Do not remove default TLS server modified by users in gateway (#5629)

* Do not remove default TLS server modified by users in gateway This patch changes to stop removing default TLS servers modified by users. In other words, if the TLS server is matches to both: - `port.name` is `https` - `hosts` is `'*'` it will be removed as it conflicts with other hosts. * Fix code style to more simple
knative · Oct 29, 2019 · a1a35b1 · a1a35b1
1 parent fe00815
commit a1a35b1
Show file tree

Hide file tree

Showing 2 changed files with 113 additions and 26 deletions.
diff --git a/pkg/reconciler/ingress/resources/gateway.go b/pkg/reconciler/ingress/resources/gateway.go
@@ -279,7 +279,10 @@ func UpdateGateway(gateway *v1alpha3.Gateway, want []v1alpha3.Server, existing [
 }
 
 func isDefaultServer(server *v1alpha3.Server) bool {
-	return server.Port.Name == "http" || server.Port.Name == "https"
+	if server.Port.Name == "https" {
+		return len(server.Hosts) > 0 && server.Hosts[0] == "*"
+	}
+	return server.Port.Name == "http"
 }
 
 func isPlaceHolderServer(server *v1alpha3.Server) bool {

diff --git a/pkg/reconciler/ingress/resources/gateway_test.go b/pkg/reconciler/ingress/resources/gateway_test.go
@@ -60,31 +60,35 @@ var selector = map[string]string{
 
 var gateway = v1alpha3.Gateway{
 	Spec: v1alpha3.GatewaySpec{
-		Servers: []v1alpha3.Server{{
-			Hosts: []string{"host1.example.com"},
-			Port: v1alpha3.Port{
-				Name:     "test-ns/ingress:0",
-				Number:   443,
-				Protocol: v1alpha3.ProtocolHTTPS,
-			},
-			TLS: &v1alpha3.TLSOptions{
-				Mode:              v1alpha3.TLSModeSimple,
-				ServerCertificate: "tls.crt",
-				PrivateKey:        "tls.key",
-			},
-		}, {
-			Hosts: []string{"host2.example.com"},
-			Port: v1alpha3.Port{
-				Name:     "test-ns/non-ingress:0",
-				Number:   443,
-				Protocol: v1alpha3.ProtocolHTTPS,
-			},
-			TLS: &v1alpha3.TLSOptions{
-				Mode:              v1alpha3.TLSModeSimple,
-				ServerCertificate: "tls.crt",
-				PrivateKey:        "tls.key",
-			},
-		}},
+		Servers: servers,
+	},
+}
+
+var servers = []v1alpha3.Server{
+	{
+		Hosts: []string{"host1.example.com"},
+		Port: v1alpha3.Port{
+			Name:     "test-ns/ingress:0",
+			Number:   443,
+			Protocol: v1alpha3.ProtocolHTTPS,
+		},
+		TLS: &v1alpha3.TLSOptions{
+			Mode:              v1alpha3.TLSModeSimple,
+			ServerCertificate: "tls.crt",
+			PrivateKey:        "tls.key",
+		},
+	}, {
+		Hosts: []string{"host2.example.com"},
+		Port: v1alpha3.Port{
+			Name:     "test-ns/non-ingress:0",
+			Number:   443,
+			Protocol: v1alpha3.ProtocolHTTPS,
+		},
+		TLS: &v1alpha3.TLSOptions{
+			Mode:              v1alpha3.TLSModeSimple,
+			ServerCertificate: "tls.crt",
+			PrivateKey:        "tls.key",
+		},
 	},
 }
 
@@ -103,6 +107,42 @@ var gatewayWithPlaceholderServer = v1alpha3.Gateway{
 	},
 }
 
+var gatewayWithDefaultWildcardTLSServer = v1alpha3.Gateway{
+	Spec: v1alpha3.GatewaySpec{
+		Servers: []v1alpha3.Server{{
+			Hosts: []string{"*"},
+			Port: v1alpha3.Port{
+				Name:     "https",
+				Number:   443,
+				Protocol: v1alpha3.ProtocolHTTPS,
+			},
+			TLS: &v1alpha3.TLSOptions{
+				Mode: v1alpha3.TLSModePassThrough,
+			}},
+		},
+	},
+}
+
+var gatewayWithModifiedWildcardTLSServer = v1alpha3.Gateway{
+	Spec: v1alpha3.GatewaySpec{
+		Servers: []v1alpha3.Server{modifiedDefaultTLSServer},
+	},
+}
+
+var modifiedDefaultTLSServer = v1alpha3.Server{
+	Hosts: []string{"added.by.user.example.com"},
+	Port: v1alpha3.Port{
+		Name:     "https",
+		Number:   443,
+		Protocol: v1alpha3.ProtocolHTTPS,
+	},
+	TLS: &v1alpha3.TLSOptions{
+		Mode:              v1alpha3.TLSModeSimple,
+		ServerCertificate: "tls.crt",
+		PrivateKey:        "tls.key",
+	},
+}
+
 var ingressSpec = v1alpha1.IngressSpec{
 	Rules: []v1alpha1.IngressRule{{
 		Hosts: []string{"host1.example.com"},
@@ -463,6 +503,50 @@ func TestUpdateGateway(t *testing.T) {
 				}},
 			},
 		},
+	}, {
+		name:            "Delete wildcard servers from gateway",
+		existingServers: []v1alpha3.Server{},
+		newServers:      servers,
+		original:        gatewayWithDefaultWildcardTLSServer,
+		// The wildcard server should be deleted.
+		expected: gateway,
+	}, {
+		name:            "Do not delete modified wildcard servers from gateway",
+		existingServers: []v1alpha3.Server{},
+		newServers: []v1alpha3.Server{{
+			Hosts: []string{"host1.example.com"},
+			Port: v1alpha3.Port{
+				Name:     "clusteringress:0",
+				Number:   443,
+				Protocol: v1alpha3.ProtocolHTTPS,
+			},
+			TLS: &v1alpha3.TLSOptions{
+				Mode:              v1alpha3.TLSModeSimple,
+				ServerCertificate: "tls.crt",
+				PrivateKey:        "tls.key",
+			},
+		}},
+		original: gatewayWithModifiedWildcardTLSServer,
+		expected: v1alpha3.Gateway{
+			Spec: v1alpha3.GatewaySpec{
+				Servers: []v1alpha3.Server{
+					{
+						Hosts: []string{"host1.example.com"},
+						Port: v1alpha3.Port{
+							Name:     "clusteringress:0",
+							Number:   443,
+							Protocol: v1alpha3.ProtocolHTTPS,
+						},
+						TLS: &v1alpha3.TLSOptions{
+							Mode:              v1alpha3.TLSModeSimple,
+							ServerCertificate: "tls.crt",
+							PrivateKey:        "tls.key",
+						},
+					},
+					modifiedDefaultTLSServer,
+				},
+			},
+		},
 	}}
 
 	for _, c := range cases {