
||||
|
||||
rname := ""
|
||||
if r != nil {
|
||||
rname = r.GetName()
|
||||
}
|
||||
if rname != foo.ename {
|
||||
t.Errorf("Returned %s but expected %s for %s", rname, foo.ename, foo.name)
|
||||
}
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -713,6 +713,10 @@ func (ic *GenericController) getBackendServers() ([]*ingress.Backend, []*ingress
|
|||
|
||||
// GetAuthCertificate ...
|
||||
func (ic GenericController) GetAuthCertificate(secretName string) (*resolver.AuthSSLCert, error) {
|
||||
if _, exists := ic.secretTracker.Get(secretName); !exists {
|
||||
ic.secretTracker.Add(secretName, secretName)
|
||||
}
|
||||
|
||||
_, err := ic.GetSecret(secretName)
|
||||
if err != nil {
|
||||
return &resolver.AuthSSLCert{}, fmt.Errorf("unexpected error: %v", err)
|
||||
|
|
@ -1114,16 +1118,6 @@ func (ic *GenericController) getEndpoints(
|
|||
|
||||
// extractSecretNames extracts information about secrets inside the Ingress rule
|
||||
func (ic GenericController) extractSecretNames(ing *extensions.Ingress) {
|
||||
if ic.annotations.ContainsCertificateAuth(ing) {
|
||||
key, _ := parser.GetStringAnnotation("ingress.kubernetes.io/auth-tls-secret", ing)
|
||||
if key != "" {
|
||||
_, exists := ic.secretTracker.Get(key)
|
||||
if !exists {
|
||||
ic.secretTracker.Add(key, key)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
for _, tls := range ing.Spec.TLS {
|
||||
if tls.SecretName == "" {
|
||||
continue
|
||||
|
|
|
|||
Loading…
Reference in a new issue