Refactor CA Certificate struct name

Signed-off-by: Steve Sloka <[email protected]>
projectcontour · Apr 26, 2019 · 4568cda · 4568cda
1 parent 3ffa92b
commit 4568cda
Show file tree

Hide file tree

Showing 7 changed files with 15 additions and 15 deletions.
diff --git a/apis/contour/v1beta1/ingressroute.go b/apis/contour/v1beta1/ingressroute.go
@@ -146,9 +146,9 @@ type RetryPolicy struct {
 // UpstreamValidation defines how to verify the backend service's certificate
 type UpstreamValidation struct {
 	// Name of the Kubernetes secret be used to validate the certificate presented by the backend
-	CASecret string `json:"caSecret"`
+	CACertificate string `json:"caSecret"`
 	// Ket which is expected to be present in the 'subjectAltName' of the presented certificate
-	SubjectName string `json:"subjectname,omitempty""`
+	SubjectName string `json:"subjectname,omitempty"`
 }
 
 // Status reports the current state of the IngressRoute

diff --git a/apis/contour/v1beta1/tlscertificatedelegation.go b/apis/contour/v1beta1/tlscertificatedelegation.go
@@ -40,7 +40,7 @@ type CertificateDelegation struct {
 // +genclient
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 
-// TLSCertificateDelefgation is an TLS Certificate Delegation CRD specificiation.
+// TLSCertificateDelefgation is an TLS CACertificate Delegation CRD specificiation.
 // See design/tls-certificate-delegation.md for details.
 type TLSCertificateDelegation struct {
 	metav1.TypeMeta   `json:",inline"`

diff --git a/internal/dag/builder.go b/internal/dag/builder.go
@@ -187,8 +187,8 @@ func (b *builder) addHTTPService(svc *v1.Service, port *v1.ServicePort, strategy
 func (b *builder) addUpstreamValidation(uv *ingressroutev1.UpstreamValidation, svc *v1.Service) *UpstreamValidation {
 	if uv != nil {
 		val := &UpstreamValidation{
-			Certificate: b.lookupSecret(meta{name: uv.CASecret, namespace: svc.Namespace}),
-			SubjectName: uv.SubjectName,
+			CACertificate: b.lookupSecret(meta{name: uv.CACertificate, namespace: svc.Namespace}),
+			SubjectName:   uv.SubjectName,
 		}
 		return val
 	}

diff --git a/internal/dag/dag.go b/internal/dag/dag.go
@@ -95,9 +95,9 @@ type RetryPolicy struct {
 
 // UpstreamValidation defines how to validate the certificate on the upstream service
 type UpstreamValidation struct {
-	// Certificate holds a reference to the Secret containing the CA to be used to
+	// CACertificate holds a reference to the Secret containing the CA to be used to
 	// verify the upstream connection.
-	Certificate *Secret
+	CACertificate *Secret
 
 	// SubjectName holds an optional subject name which Envoy will check against the
 	// certificate presented by the upstream.

diff --git a/internal/e2e/cds_test.go b/internal/e2e/cds_test.go
@@ -893,8 +893,8 @@ func TestClusterServiceTLSBackendCAValidation(t *testing.T) {
 					Name: "kuard",
 					Port: 443,
 					UpstreamValidation: &ingressroutev1.UpstreamValidation{
-						CASecret:    "foo",
-						SubjectName: "subjname",
+						CACertificate: "foo",
+						SubjectName:   "subjname",
 					},
 				}},
 			}},
@@ -930,7 +930,7 @@ func TestClusterServiceTLSBackendCAValidation(t *testing.T) {
 					Name: "kuard",
 					Port: 443,
 					UpstreamValidation: &ingressroutev1.UpstreamValidation{
-						CASecret: "foo",
+						CACertificate: "foo",
 					},
 				}},
 			}},

diff --git a/internal/envoy/cluster.go b/internal/envoy/cluster.go
@@ -62,7 +62,7 @@ func Cluster(c *dag.Cluster) *v2.Cluster {
 
 func upstreamValidationCACert(upstream *dag.HTTPService) []byte {
 	if upstream.UpstreamValidation != nil {
-		return upstream.UpstreamValidation.Certificate.Object.Data[CACertificateKey]
+		return upstream.UpstreamValidation.CACertificate.Object.Data[CACertificateKey]
 	}
 	return nil
 }
@@ -173,7 +173,7 @@ func Clustername(cluster *dag.Cluster) string {
 		buf += hc.Path
 	}
 	if uv := service.UpstreamValidation; uv != nil {
-		buf += uv.Certificate.Object.ObjectMeta.Name
+		buf += uv.CACertificate.Object.ObjectMeta.Name
 		if len(uv.SubjectName) > 0 {
 			buf += uv.SubjectName
 		}

diff --git a/internal/envoy/cluster_test.go b/internal/envoy/cluster_test.go
@@ -428,7 +428,7 @@ func TestClustername(t *testing.T) {
 					},
 					LoadBalancerStrategy: "Maglev",
 					UpstreamValidation: &dag.UpstreamValidation{
-						Certificate: &dag.Secret{
+						CACertificate: &dag.Secret{
 							Object: &v1.Secret{
 								ObjectMeta: metav1.ObjectMeta{
 									Name: "testsecret",
@@ -453,7 +453,7 @@ func TestClustername(t *testing.T) {
 					},
 					LoadBalancerStrategy: "Maglev",
 					UpstreamValidation: &dag.UpstreamValidation{
-						Certificate: &dag.Secret{
+						CACertificate: &dag.Secret{
 							Object: &v1.Secret{
 								ObjectMeta: metav1.ObjectMeta{
 									Name: "testsecret",
@@ -608,7 +608,7 @@ func tlsservice(s *v1.Service, cert, subjectaltname string) dag.TCPService {
 		Namespace:   s.Namespace,
 		ServicePort: &s.Spec.Ports[0],
 		UpstreamValidation: &dag.UpstreamValidation{
-			Certificate: &dag.Secret{
+			CACertificate: &dag.Secret{
 				Object: &v1.Secret{
 					Data: map[string][]byte{
 						CACertificateKey: []byte(cert),