From 968aada55128a2f505dbaf86ea024dfc5bbada14 Mon Sep 17 00:00:00 2001 From: Caio Almeida Date: Fri, 10 May 2024 09:24:19 -0300 Subject: [PATCH] fix: ensuring fetch and validate all certificates from the AWS service --- internal/certificate/repository.go | 5 +++-- internal/cloudfront/service.go | 14 +++++++++----- 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/internal/certificate/repository.go b/internal/certificate/repository.go index 8cf5b0c..29b8204 100644 --- a/internal/certificate/repository.go +++ b/internal/certificate/repository.go @@ -59,7 +59,7 @@ func (r acmCertRepository) FindByFilter(filter CertFilter) ([]Certificate, error var certs []Certificate var certDiscoveryErr error - err := r.client.ListCertificatesPages(input, func(output *acm.ListCertificatesOutput, _ bool) bool { + err := r.client.ListCertificatesPages(input, func(output *acm.ListCertificatesOutput, lastPage bool) bool { for _, acmCertSummary := range output.CertificateSummaryList { acmCert, err := r.client.DescribeCertificate(&acm.DescribeCertificateInput{ CertificateArn: acmCertSummary.CertificateArn, @@ -79,7 +79,8 @@ func (r acmCertRepository) FindByFilter(filter CertFilter) ([]Certificate, error certs = append(certs, dnCert) } } - return true + + return lastPage }) if certDiscoveryErr != nil { diff --git a/internal/cloudfront/service.go b/internal/cloudfront/service.go index 623bccd..83f833d 100644 --- a/internal/cloudfront/service.go +++ b/internal/cloudfront/service.go @@ -217,7 +217,6 @@ func (s *Service) newDistribution(ingresses []k8s.CDNIngress, group string, shar group, s.Config, ) - var err error var cert certificate.Certificate if s.Config.TLSIsEnabled() { @@ -260,16 +259,21 @@ func (s *Service) newDistribution(ingresses []k8s.CDNIngress, group string, shar // discoverCert returns the first found ACM Certificate that matches any Alternate Domain Name of the input Ingresses func (s *Service) discoverCert(ingresses []k8s.CDNIngress) (certificate.Certificate, error) { errs := &multierror.Error{} + var matchingCert certificate.Certificate + for _, ing := range ingresses { for _, dn := range ing.AlternateDomainNames { cert, err := s.CertService.DiscoverByHost(dn) - if err == nil { - return cert, nil + if err != nil { + errs = multierror.Append(errs, fmt.Errorf("%q: %v", dn, err)) + } else { + matchingCert = cert } - errs = multierror.Append(errs, fmt.Errorf("%q: %v", dn, err)) + } } - return certificate.Certificate{}, errs.ErrorOrNil() + + return matchingCert, errs.ErrorOrNil() } func (s *Service) s3Prefix(group string) string {