Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

consistently fallback to default certificate when TLS is configured #2972

Merged
merged 3 commits into from
Aug 23, 2018
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 6 additions & 1 deletion internal/ingress/controller/controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -1055,7 +1055,9 @@ func (n *NGINXController) createServers(data []*extensions.Ingress,
secrKey := fmt.Sprintf("%v/%v", ing.Namespace, tlsSecretName)
cert, err := n.store.GetLocalSSLCert(secrKey)
if err != nil {
glog.Warningf("Error getting SSL certificate %q: %v", secrKey, err)
glog.Warningf("Error getting SSL certificate %q: %v. Using default certificate", secrKey, err)
servers[host].SSLCert.PemFileName = defaultPemFileName
servers[host].SSLCert.PemSHA = defaultPemSHA
continue
}

Expand All @@ -1069,6 +1071,9 @@ func (n *NGINXController) createServers(data []*extensions.Ingress,
if err != nil {
glog.Warningf("SSL certificate %q does not contain a Common Name or Subject Alternative Name for server %q: %v",
secrKey, host, err)
glog.Warningf("Using default certificate")
servers[host].SSLCert.PemFileName = defaultPemFileName
servers[host].SSLCert.PemSHA = defaultPemSHA
continue
}
}
Expand Down
2 changes: 2 additions & 0 deletions test/e2e/annotations/luarestywaf.go
Original file line number Diff line number Diff line change
Expand Up @@ -150,6 +150,8 @@ func createIngress(f *framework.Framework, host, service string, port int, annot
})
Expect(err).NotTo(HaveOccurred())

time.Sleep(1 * time.Second)

resp, body, errs := gorequest.New().
Get(f.IngressController.HTTPURL).
Set("Host", host).
Expand Down
23 changes: 17 additions & 6 deletions test/e2e/framework/framework.go
Original file line number Diff line number Diff line change
Expand Up @@ -385,8 +385,17 @@ func UpdateDeployment(kubeClientSet kubernetes.Interface, namespace string, name
return nil
}

// NewSingleIngressWithTLS creates a simple ingress rule with TLS spec included
func NewSingleIngressWithTLS(name, path, host, ns, service string, port int, annotations *map[string]string) *extensions.Ingress {
return newSingleIngress(name, path, host, ns, service, port, annotations, true)
}

// NewSingleIngress creates a simple ingress rule
func NewSingleIngress(name, path, host, ns, service string, port int, annotations *map[string]string) *extensions.Ingress {
return newSingleIngress(name, path, host, ns, service, port, annotations, false)
}

func newSingleIngress(name, path, host, ns, service string, port int, annotations *map[string]string, withTLS bool) *extensions.Ingress {
if annotations == nil {
annotations = &map[string]string{}
}
Expand All @@ -398,12 +407,6 @@ func NewSingleIngress(name, path, host, ns, service string, port int, annotation
Annotations: *annotations,
},
Spec: extensions.IngressSpec{
TLS: []extensions.IngressTLS{
{
Hosts: []string{host},
SecretName: host,
},
},
Rules: []extensions.IngressRule{
{
Host: host,
Expand All @@ -424,6 +427,14 @@ func NewSingleIngress(name, path, host, ns, service string, port int, annotation
},
},
}
if withTLS {
ing.Spec.TLS = []extensions.IngressTLS{
{
Hosts: []string{host},
SecretName: host,
},
}
}

return ing
}
Expand Down
2 changes: 1 addition & 1 deletion test/e2e/settings/tls.go
Original file line number Diff line number Diff line change
Expand Up @@ -177,7 +177,7 @@ var _ = framework.IngressNginxDescribe("Settings - TLS)", func() {
})

func tlsEndpoint(f *framework.Framework, host string) (*tls.Config, error) {
ing, err := f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.IngressController.Namespace, "http-svc", 80, nil))
ing, err := f.EnsureIngress(framework.NewSingleIngressWithTLS(host, "/", host, f.IngressController.Namespace, "http-svc", 80, nil))
if err != nil {
return nil, err
}
Expand Down
2 changes: 1 addition & 1 deletion test/e2e/ssl/secret_update.go
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ var _ = framework.IngressNginxDescribe("SSL", func() {
})
Expect(err).NotTo(HaveOccurred())

ing, err := f.EnsureIngress(framework.NewSingleIngress(host, "/", host, f.IngressController.Namespace, "http-svc", 80, nil))
ing, err := f.EnsureIngress(framework.NewSingleIngressWithTLS(host, "/", host, f.IngressController.Namespace, "http-svc", 80, nil))
Expect(err).ToNot(HaveOccurred())
Expect(ing).ToNot(BeNil())

Expand Down