[Bugfix] Fix TLS Hash generation (#1519)

ajanikow · web-flow · commit bc4cfbc1dad0 · 2023-12-03T19:27:57.000+01:00
diff --git a/pkg/deployment/reconcile/action_tls_status_update.go b/pkg/deployment/reconcile/action_tls_status_update.go
@@ -59,7 +59,7 @@ func (a *actionTLSKeyStatusUpdate) Start(ctx context.Context) (bool, error) {
 		return true, nil
 	}
 
-	keyHashes := secretKeysToListWithPrefix(f)
+	keyHashes := tlsSecretKeysToListWithPrefix(f)
 
 	if err = a.actionCtx.WithStatusUpdate(ctx, func(s *api.DeploymentStatus) bool {
 		r := false
diff --git a/pkg/deployment/reconcile/plan_builder_tls.go b/pkg/deployment/reconcile/plan_builder_tls.go
@@ -144,7 +144,7 @@ func (r *Reconciler) createTLSStatusUpdateRequired(apiObject k8sutil.APIObject,
 		return false
 	}
 
-	keyHashes := secretKeysToListWithPrefix(trusted)
+	keyHashes := tlsSecretKeysToListWithPrefix(trusted)
 
 	if len(keyHashes) == 0 {
 		return false
diff --git a/pkg/deployment/reconcile/utils.go b/pkg/deployment/reconcile/utils.go
@@ -27,18 +27,27 @@ import (
 	"k8s.io/apimachinery/pkg/types"
 
 	api "github.com/arangodb/kube-arangodb/pkg/apis/deployment/v1"
+	"github.com/arangodb/kube-arangodb/pkg/deployment/resources"
+	"github.com/arangodb/kube-arangodb/pkg/handlers/utils"
 	"github.com/arangodb/kube-arangodb/pkg/util/k8sutil/inspector/pod"
 	"github.com/arangodb/kube-arangodb/pkg/util/strings"
 )
 
-func secretKeysToListWithPrefix(s *core.Secret) []string {
-	return strings.PrefixStringArray(secretKeysToList(s), "sha256:")
+func tlsSecretKeysToListWithPrefix(s *core.Secret) []string {
+	return secretKeysToListWithPrefix(s, resources.CACertName)
 }
 
-func secretKeysToList(s *core.Secret) []string {
+func secretKeysToListWithPrefix(s *core.Secret, skip ...string) []string {
+	return strings.PrefixStringArray(secretKeysToList(s, skip...), "sha256:")
+}
+
+func secretKeysToList(s *core.Secret, skip ...string) []string {
 	keys := make([]string, 0, len(s.Data))
 
 	for key := range s.Data {
+		if utils.StringList(skip).Has(key) {
+			continue
+		}
 		keys = append(keys, key)
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -59,7 +59,7 @@ func (a *actionTLSKeyStatusUpdate) Start(ctx context.Context) (bool, error) {`
`59`	`59`	`return true, nil`
`60`	`60`	`}`
`61`	`61`
`62`		`- keyHashes := secretKeysToListWithPrefix(f)`
	`62`	`+ keyHashes := tlsSecretKeysToListWithPrefix(f)`
`63`	`63`
`64`	`64`	`if err = a.actionCtx.WithStatusUpdate(ctx, func(s *api.DeploymentStatus) bool {`
`65`	`65`	`r := false`
Original file line number	Diff line number	Diff line change
`@@ -144,7 +144,7 @@ func (r *Reconciler) createTLSStatusUpdateRequired(apiObject k8sutil.APIObject,`
`144`	`144`	`return false`
`145`	`145`	`}`
`146`	`146`
`147`		`- keyHashes := secretKeysToListWithPrefix(trusted)`
	`147`	`+ keyHashes := tlsSecretKeysToListWithPrefix(trusted)`
`148`	`148`
`149`	`149`	`if len(keyHashes) == 0 {`
`150`	`150`	`return false`