func validateListenerConfigurations()

in pkg/providers/gateway/translation/gateway.go [85:153]

• 61 lines of code
• 29 McCabe index (conditional complexity)

func validateListenerConfigurations(gateway *gatewayv1beta1.Gateway, idx int, allowedKinds []gatewayv1beta1.RouteGroupKind,
	listener gatewayv1beta1.Listener) error {
	// Check protocols and allowedKinds
	protocol := listener.Protocol
	if protocol == gatewayv1beta1.HTTPProtocolType || protocol == gatewayv1beta1.TCPProtocolType || protocol == gatewayv1beta1.UDPProtocolType {
		// Non-TLS
		if listener.TLS != nil {
			return errors.New("non-empty TLS conf for protocol " + string(protocol))
		}
		if protocol == gatewayv1beta1.HTTPProtocolType {
			if len(allowedKinds) != 1 || allowedKinds[0].Kind != types.KindHTTPRoute {
				return errors.New("HTTP protocol must allow route type HTTPRoute")
			}
		} else if protocol == gatewayv1beta1.TCPProtocolType {
			if len(allowedKinds) != 1 || allowedKinds[0].Kind != types.KindTCPRoute {
				return errors.New("TCP protocol must allow route type TCPRoute")
			}
		} else if protocol == gatewayv1beta1.UDPProtocolType {
			if len(allowedKinds) != 1 || allowedKinds[0].Kind != types.KindUDPRoute {
				return errors.New("UDP protocol must allow route type UDPRoute")
			}
		}

	} else if protocol == gatewayv1beta1.HTTPSProtocolType || protocol == gatewayv1beta1.TLSProtocolType {
		// TLS
		if listener.TLS == nil {
			return errors.New("empty TLS conf for protocol " + string(protocol))
		}

		if *listener.TLS.Mode == gatewayv1beta1.TLSModeTerminate {
			if len(listener.TLS.CertificateRefs) == 0 {
				return errors.New("TLS mode Terminate requires CertificateRefs")
			}

			if len(listener.TLS.CertificateRefs) > 1 {
				log.Warnw("only the first CertificateRefs take effect",
					zap.String("gateway", gateway.Name),
					zap.String("namespace", gateway.Namespace),
					zap.Int("listener_index", idx),
				)
			}
		} else {
			if len(listener.TLS.CertificateRefs) != 0 {
				log.Warnw("no CertificateRefs will take effect in non-terminate TLS mode",
					zap.String("gateway", gateway.Name),
					zap.String("namespace", gateway.Namespace),
					zap.Int("listener_index", idx),
				)
			}
		}

		if protocol == gatewayv1beta1.HTTPSProtocolType {
			if *listener.TLS.Mode != gatewayv1beta1.TLSModeTerminate {
				return errors.New("TLS mode for HTTPS protocol must be Terminate")
			}
			if len(allowedKinds) != 1 || allowedKinds[0].Kind != types.KindHTTPRoute {
				return errors.New("HTTP protocol must allow route type HTTPRoute")
			}
		} else if protocol == gatewayv1beta1.TLSProtocolType {
			for _, kind := range allowedKinds {
				if kind.Kind != types.KindTLSRoute && kind.Kind != types.KindTCPRoute {
					return errors.New("TLS protocol only support route type TLSRoute and TCPRoute")
				}
			}
		}
	}

	return nil
}