From 86c7e81e18db02ebcbfe35d470682c982871375f Mon Sep 17 00:00:00 2001
From: HOLLEVILLE Matthis <99146727+matthisholleville@users.noreply.github.com>
Date: Wed, 29 Mar 2023 22:36:50 +0200
Subject: [PATCH] feat: add secret validation to ingress analyzer (#141)

This commit adds a check to the ingress analyzer that verifies whether the secret declared in the ingress exists on the cluster. This helps to ensure that only valid secrets are used in the ingress configuration.

Signed-off-by: Matthis Holleville <matthish29@gmail.com>
---
 pkg/analyzer/ingressAnalyzer.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/pkg/analyzer/ingressAnalyzer.go b/pkg/analyzer/ingressAnalyzer.go
index 6b094cb3b0..a389deacc3 100644
--- a/pkg/analyzer/ingressAnalyzer.go
+++ b/pkg/analyzer/ingressAnalyzer.go
@@ -33,6 +33,12 @@ func AnalyzeIngress(ctx context.Context, config *AnalysisConfiguration, client *
 			}
 		}
 
+		for _, tls := range ing.Spec.TLS {
+			_, err := client.GetClient().CoreV1().Secrets(ing.Namespace).Get(ctx, tls.SecretName, metav1.GetOptions{})
+			if err != nil {
+				failures = append(failures, fmt.Sprintf("Ingress uses the secret %s/%s as a TLS certificate which does not exist.", ing.Namespace, tls.SecretName))
+			}
+		}
 		if len(failures) > 0 {
 			preAnalysis[fmt.Sprintf("%s/%s", ing.Namespace, ing.Name)] = PreAnalysis{
 				Ingress:        ing,