Egress mtls test fix - WIP

Author: javorszky

hack/tls-cert-gen/certs.go

@@ -1,5 +1,9 @@
 package main
 
+import (
+	v1 "k8s.io/api/core/v1"
+)
+
 // yamlSecret encapsulates all the data that we need to create the tls secrets
 // that kubernetes needs as tls files.
 //
@@ -16,7 +20,7 @@ type yamlSecret struct {
 	symlinks     []string
 	valid        bool
 	templateData templateData
-	secretType   string
+	secretType   v1.SecretType
 	usedIn       []string
 }
 
@@ -236,4 +240,20 @@ var yamlSecrets = []yamlSecret{
 			"tests/suite/test_wildcard_tls_secret.py - subject info",
 		},
 	},
+
+	{
+		secretName: "egress-tls-secret",
+		fileName:   "egress-tls-secret.yaml",
+		templateData: templateData{
+			country:            []string{"IE"},
+			organization:       []string{"F5 NGINX"},
+			organizationalUnit: []string{"NGINX Ingress Controller"},
+			locality:           []string{"Cork"},
+			province:           []string{"Cork"},
+			commonName:         "example.com",
+			dnsNames:           []string{"foo.bar.example.com", "*.example.com"},
+		},
+		valid:    secretShouldHaveValidTLSCrt,
+		symlinks: []string{},
+	},
 }

hack/tls-cert-gen/tls-cert-gen.go

@@ -17,6 +17,8 @@ import (
 	"path/filepath"
 	"time"
 
+	"github.com/nginx/kubernetes-ingress/internal/configs"
+	"github.com/nginx/kubernetes-ingress/internal/k8s/secrets"
 	log "github.com/nginx/kubernetes-ingress/internal/logger"
 	v1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -252,12 +254,16 @@ func createYamlSecret(secret yamlSecret, isValid bool, tlsKeys *JITTLSKey) ([]by
 		Type: v1.SecretTypeTLS,
 	}
 
+	if secret.secretType == secrets.SecretTypeCA {
+		s.Data[configs.CACrlKey] = s.Data[v1.TLSCertKey]
+	}
+
 	if !isValid {
 		s.Data[v1.TLSCertKey] = []byte(``)
 	}
 
 	if secret.secretType != "" {
-		s.Type = v1.SecretType(secret.secretType)
+		s.Type = secret.secretType
 	}
 
 	sb, err := yaml.Marshal(s)