consistently fallback to default certificate when TLS is configured

2018-08-22 20:25:21 -04:00 · 2018-08-22 20:25:21 -04:00 · dc952dc462
commit dc952dc462
parent 7436b77968
3 changed files with 24 additions and 8 deletions
--- a/internal/ingress/controller/controller.go
+++ b/internal/ingress/controller/controller.go
@ -1055,7 +1055,9 @@ func (n *NGINXController) createServers(data []*extensions.Ingress,
 			secrKey := fmt.Sprintf("%v/%v", ing.Namespace, tlsSecretName)
 			cert, err := n.store.GetLocalSSLCert(secrKey)
 			if err != nil {
-				glog.Warningf("Error getting SSL certificate %q: %v", secrKey, err)
+				glog.Warningf("Error getting SSL certificate %q: %v. Using default certificate", secrKey, err)
+				servers[host].SSLCert.PemFileName = defaultPemFileName
+				servers[host].SSLCert.PemSHA = defaultPemSHA
 				continue
 			}

@ -1069,6 +1071,9 @@ func (n *NGINXController) createServers(data []*extensions.Ingress,
 				if err != nil {
 					glog.Warningf("SSL certificate %q does not contain a Common Name or Subject Alternative Name for server %q: %v",
 						secrKey, host, err)
+					glog.Warningf("Using default certificate")
+					servers[host].SSLCert.PemFileName = defaultPemFileName
+					servers[host].SSLCert.PemSHA = defaultPemSHA
 					continue
 				}
 			}
--- a/test/e2e/framework/framework.go
+++ b/test/e2e/framework/framework.go
@ -385,8 +385,17 @@ func UpdateDeployment(kubeClientSet kubernetes.Interface, namespace string, name
 	return nil
 }

+// NewSingleIngressWithTLS creates a simple ingress rule with TLS spec included
+func NewSingleIngressWithTLS(name, path, host, ns, service string, port int, annotations *map[string]string) *extensions.Ingress {
+	return newSingleIngress(name, path, host, ns, service, port, annotations, true)
+}
+
 // NewSingleIngress creates a simple ingress rule
 func NewSingleIngress(name, path, host, ns, service string, port int, annotations *map[string]string) *extensions.Ingress {
+	return newSingleIngress(name, path, host, ns, service, port, annotations, false)
+}
+
+func newSingleIngress(name, path, host, ns, service string, port int, annotations *map[string]string, withTLS bool) *extensions.Ingress {
 	if annotations == nil {
 		annotations = &map[string]string{}
 	}
@ -398,12 +407,6 @@ func NewSingleIngress(name, path, host, ns, service string, port int, annotation
 			Annotations: *annotations,
 		},
 		Spec: extensions.IngressSpec{
-			TLS: []extensions.IngressTLS{
-				{
-					Hosts:      []string{host},
-					SecretName: host,
-				},
-			},
 			Rules: []extensions.IngressRule{
 				{
 					Host: host,
@ -424,6 +427,14 @@ func NewSingleIngress(name, path, host, ns, service string, port int, annotation
 			},
 		},
 	}
+	if withTLS {
+		ing.Spec.TLS = []extensions.IngressTLS{
+			{
+				Hosts:      []string{host},
+				SecretName: host,
+			},
+		}
+	}

 	return ing
 }
--- a/test/e2e/ssl/secret_update.go
+++ b/test/e2e/ssl/secret_update.go
@ -54,7 +54,7 @@ var _ = framework.IngressNginxDescribe("SSL", func() {
 		})
 		Expect(err).NotTo(HaveOccurred())

-		ing, err := f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.IngressController.Namespace, "http-svc", 80, nil))
+		ing, err := f.EnsureIngress(framework.NewSingleIngressWithTLS(host, "/", host, f.IngressController.Namespace, "http-svc", 80, nil))
 		Expect(err).ToNot(HaveOccurred())
 		Expect(ing).ToNot(BeNil())