(apisix-ingress-controller) branch master updated: fix(atls): apply updated certificates when TLS secrets change (#2674)

Mon, 08 Dec 2025 02:34:02 -0800 

This is an automated email from the ASF dual-hosted git repository.

alinsran pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix-ingress-controller.git


The following commit(s) were added to refs/heads/master by this push:
     new ad223606 fix(atls): apply updated certificates when TLS secrets change 
(#2674)
ad223606 is described below

commit ad223606d292bae50bbfaada1ad5d1e32cc11001
Author: AlinsRan <[email protected]>
AuthorDate: Mon Dec 8 18:32:15 2025 +0800

    fix(atls): apply updated certificates when TLS secrets change (#2674)
---
 internal/controller/apisixtls_controller.go |  2 +-
 test/e2e/crds/v2/tls.go                     | 21 +++++++++++++++++++++
 2 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/internal/controller/apisixtls_controller.go 
b/internal/controller/apisixtls_controller.go
index 4758f728..68795fa0 100644
--- a/internal/controller/apisixtls_controller.go
+++ b/internal/controller/apisixtls_controller.go
@@ -236,7 +236,7 @@ func (r *ApisixTlsReconciler) listApisixTlsForSecret(ctx 
context.Context, obj cl
                ctx,
                r.Client,
                r.Log,
-               &apiv2.ApisixConsumerList{},
+               &apiv2.ApisixTlsList{},
                client.MatchingFields{
                        indexer.SecretIndexRef: 
indexer.GenIndexKey(secret.GetNamespace(), secret.GetName()),
                },
diff --git a/test/e2e/crds/v2/tls.go b/test/e2e/crds/v2/tls.go
index a7edff3d..c3d6815e 100644
--- a/test/e2e/crds/v2/tls.go
+++ b/test/e2e/crds/v2/tls.go
@@ -175,6 +175,27 @@ spec:
                                WithHost("api6.com").
                                Expect().
                                Status(200)
+
+                       err = s.NewKubeTlsSecret("test-tls-secret", 
framework.TestCert, framework.TestKey)
+                       Expect(err).NotTo(HaveOccurred(), "updating TLS secret")
+
+                       Eventually(func() error {
+                               tlss, err := 
s.DefaultDataplaneResource().SSL().List(context.Background())
+                               if err != nil {
+                                       return err
+                               }
+                               if len(tlss) != 1 {
+                                       return fmt.Errorf("expected 1 tls, got 
%d", len(tls))
+                               }
+                               certs := tlss[0].Certificates
+                               if len(certs) != 1 {
+                                       return fmt.Errorf("expected 1 
certificate, got %d", len(certs))
+                               }
+                               if !strings.Contains(certs[0].Certificate, 
framework.TestCert) {
+                                       return fmt.Errorf("certificate not 
updated yet")
+                               }
+                               return nil
+                       
}).WithTimeout(30*time.Second).ProbeEvery(1*time.Second).ShouldNot(HaveOccurred(),
 "tls secret updated in dataplane")
                })
 
                It("ApisixTls with mTLS test", func() {

Reply via email to