Skip to content

Commit

Permalink
add secret type for getAndValidateSecret() (#6877)
Browse files Browse the repository at this point in the history
  • Loading branch information
pdabelf5 authored Nov 28, 2024
1 parent 8b8fc52 commit 5b5e052
Showing 1 changed file with 12 additions and 8 deletions.
20 changes: 12 additions & 8 deletions cmd/nginx-ingress/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -567,7 +567,7 @@ func processDefaultServerSecret(ctx context.Context, kubeClient *kubernetes.Clie
var sslRejectHandshake bool

if *defaultServerSecret != "" {
secret, err := getAndValidateSecret(kubeClient, *defaultServerSecret)
secret, err := getAndValidateSecret(kubeClient, *defaultServerSecret, api_v1.SecretTypeTLS)
if err != nil {
nl.Fatalf(l, "Error trying to get the default server TLS secret %v: %v", *defaultServerSecret, err)
}
Expand All @@ -591,7 +591,7 @@ func processDefaultServerSecret(ctx context.Context, kubeClient *kubernetes.Clie
func processWildcardSecret(ctx context.Context, kubeClient *kubernetes.Clientset, nginxManager nginx.Manager) bool {
l := nl.LoggerFromContext(ctx)
if *wildcardTLSSecret != "" {
secret, err := getAndValidateSecret(kubeClient, *wildcardTLSSecret)
secret, err := getAndValidateSecret(kubeClient, *wildcardTLSSecret, api_v1.SecretTypeTLS)
if err != nil {
nl.Fatalf(l, "Error trying to get the wildcard TLS secret %v: %v", *wildcardTLSSecret, err)
}
Expand Down Expand Up @@ -661,7 +661,8 @@ func getSocketClient(sockPath string) *http.Client {
}

// getAndValidateSecret gets and validates a secret.
func getAndValidateSecret(kubeClient *kubernetes.Clientset, secretNsName string) (secret *api_v1.Secret, err error) {
// nolint:unparam
func getAndValidateSecret(kubeClient *kubernetes.Clientset, secretNsName string, secretType api_v1.SecretType) (secret *api_v1.Secret, err error) {
ns, name, err := k8s.ParseNamespaceName(secretNsName)
if err != nil {
return nil, fmt.Errorf("could not parse the %v argument: %w", secretNsName, err)
Expand All @@ -670,9 +671,12 @@ func getAndValidateSecret(kubeClient *kubernetes.Clientset, secretNsName string)
if err != nil {
return nil, fmt.Errorf("could not get %v: %w", secretNsName, err)
}
err = secrets.ValidateTLSSecret(secret)
if err != nil {
return nil, fmt.Errorf("%v is invalid: %w", secretNsName, err)
switch secretType {
case api_v1.SecretTypeTLS:
err = secrets.ValidateTLSSecret(secret)
if err != nil {
return nil, fmt.Errorf("%v is invalid: %w", secretNsName, err)
}
}
return secret, nil
}
Expand Down Expand Up @@ -779,7 +783,7 @@ func createPlusAndLatencyCollectors(
syslogListener = metrics.NewSyslogFakeServer()

if *prometheusTLSSecretName != "" {
prometheusSecret, err = getAndValidateSecret(kubeClient, *prometheusTLSSecretName)
prometheusSecret, err = getAndValidateSecret(kubeClient, *prometheusTLSSecretName, api_v1.SecretTypeTLS)
if err != nil {
nl.Fatalf(l, "Error trying to get the prometheus TLS secret %v: %v", *prometheusTLSSecretName, err)
}
Expand Down Expand Up @@ -831,7 +835,7 @@ func createHealthProbeEndpoint(kubeClient *kubernetes.Clientset, plusClient *cli
var err error

if *serviceInsightTLSSecretName != "" {
serviceInsightSecret, err = getAndValidateSecret(kubeClient, *serviceInsightTLSSecretName)
serviceInsightSecret, err = getAndValidateSecret(kubeClient, *serviceInsightTLSSecretName, api_v1.SecretTypeTLS)
if err != nil {
nl.Fatalf(l, "Error trying to get the service insight TLS secret %v: %v", *serviceInsightTLSSecretName, err)
}
Expand Down

0 comments on commit 5b5e052

Please sign in to comment.