weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #1082 from munnerz/ingress-shim-rule-cleanup

Browse Source 
Fix bug with ingress path cleanup
This commit is contained in:
jetstack-bot 2018-11-16 12:55:14 +00:00 committed by GitHub
commit 62d6be80a3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 103 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
pkg/issuer/acme/http/ingress.go
View File

@ -233,23 +233,30 @@ func (s *Solver) cleanupIngresses(ch *v1alpha1.Challenge) error {
ingPathToDel := solverPathFn(ch.Spec.Token)
var ingRules []extv1beta1.IngressRule
for _, rule := range ing.Spec.Rules {
if rule.Host == ch.Spec.DNSName {
if rule.HTTP == nil {
ingRules = append(ingRules, rule)
continue
}
// check the rule for paths. If we find the ingress path we need to
// delete here, delete it
for i, path := range rule.HTTP.Paths {
if path.Path == ingPathToDel {
rule.HTTP.Paths = append(rule.HTTP.Paths[:i], rule.HTTP.Paths[i+1:]...)
}
}
// if there are still paths level on this rule, we should retain it
if len(rule.HTTP.Paths) > 0 {
ingRules = append(ingRules, rule)
// always retain rules that are not for the same DNSName
if rule.Host != ch.Spec.DNSName {
ingRules = append(ingRules, rule)
continue
}
// always retain rules that don't specify `HTTP`
if rule.HTTP == nil {
ingRules = append(ingRules, rule)
continue
}
// check the rule for paths. If we find the ingress path we need to
// delete here, delete it
for i, path := range rule.HTTP.Paths {
if path.Path == ingPathToDel {
rule.HTTP.Paths = append(rule.HTTP.Paths[:i], rule.HTTP.Paths[i+1:]...)
}
}
// if there are still paths level on this rule, we should retain it
if len(rule.HTTP.Paths) > 0 {
ingRules = append(ingRules, rule)
}
}
ing.Spec.Rules = ingRules

81
pkg/issuer/acme/http/ingress_test.go
View File

@ -239,6 +239,87 @@ func TestCleanupIngresses(t *testing.T) {
}
},
},
"should clean up an ingress with a single challenge path inserted without removing second HTTP rule": {
Builder: &test.Builder{
KubeObjects: []runtime.Object{
&v1beta1.Ingress{
ObjectMeta: metav1.ObjectMeta{
Name: "testingress",
Namespace: defaultTestNamespace,
},
Spec: v1beta1.IngressSpec{
Backend: &v1beta1.IngressBackend{
ServiceName: "testsvc",
ServicePort: intstr.FromInt(8080),
},
Rules: []v1beta1.IngressRule{
{
Host: "example.com",
IngressRuleValue: v1beta1.IngressRuleValue{
HTTP: &v1beta1.HTTPIngressRuleValue{
Paths: []v1beta1.HTTPIngressPath{
{
Path: "/.well-known/acme-challenge/abcd",
Backend: v1beta1.IngressBackend{
ServiceName: "solversvc",
ServicePort: intstr.FromInt(8081),
},
},
},
},
},
},
{
Host: "a.example.com",
IngressRuleValue: v1beta1.IngressRuleValue{
HTTP: &v1beta1.HTTPIngressRuleValue{
Paths: []v1beta1.HTTPIngressPath{
{
Path: "/",
Backend: v1beta1.IngressBackend{
ServiceName: "real-backend-svc",
ServicePort: intstr.FromInt(8081),
},
},
},
},
},
},
},
},
},
},
},
Challenge: &v1alpha1.Challenge{
Spec: v1alpha1.ChallengeSpec{
DNSName: "example.com",
Token: "abcd",
Config: v1alpha1.SolverConfig{
HTTP01: &v1alpha1.HTTP01SolverConfig{
Ingress: "testingress",
},
},
},
},
PreFn: func(t *testing.T, s *solverFixture) {
},
CheckFn: func(t *testing.T, s *solverFixture, args ...interface{}) {
expectedIng := s.KubeObjects[0].(*v1beta1.Ingress).DeepCopy()
expectedIng.Spec.Rules = []v1beta1.IngressRule{expectedIng.Spec.Rules[1]}
actualIng, err := s.Builder.FakeKubeClient().ExtensionsV1beta1().Ingresses(s.Challenge.Namespace).Get(expectedIng.Name, metav1.GetOptions{})
if apierrors.IsNotFound(err) {
t.Errorf("expected ingress resource %q to not be deleted, but it was deleted", expectedIng.Name)
}
if err != nil {
t.Errorf("error getting ingress resource: %v", err)
}
if !reflect.DeepEqual(expectedIng, actualIng) {
t.Errorf("expected did not match actual: %v", diff.ObjectDiff(expectedIng, actualIng))
}
},
},
"should return an error if a delete fails": {
Challenge: &v1alpha1.Challenge{
Spec: v1alpha1.ChallengeSpec{