Bugfix: TLS Secret invalid (status Fatal) if tls.crt or .key is empty.

4cc092c4 · Geoff Simmons · 611199e1 · 4cc092c4
Commit 4cc092c4 authored Jul 21, 2020 by Geoff Simmons
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 5 deletions

secret.go pkg/controller/secret.go +7 -5

No files found.
--- a/pkg/controller/secret.go
+++ b/pkg/controller/secret.go
@@ -107,16 +107,18 @@ func (worker *NamespaceWorker) updateCertSecret(
 			string(api_v1.SecretTypeTLS))
 	}
 	crt, ok := tlsSecret.Data["tls.crt"]
-	if !ok {
+	if !ok || len(crt) == 0 {
 		return update.MakeFatal(
-			"Ingress TLS Secret %s/%s: key tls.crt not found",
+			"Ingress TLS Secret %s/%s: key tls.crt not found "+
+				"or empty",
 			tlsSecret.ObjectMeta.Namespace,
 			tlsSecret.ObjectMeta.Name)
 	}
 	key, ok := tlsSecret.Data["tls.key"]
-	if !ok {
+	if !ok || len(key) == 0 {
 		return update.MakeFatal(
-			"Ingress TLS Secret %s/%s: key tls.key not found",
+			"Ingress TLS Secret %s/%s: key tls.key not found "+
+				"or empty",
 			tlsSecret.ObjectMeta.Namespace,
 			tlsSecret.ObjectMeta.Name)
 	}
@@ -127,7 +129,7 @@ func (worker *NamespaceWorker) updateCertSecret(
 		return update.MakeIncomplete("%v", err)
 	}
 	pem := string(crt)
-	if crt[len(crt)-1] != byte('\n') {
+	if len(crt) > 1 && crt[len(crt)-1] != byte('\n') {
 		pem += "\n"
 	}
 	pem += string(key)