From ba3fae1d2778fa79bba088c9dbd093a614db246a Mon Sep 17 00:00:00 2001 From: AlinsRan Date: Mon, 8 Dec 2025 18:32:15 +0800 Subject: [PATCH] fix(atls): apply updated certificates when TLS secrets change (#2674) (cherry picked from commit ad223606d292bae50bbfaada1ad5d1e32cc11001) --- internal/controller/apisixtls_controller.go | 2 +- test/e2e/crds/v2/tls.go | 21 +++++++++++++++++++++ 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/internal/controller/apisixtls_controller.go b/internal/controller/apisixtls_controller.go index d854fddec..eeda370de 100644 --- a/internal/controller/apisixtls_controller.go +++ b/internal/controller/apisixtls_controller.go @@ -248,7 +248,7 @@ func (r *ApisixTlsReconciler) listApisixTlsForSecret(ctx context.Context, obj cl ctx, r.Client, r.Log, - &apiv2.ApisixConsumerList{}, + &apiv2.ApisixTlsList{}, client.MatchingFields{ indexer.SecretIndexRef: indexer.GenIndexKey(secret.GetNamespace(), secret.GetName()), }, diff --git a/test/e2e/crds/v2/tls.go b/test/e2e/crds/v2/tls.go index ef4acba02..8599cca3f 100644 --- a/test/e2e/crds/v2/tls.go +++ b/test/e2e/crds/v2/tls.go @@ -146,6 +146,27 @@ spec: WithHost("api6.com"). Expect(). Status(200) + + err = s.NewKubeTlsSecret("test-tls-secret", framework.TestCert, framework.TestKey) + Expect(err).NotTo(HaveOccurred(), "updating TLS secret") + + Eventually(func() error { + tlss, err := s.DefaultDataplaneResource().SSL().List(context.Background()) + if err != nil { + return err + } + if len(tlss) != 1 { + return fmt.Errorf("expected 1 tls, got %d", len(tls)) + } + certs := tlss[0].Certificates + if len(certs) != 1 { + return fmt.Errorf("expected 1 certificate, got %d", len(certs)) + } + if !strings.Contains(certs[0].Certificate, framework.TestCert) { + return fmt.Errorf("certificate not updated yet") + } + return nil + }).WithTimeout(30*time.Second).ProbeEvery(1*time.Second).ShouldNot(HaveOccurred(), "tls secret updated in dataplane") }) It("ApisixTls with mTLS test", func() {