Bump library-go

go.mod

@@ -137,5 +137,6 @@ require (
 
 replace (
 	github.com/gogo/protobuf => github.com/gogo/protobuf v1.3.2
+	github.com/openshift/library-go => github.com/vrutkovs/library-go v0.0.0-20240729110523-26bcb48ec0ae
 	vbom.ml/util => github.com/fvbommel/util v0.0.0-20180919145318-efcd4e0f9787
 )

go.sum

@@ -309,8 +309,6 @@ github.com/openshift/build-machinery-go v0.0.0-20240419090851-af9c868bcf52 h1:bq
 github.com/openshift/build-machinery-go v0.0.0-20240419090851-af9c868bcf52/go.mod h1:b1BuldmJlbA/xYtdZvKi+7j5YGB44qJUJDZ9zwiNCfE=
 github.com/openshift/client-go v0.0.0-20240528061634-b054aa794d87 h1:JtLhaGpSEconE+1IKmIgCOof/Len5ceG6H1pk43yv5U=
 github.com/openshift/client-go v0.0.0-20240528061634-b054aa794d87/go.mod h1:3IPD4U0qyovZS4EFady2kqY32m8lGcbs/Wx+yprg9z8=
-github.com/openshift/library-go v0.0.0-20240619140217-e20ca28ddfe7 h1:kgkHtO+fI1OdanQHZYTQgImqzTzS4naBw8SMQbB18DI=
-github.com/openshift/library-go v0.0.0-20240619140217-e20ca28ddfe7/go.mod h1:PdASVamWinll2BPxiUpXajTwZxV8A1pQbWEsCN1od7I=
 github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
 github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
 github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
@@ -412,6 +410,8 @@ github.com/vishvananda/netlink v1.0.0 h1:bqNY2lgheFIu1meHUFSH3d7vG93AFyqg3oGbJCO
 github.com/vishvananda/netlink v1.0.0/go.mod h1:+SR5DhBJrl6ZM7CoCKvpw5BKroDKQ+PJqOg65H/2ktk=
 github.com/vishvananda/netns v0.0.0-20210104183010-2eb08e3e575f h1:p4VB7kIXpOQvVn1ZaTIVp+3vuYAXFe3OJEvjbUYJLaA=
 github.com/vishvananda/netns v0.0.0-20210104183010-2eb08e3e575f/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0=
+github.com/vrutkovs/library-go v0.0.0-20240729110523-26bcb48ec0ae h1:HMtKkfZXgqb6l8/gYsCGxQQfvSQypVyWHhjQB0jxI7k=
+github.com/vrutkovs/library-go v0.0.0-20240729110523-26bcb48ec0ae/go.mod h1:PdASVamWinll2BPxiUpXajTwZxV8A1pQbWEsCN1od7I=
 github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2 h1:eY9dn8+vbi4tKz5Qo6v2eYzo7kUS51QINcR5jNpbZS8=
 github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=

pkg/operator/etcdcertsigner/etcdcertsignercontroller.go

@@ -417,7 +417,7 @@ func (c *EtcdCertSignerController) ensureBundles(ctx context.Context,
 	metricsCA *crypto.CA,
 	currentRevision int32,
 ) (serverBundle []*x509.Certificate, metricsBundle []*x509.Certificate, rolloutTriggered bool, err error) {
-	serverBundle, err = c.certConfig.signerCaBundle.EnsureConfigMapCABundle(ctx, serverCA)
+	serverBundle, err = c.certConfig.signerCaBundle.EnsureConfigMapCABundle(ctx, serverCA, "")
 	if err != nil {
 		return nil, nil, false, err
 	}
@@ -427,7 +427,7 @@ func (c *EtcdCertSignerController) ensureBundles(ctx context.Context,
 		return nil, nil, false, fmt.Errorf("could not encode server bundle: %w", err)
 	}
 
-	metricsBundle, err = c.certConfig.metricsSignerCaBundle.EnsureConfigMapCABundle(ctx, metricsCA)
+	metricsBundle, err = c.certConfig.metricsSignerCaBundle.EnsureConfigMapCABundle(ctx, metricsCA, "")
 	if err != nil {
 		return nil, nil, false, err
 	}

pkg/tlshelpers/target_cert_creator.go

@@ -4,10 +4,11 @@ import (
 	"bytes"
 	"crypto/x509"
 	"fmt"
+	"time"
+
 	"github.com/openshift/library-go/pkg/crypto"
 	"github.com/openshift/library-go/pkg/operator/certrotation"
 	corev1 "k8s.io/api/core/v1"
-	"time"
 )
 
 // CARotatingTargetCertCreator ensures we also rotate leaf certificates when we detect a change in signer.
@@ -22,9 +23,10 @@ func (c *CARotatingTargetCertCreator) NeedNewTargetCertKeyPair(
 	signer *crypto.CA,
 	caBundleCerts []*x509.Certificate,
 	refresh time.Duration,
-	refreshOnlyWhenExpired bool) string {
+	refreshOnlyWhenExpired bool,
+	secretDoesntExist bool) string {
 
-	result := c.TargetCertCreator.NeedNewTargetCertKeyPair(secret, signer, caBundleCerts, refresh, refreshOnlyWhenExpired)
+	result := c.TargetCertCreator.NeedNewTargetCertKeyPair(secret, signer, caBundleCerts, refresh, refreshOnlyWhenExpired, secretDoesntExist)
 	if result != "" {
 		return result
 	}

pkg/tlshelpers/target_cert_creator_test.go

@@ -8,13 +8,14 @@ import (
 	"crypto/x509"
 	"crypto/x509/pkix"
 	"errors"
-	"github.com/openshift/library-go/pkg/operator/certrotation"
-	"github.com/stretchr/testify/require"
-	corev1 "k8s.io/api/core/v1"
 	"math/big"
 	"testing"
 	"time"
 
+	"github.com/openshift/library-go/pkg/operator/certrotation"
+	"github.com/stretchr/testify/require"
+	corev1 "k8s.io/api/core/v1"
+
 	"github.com/davecgh/go-spew/spew"
 
 	"github.com/openshift/library-go/pkg/crypto"
@@ -38,13 +39,13 @@ func (t *testEmbed) SetAnnotations(_ *crypto.TLSCertificateConfig, _ map[string]
 	panic("implement me")
 }
 
-func (t *testEmbed) NeedNewTargetCertKeyPair(_ *corev1.Secret, _ *crypto.CA, _ []*x509.Certificate, _ time.Duration, _ bool) string {
+func (t *testEmbed) NeedNewTargetCertKeyPair(_ *corev1.Secret, _ *crypto.CA, _ []*x509.Certificate, _ time.Duration, _, _ bool) string {
 	return t.result
 }
 
 func TestEmbeddedStructHasPriority(t *testing.T) {
 	embedded := CARotatingTargetCertCreator{&testEmbed{result: "definitive-result"}}
-	require.Equal(t, "definitive-result", embedded.NeedNewTargetCertKeyPair(nil, nil, nil, time.Minute, false))
+	require.Equal(t, "definitive-result", embedded.NeedNewTargetCertKeyPair(nil, nil, nil, time.Minute, false, false))
 }
 
 func TestSignerSignatureRotation(t *testing.T) {