Skip to content

Commit

Permalink
Post-bump fixes
Browse files Browse the repository at this point in the history
  • Loading branch information
@vrutkovs
vrutkovs committed Jun 27, 2024
1 parent d12075b commit 3ceb1f8
Show file tree
Hide file tree
Showing 3 changed files with 18 additions and 14 deletions.
13 changes: 7 additions & 6 deletions pkg/operator/etcdcertsigner/etcdcertsignercontroller.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,11 @@ import (
"context"
"crypto/x509"
"fmt"
"reflect"
"strconv"
"strings"
"time"

"github.com/openshift/library-go/pkg/crypto"
"github.com/openshift/library-go/pkg/operator/bootstrap"
apierrors "k8s.io/apimachinery/pkg/api/errors"
Expand All @@ -13,10 +18,6 @@ import (
"k8s.io/client-go/tools/cache"
"k8s.io/component-base/metrics"
"k8s.io/klog/v2"
"reflect"
"strconv"
"strings"
"time"

apiannotations "github.com/openshift/api/annotations"
operatorv1 "github.com/openshift/api/operator/v1"
Expand Down Expand Up @@ -355,7 +356,7 @@ func (c *EtcdCertSignerController) ensureBundles(ctx context.Context,
metricsCA *crypto.CA,
currentRevision int32,
) (serverBundle []*x509.Certificate, metricsBundle []*x509.Certificate, rolloutTriggered bool, err error) {
serverBundle, err = c.certConfig.signerCaBundle.EnsureConfigMapCABundle(ctx, serverCA)
serverBundle, err = c.certConfig.signerCaBundle.EnsureConfigMapCABundle(ctx, serverCA, "")
if err != nil {
return nil, nil, false, err
}
Expand All @@ -365,7 +366,7 @@ func (c *EtcdCertSignerController) ensureBundles(ctx context.Context,
return nil, nil, false, fmt.Errorf("could not encode server bundle: %w", err)
}

metricsBundle, err = c.certConfig.metricsSignerCaBundle.EnsureConfigMapCABundle(ctx, metricsCA)
metricsBundle, err = c.certConfig.metricsSignerCaBundle.EnsureConfigMapCABundle(ctx, metricsCA, "")
if err != nil {
return nil, nil, false, err
}
Expand Down
8 changes: 5 additions & 3 deletions pkg/tlshelpers/target_cert_creator.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,11 @@ import (
"bytes"
"crypto/x509"
"fmt"
"time"

"github.com/openshift/library-go/pkg/crypto"
"github.com/openshift/library-go/pkg/operator/certrotation"
corev1 "k8s.io/api/core/v1"
"time"
)

// CARotatingTargetCertCreator ensures we also rotate leaf certificates when we detect a change in signer.
Expand All @@ -22,9 +23,10 @@ func (c *CARotatingTargetCertCreator) NeedNewTargetCertKeyPair(
signer *crypto.CA,
caBundleCerts []*x509.Certificate,
refresh time.Duration,
refreshOnlyWhenExpired bool) string {
refreshOnlyWhenExpired bool,
secretDoesntExist bool) string {

result := c.TargetCertCreator.NeedNewTargetCertKeyPair(secret, signer, caBundleCerts, refresh, refreshOnlyWhenExpired)
result := c.TargetCertCreator.NeedNewTargetCertKeyPair(secret, signer, caBundleCerts, refresh, refreshOnlyWhenExpired, secretDoesntExist)
if result != "" {
return result
}
Expand Down
11 changes: 6 additions & 5 deletions pkg/tlshelpers/target_cert_creator_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,13 +8,14 @@ import (
"crypto/x509"
"crypto/x509/pkix"
"errors"
"github.com/openshift/library-go/pkg/operator/certrotation"
"github.com/stretchr/testify/require"
corev1 "k8s.io/api/core/v1"
"math/big"
"testing"
"time"

"github.com/openshift/library-go/pkg/operator/certrotation"
"github.com/stretchr/testify/require"
corev1 "k8s.io/api/core/v1"

"github.com/davecgh/go-spew/spew"

"github.com/openshift/library-go/pkg/crypto"
Expand All @@ -38,13 +39,13 @@ func (t *testEmbed) SetAnnotations(_ *crypto.TLSCertificateConfig, _ map[string]
panic("implement me")
}

func (t *testEmbed) NeedNewTargetCertKeyPair(_ *corev1.Secret, _ *crypto.CA, _ []*x509.Certificate, _ time.Duration, _ bool) string {
func (t *testEmbed) NeedNewTargetCertKeyPair(_ *corev1.Secret, _ *crypto.CA, _ []*x509.Certificate, _ time.Duration, _, _ bool) string {
return t.result
}

func TestEmbeddedStructHasPriority(t *testing.T) {
embedded := CARotatingTargetCertCreator{&testEmbed{result: "definitive-result"}}
require.Equal(t, "definitive-result", embedded.NeedNewTargetCertKeyPair(nil, nil, nil, time.Minute, false))
require.Equal(t, "definitive-result", embedded.NeedNewTargetCertKeyPair(nil, nil, nil, time.Minute, false, false))
}

func TestSignerSignatureRotation(t *testing.T) {
Expand Down

0 comments on commit 3ceb1f8

Please sign in to comment.