diff --git a/internal/api_handlers.go b/internal/api_handlers.go index 6051c31..d4f9881 100644 --- a/internal/api_handlers.go +++ b/internal/api_handlers.go @@ -489,8 +489,8 @@ } w.Header().Set("Content-Type", "application/json") var req internalapi.RequestDomainCertificate - if err := json.NewDecoder(r.Body).Decode(&req); err != nil || req.Domain == "" || req.Email == "" || req.Issuer == "" { - http.Error(w, "domain, email, and issuer required", http.StatusBadRequest) + if err := json.NewDecoder(r.Body).Decode(&req); err != nil || req.Domain == "" || req.Email == "" || req.Issuer == "" || req.SecretName == "" { + http.Error(w, "domain, email, issuer and secret-name required", http.StatusBadRequest) return } @@ -509,17 +509,12 @@ http.Error(w, fmt.Sprintf("failed to persist certificate data: %v", err), http.StatusInternalServerError) return } - if req.SecretName != "" { - if err := api.Manager.UpdateSDSSecretByName(r.Context(), req.SecretName, cert); err != nil { - http.Error(w, fmt.Sprintf("failed to update SDS Secret in cache: %v", err), http.StatusInternalServerError) - return - } - } else { - if err := api.Manager.AddSDSSecretWithCert(r.Context(), cert); err != nil { - http.Error(w, fmt.Sprintf("failed to add SDS Secret in cache: %v", err), http.StatusInternalServerError) - return - } + + if err := api.Manager.UpsertSDSSecretWithCert(r.Context(), cert, req.SecretName); err != nil { + http.Error(w, fmt.Sprintf("failed to upsert SDS Secret in cache: %v", err), http.StatusInternalServerError) + return } + w.Header().Set("Content-Type", "application/json") json.NewEncoder(w).Encode(cert) w.WriteHeader(http.StatusOK) diff --git a/internal/pkg/snapshot/resource_crud.go b/internal/pkg/snapshot/resource_crud.go index 469f43b..e047ce6 100644 --- a/internal/pkg/snapshot/resource_crud.go +++ b/internal/pkg/snapshot/resource_crud.go @@ -590,20 +590,16 @@ return nil } -// AddSDSSecretWithCert creates a new Secret resource for SDS with the provided certificate +// UpsertSDSSecretWithCert creates or update a Secret resource for SDS with the provided certificate // and adds it to the snapshot. The secret name is derived from the domain: // e.g., "abc.com" -> "abc_com". -func (sm *SnapshotManager) AddSDSSecretWithCert(ctx context.Context, internalcert *internalcertapi.Certificate) error { +func (sm *SnapshotManager) UpsertSDSSecretWithCert(ctx context.Context, internalcert *internalcertapi.Certificate, secretName string) error { log := internallog.LogFromContext(ctx) if internalcert == nil { return fmt.Errorf("certificate data is nil") } - // 1. Determine the Secret Name (e.g., "abc.com" -> "abc_com") - // NOTE: This logic assumes the 'Domain' field of the certificate is what should be used for naming. - secretName := strings.ReplaceAll(internalcert.Domain, ".", "_") - // 2. Create the Secret resource (envoy/config/secret/v3.Secret) tlsCert := &secretv3.TlsCertificate{ // The certificate content (CertPEM) is stored as an InlineString.