Handle invalid cert-manager ValidityDuration

ArkaSaha30 · ArkaSaha30 · commit 685ced1fdb04 · 2025-12-14T22:43:26.000+05:30
This commit will handle a scenario of invalid cert-manager ValidityDuration user input
and throw an error.
In case, ValidityDuration is not defined by user it will default to 90days for cert-manager

Signed-off-by: ArkaSaha30 &lt;arkasaha30@gmail.com&gt;
diff --git a/internal/controller/utils.go b/internal/controller/utils.go
@@ -566,11 +566,19 @@ func getPeerCertName(etcdClusterName string) string {
 	return peerCertName
 }
 
-func createCMCertificateConfig(ec *ecv1alpha1.EtcdCluster) *certInterface.Config {
+func createCMCertificateConfig(ec *ecv1alpha1.EtcdCluster) (*certInterface.Config, error) {
 	cmConfig := ec.Spec.TLS.ProviderCfg.CertManagerCfg
-	duration, err := time.ParseDuration(cmConfig.ValidityDuration)
-	if err != nil {
-		log.Printf("Failed to parse ValidityDuration: %s", err)
+
+	// Set default duration to 90 days for cert-manager if not provided
+	var duration time.Duration
+	if cmConfig.ValidityDuration == "" {
+		duration = certInterface.DefaultCertManagerValidity
+	} else {
+		var err error
+		duration, err = time.ParseDuration(cmConfig.ValidityDuration)
+		if err != nil {
+			return nil, fmt.Errorf("failed to parse ValidityDuration: %w", err)
+		}
 	}
 
 	var getAltNames certInterface.AltNames
@@ -596,7 +604,7 @@ func createCMCertificateConfig(ec *ecv1alpha1.EtcdCluster) *certInterface.Config
 			"issuerKind": cmConfig.IssuerKind,
 		},
 	}
-	return config
+	return config, nil
 }
 
 func createAutoCertificateConfig(ec *ecv1alpha1.EtcdCluster) *certInterface.Config {
@@ -653,7 +661,10 @@ func createCertificate(ec *ecv1alpha1.EtcdCluster, ctx context.Context, c client
 				}
 				return nil
 			case ec.Spec.TLS.ProviderCfg.CertManagerCfg != nil:
-				cmConfig := createCMCertificateConfig(ec)
+				cmConfig, err := createCMCertificateConfig(ec)
+				if err != nil {
+					return fmt.Errorf("error creating cert-manager certificate config: %w", err)
+				}
 				createCertErr := cert.EnsureCertificateSecret(ctx, certName, ec.Namespace, cmConfig)
 				if createCertErr != nil {
 					log.Printf("Error creating certificate: %s", createCertErr)
diff --git a/pkg/certificate/interfaces/interface.go b/pkg/certificate/interfaces/interface.go
@@ -41,6 +41,9 @@ const (
 	// with a delay of RetryInterval between consecutive retries
 	MaxRetries    = 36
 	RetryInterval = 5 * time.Second
+
+	// DefaultCertManagerValidity is the default validity duration for cert-manager certificates (90 days)
+	DefaultCertManagerValidity = 90 * 24 * time.Hour
 )
 
 // AltNames contains the domain names and IP addresses that will be added

Original file line number	Diff line number	Diff line change
`@@ -41,6 +41,9 @@ const (`
`41`	`41`	`// with a delay of RetryInterval between consecutive retries`
`42`	`42`	`MaxRetries = 36`
`43`	`43`	`RetryInterval = 5 * time.Second`
	`44`	`+`
	`45`	`+ // DefaultCertManagerValidity is the default validity duration for cert-manager certificates (90 days)`
	`46`	`+ DefaultCertManagerValidity = 90 * 24 * time.Hour`
`44`	`47`	`)`
`45`	`48`
`46`	`49`	`// AltNames contains the domain names and IP addresses that will be added`