From aa9a10082390e65c78fb4bf72cbfc9ed9cadc1cf Mon Sep 17 00:00:00 2001 From: ajanikow <12255597+ajanikow@users.noreply.github.com> Date: Sun, 3 Dec 2023 10:22:49 +0000 Subject: [PATCH] [Bugfix] Fix TLS Hash generation --- .../reconcile/action_tls_status_update.go | 2 +- pkg/deployment/reconcile/plan_builder_tls.go | 2 +- pkg/deployment/reconcile/utils.go | 15 ++++++++++++--- 3 files changed, 14 insertions(+), 5 deletions(-) diff --git a/pkg/deployment/reconcile/action_tls_status_update.go b/pkg/deployment/reconcile/action_tls_status_update.go index 8ef84f668..276a99160 100644 --- a/pkg/deployment/reconcile/action_tls_status_update.go +++ b/pkg/deployment/reconcile/action_tls_status_update.go @@ -59,7 +59,7 @@ func (a *actionTLSKeyStatusUpdate) Start(ctx context.Context) (bool, error) { return true, nil } - keyHashes := secretKeysToListWithPrefix(f) + keyHashes := tlsSecretKeysToListWithPrefix(f) if err = a.actionCtx.WithStatusUpdate(ctx, func(s *api.DeploymentStatus) bool { r := false diff --git a/pkg/deployment/reconcile/plan_builder_tls.go b/pkg/deployment/reconcile/plan_builder_tls.go index 9d2cf08ef..fc9220670 100644 --- a/pkg/deployment/reconcile/plan_builder_tls.go +++ b/pkg/deployment/reconcile/plan_builder_tls.go @@ -144,7 +144,7 @@ func (r *Reconciler) createTLSStatusUpdateRequired(apiObject k8sutil.APIObject, return false } - keyHashes := secretKeysToListWithPrefix(trusted) + keyHashes := tlsSecretKeysToListWithPrefix(trusted) if len(keyHashes) == 0 { return false diff --git a/pkg/deployment/reconcile/utils.go b/pkg/deployment/reconcile/utils.go index cdb8a6c11..ccf2a90c2 100644 --- a/pkg/deployment/reconcile/utils.go +++ b/pkg/deployment/reconcile/utils.go @@ -27,18 +27,27 @@ import ( "k8s.io/apimachinery/pkg/types" api "github.com/arangodb/kube-arangodb/pkg/apis/deployment/v1" + "github.com/arangodb/kube-arangodb/pkg/deployment/resources" + "github.com/arangodb/kube-arangodb/pkg/handlers/utils" "github.com/arangodb/kube-arangodb/pkg/util/k8sutil/inspector/pod" "github.com/arangodb/kube-arangodb/pkg/util/strings" ) -func secretKeysToListWithPrefix(s *core.Secret) []string { - return strings.PrefixStringArray(secretKeysToList(s), "sha256:") +func tlsSecretKeysToListWithPrefix(s *core.Secret) []string { + return secretKeysToListWithPrefix(s, resources.CACertName) } -func secretKeysToList(s *core.Secret) []string { +func secretKeysToListWithPrefix(s *core.Secret, skip ...string) []string { + return strings.PrefixStringArray(secretKeysToList(s, skip...), "sha256:") +} + +func secretKeysToList(s *core.Secret, skip ...string) []string { keys := make([]string, 0, len(s.Data)) for key := range s.Data { + if utils.StringList(skip).Has(key) { + continue + } keys = append(keys, key) }