Merge pull request #1979 from vrutkovs/RewritePrimaryCertBundleSecret

openshift-merge-bot[bot] · web-flow · commit 79aa96d6a80a · 2025-07-24T10:33:39.000Z
OCPBUGS-59526: certgraphanalysis: remove hash from primary cert bundle secret
diff --git a/pkg/certs/cert-inspection/certgraphanalysis/metadata_options.go b/pkg/certs/cert-inspection/certgraphanalysis/metadata_options.go
@@ -149,6 +149,15 @@ var (
 			return timestampReg.ReplaceAllString(path, "<timestamp>.pem")
 		},
 	}
+	RewritePrimaryCertBundleSecret = &metadataOptions{
+		rewriteSecretFn: func(secret *corev1.Secret) {
+			if secret.Namespace != "openshift-ingress" || !strings.HasSuffix(secret.Name, "-primary-cert-bundle-secret") {
+				return
+			}
+			hash := strings.TrimSuffix(secret.Name, "-primary-cert-bundle-secret")
+			secret.Name = strings.ReplaceAll(secret.Name, hash, "<hash>")
+		},
+	}
 )
 
 // skipRevisionedInOnDiskLocation returns true if location is for revisioned certificate and needs to be skipped
