Skip to content

Commit 48915c6

Browse files
Kavinraja-GKavinraja-G
committed
Refactor ACM auto-discovery logic
1 parent 195f6a2 commit 48915c6

File tree

1 file changed

+20
-14
lines changed

1 file changed

+20
-14
lines changed

pkg/service/model_build_listener.go

Lines changed: 20 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -108,28 +108,30 @@ func (t *defaultModelBuildTask) buildSSLNegotiationPolicy(_ context.Context) *st
108108
return &t.defaultSSLPolicy
109109
}
110110

111-
func (t *defaultModelBuildTask) buildListenerCertificates(ctx context.Context) []elbv2model.Certificate {
111+
func (t *defaultModelBuildTask) buildListenerCertificates(ctx context.Context) ([]elbv2model.Certificate, error) {
112112
var rawCertificateARNs []string
113113
var rawSSLDomains []string
114-
_ = t.annotationParser.ParseStringSliceAnnotation(annotations.SvcLBSuffixSSLCertificate, &rawCertificateARNs, t.service.Annotations)
115-
_ = t.annotationParser.ParseStringSliceAnnotation(annotations.SvcLBSuffixSSLDomains, &rawSSLDomains, t.service.Annotations)
114+
sslCertAnnotationExists := t.annotationParser.ParseStringSliceAnnotation(annotations.SvcLBSuffixSSLCertificate, &rawCertificateARNs, t.service.Annotations)
116115

117116
var certificates []elbv2model.Certificate
118117
for _, cert := range rawCertificateARNs {
119118
certificates = append(certificates, elbv2model.Certificate{CertificateARN: aws.String(cert)})
120119
}
121120

122-
// TODO: Refactoring required
123-
autoDiscoveredCertARNs, err := t.certDiscovery.Discover(ctx, rawSSLDomains)
124-
if err != nil {
125-
return certificates
126-
}
127-
for _, cert := range autoDiscoveredCertARNs {
128-
certificates = append(certificates, elbv2model.Certificate{
129-
CertificateARN: aws.String(cert),
130-
})
121+
// auto-discover ACM certs only if the ssl-domains annotation exists ssl-cert annotations is not present
122+
// which means ssl-cert takes precedence over the auto-discovered cert/ss-domains annotation
123+
if !sslCertAnnotationExists && t.annotationParser.ParseStringSliceAnnotation(annotations.SvcLBSuffixSSLDomains, &rawSSLDomains, t.service.Annotations) {
124+
autoDiscoveredCertARNs, err := t.certDiscovery.Discover(ctx, rawSSLDomains)
125+
if err != nil {
126+
return certificates, err
127+
}
128+
for _, cert := range autoDiscoveredCertARNs {
129+
certificates = append(certificates, elbv2model.Certificate{
130+
CertificateARN: aws.String(cert),
131+
})
132+
}
131133
}
132-
return certificates
134+
return certificates, nil
133135
}
134136

135137
func validateTLSPortsSet(rawTLSPorts []string, ports []corev1.ServicePort) error {
@@ -205,7 +207,11 @@ type listenerConfig struct {
205207
}
206208

207209
func (t *defaultModelBuildTask) buildListenerConfig(ctx context.Context) (*listenerConfig, error) {
208-
certificates := t.buildListenerCertificates(ctx)
210+
certificates, err := t.buildListenerCertificates(ctx)
211+
if err != nil {
212+
return nil, err
213+
}
214+
209215
tlsPortsSet, err := t.buildTLSPortsSet(ctx)
210216
if err != nil {
211217
return nil, err

0 commit comments

Comments
 (0)