From 2cbf9bb946a85283a4e591d4fed9094b6f635639 Mon Sep 17 00:00:00 2001
From: Alex Chvatal <achvatal@redhat.com>
Date: Wed, 9 Oct 2024 13:38:08 -0400
Subject: [PATCH] use correct common name when correcting cert issuer

---
 pkg/cluster/correct_cert_issuer.go      | 2 +-
 pkg/cluster/correct_cert_issuer_test.go | 8 +++++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/pkg/cluster/correct_cert_issuer.go b/pkg/cluster/correct_cert_issuer.go
index 255628ae114..37e693a7d0b 100644
--- a/pkg/cluster/correct_cert_issuer.go
+++ b/pkg/cluster/correct_cert_issuer.go
@@ -47,7 +47,7 @@ func (m *manager) ensureCertificateIssuer(ctx context.Context, certificateName,
 			return err
 		}
 
-		err = clusterKeyvault.CreateSignedCertificate(ctx, issuerName, certificateName, certificateName, keyvault.EkuServerAuth)
+		err = clusterKeyvault.CreateSignedCertificate(ctx, issuerName, certificateName, *bundle.Policy.X509CertificateProperties.Subject, keyvault.EkuServerAuth)
 		if err != nil {
 			return err
 		}
diff --git a/pkg/cluster/correct_cert_issuer_test.go b/pkg/cluster/correct_cert_issuer_test.go
index 8d97334419d..906dd18b453 100644
--- a/pkg/cluster/correct_cert_issuer_test.go
+++ b/pkg/cluster/correct_cert_issuer_test.go
@@ -18,6 +18,7 @@ func TestEnsureCertificateIssuer(t *testing.T) {
 	tests := []struct {
 		Name              string
 		CertificateName   string
+		CommonName        string
 		CurrentIssuerName string
 		NewIssuerName     string
 		ExpectError       bool
@@ -25,12 +26,14 @@ func TestEnsureCertificateIssuer(t *testing.T) {
 		{
 			Name:              "current issuer matches new issuer",
 			CertificateName:   "testCert",
+			CommonName:        "api.test.asdf.tld",
 			CurrentIssuerName: "fakeIssuer",
 			NewIssuerName:     "fakeIssuer",
 		},
 		{
 			Name:              "current issuer different from new issuer",
 			CertificateName:   "testCert",
+			CommonName:        "api.test.asdf.tld",
 			CurrentIssuerName: "OldFakeIssuer",
 			NewIssuerName:     "NewFakeIssuer",
 		},
@@ -47,6 +50,9 @@ func TestEnsureCertificateIssuer(t *testing.T) {
 					IssuerParameters: &azkeyvault.IssuerParameters{
 						Name: &test.CurrentIssuerName,
 					},
+					X509CertificateProperties: &azkeyvault.X509CertificateProperties{
+						Subject: &test.CommonName,
+					},
 				},
 			}, nil)
 
@@ -58,7 +64,7 @@ func TestEnsureCertificateIssuer(t *testing.T) {
 				}, nil)
 
 				clusterKeyvault.EXPECT().UpdateCertificatePolicy(gomock.Any(), test.CertificateName, gomock.Any()).Return(nil)
-				clusterKeyvault.EXPECT().CreateSignedCertificate(gomock.Any(), test.NewIssuerName, test.CertificateName, test.CertificateName, gomock.Any()).Return(nil)
+				clusterKeyvault.EXPECT().CreateSignedCertificate(gomock.Any(), test.NewIssuerName, test.CertificateName, test.CommonName, gomock.Any()).Return(nil)
 			}
 
 			env := mock_env.NewMockInterface(controller)