resolve failing tests

porthorian · porthorian · commit 0fdcd5329703 · 2025-01-17T17:59:55.000-05:00
diff --git a/internal/mode/static/state/dataplane/configuration_test.go b/internal/mode/static/state/dataplane/configuration_test.go
@@ -809,7 +809,13 @@ func TestBuildConfiguration(t *testing.T) {
 					"ca.crt": "cert-1",
 				},
 			},
-			CACert: []byte("cert-1"),
+			CertBundle: graph.NewCertificateBundle(
+				types.NamespacedName{Namespace: "test", Name: "configmap-1"},
+				"ConfigMap",
+				&graph.Certificate{
+					CACert: []byte("cert-1"),
+				},
+			),
 		},
 		{Namespace: "test", Name: "configmap-2"}: {
 			Source: &apiv1.ConfigMap{
@@ -821,7 +827,13 @@ func TestBuildConfiguration(t *testing.T) {
 					"ca.crt": []byte("cert-2"),
 				},
 			},
-			CACert: []byte("cert-2"),
+			CertBundle: graph.NewCertificateBundle(
+				types.NamespacedName{Namespace: "test", Name: "configmap-2"},
+				"ConfigMap",
+				&graph.Certificate{
+					CACert: []byte("cert-2"),
+				},
+			),
 		},
 	}
 
diff --git a/internal/mode/static/state/graph/configmaps.go b/internal/mode/static/state/graph/configmaps.go
@@ -11,9 +11,7 @@ import (
 // CaCertConfigMap represents a ConfigMap resource that holds CA Cert data.
 type CaCertConfigMap struct {
 	// Source holds the actual ConfigMap resource. Can be nil if the ConfigMap does not exist.
-	Source *apiv1.ConfigMap
-	// CACert holds the actual CA Cert data.
-	CACert     []byte
+	Source     *apiv1.ConfigMap
 	CertBundle *CertificateBundle
 }
 
diff --git a/internal/mode/static/state/graph/graph_test.go b/internal/mode/static/state/graph/graph_test.go
@@ -900,7 +900,9 @@ func TestBuildGraph(t *testing.T) {
 			ReferencedCaCertConfigMaps: map[types.NamespacedName]*CaCertConfigMap{
 				client.ObjectKeyFromObject(cm): {
 					Source: cm,
-					CACert: []byte(caBlock),
+					CertBundle: NewCertificateBundle(client.ObjectKeyFromObject(cm), "ConfigMap", &Certificate{
+						CACert: []byte(caBlock),
+					}),
 				},
 			},
 			BackendTLSPolicies: map[types.NamespacedName]*BackendTLSPolicy{
@@ -1162,7 +1164,9 @@ func TestIsReferenced(t *testing.T) {
 		ReferencedCaCertConfigMaps: map[types.NamespacedName]*CaCertConfigMap{
 			client.ObjectKeyFromObject(baseConfigMap): {
 				Source: baseConfigMap,
-				CACert: []byte(caBlock),
+				CertBundle: NewCertificateBundle(client.ObjectKeyFromObject(baseConfigMap), "ConfigMap", &Certificate{
+					CACert: []byte(caBlock),
+				}),
 			},
 		},
 	}
diff --git a/internal/mode/static/state/graph/secret.go b/internal/mode/static/state/graph/secret.go
@@ -64,10 +64,10 @@ func (r *secretResolver) resolve(nsname types.NamespacedName) error {
 		// Not always guaranteed to have a ca certificate in the secret.
 		if _, exists := secret.Data[CAKey]; exists {
 			cert.CACert = secret.Data[CAKey]
+			validationErr = validateCA(cert.CACert)
 		}
 
 		validationErr = validateTLS(cert.TLSCert, cert.TLSPrivateKey)
-		validationErr = validateCA(cert.CACert)
 
 		certBundle = NewCertificateBundle(nsname, secret.Kind, cert)
 	}

Original file line number	Diff line number	Diff line change
`@@ -64,10 +64,10 @@ func (r *secretResolver) resolve(nsname types.NamespacedName) error {`
`64`	`64`	`// Not always guaranteed to have a ca certificate in the secret.`
`65`	`65`	`if _, exists := secret.Data[CAKey]; exists {`
`66`	`66`	`cert.CACert = secret.Data[CAKey]`
	`67`	`+ validationErr = validateCA(cert.CACert)`
`67`	`68`	`}`
`68`	`69`
`69`	`70`	`validationErr = validateTLS(cert.TLSCert, cert.TLSPrivateKey)`
`70`		`- validationErr = validateCA(cert.CACert)`
`71`	`71`
`72`	`72`	`certBundle = NewCertificateBundle(nsname, secret.Kind, cert)`
`73`	`73`	`}`