ut

zirain · zirain · commit 86cf15152aab · 2025-06-23T09:23:36.000+08:00
Signed-off-by: zirain &lt;zirain2009@gmail.com&gt;
diff --git a/internal/provider/kubernetes/controller.go b/internal/provider/kubernetes/controller.go
@@ -812,8 +812,8 @@ func (r *gatewayAPIReconciler) processSecretRef(
 		types.NamespacedName{Namespace: secretNS, Name: string(secretRef.Name)},
 		secret,
 	)
-	if err != nil && kerrors.IsNotFound(err) {
-		return fmt.Errorf("unable to find the Secret: %s/%s", secretNS, string(secretRef.Name))
+	if err != nil {
+		return fmt.Errorf("unable to find the Secret %s/%s: %w", secretNS, string(secretRef.Name), err)
 	}
 
 	if secretNS != ownerNS {
@@ -863,8 +863,8 @@ func (r *gatewayAPIReconciler) processClusterTrustBundleRef(
 ) error {
 	trustBundle := &certificatesv1a1.ClusterTrustBundle{}
 	err := r.client.Get(ctx, types.NamespacedName{Name: string(ref.Name)}, trustBundle)
-	if err != nil && kerrors.IsNotFound(err) {
-		return fmt.Errorf("unable to find the ClusterTrustBundle: %s", string(ref.Name))
+	if err != nil {
+		return fmt.Errorf("unable to find the ClusterTrustBundle %s: %w", string(ref.Name), err)
 	}
 
 	key := trustBundle.Name
@@ -945,8 +945,8 @@ func (r *gatewayAPIReconciler) processConfigMapRef(
 		types.NamespacedName{Namespace: configMapNS, Name: string(configMapRef.Name)},
 		configMap,
 	)
-	if err != nil && kerrors.IsNotFound(err) {
-		return fmt.Errorf("unable to find the ConfigMap: %s/%s", configMapNS, string(configMapRef.Name))
+	if err != nil {
+		return fmt.Errorf("unable to find the ConfigMap %s/%s: %w", configMapNS, string(configMapRef.Name), err)
 	}
 
 	if configMapNS != ownerNS {
diff --git a/internal/provider/kubernetes/controller_test.go b/internal/provider/kubernetes/controller_test.go
@@ -11,6 +11,7 @@ import (
 	"testing"
 
 	"github.com/stretchr/testify/require"
+	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/utils/ptr"
@@ -25,6 +26,7 @@ import (
 	"github.com/envoyproxy/gateway/internal/gatewayapi"
 	"github.com/envoyproxy/gateway/internal/gatewayapi/resource"
 	"github.com/envoyproxy/gateway/internal/logging"
+	"github.com/envoyproxy/gateway/internal/provider/kubernetes/test"
 )
 
 func TestAddGatewayClassFinalizer(t *testing.T) {
@@ -1007,6 +1009,141 @@ func TestProcessSecurityPolicyObjectRefs(t *testing.T) {
 	}
 }
 
