Skip to content

Commit 388771b

Browse files
RevolyssupRevolyssup
committed
apply suggestion
1 parent 733c3d0 commit 388771b

File tree

1 file changed

+34
-23
lines changed

1 file changed

+34
-23
lines changed

internal/controlplane/translator/gateway.go

Lines changed: 34 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -36,32 +36,43 @@ func (t *Translator) translateSecret(tctx *TranslateContext, listener gatewayv1.
3636
return nil, fmt.Errorf("no certificateRefs found in listener %s", listener.Name)
3737
}
3838
sslObjs := make([]*v1.Ssl, 0)
39-
ns := obj.GetNamespace()
4039
gatewayName := obj.GetName()
41-
42-
for _, ref := range listener.TLS.CertificateRefs {
43-
sslObj := &v1.Ssl{}
44-
sslObj.ID = id.GenID(fmt.Sprintf("%s_%s_%s", ns, gatewayName, listener.Name))
45-
if listener.Hostname != nil && *listener.Hostname != "" {
46-
sslObj.Snis = []string{string(*listener.Hostname)}
47-
} else {
48-
sslObj.Snis = []string{"*"}
49-
}
50-
name := listener.TLS.CertificateRefs[0].Name
51-
secret := tctx.Secrets[types.NamespacedName{Namespace: ns, Name: string(ref.Name)}]
52-
if secret.Data == nil {
53-
log.Error("secret data is nil", "secret", secret)
54-
return nil, fmt.Errorf("no secret data found for %s/%s", ns, name)
55-
}
56-
cert, key, err := extractKeyPair(secret, true)
57-
if err != nil {
58-
return nil, err
40+
switch *listener.TLS.Mode {
41+
case gatewayv1.TLSModeTerminate:
42+
for _, ref := range listener.TLS.CertificateRefs {
43+
ns := obj.GetNamespace()
44+
if ref.Namespace != nil {
45+
ns = string(*ref.Namespace)
46+
}
47+
sslObj := &v1.Ssl{}
48+
sslObj.ID = id.GenID(fmt.Sprintf("%s_%s_%s", ns, gatewayName, listener.Name))
49+
if listener.Hostname != nil && *listener.Hostname != "" {
50+
sslObj.Snis = []string{string(*listener.Hostname)}
51+
} else {
52+
sslObj.Snis = []string{"*"}
53+
}
54+
name := listener.TLS.CertificateRefs[0].Name
55+
secret := tctx.Secrets[types.NamespacedName{Namespace: ns, Name: string(ref.Name)}]
56+
if secret.Data == nil {
57+
log.Error("secret data is nil", "secret", secret)
58+
return nil, fmt.Errorf("no secret data found for %s/%s", ns, name)
59+
}
60+
cert, key, err := extractKeyPair(secret, true)
61+
if err != nil {
62+
return nil, err
63+
}
64+
sslObj.Cert = string(cert)
65+
sslObj.Key = string(key)
66+
sslObj.Labels = label.GenLabel(obj)
67+
sslObjs = append(sslObjs, sslObj)
5968
}
60-
sslObj.Cert = string(cert)
61-
sslObj.Key = string(key)
62-
sslObj.Labels = label.GenLabel(obj)
63-
sslObjs = append(sslObjs, sslObj)
69+
//Only supported on TLSRoute. The certificateRefs field is ignored in this mode.
70+
case gatewayv1.TLSModePassthrough:
71+
return sslObjs, nil
72+
default:
73+
return nil, fmt.Errorf("unknown TLS mode %s", *listener.TLS.Mode)
6474
}
75+
6576
return sslObjs, nil
6677
}
6778

0 commit comments

Comments
 (0)