resolve failing tests

nginx · Jan 17, 2025 · 0fdcd53 · 0fdcd53
1 parent 13074ee
commit 0fdcd53
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 8 deletions.
diff --git a/internal/mode/static/state/dataplane/configuration_test.go b/internal/mode/static/state/dataplane/configuration_test.go
@@ -809,7 +809,13 @@ func TestBuildConfiguration(t *testing.T) {
 					"ca.crt": "cert-1",
 				},
 			},
-			CACert: []byte("cert-1"),
+			CertBundle: graph.NewCertificateBundle(
+				types.NamespacedName{Namespace: "test", Name: "configmap-1"},
+				"ConfigMap",
+				&graph.Certificate{
+					CACert: []byte("cert-1"),
+				},
+			),
 		},
 		{Namespace: "test", Name: "configmap-2"}: {
 			Source: &apiv1.ConfigMap{
@@ -821,7 +827,13 @@ func TestBuildConfiguration(t *testing.T) {
 					"ca.crt": []byte("cert-2"),
 				},
 			},
-			CACert: []byte("cert-2"),
+			CertBundle: graph.NewCertificateBundle(
+				types.NamespacedName{Namespace: "test", Name: "configmap-2"},
+				"ConfigMap",
+				&graph.Certificate{
+					CACert: []byte("cert-2"),
+				},
+			),
 		},
 	}
 

diff --git a/internal/mode/static/state/graph/configmaps.go b/internal/mode/static/state/graph/configmaps.go
@@ -11,9 +11,7 @@ import (
 // CaCertConfigMap represents a ConfigMap resource that holds CA Cert data.
 type CaCertConfigMap struct {
 	// Source holds the actual ConfigMap resource. Can be nil if the ConfigMap does not exist.
-	Source *apiv1.ConfigMap
-	// CACert holds the actual CA Cert data.
-	CACert     []byte
+	Source     *apiv1.ConfigMap
 	CertBundle *CertificateBundle
 }
 

diff --git a/internal/mode/static/state/graph/graph_test.go b/internal/mode/static/state/graph/graph_test.go
@@ -900,7 +900,9 @@ func TestBuildGraph(t *testing.T) {
 			ReferencedCaCertConfigMaps: map[types.NamespacedName]*CaCertConfigMap{
 				client.ObjectKeyFromObject(cm): {
 					Source: cm,
-					CACert: []byte(caBlock),
+					CertBundle: NewCertificateBundle(client.ObjectKeyFromObject(cm), "ConfigMap", &Certificate{
+						CACert: []byte(caBlock),
+					}),
 				},
 			},
 			BackendTLSPolicies: map[types.NamespacedName]*BackendTLSPolicy{
@@ -1162,7 +1164,9 @@ func TestIsReferenced(t *testing.T) {
 		ReferencedCaCertConfigMaps: map[types.NamespacedName]*CaCertConfigMap{
 			client.ObjectKeyFromObject(baseConfigMap): {
 				Source: baseConfigMap,
-				CACert: []byte(caBlock),
+				CertBundle: NewCertificateBundle(client.ObjectKeyFromObject(baseConfigMap), "ConfigMap", &Certificate{
+					CACert: []byte(caBlock),
+				}),
 			},
 		},
 	}

diff --git a/internal/mode/static/state/graph/secret.go b/internal/mode/static/state/graph/secret.go
@@ -64,10 +64,10 @@ func (r *secretResolver) resolve(nsname types.NamespacedName) error {
 		// Not always guaranteed to have a ca certificate in the secret.
 		if _, exists := secret.Data[CAKey]; exists {
 			cert.CACert = secret.Data[CAKey]
+			validationErr = validateCA(cert.CACert)
 		}
 
 		validationErr = validateTLS(cert.TLSCert, cert.TLSPrivateKey)
-		validationErr = validateCA(cert.CACert)
 
 		certBundle = NewCertificateBundle(nsname, secret.Kind, cert)
 	}