Accept ns/name Secret reference in annotations

2018-04-20 00:05:54 +02:00 · 2018-04-20 00:05:54 +02:00 · 0e8ac3077a
commit 0e8ac3077a
parent c3ff76ae50
2 changed files with 110 additions and 3 deletions
--- a/internal/ingress/controller/store/store.go
+++ b/internal/ingress/controller/store/store.go
@ -538,12 +538,12 @@ func (s *k8sStore) updateSecretIngressMap(ing *extensions.Ingress) {
 		"auth-tls-secret",
 	}
 	for _, ann := range secretAnnotations {
-		secrName, err := parser.GetStringAnnotation(ann, ing)
+		secrKey, err := objectRefAnnotationNsKey(ann, ing)
 		if err != nil {
+			glog.Errorf("error reading secret reference in annotation %q: %s", ann, err)
 			continue
 		}
-		if secrName != "" {
-			secrKey := fmt.Sprintf("%v/%v", ing.Namespace, secrName)
+		if secrKey != "" {
 			refSecrets = append(refSecrets, secrKey)
 		}
 	}
@ -552,6 +552,25 @@ func (s *k8sStore) updateSecretIngressMap(ing *extensions.Ingress) {
 	s.secretIngressMap.Insert(key, refSecrets...)
 }

+// objectRefAnnotationNsKey returns an object reference formatted as a
+// 'namespace/name' key from the given annotation name.
+func objectRefAnnotationNsKey(ann string, ing *extensions.Ingress) (string, error) {
+	annValue, err := parser.GetStringAnnotation(ann, ing)
+	if annValue == "" {
+		return "", err
+	}
+
+	secrNs, secrName, err := cache.SplitMetaNamespaceKey(annValue)
+	if secrName == "" {
+		return "", err
+	}
+
+	if secrNs == "" {
+		return fmt.Sprintf("%v/%v", ing.Namespace, secrName), nil
+	}
+	return annValue, nil
+}
+
 // syncSecrets synchronizes data from all Secrets referenced by the given
 // Ingress with the local store and file system.
 func (s k8sStore) syncSecrets(ing *extensions.Ingress) {