+func TestProcessBackendRefs(t *testing.T) {
+	ns := "default"
+	ctb := test.GetClusterTrustBundle("fake-ctb")
+	secret := test.GetSecret(types.NamespacedName{Namespace: ns, Name: "fake-secret"})
+	cm := &corev1.ConfigMap{
+		ObjectMeta: metav1.ObjectMeta{
+			Namespace: ns,
+			Name:      "fake-cm",
+		},
+		Data: map[string]string{
+			"ca.crt": "fake-ca-cert",
+		},
+	}
+
+	testCases := []struct {
+		name                   string
+		backend                *egv1a1.Backend
+		ctpShouldBeAdded       bool
+		secretShouldBeAdded    bool
+		configmapShouldBeAdded bool
+	}{
+		{
+			name: "DynamicResolver with ClusterTrustBundle",
+			backend: &egv1a1.Backend{
+				ObjectMeta: metav1.ObjectMeta{
+					Namespace: ns,
+					Name:      "test-backend",
+				},
+				Spec: egv1a1.BackendSpec{
+					Type: ptr.To(egv1a1.BackendTypeDynamicResolver),
+					TLS: &egv1a1.BackendTLSSettings{
+						CACertificateRefs: []gwapiv1.LocalObjectReference{
+							{
+								Kind: gwapiv1.Kind("ClusterTrustBundle"),
+								Name: gwapiv1.ObjectName("fake-ctb"),
+							},
+						},
+					},
+				},
+			},
+			ctpShouldBeAdded: true,
+		},
+		{
+			name: "DynamicResolver with ConfigMap",
+			backend: &egv1a1.Backend{
+				ObjectMeta: metav1.ObjectMeta{
+					Namespace: ns,
+					Name:      "test-backend",
+				},
+				Spec: egv1a1.BackendSpec{
+					Type: ptr.To(egv1a1.BackendTypeDynamicResolver),
+					TLS: &egv1a1.BackendTLSSettings{
+						CACertificateRefs: []gwapiv1.LocalObjectReference{
+							{
+								Kind: gwapiv1.Kind("ConfigMap"),
+								Name: gwapiv1.ObjectName("fake-cm"),
+							},
+						},
+					},
+				},
+			},
+			configmapShouldBeAdded: true,
+		},
+		{
+			name: "DynamicResolver with Secret",
+			backend: &egv1a1.Backend{
+				ObjectMeta: metav1.ObjectMeta{
+					Namespace: ns,
+					Name:      "test-backend",
+				},
+				Spec: egv1a1.BackendSpec{
+					Type: ptr.To(egv1a1.BackendTypeDynamicResolver),
+					TLS: &egv1a1.BackendTLSSettings{
+						CACertificateRefs: []gwapiv1.LocalObjectReference{
+							{
+								Kind: gwapiv1.Kind("Secret"),
+								Name: gwapiv1.ObjectName("fake-secret"),
+							},
+						},
+					},
+				},
+			},
+			secretShouldBeAdded: true,
+		},
+	}
+
+	for i := range testCases {
+		tc := testCases[i]
+		// Run the test cases.
+		t.Run(tc.name, func(t *testing.T) {
+			// Add objects referenced by test cases.
+			objs := []client.Object{tc.backend, ctb, secret, cm}
+			logger := logging.DefaultLogger(os.Stdout, egv1a1.LogLevelInfo)
+
+			r := &gatewayAPIReconciler{
+				log:             logger,
+				classController: "some-gateway-class",
+			}
+
+			r.client = fakeclient.NewClientBuilder().
+				WithScheme(envoygateway.GetScheme()).
+				WithObjects(objs...).
+				Build()
+
+			resourceTree := resource.NewResources()
+			resourceMap := newResourceMapping()
+			backend := tc.backend
+			resourceMap.allAssociatedBackendRefs.Insert(gwapiv1.BackendObjectReference{
+				Kind:      gatewayapi.KindPtr(resource.KindBackend),
+				Namespace: gatewayapi.NamespacePtr(backend.Namespace),
+				Name:      gwapiv1.ObjectName(backend.Name),
+			})
+
+			r.processBackendRefs(t.Context(), resourceTree, resourceMap)
+			if tc.ctpShouldBeAdded {
+				require.Contains(t, resourceTree.ClusterTrustBundles, ctb)
+			} else {
+				require.NotContains(t, resourceTree.ClusterTrustBundles, ctb)
+			}
+
+			if tc.secretShouldBeAdded {
+				require.Contains(t, resourceTree.Secrets, secret)
+			} else {
+				require.NotContains(t, resourceTree.Secrets, secret)
+			}
+
+			if tc.configmapShouldBeAdded {
+				require.Contains(t, resourceTree.ConfigMaps, cm)
+			} else {
+				require.NotContains(t, resourceTree.ConfigMaps, cm)
+			}
+		})
+	}
+}
+
 func setupReferenceGrantReconciler(objs []client.Object) *gatewayAPIReconciler {
 	logger := logging.DefaultLogger(os.Stdout, egv1a1.LogLevelInfo)
 

Original file line number	Diff line number	Diff line change
`@@ -812,8 +812,8 @@ func (r *gatewayAPIReconciler) processSecretRef(`
`812`	`812`	`types.NamespacedName{Namespace: secretNS, Name: string(secretRef.Name)},`
`813`	`813`	`secret,`
`814`	`814`	`)`
`815`		`- if err != nil && kerrors.IsNotFound(err) {`
`816`		`- return fmt.Errorf("unable to find the Secret: %s/%s", secretNS, string(secretRef.Name))`
	`815`	`+ if err != nil {`
	`816`	`+ return fmt.Errorf("unable to find the Secret %s/%s: %w", secretNS, string(secretRef.Name), err)`
`817`	`817`	`}`
`818`	`818`
`819`	`819`	`if secretNS != ownerNS {`
`@@ -863,8 +863,8 @@ func (r *gatewayAPIReconciler) processClusterTrustBundleRef(`
`863`	`863`	`) error {`
`864`	`864`	`trustBundle := &certificatesv1a1.ClusterTrustBundle{}`
`865`	`865`	`err := r.client.Get(ctx, types.NamespacedName{Name: string(ref.Name)}, trustBundle)`
`866`		`- if err != nil && kerrors.IsNotFound(err) {`
`867`		`- return fmt.Errorf("unable to find the ClusterTrustBundle: %s", string(ref.Name))`
	`866`	`+ if err != nil {`
	`867`	`+ return fmt.Errorf("unable to find the ClusterTrustBundle %s: %w", string(ref.Name), err)`
`868`	`868`	`}`
`869`	`869`
`870`	`870`	`key := trustBundle.Name`
`@@ -945,8 +945,8 @@ func (r *gatewayAPIReconciler) processConfigMapRef(`
`945`	`945`	`types.NamespacedName{Namespace: configMapNS, Name: string(configMapRef.Name)},`
`946`	`946`	`configMap,`
`947`	`947`	`)`
`948`		`- if err != nil && kerrors.IsNotFound(err) {`
`949`		`- return fmt.Errorf("unable to find the ConfigMap: %s/%s", configMapNS, string(configMapRef.Name))`
	`948`	`+ if err != nil {`
	`949`	`+ return fmt.Errorf("unable to find the ConfigMap %s/%s: %w", configMapNS, string(configMapRef.Name), err)`
`950`	`950`	`}`
`951`	`951`
`952`	`952`	`if configMapNS != ownerNS {`