Skip to content

Commit

Permalink
fix: ensuring fetch and validate all certificates from the AWS service
Browse files Browse the repository at this point in the history
  • Loading branch information
@caiofralmeida
caiofralmeida committed May 10, 2024
1 parent 9304b85 commit 968aada
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 7 deletions.
5 changes: 3 additions & 2 deletions internal/certificate/repository.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ func (r acmCertRepository) FindByFilter(filter CertFilter) ([]Certificate, error
var certs []Certificate
var certDiscoveryErr error

err := r.client.ListCertificatesPages(input, func(output *acm.ListCertificatesOutput, _ bool) bool {
err := r.client.ListCertificatesPages(input, func(output *acm.ListCertificatesOutput, lastPage bool) bool {
for _, acmCertSummary := range output.CertificateSummaryList {
acmCert, err := r.client.DescribeCertificate(&acm.DescribeCertificateInput{
CertificateArn: acmCertSummary.CertificateArn,
Expand All @@ -79,7 +79,8 @@ func (r acmCertRepository) FindByFilter(filter CertFilter) ([]Certificate, error
certs = append(certs, dnCert)
}
}
return true

return lastPage
})

if certDiscoveryErr != nil {
Expand Down
14 changes: 9 additions & 5 deletions internal/cloudfront/service.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -217,7 +217,6 @@ func (s *Service) newDistribution(ingresses []k8s.CDNIngress, group string, shar
group,
s.Config,
)

var err error
var cert certificate.Certificate
if s.Config.TLSIsEnabled() {
Expand Down Expand Up @@ -260,16 +259,21 @@ func (s *Service) newDistribution(ingresses []k8s.CDNIngress, group string, shar
// discoverCert returns the first found ACM Certificate that matches any Alternate Domain Name of the input Ingresses
func (s *Service) discoverCert(ingresses []k8s.CDNIngress) (certificate.Certificate, error) {
errs := &multierror.Error{}
var matchingCert certificate.Certificate

for _, ing := range ingresses {
for _, dn := range ing.AlternateDomainNames {
cert, err := s.CertService.DiscoverByHost(dn)
if err == nil {
return cert, nil
if err != nil {
errs = multierror.Append(errs, fmt.Errorf("%q: %v", dn, err))
} else {
matchingCert = cert
}
errs = multierror.Append(errs, fmt.Errorf("%q: %v", dn, err))

}
}
return certificate.Certificate{}, errs.ErrorOrNil()

return matchingCert, errs.ErrorOrNil()
}

func (s *Service) s3Prefix(group string) string {
Expand Down

0 comments on commit 968aada

Please sign in to comment.