Skip to content

Commit

Permalink
fixup some failures
Browse files Browse the repository at this point in the history
  • Loading branch information
@howardjohn
howardjohn committed Aug 15, 2022
1 parent 20ef310 commit 56b5fed
Show file tree
Hide file tree
Showing 3 changed files with 11 additions and 13 deletions.
4 changes: 3 additions & 1 deletion pilot/pkg/config/kube/gateway/conditions.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -145,7 +145,9 @@ const (
// InvalidFilter indicates an issue with the filters
InvalidFilter ConfigErrorReason = "InvalidFilter"
// InvalidTLS indicates an issue with TLS settings
InvalidTLS ConfigErrorReason = "InvalidTLS"
InvalidTLS ConfigErrorReason = ConfigErrorReason(k8s.ListenerReasonInvalidCertificateRef)
// InvalidListenerRefNotPermitted indicates a listener reference was not permitted
InvalidListenerRefNotPermitted ConfigErrorReason = ConfigErrorReason(k8s.ListenerReasonRefNotPermitted)
// InvalidConfiguration indicates a generic error for all other invalid configurations
InvalidConfiguration ConfigErrorReason = "InvalidConfiguration"
)
Expand Down
14 changes: 4 additions & 10 deletions pilot/pkg/config/kube/gateway/conversion.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1546,14 +1546,8 @@ func buildListener(r ConfigContext, obj config.Config, l k8s.Listener, listenerI
defer reportListenerCondition(listenerIndex, l, obj, listenerConditions)
tls, err := buildTLS(r.AllowedReferences, l.TLS, obj.Namespace, isAutoPassthrough(obj, l))
if err != nil {
listenerConditions[string(k8s.ListenerConditionReady)].error = &ConfigError{
Reason: string(k8s.ListenerReasonInvalid),
Message: err.Message,
}
listenerConditions[string(k8s.ListenerConditionResolvedRefs)].error = &ConfigError{
Reason: string(k8s.ListenerReasonInvalidCertificateRef),
Message: err.Message,
}
listenerConditions[string(k8s.ListenerConditionReady)].error = err
listenerConditions[string(k8s.ListenerConditionResolvedRefs)].error = err
return nil, false
}
hostnames := buildHostnameMatch(obj.Namespace, r.KubernetesResources, l)
Expand Down Expand Up @@ -1613,7 +1607,7 @@ func buildTLS(refs AllowedReferences, tls *k8s.GatewayTLSConfig, namespace strin
out.Mode = istio.ServerTLSSettings_SIMPLE
if len(tls.CertificateRefs) != 1 {
// This is required in the API, should be rejected in validation
return nil, &ConfigError{Reason: InvalidConfiguration, Message: "exactly 1 certificateRefs should be present for TLS termination"}
return nil, &ConfigError{Reason: InvalidTLS, Message: "exactly 1 certificateRefs should be present for TLS termination"}
}
cred, err := buildSecretReference(tls.CertificateRefs[0], namespace)
if err != nil {
Expand All @@ -1623,7 +1617,7 @@ func buildTLS(refs AllowedReferences, tls *k8s.GatewayTLSConfig, namespace strin
sameNamespace := credNs == namespace
if !sameNamespace && !refs.SecretAllowed(credentials.ToResourceName(cred), namespace) {
return nil, &ConfigError{
Reason: InvalidConfiguration,
Reason: InvalidListenerRefNotPermitted,
Message: fmt.Sprintf(
"certificateRef %v/%v not accessible to a Gateway in namespace %q (missing a ReferenceGrant?)",
tls.CertificateRefs[0].Name, credNs, namespace,
Expand Down
6 changes: 4 additions & 2 deletions tests/integration/pilot/gateway_conformance_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,8 +104,10 @@ func TestGatewayConformance(t *testing.T) {
if !ctx.Failed() {
return
}
for _, ns := range conformanceNamespaces {
namespace.Dump(ctx, ns)
if ctx.Settings().CIMode {
for _, ns := range conformanceNamespaces {
namespace.Dump(ctx, ns)
}
}
})
csuite := suite.New(opts)
Expand Down

0 comments on commit 56b5fed

Please sign in to comment.