@@ -16,23 +16,30 @@ const (
1616 CertificateIssuer = "auth.openshift.io/certificate-issuer"
1717 // CertificateHostnames contains the hostnames used by a signer.
1818 CertificateHostnames = "auth.openshift.io/certificate-hostnames"
19- // AutoRegenerateAfterOfflineExpiryAnnotation contains a link to PR and an e2e test name which verifies
19+ // CertificateTestNameAnnotation is an e2e test name which verifies that TLS artifact is created and used correctly
20+ CertificateTestNameAnnotation string = "certificates.openshift.io/test-name"
21+ // CertificateAutoRegenerateAfterOfflineExpiryAnnotation contains a link to PR adding this annotation which verifies
2022 // that TLS artifact is correctly regenerated after it has expired
21- AutoRegenerateAfterOfflineExpiryAnnotation string = "certificates.openshift.io/auto-regenerate-after-offline-expiry"
23+ CertificateAutoRegenerateAfterOfflineExpiryAnnotation string = "certificates.openshift.io/auto-regenerate-after-offline-expiry"
24+ // CertificateRefreshPeriodAnnotation is the interval at which the certificate should be refreshed.
25+ CertificateRefreshPeriodAnnotation string = "certificates.openshift.io/refresh-period"
2226)
2327
2428type AdditionalAnnotations struct {
2529 // JiraComponent annotates tls artifacts so that owner could be easily found
2630 JiraComponent string
2731 // Description is a human-readable one sentence description of certificate purpose
2832 Description string
29- // AutoRegenerateAfterOfflineExpiry contains a link to PR and an e2e test name which verifies
30- // that TLS artifact is correctly regenerated after it has expired
33+ // TestName is an e2e test name which verifies that TLS artifact is created and used correctly
34+ TestName string
35+ // AutoRegenerateAfterOfflineExpiry contains a link to PR which adds this annotation on the TLS artifact
3136 AutoRegenerateAfterOfflineExpiry string
3237 // NotBefore contains certificate the certificate creation date in RFC3339 format.
3338 NotBefore string
3439 // NotAfter contains certificate the certificate validity date in RFC3339 format.
3540 NotAfter string
41+ // RefreshPeriod contains the interval at which the certificate should be refreshed.
42+ RefreshPeriod string
3643}
3744
3845func (a AdditionalAnnotations ) EnsureTLSMetadataUpdate (meta * metav1.ObjectMeta ) bool {
@@ -52,20 +59,36 @@ func (a AdditionalAnnotations) EnsureTLSMetadataUpdate(meta *metav1.ObjectMeta)
5259 meta .Annotations [annotations .OpenShiftDescription ] = a .Description
5360 modified = true
5461 }
55- if len (a .AutoRegenerateAfterOfflineExpiry ) > 0 && meta .Annotations [AutoRegenerateAfterOfflineExpiryAnnotation ] != a .AutoRegenerateAfterOfflineExpiry {
56- diff := cmp .Diff (meta .Annotations [AutoRegenerateAfterOfflineExpiryAnnotation ], a .AutoRegenerateAfterOfflineExpiry )
57- klog .V (2 ).Infof ("Updating %q annotation for %s/%s, diff: %s" , AutoRegenerateAfterOfflineExpiryAnnotation , meta .Namespace , meta .Name , diff )
58- meta .Annotations [AutoRegenerateAfterOfflineExpiryAnnotation ] = a .AutoRegenerateAfterOfflineExpiry
62+ if len (a .TestName ) > 0 && meta .Annotations [CertificateTestNameAnnotation ] != a .TestName {
63+ diff := cmp .Diff (meta .Annotations [CertificateTestNameAnnotation ], a .TestName )
64+ klog .V (2 ).Infof ("Updating %q annotation for %s/%s, diff: %s" , CertificateTestNameAnnotation , meta .Name , meta .Namespace , diff )
65+ meta .Annotations [CertificateTestNameAnnotation ] = a .TestName
66+ modified = true
67+ }
68+ if len (a .AutoRegenerateAfterOfflineExpiry ) > 0 && meta .Annotations [CertificateAutoRegenerateAfterOfflineExpiryAnnotation ] != a .AutoRegenerateAfterOfflineExpiry {
69+ diff := cmp .Diff (meta .Annotations [CertificateAutoRegenerateAfterOfflineExpiryAnnotation ], a .AutoRegenerateAfterOfflineExpiry )
70+ klog .V (2 ).Infof ("Updating %q annotation for %s/%s, diff: %s" , CertificateAutoRegenerateAfterOfflineExpiryAnnotation , meta .Namespace , meta .Name , diff )
71+ meta .Annotations [CertificateAutoRegenerateAfterOfflineExpiryAnnotation ] = a .AutoRegenerateAfterOfflineExpiry
5972 modified = true
6073 }
6174 if len (a .NotBefore ) > 0 && meta .Annotations [CertificateNotBeforeAnnotation ] != a .NotBefore {
75+ diff := cmp .Diff (meta .Annotations [CertificateNotBeforeAnnotation ], a .NotBefore )
76+ klog .V (2 ).Infof ("Updating %q annotation for %s/%s, diff: %s" , CertificateNotBeforeAnnotation , meta .Name , meta .Namespace , diff )
6277 meta .Annotations [CertificateNotBeforeAnnotation ] = a .NotBefore
6378 modified = true
6479 }
6580 if len (a .NotAfter ) > 0 && meta .Annotations [CertificateNotAfterAnnotation ] != a .NotAfter {
81+ diff := cmp .Diff (meta .Annotations [CertificateNotAfterAnnotation ], a .NotAfter )
82+ klog .V (2 ).Infof ("Updating %q annotation for %s/%s, diff: %s" , CertificateNotAfterAnnotation , meta .Name , meta .Namespace , diff )
6683 meta .Annotations [CertificateNotAfterAnnotation ] = a .NotAfter
6784 modified = true
6885 }
86+ if len (a .RefreshPeriod ) > 0 && meta .Annotations [CertificateRefreshPeriodAnnotation ] != a .RefreshPeriod {
87+ diff := cmp .Diff (meta .Annotations [CertificateRefreshPeriodAnnotation ], a .RefreshPeriod )
88+ klog .V (2 ).Infof ("Updating %q annotation for %s/%s, diff: %s" , CertificateRefreshPeriodAnnotation , meta .Name , meta .Namespace , diff )
89+ meta .Annotations [CertificateRefreshPeriodAnnotation ] = a .RefreshPeriod
90+ modified = true
91+ }
6992 return modified
7093}
7194
0 commit comments