Clarify log messages in controller pkg

internal/ingress/controller/store/backend_ssl.go

@@ -33,20 +33,19 @@ import (
 	"k8s.io/ingress-nginx/internal/net/ssl"
 )
 
-// syncSecret keeps in sync Secrets used by Ingress rules with the files on
-// disk to allow copy of the content of the secret to disk to be used
-// by external processes.
+// syncSecret synchronizes the content of a TLS Secret (certificate(s), secret
+// key) with the filesystem. The resulting files can be used by NGINX.
 func (s k8sStore) syncSecret(key string) {
 	s.mu.Lock()
 	defer s.mu.Unlock()
 
-	glog.V(3).Infof("starting syncing of secret %v", key)
+	glog.V(3).Infof("Syncing Secret %q", key)
 
 	// TODO: getPemCertificate should not write to disk to avoid unnecessary overhead
 	cert, err := s.getPemCertificate(key)
 	if err != nil {
 		if !isErrSecretForAuth(err) {
-			glog.Warningf("error obtaining PEM from secret %v: %v", key, err)
+			glog.Warningf("Error obtaining X.509 certificate: %v", err)
 		}
 		return
 	}
@@ -58,7 +57,7 @@ func (s k8sStore) syncSecret(key string) {
 			// no need to update
 			return
 		}
-		glog.Infof("updating secret %v in the local store", key)
+		glog.Infof("Updating Secret %q in the local store", key)
 		s.sslStore.Update(key, cert)
 		// this update must trigger an update
 		// (like an update event from a change in Ingress)
@@ -66,7 +65,7 @@ func (s k8sStore) syncSecret(key string) {
 		return
 	}
 
-	glog.Infof("adding secret %v to the local store", key)
+	glog.Infof("Adding Secret %q to the local store", key)
 	s.sslStore.Add(key, cert)
 	// this update must trigger an update
 	// (like an update event from a change in Ingress)
@@ -78,7 +77,7 @@ func (s k8sStore) syncSecret(key string) {
 func (s k8sStore) getPemCertificate(secretName string) (*ingress.SSLCert, error) {
 	secret, err := s.listers.Secret.ByKey(secretName)
 	if err != nil {
-		return nil, fmt.Errorf("error retrieving secret %v: %v", secretName, err)
+		return nil, err
 	}
 
 	cert, okcert := secret.Data[apiv1.TLSCertKey]
@@ -93,40 +92,42 @@ func (s k8sStore) getPemCertificate(secretName string) (*ingress.SSLCert, error)
 	var sslCert *ingress.SSLCert
 	if okcert && okkey {
 		if cert == nil {
-			return nil, fmt.Errorf("secret %v has no 'tls.crt'", secretName)
+			return nil, fmt.Errorf("key 'tls.crt' missing from Secret %q", secretName)
 		}
 		if key == nil {
-			return nil, fmt.Errorf("secret %v has no 'tls.key'", secretName)
+			return nil, fmt.Errorf("key 'tls.key' missing from Secret %q", secretName)
 		}
 
 		// If 'ca.crt' is also present, it will allow this secret to be used in the
 		// 'nginx.ingress.kubernetes.io/auth-tls-secret' annotation
 		sslCert, err = ssl.AddOrUpdateCertAndKey(nsSecName, cert, key, ca, s.filesystem)
 		if err != nil {
-			return nil, fmt.Errorf("unexpected error creating pem file: %v", err)
+			return nil, err
 		}
 
-		glog.V(3).Infof("found 'tls.crt' and 'tls.key', configuring %v as a TLS Secret (CN: %v)", secretName, sslCert.CN)
+		msg := fmt.Sprintf("Configuring Secret %q for TLS encryption (CN: %v)", secretName, sslCert.CN)
 		if ca != nil {
-			glog.V(3).Infof("found 'ca.crt', secret %v can also be used for Certificate Authentication", secretName)
+			msg += " and authentication"
 		}
+		glog.V(3).Info(msg)
+
 	} else if ca != nil {
 		sslCert, err = ssl.AddCertAuth(nsSecName, ca, s.filesystem)
 
 		if err != nil {
-			return nil, fmt.Errorf("unexpected error creating pem file: %v", err)
+			return nil, err
 		}
 
 		// makes this secret in 'syncSecret' to be used for Certificate Authentication
 		// this does not enable Certificate Authentication
-		glog.V(3).Infof("found only 'ca.crt', configuring %v as an Certificate Authentication Secret", secretName)
+		glog.V(3).Infof("Configuring Secret %q for TLS authentication", secretName)
 
