BUG/MINOR: prevents unnecessary reloading when the attribute client-ca is not used.

fabianonunes · oktalz · commit 78f9d29bf354 · 2022-08-04T08:51:12.000+02:00
If you don't use `client-ca`, the comparison between `BindParams.Verify`
and `client-crt-optional` will never be true, which will force an
unnecessary reload of the instance.

If `client-ca` and `client-crt-optional` aren't used, `BindParams.Verify`
will always be an empty string and, therefore, can't be equal to
`"required"`.

So, if `client-ca` and `BindParams.SslCafile` are equal and **both are
empty**, we don't need to check the value of the `Verify` attribute.
In this case, we can safely skip the reload, because if `client-ca`
didn't change *and* is still empty, the `Verify` value doesn't matter.
diff --git a/pkg/handler/https.go b/pkg/handler/https.go
@@ -115,7 +115,7 @@ func (handler HTTPS) handleClientTLSAuth(k store.K8s, h haproxy.HAProxy) (reload
 	}
 
 	// No changes
-	if binds[0].SslCafile == caFile && binds[0].Verify == verify {
+	if binds[0].SslCafile == caFile && (caFile == "" || binds[0].Verify == verify) {
 		return
 	}
 	// Removing config

Original file line number	Diff line number	Diff line change
`@@ -115,7 +115,7 @@ func (handler HTTPS) handleClientTLSAuth(k store.K8s, h haproxy.HAProxy) (reload`
`115`	`115`	`}`
`116`	`116`
`117`	`117`	`// No changes`
`118`		`- if binds[0].SslCafile == caFile && binds[0].Verify == verify {`
	`118`	`+ if binds[0].SslCafile == caFile && (caFile == "" \|\| binds[0].Verify == verify) {`
`119`	`119`	`return`
`120`	`120`	`}`
`121`	`121`	`// Removing config`