⚡ update SNI cert && handle error

go.mod

@@ -11,7 +11,7 @@ require (
 	github.com/spf13/cobra v1.7.0
 	github.com/spf13/pflag v1.0.5
 	github.com/spf13/viper v1.18.2
-	github.com/vngcloud/vngcloud-go-sdk v1.0.6
+	github.com/vngcloud/vngcloud-go-sdk v1.0.14-0.20240521072621-df4ad46f8a9b
 	gopkg.in/gcfg.v1 v1.2.3
 	k8s.io/api v0.29.0
 	k8s.io/apimachinery v0.29.0

go.sum

@@ -231,6 +231,8 @@ github.com/tmc/grpc-websocket-proxy v0.0.0-20220101234140-673ab2c3ae75 h1:6fotK7
 github.com/tmc/grpc-websocket-proxy v0.0.0-20220101234140-673ab2c3ae75/go.mod h1:KO6IkyS8Y3j8OdNO85qEYBsRPuteD+YciPomcXdrMnk=
 github.com/vngcloud/vngcloud-go-sdk v1.0.6 h1:AU7cNVUq0LZ2pNyKbr7+qfE+/+6U0GnbBvwGHRV+OYk=
 github.com/vngcloud/vngcloud-go-sdk v1.0.6/go.mod h1:3ZjgN6oq5o7sYrShj2dOPOBF3cqWk6IW+/0VVpJWYf4=
+github.com/vngcloud/vngcloud-go-sdk v1.0.14-0.20240521072621-df4ad46f8a9b h1:WUU4MuMeXakkmlD3Qlt0IanlNpxgTihTy1PrI9VWqDg=
+github.com/vngcloud/vngcloud-go-sdk v1.0.14-0.20240521072621-df4ad46f8a9b/go.mod h1:3ZjgN6oq5o7sYrShj2dOPOBF3cqWk6IW+/0VVpJWYf4=
 github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2 h1:eY9dn8+vbi4tKz5Qo6v2eYzo7kUS51QINcR5jNpbZS8=
 github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=

pkg/ingress/controller/controller.go

@@ -958,8 +958,12 @@ func (c *Controller) inspectIngress(ing *nwv1.Ingress) (*Expander, error) {
 			return nil, vErrors.ErrNoCertificateFound
 		} else {
 			listenerHttpsOpts := serviceConf.CreateListenerOptions(true)
-			listenerHttpsOpts.CertificateAuthorities = &(serviceConf.CertificateIDs)
 			listenerHttpsOpts.DefaultCertificateAuthority = &(serviceConf.CertificateIDs[0])
+			if len(serviceConf.CertificateIDs) > 1 {
+				listenerHttpsOpts.CertificateAuthorities = PointerOf[[]string](serviceConf.CertificateIDs[1:])
+			} else {
+				listenerHttpsOpts.CertificateAuthorities = PointerOf[[]string]([]string{})
+			}
 			listenerHttpsOpts.ClientCertificate = PointerOf[string]("")
 			ingressInspect.ListenerExpander = append(ingressInspect.ListenerExpander, &utils.ListenerExpander{
 				CreateOpts: *listenerHttpsOpts,

pkg/utils/vngcloud/loadbalancer.go

@@ -61,8 +61,8 @@ func DeleteLB(client *client.ServiceClient, projectID string, lbID string) error
 
 	var err error
 	for {
-		err = loadbalancer.Delete(client, opt)
-		if err != nil && IsLoadBalancerNotReady(err) {
+		errSdk := loadbalancer.Delete(client, opt)
+		if errSdk != nil && IsLoadBalancerNotReady(errSdk.Error) {
 			klog.V(5).Infof("LoadBalancerNotReady, retry after 5 seconds")
 			time.Sleep(5 * time.Second)
 			continue

pkg/utils/vngcloud/loadbalancer_listener.go

@@ -46,8 +46,8 @@ func DeleteListener(client *client.ServiceClient, projectID string, lbID, listen
 