 	} else {
 		if auth != nil {
 			return nil, ErrSecretForAuth
 		}
 
-		return nil, fmt.Errorf("no keypair or CA cert could be found in %v", secretName)
+		return nil, fmt.Errorf("Secret %q contains no keypair or CA certificate", secretName)
 	}
 
 	sslCert.Name = secret.Name
@@ -137,8 +138,8 @@ func (s k8sStore) getPemCertificate(secretName string) (*ingress.SSLCert, error)
 
 func (s k8sStore) checkSSLChainIssues() {
 	for _, item := range s.ListLocalSSLCerts() {
-		secretName := k8s.MetaNamespaceKey(item)
-		secret, err := s.GetLocalSSLCert(secretName)
+		secrKey := k8s.MetaNamespaceKey(item)
+		secret, err := s.GetLocalSSLCert(secrKey)
 		if err != nil {
 			continue
 		}
@@ -150,7 +151,7 @@ func (s k8sStore) checkSSLChainIssues() {
 
 		data, err := ssl.FullChainCert(secret.PemFileName, s.filesystem)
 		if err != nil {
-			glog.Errorf("unexpected error generating SSL certificate with full intermediate chain CA certs: %v", err)
+			glog.Errorf("Error generating CA certificate chain for Secret %q: %v", secrKey, err)
 			continue
 		}
 
@@ -158,13 +159,13 @@ func (s k8sStore) checkSSLChainIssues() {
 
 		file, err := s.filesystem.Create(fullChainPemFileName)
 		if err != nil {
-			glog.Errorf("unexpected error creating SSL certificate file %v: %v", fullChainPemFileName, err)
+			glog.Errorf("Error creating SSL certificate file for Secret %q: %v", secrKey, err)
 			continue
 		}
 
 		_, err = file.Write(data)
 		if err != nil {
-			glog.Errorf("unexpected error creating SSL certificate: %v", err)
+			glog.Errorf("Error creating SSL certificate for Secret %q: %v", secrKey, err)
 			continue
 		}
 
@@ -172,14 +173,14 @@ func (s k8sStore) checkSSLChainIssues() {
 
 		err = mergo.MergeWithOverwrite(dst, secret)
 		if err != nil {
-			glog.Errorf("unexpected error creating SSL certificate: %v", err)
+			glog.Errorf("Error creating SSL certificate for Secret %q: %v", secrKey, err)
 			continue
 		}
 
 		dst.FullChainPemFileName = fullChainPemFileName
 
-		glog.Infof("updating local copy of ssl certificate %v with missing intermediate CA certs", secretName)
-		s.sslStore.Update(secretName, dst)
+		glog.Infof("Updating local copy of SSL certificate %q with missing intermediate CA certs", secrKey)
+		s.sslStore.Update(secrKey, dst)
 		// this update must trigger an update
 		// (like an update event from a change in Ingress)
 		s.sendDummyEvent()

internal/ingress/controller/store/configmap.go

@@ -17,8 +17,6 @@ limitations under the License.
 package store
 
 import (
-	"fmt"
-
 	apiv1 "k8s.io/api/core/v1"
 	"k8s.io/client-go/tools/cache"
 )
@@ -28,14 +26,14 @@ type ConfigMapLister struct {
 	cache.Store
 }
 
-// ByKey searches for a configmap in the local configmaps Store
+// ByKey returns the ConfigMap matching key in the local ConfigMap Store.
 func (cml *ConfigMapLister) ByKey(key string) (*apiv1.ConfigMap, error) {
 	s, exists, err := cml.GetByKey(key)
 	if err != nil {
 		return nil, err
 	}
 	if !exists {
-		return nil, fmt.Errorf("configmap %v was not found", key)
+		return nil, NotExistsError(key)
 	}
 	return s.(*apiv1.ConfigMap), nil
 }

internal/ingress/controller/store/endpoint.go

@@ -17,8 +17,6 @@ limitations under the License.
 package store
 
 import (
-	"fmt"
-
 	apiv1 "k8s.io/api/core/v1"
 	"k8s.io/client-go/tools/cache"
 )
@@ -28,15 +26,14 @@ type EndpointLister struct {
 	cache.Store
 }
 
-// GetServiceEndpoints returns the endpoints of a service, matched on service name.
-func (s *EndpointLister) GetServiceEndpoints(svc *apiv1.Service) (*apiv1.Endpoints, error) {
-	key := fmt.Sprintf("%v/%v", svc.Namespace, svc.Name)
+// ByKey returns the Endpoints of the Service matching key in the local Endpoint Store.
+func (s *EndpointLister) ByKey(key string) (*apiv1.Endpoints, error) {
 	eps, exists, err := s.GetByKey(key)
 	if err != nil {
 		return nil, err
 	}
 	if !exists {
-		return nil, fmt.Errorf("could not find endpoints for service %v", key)
+		return nil, NotExistsError(key)
 	}
 	return eps.(*apiv1.Endpoints), nil
 }

internal/ingress/controller/store/ingress.go

@@ -17,8 +17,6 @@ limitations under the License.
 package store
 
 import (
-	"fmt"
-
 	extensions "k8s.io/api/extensions/v1beta1"
 	"k8s.io/client-go/tools/cache"
 )
@@ -28,14 +26,14 @@ type IngressLister struct {
 	cache.Store
 }
 
