Skip to content

Commit b340459

Browse files
zac-nixonzac-nixon
committed
discover certs for route hostnames
1 parent 584e3fb commit b340459

File tree

3 files changed

+184
-35
lines changed

3 files changed

+184
-35
lines changed

pkg/gateway/model/model_build_listener.go

Lines changed: 18 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,7 @@ import (
2727
// TODO: Add more relevant info like TLS settings and hostnames later wherever applicable
2828
type gwListenerConfig struct {
2929
protocol elbv2model.Protocol
30-
hostnames []string
30+
hostnames sets.Set[string]
3131
}
3232

3333
type listenerBuilder interface {
@@ -51,7 +51,7 @@ type listenerBuilderImpl struct {
5151
}
5252

5353
func (l listenerBuilderImpl) buildListeners(ctx context.Context, stack core.Stack, lb *elbv2model.LoadBalancer, securityGroups securityGroupOutput, gw *gwv1.Gateway, routes map[int32][]routeutils.RouteDescriptor, lbCfg elbv2gw.LoadBalancerConfiguration) ([]types.NamespacedName, error) {
54-
gwLsCfgs, err := mapGatewayListenerConfigsByPort(gw)
54+
gwLsCfgs, err := mapGatewayListenerConfigsByPort(gw, routes)
5555
if err != nil {
5656
return nil, err
5757
}
@@ -327,7 +327,7 @@ func (l listenerBuilderImpl) buildCertificates(ctx context.Context, gw *gwv1.Gat
327327
if len(gwLsCfg.hostnames) == 0 {
328328
return []elbv2model.Certificate{}, errors.Errorf("No hostnames found for TLS cert discovery for listener on gateway %s with protocol:port %s:%v", k8s.NamespacedName(gw), gwLsCfg.protocol, port)
329329
}
330-
discoveredCerts, err := l.buildInferredTLSCertARNs(ctx, gwLsCfg.hostnames)
330+
discoveredCerts, err := l.buildInferredTLSCertARNs(ctx, gwLsCfg.hostnames.UnsortedList())
331331
if err != nil {
332332
l.logger.Error(err, "Unable to discover certs for listener on gateway %s with protocol:port %s:%v\", k8s.NamespacedName(gw), gwLsCfg.protocol, port")
333333
return []elbv2model.Certificate{}, err
@@ -488,7 +488,7 @@ func buildListenerALPNPolicy(listenerProtocol elbv2model.Protocol, lbLsCfg *elbv
488488
}
489489

490490
// mapGatewayListenerConfigsByPort creates a mapping of ports to listener configurations from the Gateway listeners.
491-
func mapGatewayListenerConfigsByPort(gw *gwv1.Gateway) (map[int32]*gwListenerConfig, error) {
491+
func mapGatewayListenerConfigsByPort(gw *gwv1.Gateway, routes map[int32][]routeutils.RouteDescriptor) (map[int32]*gwListenerConfig, error) {
492492
gwListenerConfigs := make(map[int32]*gwListenerConfig)
493493
for _, listener := range gw.Spec.Listeners {
494494
port := int32(listener.Port)
@@ -499,14 +499,24 @@ func mapGatewayListenerConfigsByPort(gw *gwv1.Gateway) (map[int32]*gwListenerCon
499499
if gwListenerConfigs[port] == nil {
500500
gwListenerConfigs[port] = &gwListenerConfig{
501501
protocol: elbv2model.Protocol(protocol),
502-
hostnames: []string{},
502+
hostnames: sets.New[string](),
503503
}
504504
}
505-
hostnames := gwListenerConfigs[port].hostnames
505+
506506
if listener.Hostname != nil {
507-
hostnames = append(hostnames, string(*listener.Hostname))
508-
gwListenerConfigs[port].hostnames = hostnames
507+
gwListenerConfigs[port].hostnames.Insert(string(*listener.Hostname))
509508
}
509+
510+
listenerRoutes := routes[port]
511+
512+
if listenerRoutes != nil {
513+
for _, route := range listenerRoutes {
514+
for _, routeHostname := range route.GetHostnames() {
515+
gwListenerConfigs[port].hostnames.Insert(string(routeHostname))
516+
}
517+
}
518+
}
519+
510520
}
511521
return gwListenerConfigs, nil
512522
}

0 commit comments

Comments
 (0)