fix tls version annotation (#1652)

2026-06-25 18:25:10 +08:00 · 2025-01-08 15:31:39 +08:00
parent 4733af849d
commit 6820a06a99
1 changed files with 18 additions and 19 deletions
--- a/pkg/ingress/kube/annotations/downstreamtls.go
+++ b/pkg/ingress/kube/annotations/downstreamtls.go
@@ -15,8 +15,8 @@
 package annotations

 import (
-	"strings"
 	"fmt"
+	"strings"

 	networking "istio.io/api/networking/v1alpha3"
 	gatewaytool "istio.io/istio/pkg/config/gateway"
@@ -143,7 +143,7 @@ func (d downstreamTLS) ApplyGateway(gateway *networking.Gateway, config *Ingress

 func needDownstreamTLS(annotations Annotations) bool {
 	return annotations.HasASAP(sslCipher) ||
-		annotations.HasASAP(authTLSSecret)||
+		annotations.HasASAP(authTLSSecret) ||
 		annotations.HasASAP(annotationMinTLSVersion) ||
 		annotations.HasASAP(annotationMaxTLSVersion)
 }
@@ -151,14 +151,13 @@ func needDownstreamTLS(annotations Annotations) bool {
 func convertTLSVersion(version string) (networking.ServerTLSSettings_TLSProtocol, error) {
 	switch version {
 	case "TLSv1.0":
-		return networking.ServerTLSSettings_TLSV1_0 , nil
+		return networking.ServerTLSSettings_TLSV1_0, nil
 	case "TLSv1.1":
-			return networking.ServerTLSSettings_TLSV1_1 , nil
+		return networking.ServerTLSSettings_TLSV1_1, nil
 	case "TLSv1.2":
-			return networking.ServerTLSSettings_TLSV1_2 , nil
+		return networking.ServerTLSSettings_TLSV1_2, nil
 	case "TLSv1.3":
-	default:
-		return networking.ServerTLSSettings_TLS_AUTO, fmt.Errorf("invalid TLS version: %s. Valid values are: TLSv1.0, TLSv1.1, TLSv1.2, TLSv1.3", version)
+		return networking.ServerTLSSettings_TLSV1_3, nil
 	}
-	return networking.ServerTLSSettings_TLS_AUTO, fmt.Errorf("unreachable code, but required by compiler")
+	return networking.ServerTLSSettings_TLS_AUTO, fmt.Errorf("invalid TLS version: %s. Valid values are: TLSv1.0, TLSv1.1, TLSv1.2, TLSv1.3", version)
 }