-// ByKey searches for an ingress in the local ingress Store
+// ByKey returns the Ingress matching key in the local Ingress Store.
 func (il IngressLister) ByKey(key string) (*extensions.Ingress, error) {
 	i, exists, err := il.GetByKey(key)
 	if err != nil {
 		return nil, err
 	}
 	if !exists {
-		return nil, fmt.Errorf("ingress %v was not found", key)
+		return nil, NotExistsError(key)
 	}
 	return i.(*extensions.Ingress), nil
 }

internal/ingress/controller/store/ingress_annotation.go

@@ -18,9 +18,22 @@ package store
 
 import (
 	"k8s.io/client-go/tools/cache"
+	"k8s.io/ingress-nginx/internal/ingress/annotations"
 )
 
 // IngressAnnotationsLister makes a Store that lists annotations in Ingress rules.
 type IngressAnnotationsLister struct {
 	cache.Store
 }
+
+// ByKey returns the Ingress annotations matching key in the local Ingress annotations Store.
+func (il IngressAnnotationsLister) ByKey(key string) (*annotations.Ingress, error) {
+	i, exists, err := il.GetByKey(key)
+	if err != nil {
+		return nil, err
+	}
+	if !exists {
+		return nil, NotExistsError(key)
+	}
+	return i.(*annotations.Ingress), nil
+}

internal/ingress/controller/store/secret.go

@@ -17,8 +17,6 @@ limitations under the License.
 package store
 
 import (
-	"fmt"
-
 	apiv1 "k8s.io/api/core/v1"
 	"k8s.io/client-go/tools/cache"
 )
@@ -28,14 +26,14 @@ type SecretLister struct {
 	cache.Store
 }
 
-// ByKey searches for a secret in the local secrets Store
+// ByKey returns the Secret matching key in the local Secret Store.
 func (sl *SecretLister) ByKey(key string) (*apiv1.Secret, error) {
 	s, exists, err := sl.GetByKey(key)
 	if err != nil {
 		return nil, err
 	}
 	if !exists {
-		return nil, fmt.Errorf("secret %v was not found", key)
+		return nil, NotExistsError(key)
 	}
 	return s.(*apiv1.Secret), nil
 }

internal/ingress/controller/store/service.go

@@ -17,8 +17,6 @@ limitations under the License.
 package store
 
 import (
-	"fmt"
-
 	apiv1 "k8s.io/api/core/v1"
 	"k8s.io/client-go/tools/cache"
 )
@@ -28,14 +26,14 @@ type ServiceLister struct {
 	cache.Store
 }
 
-// ByKey searches for a service in the local secrets Store
+// ByKey returns the Service matching key in the local Service Store.
 func (sl *ServiceLister) ByKey(key string) (*apiv1.Service, error) {
 	s, exists, err := sl.GetByKey(key)
 	if err != nil {
 		return nil, err
 	}
 	if !exists {
-		return nil, fmt.Errorf("service %v was not found", key)
+		return nil, NotExistsError(key)
 	}
 	return s.(*apiv1.Service), nil
 }

internal/ingress/controller/store/store.go

@@ -58,25 +58,26 @@ type Storer interface {
 	// GetBackendConfiguration returns the nginx configuration stored in a configmap
 	GetBackendConfiguration() ngx_config.Configuration
 
-	// GetConfigMap returns a ConfigmMap using the namespace and name as key
+	// GetConfigMap returns the ConfigMap matching key.
 	GetConfigMap(key string) (*corev1.ConfigMap, error)
 
-	// GetSecret returns a Secret using the namespace and name as key
+	// GetSecret returns the Secret matching key.
 	GetSecret(key string) (*corev1.Secret, error)
 
-	// GetService returns a Service using the namespace and name as key
+	// GetService returns the Service matching key.
 	GetService(key string) (*corev1.Service, error)
 
-	GetServiceEndpoints(svc *corev1.Service) (*corev1.Endpoints, error)
+	// GetServiceEndpoints returns the Endpoints of a Service matching key.
+	GetServiceEndpoints(key string) (*corev1.Endpoints, error)
 
-	// GetSecret returns an Ingress using the namespace and name as key
+	// GetIngress returns the Ingress matching key.
 	GetIngress(key string) (*extensions.Ingress, error)
 
-	// ListIngresses returns the list of Ingresses
+	// ListIngresses returns a list of all Ingresses in the store.
 	ListIngresses() []*extensions.Ingress
 
