Add ptls.Dialer to provide some common configuration for tls.Dial operations

2026-01-06 13:36:54 +00:00 · 2024-09-03 14:45:14 -05:00
parent 1e0f7d8437
commit 76a116641f
8 changed files with 300 additions and 69 deletions
--- a/internal/controller/authenticator/webhookcachefiller/webhookcachefiller.go
+++ b/internal/controller/authenticator/webhookcachefiller/webhookcachefiller.go
@@ -6,7 +6,6 @@ package webhookcachefiller

 import (
 	"context"
-	"crypto/tls"
 	"crypto/x509"
 	"fmt"
 	"net/url"
@@ -77,6 +76,7 @@ func New(
 	withInformer pinnipedcontroller.WithInformerOptionFunc,
 	clock clock.Clock,
 	log plog.Logger,
+	dialer ptls.Dialer,
 ) controllerlib.Controller {
 	return controllerlib.New(
 		controllerlib.Config{
@@ -90,6 +90,7 @@ func New(
 				configMapInformer: configMapInformer,
 				clock:             clock,
 				log:               log.WithName(controllerName),
+				dialer:            dialer,
 			},
 		},
 		withInformer(
@@ -125,6 +126,7 @@ type webhookCacheFillerController struct {
 	client            conciergeclientset.Interface
 	clock             clock.Clock
 	log               plog.Logger
+	dialer            ptls.Dialer
 }

 // Sync implements controllerlib.Syncer.
@@ -428,11 +430,11 @@ func (c *webhookCacheFillerController) validateConnection(
 		return conditions, nil
 	}

-	conn, err := tls.Dial("tcp", endpointHostPort.Endpoint(), ptls.Default(certPool))
+	err := c.dialer.IsReachableAndTLSValidationSucceeds(endpointHostPort.Endpoint(), certPool, logger)

 	if err != nil {
 		errText := "cannot dial server"
-		msg := fmt.Sprintf("%s: %s", errText, err.Error())
+		msg := fmt.Sprintf("%s: %s", errText, err)
 		conditions = append(conditions, &metav1.Condition{
 			Type:    typeWebhookConnectionValid,
 			Status:  metav1.ConditionFalse,
@@ -442,13 +444,6 @@ func (c *webhookCacheFillerController) validateConnection(
 		return conditions, fmt.Errorf("%s: %w", errText, err)
 	}

-	// this error should never be significant
-	err = conn.Close()
-	if err != nil {
-		// no unit test for this failure
-		logger.Error("error closing dialer", err)
-	}
-
 	conditions = append(conditions, successfulWebhookConnectionValidCondition())
 	return conditions, nil
 }
--- a/internal/controller/authenticator/webhookcachefiller/webhookcachefiller_test.go
+++ b/internal/controller/authenticator/webhookcachefiller/webhookcachefiller_test.go
@@ -1934,7 +1934,8 @@ func TestController(t *testing.T) {
 				kubeInformers.Core().V1().ConfigMaps(),
 				controllerlib.WithInformer,
 				frozenClock,
-				logger)
+				logger,
+				ptls.NewDialer())

 			ctx, cancel := context.WithCancel(context.Background())
 			defer cancel()
@@ -2177,7 +2178,8 @@ func TestControllerFilterSecret(t *testing.T) {
 				configMapInformer,
 				observableInformers.WithInformer,
 				frozenClock,
-				logger)
+				logger,
+				ptls.NewDialer())

 			unrelated := &corev1.Secret{}
 			filter := observableInformers.GetFilterForInformer(secretInformer)
@@ -2238,7 +2240,8 @@ func TestControllerFilterConfigMap(t *testing.T) {
 				configMapInformer,
 				observableInformers.WithInformer,
 				frozenClock,
-				logger)
+				logger,
+				ptls.NewDialer())

 			unrelated := &corev1.ConfigMap{}
 			filter := observableInformers.GetFilterForInformer(configMapInformer)