Skip to content

Commit

Permalink
revert update cert reloader logic
Browse files Browse the repository at this point in the history 
Signed-off-by: taniwa <taniwa@lycorp.co.jp>
  • Loading branch information
@t4niwa
t4niwa committed Mar 27, 2024
1 parent 2e1a937 commit 7a8d1f2
Showing 1 changed file with 19 additions and 5 deletions.
24 changes: 19 additions & 5 deletions pkg/certificate/service.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -192,6 +192,12 @@ func New(ctx context.Context, idCfg *config.IdentityConfig) (daemon.Daemon, erro
if err != nil {
log.Errorf("Failed to retrieve x509 certificate from identity provider: %s", err.Error())
}
if identity != nil && len(keyPEM) != 0 {
errUpdate := idCfg.Reloader.UpdateCertificate([]byte(identity.X509CertificatePEM), keyPEM)
if errUpdate != nil {
log.Errorf("Failed to update x509 certificate into certificate reloader: %s", errUpdate.Error())
}
}
} else if idCfg.KeyFile != "" && idCfg.CertFile != "" {
log.Debug("Attempting to load x509 certificate from cert reloader...")
localFileKeyPEM, localFileCertPEM, err := idCfg.Reloader.GetLatestKeyAndCert()
Expand Down Expand Up @@ -228,6 +234,12 @@ func New(ctx context.Context, idCfg *config.IdentityConfig) (daemon.Daemon, erro
identity = k8sSecretBackupIdentity
keyPEM = k8sSecretBackupKeyPEM
log.Infof("Successfully loaded x509 certificate from kubernetes secret")
if identity != nil && len(keyPEM) != 0 {
errUpdate := idCfg.Reloader.UpdateCertificate([]byte(identity.X509CertificatePEM), keyPEM)
if errUpdate != nil {
log.Errorf("Failed to update x509 certificate into certificate reloader: %s", errUpdate.Error())
}
}
}
} else {
log.Debugf("Skipping to load x509 certificate temporary backup from Kubernetes secret[%s]", idCfg.CertSecret)
Expand All @@ -246,12 +258,14 @@ func New(ctx context.Context, idCfg *config.IdentityConfig) (daemon.Daemon, erro
} else {
identity = forceInitIdentity
keyPEM = forceInitKeyPEM
}
}

errUpdate := idCfg.Reloader.UpdateCertificate([]byte(identity.X509CertificatePEM), keyPEM)
if errUpdate != nil {
log.Errorf("Failed to update x509 certificate into certificate reloader: %s", err.Error())
if identity != nil && len(keyPEM) != 0 {
errUpdate := idCfg.Reloader.UpdateCertificate([]byte(identity.X509CertificatePEM), keyPEM)
if errUpdate != nil {
log.Errorf("Failed to update x509 certificate into certificate reloader: %s", errUpdate.Error())
}
}
}
}

err, roleCerts, roleKeyPEM = roleCertProvisioningRequest()
Expand Down

0 comments on commit 7a8d1f2

Please sign in to comment.