-	// GetIngressAnnotations returns the annotations associated to an Ingress
-	GetIngressAnnotations(ing *extensions.Ingress) (*annotations.Ingress, error)
+	// GetIngressAnnotations returns the parsed annotations of an Ingress matching key.
+	GetIngressAnnotations(key string) (*annotations.Ingress, error)
 
 	// GetLocalSSLCert returns the local copy of a SSLCert
 	GetLocalSSLCert(name string) (*ingress.SSLCert, error)
@@ -110,7 +111,7 @@ const (
 	ConfigurationEvent EventType = "CONFIGURATION"
 )
 
-// Event holds the context of an event
+// Event holds the context of an event.
 type Event struct {
 	Type EventType
 	Obj  interface{}
@@ -125,7 +126,7 @@ type Informer struct {
 	ConfigMap cache.SharedIndexInformer
 }
 
-// Lister returns the stores for ingresses, services, endpoints, secrets and configmaps.
+// Lister contains object listers (stores).
 type Lister struct {
 	Ingress           IngressLister
 	Service           ServiceLister
@@ -135,6 +136,14 @@ type Lister struct {
 	IngressAnnotation IngressAnnotationsLister
 }
 
+// NotExistsError is returned when an object does not exist in a local store.
+type NotExistsError string
+
+// Error implements the error interface.
+func (e NotExistsError) Error() string {
+	return fmt.Sprintf("no object matching key %q in local store", string(e))
+}
+
 // Run initiates the synchronization of the informers against the API server.
 func (i *Informer) Run(stopCh chan struct{}) {
 	go i.Endpoint.Run(stopCh)
@@ -601,7 +610,7 @@ func (s k8sStore) syncSecrets(ing *extensions.Ingress) {
 	}
 }
 
-// GetSecret returns a Secret using the namespace and name as key
+// GetSecret returns the Secret matching key.
 func (s k8sStore) GetSecret(key string) (*corev1.Secret, error) {
 	return s.listers.Secret.ByKey(key)
 }
@@ -618,12 +627,12 @@ func (s k8sStore) ListLocalSSLCerts() []*ingress.SSLCert {
 	return certs
 }
 
-// GetService returns a Service using the namespace and name as key
+// GetService returns the Service matching key.
 func (s k8sStore) GetService(key string) (*corev1.Service, error) {
 	return s.listers.Service.ByKey(key)
 }
 
-// GetIngress returns an Ingress using the namespace and name as key
+// GetIngress returns the Ingress matching key.
 func (s k8sStore) GetIngress(key string) (*extensions.Ingress, error) {
 	return s.listers.Ingress.ByKey(key)
 }
@@ -656,17 +665,9 @@ func (s k8sStore) ListIngresses() []*extensions.Ingress {
 	return ingresses
 }
 
-// GetIngressAnnotations returns the annotations associated to an Ingress
-func (s k8sStore) GetIngressAnnotations(ing *extensions.Ingress) (*annotations.Ingress, error) {
-	key := k8s.MetaNamespaceKey(ing)
-	item, exists, err := s.listers.IngressAnnotation.GetByKey(key)
-	if err != nil {
-		return &annotations.Ingress{}, fmt.Errorf("unexpected error getting ingress annotation %v: %v", key, err)
-	}
-	if !exists {
-		return &annotations.Ingress{}, fmt.Errorf("ingress annotations %v was not found", key)
-	}
-	return item.(*annotations.Ingress), nil
+// GetIngressAnnotations returns the parsed annotations of an Ingress matching key.
+func (s k8sStore) GetIngressAnnotations(key string) (*annotations.Ingress, error) {
+	return s.listers.IngressAnnotation.ByKey(key)
 }
 
 // GetLocalSSLCert returns the local copy of a SSLCert
@@ -674,12 +675,14 @@ func (s k8sStore) GetLocalSSLCert(key string) (*ingress.SSLCert, error) {
 	return s.sslStore.ByKey(key)
 }
 
+// GetConfigMap returns the ConfigMap matching key.
 func (s k8sStore) GetConfigMap(key string) (*corev1.ConfigMap, error) {
 	return s.listers.ConfigMap.ByKey(key)
 }
 
-func (s k8sStore) GetServiceEndpoints(svc *corev1.Service) (*corev1.Endpoints, error) {
-	return s.listers.Endpoint.GetServiceEndpoints(svc)
+// GetServiceEndpoints returns the Endpoints of a Service matching key.
+func (s k8sStore) GetServiceEndpoints(key string) (*corev1.Endpoints, error) {
+	return s.listers.Endpoint.ByKey(key)
 }
 
 // GetAuthCertificate is used by the auth-tls annotations to get a cert from a secret