@@ -567,7 +567,7 @@ func processDefaultServerSecret(ctx context.Context, kubeClient *kubernetes.Clie
567567 var sslRejectHandshake bool
568568
569569 if * defaultServerSecret != "" {
570- secret , err := getAndValidateSecret (kubeClient , * defaultServerSecret )
570+ secret , err := getAndValidateSecret (kubeClient , * defaultServerSecret , api_v1 . SecretTypeTLS )
571571 if err != nil {
572572 nl .Fatalf (l , "Error trying to get the default server TLS secret %v: %v" , * defaultServerSecret , err )
573573 }
@@ -591,7 +591,7 @@ func processDefaultServerSecret(ctx context.Context, kubeClient *kubernetes.Clie
591591func processWildcardSecret (ctx context.Context , kubeClient * kubernetes.Clientset , nginxManager nginx.Manager ) bool {
592592 l := nl .LoggerFromContext (ctx )
593593 if * wildcardTLSSecret != "" {
594- secret , err := getAndValidateSecret (kubeClient , * wildcardTLSSecret )
594+ secret , err := getAndValidateSecret (kubeClient , * wildcardTLSSecret , api_v1 . SecretTypeTLS )
595595 if err != nil {
596596 nl .Fatalf (l , "Error trying to get the wildcard TLS secret %v: %v" , * wildcardTLSSecret , err )
597597 }
@@ -661,7 +661,8 @@ func getSocketClient(sockPath string) *http.Client {
661661}
662662
663663// getAndValidateSecret gets and validates a secret.
664- func getAndValidateSecret (kubeClient * kubernetes.Clientset , secretNsName string ) (secret * api_v1.Secret , err error ) {
664+ // nolint:unparam
665+ func getAndValidateSecret (kubeClient * kubernetes.Clientset , secretNsName string , secretType api_v1.SecretType ) (secret * api_v1.Secret , err error ) {
665666 ns , name , err := k8s .ParseNamespaceName (secretNsName )
666667 if err != nil {
667668 return nil , fmt .Errorf ("could not parse the %v argument: %w" , secretNsName , err )
@@ -670,9 +671,12 @@ func getAndValidateSecret(kubeClient *kubernetes.Clientset, secretNsName string)
670671 if err != nil {
671672 return nil , fmt .Errorf ("could not get %v: %w" , secretNsName , err )
672673 }
673- err = secrets .ValidateTLSSecret (secret )
674- if err != nil {
675- return nil , fmt .Errorf ("%v is invalid: %w" , secretNsName , err )
674+ switch secretType {
675+ case api_v1 .SecretTypeTLS :
676+ err = secrets .ValidateTLSSecret (secret )
677+ if err != nil {
678+ return nil , fmt .Errorf ("%v is invalid: %w" , secretNsName , err )
679+ }
676680 }
677681 return secret , nil
678682}
@@ -779,7 +783,7 @@ func createPlusAndLatencyCollectors(
779783 syslogListener = metrics .NewSyslogFakeServer ()
780784
781785 if * prometheusTLSSecretName != "" {
782- prometheusSecret , err = getAndValidateSecret (kubeClient , * prometheusTLSSecretName )
786+ prometheusSecret , err = getAndValidateSecret (kubeClient , * prometheusTLSSecretName , api_v1 . SecretTypeTLS )
783787 if err != nil {
784788 nl .Fatalf (l , "Error trying to get the prometheus TLS secret %v: %v" , * prometheusTLSSecretName , err )
785789 }
@@ -831,7 +835,7 @@ func createHealthProbeEndpoint(kubeClient *kubernetes.Clientset, plusClient *cli
831835 var err error
832836
833837 if * serviceInsightTLSSecretName != "" {
834- serviceInsightSecret , err = getAndValidateSecret (kubeClient , * serviceInsightTLSSecretName )
838+ serviceInsightSecret , err = getAndValidateSecret (kubeClient , * serviceInsightTLSSecretName , api_v1 . SecretTypeTLS )
835839 if err != nil {
836840 nl .Fatalf (l , "Error trying to get the service insight TLS secret %v: %v" , * serviceInsightTLSSecretName , err )
837841 }
0 commit comments