 	var err error
 	for {
-		err = listener.Delete(client, opt)
-		if err != nil && IsLoadBalancerNotReady(err) {
+		errSdk := listener.Delete(client, opt)
+		if errSdk != nil && IsLoadBalancerNotReady(errSdk.Error) {
 			klog.V(5).Infof("LoadBalancerNotReady, retry after 5 seconds")
 			time.Sleep(5 * time.Second)
 			continue

pkg/utils/vngcloud/loadbalancer_pool.go

@@ -101,8 +101,8 @@ func DeletePool(client *client.ServiceClient, projectID string, lbID, poolID str
 
 	var err error
 	for {
-		err = pool.Delete(client, opt)
-		if err != nil && IsLoadBalancerNotReady(err) {
+		errSdk := pool.Delete(client, opt)
+		if errSdk != nil && IsLoadBalancerNotReady(errSdk.Error) {
 			klog.V(5).Infof("LoadBalancerNotReady, retry after 5 seconds")
 			time.Sleep(5 * time.Second)
 			continue

pkg/utils/vngcloud/loadbalancer_utils.go

@@ -234,9 +234,7 @@ func CompareListenerOptions(ilis *lObjects.Listener, lisOptions *listener.Create
 		TimeoutConnection:           lisOptions.TimeoutConnection,
 		DefaultPoolId:               *lisOptions.DefaultPoolId,
 		DefaultCertificateAuthority: lisOptions.DefaultCertificateAuthority,
-		// Headers:                     lisOptions.Headers,
-		// ClientCertificate:           lisOptions.ClientCertificateAuthentication,
-		// ......................................... update later
+		CertificateAuthorities:      lisOptions.CertificateAuthorities,
 	}
 	if ilis.AllowedCidrs != lisOptions.AllowedCidrs ||
 		ilis.TimeoutClient != lisOptions.TimeoutClient ||
@@ -249,11 +247,33 @@ func CompareListenerOptions(ilis *lObjects.Listener, lisOptions *listener.Create
 		klog.Infof("listener need update default pool id: %s", *lisOptions.DefaultPoolId)
 		isNeedUpdate = true
 	}
-	if lisOptions.DefaultCertificateAuthority != nil && (ilis.DefaultCertificateAuthority == nil || *(ilis.DefaultCertificateAuthority) != *(lisOptions.DefaultCertificateAuthority)) {
+	if lisOptions.DefaultCertificateAuthority != nil &&
+		(ilis.DefaultCertificateAuthority == nil || *(ilis.DefaultCertificateAuthority) != *(lisOptions.DefaultCertificateAuthority)) {
 		klog.Infof("listener need update default certificate authority: %s", *lisOptions.DefaultCertificateAuthority)
 		isNeedUpdate = true
 	}
-	// update cert SNI here .......................................................
+
+	if len(ilis.CertificateAuthorities) > 0 && lisOptions.CertificateAuthorities == nil {
+		isNeedUpdate = true
+	} else if lisOptions.CertificateAuthorities != nil {
+		if len(ilis.CertificateAuthorities) != len(*lisOptions.CertificateAuthorities) {
+			klog.Infof("listener need update certificate authorities")
+			isNeedUpdate = true
+		} else {
+			maps := make(map[string]bool)
+			for _, ca := range ilis.CertificateAuthorities {
+				maps[ca] = true
+			}
+			for _, ca := range *lisOptions.CertificateAuthorities {
+				if _, ok := maps[ca]; !ok {
+					klog.Infof("listener need update certificate authorities")
+					isNeedUpdate = true
+					break
+				}
+			}
+		}
+	}
+
 	if !isNeedUpdate {
 		return nil
 	}

pkg/utils/vngcloud/security_group.go

@@ -58,5 +58,8 @@ func CreateSecurityGroup(client *client.ServiceClient, projectID string, name st
 	opt.Name = name
 	opt.Description = description
 	resp, err := secgroup.Create(client, opt)
-	return resp, err
+	if err != nil {
+		return nil, err.Error
+	}
+	return resp, nil
 }