istioctl: handle DISABLE in TLS types for precheck (#50254)

fixes #50243
istio · Apr 12, 2024 · 3e427fc · 3e427fc
1 parent 98adaad
commit 3e427fc
Showing 1 changed file with 14 additions and 3 deletions.
diff --git a/istioctl/pkg/precheck/precheck.go b/istioctl/pkg/precheck/precheck.go
@@ -310,11 +310,22 @@ func checkDestinationRuleTLS(cli kube.CLIClient, messages *diag.Messages) error
 		return err
 	}
 	checkVerify := func(tls *networking.ClientTLSSettings) bool {
-		return tls != nil && tls.CaCertificates == "" && tls.CredentialName == "" &&
-			tls.Mode != networking.ClientTLSSettings_ISTIO_MUTUAL && !tls.InsecureSkipVerify.GetValue()
+		if tls == nil {
+			return false
+		}
+		if tls.Mode == networking.ClientTLSSettings_DISABLE || tls.Mode == networking.ClientTLSSettings_ISTIO_MUTUAL {
+			return false
+		}
+		return tls.CaCertificates == "" && tls.CredentialName == "" && !tls.InsecureSkipVerify.GetValue()
 	}
 	checkSNI := func(tls *networking.ClientTLSSettings) bool {
-		return tls != nil && tls.Sni == "" && tls.Mode != networking.ClientTLSSettings_ISTIO_MUTUAL
+		if tls == nil {
+			return false
+		}
+		if tls.Mode == networking.ClientTLSSettings_DISABLE || tls.Mode == networking.ClientTLSSettings_ISTIO_MUTUAL {
+			return false
+		}
+		return tls.Sni == ""
 	}
 	for _, dr := range drs.Items {
 		verificationImpacted := false