Commit 4ce9f281 authored by Geoff Simmons's avatar Geoff Simmons

Reset the dataplane API password when an Ingress with TLS is updated.

parent f9ea9723
......@@ -998,6 +998,20 @@ func (worker *NamespaceWorker) addOrUpdateIng(ing *extensions.Ingress) error {
worker.log.Infof("Ingress TLS Secret %s/%s: added certificate "+
"%s", offldrSpec.Namespace, offldrSpec.Name,
offldrSpec.CertName())
if secrKey, dSecr, err := worker.getDplaneSecret(); err != nil {
return err
} else if dSecr == nil {
worker.log.Warnf("Service %s: Currently no known "+
"dataplane Secret", svcKey)
} else {
worker.log.Infof("Service %s: setting dataplane Secret"+
" %s", svcKey, secrKey)
worker.hController.SetDataplaneSecret(secrKey, dSecr)
err = worker.hController.SetOffldSecret(svcKey, secrKey)
if err != nil {
return err
}
}
// XXX check if already loaded
if err = worker.hController.Update(svcKey, offldrSpec); err != nil {
return err
......
......@@ -241,6 +241,22 @@ func (worker *NamespaceWorker) enqueueIngsForTLSSecret(
return nil
}
func (worker *NamespaceWorker) getDplaneSecret() (string, []byte, error) {
secrets, err := worker.secr.List(varnishIngressSelector)
if err != nil {
return "", nil, err
}
for _, secret := range secrets {
data, exists := secret.Data[dplaneSecretKey]
if !exists {
continue
}
key := secret.Namespace + "/" + secret.Name
return key, data, nil
}
return "", nil, nil
}
func (worker *NamespaceWorker) setSecret(secret *api_v1.Secret) error {
secretData, exists := secret.Data[admSecretKey]
if !exists {
......
......@@ -739,6 +739,21 @@ func (hc *Controller) SetDataplaneSecret(key string, secret []byte) {
*hc.secrets[key] = string(secret)
}
func (hc *Controller) SetOffldSecret(svcKey, secretKey string) error {
svc, ok := hc.svcs[svcKey]
if !ok {
return fmt.Errorf("Cannot set secret %s for offloader %s: "+
"offloader not found", secretKey, svcKey)
}
svc.secrName = secretKey
if secret, ok := hc.secrets[secretKey]; ok {
for _, inst := range svc.instances {
inst.dplane.password = *secret
}
}
return nil
}
// UpdateSvcForSecret(svcKey, secretKey string) error
// UpdateSvcForSecret associates the Secret identified by the
// namespace/name secretKey with the Varnish Service identified by the
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment