feat(lb): use bool ptr for ssl bridging annotations

scaleway · Aug 26, 2024 · a7a896a · a7a896a
1 parent 4c60937
commit a7a896a
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 12 deletions.
diff --git a/scaleway/loadbalancers.go b/scaleway/loadbalancers.go
@@ -1118,8 +1118,8 @@ func servicePortToBackend(service *v1.Service, loadbalancer *scwlb.LB, port v1.S
 		Name:                   fmt.Sprintf("%s_tcp_%d", string(service.UID), port.NodePort),
 		Pool:                   nodeIPs,
 		ForwardProtocol:        protocol,
-		SslBridging:            scw.BoolPtr(sslBridging),
-		IgnoreSslServerVerify:  scw.BoolPtr(sslSkipVerify),
+		SslBridging:            sslBridging,
+		IgnoreSslServerVerify:  sslSkipVerify,
 		ForwardPort:            port.NodePort,
 		ForwardPortAlgorithm:   forwardPortAlgorithm,
 		StickySessions:         stickySessions,

diff --git a/scaleway/loadbalancers_annotations.go b/scaleway/loadbalancers_annotations.go
@@ -553,8 +553,11 @@ func getForwardProtocol(service *v1.Service, nodePort int32) (scwlb.Protocol, er
 	return scwlb.ProtocolTCP, nil
 }
 
-func getSSLBridging(service *v1.Service, nodePort int32) (bool, error) {
-	tlsEnabled := service.Annotations[serviceAnnotationLoadBalancerHTTPBackendTLS]
+func getSSLBridging(service *v1.Service, nodePort int32) (*bool, error) {
+	tlsEnabled, found := service.Annotations[serviceAnnotationLoadBalancerHTTPBackendTLS]
+	if !found {
+		return nil, nil
+	}
 
 	var svcPort int32 = -1
 	for _, p := range service.Spec.Ports {
@@ -564,20 +567,23 @@ func getSSLBridging(service *v1.Service, nodePort int32) (bool, error) {
 	}
 	if svcPort == -1 {
 		klog.Errorf("no valid port found")
-		return false, errLoadBalancerInvalidAnnotation
+		return nil, errLoadBalancerInvalidAnnotation
 	}
 
 	isTLSEnabled, err := isPortInRange(tlsEnabled, svcPort)
 	if err != nil {
 		klog.Errorf("unable to check if port %d is in range %s", svcPort, tlsEnabled)
-		return false, err
+		return nil, err
 	}
 
-	return isTLSEnabled, nil
+	return scw.BoolPtr(isTLSEnabled), nil
 }
 
-func getSSLBridgingSkipVerify(service *v1.Service, nodePort int32) (bool, error) {
-	skipTLSVerify := service.Annotations[serviceAnnotationLoadBalancerHTTPBackendTLSSkipVerify]
+func getSSLBridgingSkipVerify(service *v1.Service, nodePort int32) (*bool, error) {
+	skipTLSVerify, found := service.Annotations[serviceAnnotationLoadBalancerHTTPBackendTLSSkipVerify]
+	if !found {
+		return nil, nil
+	}
 
 	var svcPort int32 = -1
 	for _, p := range service.Spec.Ports {
@@ -587,16 +593,16 @@ func getSSLBridgingSkipVerify(service *v1.Service, nodePort int32) (bool, error)
 	}
 	if svcPort == -1 {
 		klog.Errorf("no valid port found")
-		return false, errLoadBalancerInvalidAnnotation
+		return nil, errLoadBalancerInvalidAnnotation
 	}
 
 	isSkipTLSVerify, err := isPortInRange(skipTLSVerify, svcPort)
 	if err != nil {
 		klog.Errorf("unable to check if port %d is in range %s", svcPort, skipTLSVerify)
-		return false, err
+		return nil, err
 	}
 
-	return isSkipTLSVerify, nil
+	return scw.BoolPtr(isSkipTLSVerify), nil
 }
 
 func getCertificateIDs(service *v1.Service, port int32) ([]string, error) {