From a2c2d1d52165a154d8664b9f0c1c6d06e9873f5a Mon Sep 17 00:00:00 2001
From: Jun <108045855+2456868764@users.noreply.github.com>
Date: Sun, 25 Aug 2024 15:59:12 +0800
Subject: [PATCH] fix: fallbackForInvalidSecret to return original secret
 (#1245)

---
 pkg/ingress/kube/ingress/controller.go   | 13 ++++++++-----
 pkg/ingress/kube/ingressv1/controller.go | 13 ++++++++-----
 2 files changed, 16 insertions(+), 10 deletions(-)

diff --git a/pkg/ingress/kube/ingress/controller.go b/pkg/ingress/kube/ingress/controller.go
index 32a5cd2b7..755f26837 100644
--- a/pkg/ingress/kube/ingress/controller.go
+++ b/pkg/ingress/kube/ingress/controller.go
@@ -431,11 +431,14 @@ func (c *controller) ConvertGateway(convertOptions *common.ConvertOptions, wrapp
 				if err != nil {
 					if k8serrors.IsNotFound(err) {
 						// If there is no matching secret, try to get it from configmap.
-						secretName = httpsCredentialConfig.MatchSecretNameByDomain(rule.Host)
-						secretNamespace = c.options.SystemNamespace
-						namespace, secret := cert.ParseTLSSecret(secretName)
-						if namespace != "" {
-							secretNamespace = namespace
+						matchSecretName := httpsCredentialConfig.MatchSecretNameByDomain(rule.Host)
+						if matchSecretName != "" {
+							namespace, secret := cert.ParseTLSSecret(matchSecretName)
+							if namespace == "" {
+								secretNamespace = c.options.SystemNamespace
+							} else {
+								secretNamespace = namespace
+							}
 							secretName = secret
 						}
 					}
diff --git a/pkg/ingress/kube/ingressv1/controller.go b/pkg/ingress/kube/ingressv1/controller.go
index b15e4b198..f315e3cff 100644
--- a/pkg/ingress/kube/ingressv1/controller.go
+++ b/pkg/ingress/kube/ingressv1/controller.go
@@ -417,11 +417,14 @@ func (c *controller) ConvertGateway(convertOptions *common.ConvertOptions, wrapp
 				if err != nil {
 					if k8serrors.IsNotFound(err) {
 						// If there is no matching secret, try to get it from configmap.
-						secretName = httpsCredentialConfig.MatchSecretNameByDomain(rule.Host)
-						secretNamespace = c.options.SystemNamespace
-						namespace, secret := cert.ParseTLSSecret(secretName)
-						if namespace != "" {
-							secretNamespace = namespace
+						matchSecretName := httpsCredentialConfig.MatchSecretNameByDomain(rule.Host)
+						if matchSecretName != "" {
+							namespace, secret := cert.ParseTLSSecret(matchSecretName)
+							if namespace == "" {
+								secretNamespace = c.options.SystemNamespace
+							} else {
+								secretNamespace = namespace
+							}
 							secretName = secret
 						}
 					}