Fix crashes

zhenhli-microsoft · Oct 12, 2021 · 99756f9 · 99756f9
1 parent 00f5c65
commit 99756f9
Show file tree

Hide file tree

Showing 6 changed files with 28 additions and 8 deletions.
diff --git a/internal/dag/dag.go b/internal/dag/dag.go
@@ -817,8 +817,13 @@ type Secret struct {
 	SdsSecretName string
 }
 
-func (s *Secret) Name() string       { return stringOrDefault(s.Object.Name, s.SdsSecretName) }
-func (s *Secret) Namespace() string  { return s.Object.Namespace }
+func (s *Secret) Name() string { return stringOrDefault(s.SdsSecretName, s.Object.Name) }
+func (s *Secret) Namespace() string {
+	if s.Object == nil {
+		return ""
+	}
+	return s.Object.Namespace
+}
 func (s *Secret) Visit(func(Vertex)) {}
 
 // Data returns the contents of the backing secret's map.

diff --git a/internal/envoy/cluster.go b/internal/envoy/cluster.go
@@ -43,7 +43,7 @@ func Clustername(cluster *dag.Cluster) string {
 		buf += hc.Path
 	}
 	if uv := cluster.UpstreamValidation; uv != nil {
-		buf += uv.CACertificate.Object.ObjectMeta.Name
+		buf += uv.CACertificate.Name()
 		buf += uv.SubjectName
 	}
 

diff --git a/internal/envoy/secret.go b/internal/envoy/secret.go
@@ -22,6 +22,9 @@ import (
 
 // Secretname returns the name of the SDS secret for this secret.
 func Secretname(s *dag.Secret) string {
+	if s.SdsSecretName != "" {
+		return s.SdsSecretName
+	}
 	// This isn't a crypto hash, we just want a unique name.
 	hash := sha1.Sum(s.Cert()) // nolint:gosec
 	ns := s.Namespace()

diff --git a/internal/envoy/v3/auth.go b/internal/envoy/v3/auth.go
@@ -30,10 +30,17 @@ import (
 func UpstreamTLSContext(peerValidationContext *dag.PeerValidationContext, sni string, clientSecret *dag.Secret, alpnProtocols ...string) *envoy_v3_tls.UpstreamTlsContext {
 	var clientSecretConfigs []*envoy_v3_tls.SdsSecretConfig
 	if clientSecret != nil {
-		clientSecretConfigs = []*envoy_v3_tls.SdsSecretConfig{{
-			Name:      envoy.Secretname(clientSecret),
-			SdsConfig: ConfigSource("contour"),
-		}}
+		if clientSecret.Object != nil {
+			clientSecretConfigs = []*envoy_v3_tls.SdsSecretConfig{{
+				Name:      envoy.Secretname(clientSecret),
+				SdsConfig: ConfigSource("contour"),
+			}}
+		} else {
+			clientSecretConfigs = []*envoy_v3_tls.SdsSecretConfig{{
+				Name:      envoy.Secretname(clientSecret),
+				SdsConfig: ConfigSource("sds_server"),
+			}}
+		}
 	}
 
 	context := &envoy_v3_tls.UpstreamTlsContext{
@@ -101,7 +108,7 @@ func DownstreamTLSContext(serverSecret *dag.Secret, tlsMinProtoVersion envoy_v3_
 		}
 	} else {
 		sdsSecretConfig = &envoy_v3_tls.SdsSecretConfig{
-			Name:      serverSecret.SdsSecretName,
+			Name:      envoy.Secretname(serverSecret),
 			SdsConfig: ConfigSource("sds_server"),
 		}
 	}

diff --git a/internal/envoy/v3/bootstrap.go b/internal/envoy/v3/bootstrap.go
@@ -208,6 +208,8 @@ func bootstrapConfig(c *envoy.BootstrapConfig) *envoy_bootstrap_v3.Bootstrap {
 			Name:                          "sds_server",
 			AltStatName:                   strings.Join([]string{c.Namespace, "sds_server", strconv.Itoa(c.GetSdsGRPCPort())}, "_"),
 			ConnectTimeout:                protobuf.Duration(5 * time.Second),
+			ClusterDiscoveryType:          ClusterDiscoveryTypeForAddress(c.GetSdsAddress(), envoy_cluster_v3.Cluster_STRICT_DNS),
+			LbPolicy:                      envoy_cluster_v3.Cluster_ROUND_ROBIN,
 			TypedExtensionProtocolOptions: http2ProtocolOptions(),
 			LoadAssignment: &envoy_endpoint_v3.ClusterLoadAssignment{
 				ClusterName: "sds_server",

diff --git a/internal/xdscache/v3/secret.go b/internal/xdscache/v3/secret.go
@@ -93,6 +93,9 @@ func visitSecrets(root dag.Vertex) map[string]*envoy_tls_v3.Secret {
 }
 
 func (v *secretVisitor) addSecret(s *dag.Secret) {
+	if s.Object == nil {
+		return
+	}
 	name := envoy.Secretname(s)
 	if _, ok := v.secrets[name]; !ok {
 		envoySecret := envoy_v3.Secret(s)