Don't validate credentialName in gateway secrets analyzer if it isn't…

… specified (istio#19905)
blhagadorn · Jan 3, 2020 · df73e76 · df73e76
1 parent d0cc6de
commit df73e76
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 0 deletions.
diff --git a/galley/pkg/config/analysis/analyzers/gateway/secret.go b/galley/pkg/config/analysis/analyzers/gateway/secret.go
@@ -66,6 +66,10 @@ func (a *SecretAnalyzer) Analyze(ctx analysis.Context) {
 			}
 
 			cn := tls.GetCredentialName()
+			if cn == "" {
+				continue
+			}
+
 			if !ctx.Exists(collections.K8SCoreV1Secrets.Name(), resource.NewShortOrFullName(gwNs, cn)) {
 				ctx.Report(collections.IstioNetworkingV1Alpha3Gateways.Name(), msg.NewReferencedResourceNotFound(r, "credentialName", cn))
 			}

diff --git a/galley/pkg/config/analysis/analyzers/testdata/gateway-secrets.yaml b/galley/pkg/config/analysis/analyzers/testdata/gateway-secrets.yaml
@@ -85,4 +85,21 @@ spec:
       mode: SIMPLE
       credentialName: "httpbin-credential"
     hosts:
+    - "httpbin.example.com"
+---
+apiVersion: networking.istio.io/v1alpha3
+kind: Gateway
+metadata:
+  name: defaultgateway-nocredential # No credentialName specified, we shouldn't generate any errors
+spec:
+  selector:
+    istio: ingressgateway
+  servers:
+  - port:
+      number: 443
+      name: https
+      protocol: HTTPS
+    tls:
+      mode: SIMPLE
+    hosts:
     - "httpbin.example.com"