Final readability tweaks from review

2025-02-24 11:28:40 +00:00 · 2021-09-23 10:05:42 +01:00 · 2021-09-23 10:05:42 +01:00 · 7b4cbe3143
commit 7b4cbe3143
parent e0efb420f7
3 changed files with 44 additions and 42 deletions
--- a/agent/structs/config_entry_gateways.go
+++ b/agent/structs/config_entry_gateways.go
@ -212,19 +212,19 @@ func (e *IngressGatewayConfigEntry) validateServiceSDS(lis IngressListener, svc
 	}

 	// Validate service-level SDS config
-	sid := NewServiceID(svc.Name, &svc.EnterpriseMeta)
-
 	svcSDSSet := (svc.TLS != nil && svc.TLS.SDS != nil && svc.TLS.SDS.CertResource != "")

 	// Service SDS is only supported with Host names because we need to bind
 	// specific service certs to one or more SNI hostnames.
 	if svcSDSSet && len(svc.Hosts) < 1 {
+		sid := NewServiceID(svc.Name, &svc.EnterpriseMeta)
 		return fmt.Errorf("A service specifying TLS.SDS.CertResource must have at least one item in Hosts (service %q on listener on port %d)",
 			sid.String(), lis.Port)
 	}
 	// If this service specified a certificate, there must be an SDS cluster set
 	// at one of the three levels.
 	if svcSDSSet && svc.TLS.SDS.ClusterName == "" && !lisSDSClusterSet && !gwSDSClusterSet {
+		sid := NewServiceID(svc.Name, &svc.EnterpriseMeta)
 		return fmt.Errorf("TLS.SDS.ClusterName is required if CertResource is set (service %q on listener on port %d)",
 			sid.String(), lis.Port)
 	}
--- a/agent/xds/listeners_ingress.go
+++ b/agent/xds/listeners_ingress.go
@ -164,7 +164,10 @@ func makeSDSOverrideFilterChains(cfgSnap *proxycfg.ConfigSnapshot,
 	var chains []*envoy_listener_v3.FilterChain

 	for _, svc := range listenerCfg.Services {
-		if ingressServiceHasSDSOverrides(svc) {
+		if !ingressServiceHasSDSOverrides(svc) {
+			continue
+		}
+
 		if len(svc.Hosts) < 1 {
 			// Shouldn't be possible with validation but be careful
 			return nil, fmt.Errorf("no hosts specified with SDS certificate (service %q on listener on port %d)",
@ -203,7 +206,6 @@ func makeSDSOverrideFilterChains(cfgSnap *proxycfg.ConfigSnapshot,

 		chains = append(chains, chain)
 	}
-	}

 	return chains, nil
 }
--- a/api/config_entry_gateways.go
+++ b/api/config_entry_gateways.go
@ -74,7 +74,7 @@ type IngressListener struct {
 	Services []IngressService

 	// TLS allows specifying some TLS configuration per listener.
-	TLS *GatewayTLSConfig
+	TLS *GatewayTLSConfig `json:",omitempty"`
 }

 // IngressService manages configuration for services that are exposed to
@ -110,7 +110,7 @@ type IngressService struct {
 	Namespace string `json:",omitempty"`

 	// TLS allows specifying some TLS configuration per listener.
-	TLS *GatewayServiceTLSConfig
+	TLS *GatewayServiceTLSConfig `json:",omitempty"`

 	// Allow HTTP header manipulation to be configured.
 	RequestHeaders  *HTTPHeaderModifiers `json:",omitempty" alias:"request_headers"`