Skip to content

Commit 6ecf79f

Browse files
xekxek
committed
Set rotated at in secret annotation
1 parent ee7eeb4 commit 6ecf79f

File tree

1 file changed

+17
-14
lines changed

1 file changed

+17
-14
lines changed

controllers/keystoneapi_controller.go

Lines changed: 17 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -1327,7 +1327,7 @@ func (r *KeystoneAPIReconciler) ensureFernetKeys(
13271327
helper *helper.Helper,
13281328
envVars *map[string]env.Setter,
13291329
) error {
1330-
fernetLabel := labels.GetGroupLabel(keystone.ServiceName) + "/rotatedat"
1330+
fernetAnnotation := labels.GetGroupLabel(keystone.ServiceName) + "/rotatedat"
13311331
labels := labels.GetLabels(instance, labels.GetGroupLabel(keystone.ServiceName), map[string]string{})
13321332
now := time.Now().UTC()
13331333

@@ -1351,15 +1351,17 @@ func (r *KeystoneAPIReconciler) ensureFernetKeys(
13511351
fernetKeys[fmt.Sprintf("FernetKeys%d", i)] = keystone.GenerateFernetKey()
13521352
}
13531353

1354-
labels[fernetLabel] = now.Format(time.RFC3339)
1354+
annotations := map[string]string{
1355+
fernetAnnotation: now.Format(time.RFC3339)}
13551356

13561357
tmpl := []util.Template{
13571358
{
1358-
Name: secretName,
1359-
Namespace: instance.Namespace,
1360-
Type: util.TemplateTypeNone,
1361-
CustomData: fernetKeys,
1362-
Labels: labels,
1359+
Name: secretName,
1360+
Namespace: instance.Namespace,
1361+
Type: util.TemplateTypeNone,
1362+
CustomData: fernetKeys,
1363+
Labels: labels,
1364+
Annotations: annotations,
13631365
},
13641366
}
13651367
err := oko_secret.EnsureSecrets(ctx, helper, instance, tmpl, envVars)
@@ -1377,11 +1379,11 @@ func (r *KeystoneAPIReconciler) ensureFernetKeys(
13771379
//
13781380
// Fernet Key rotation
13791381
//
1380-
rotatedAt, err := time.Parse(time.RFC3339, labels[fernetLabel])
1382+
rotatedAt, err := time.Parse(time.RFC3339, secret.Annotations[fernetAnnotation])
13811383
duration := int(*instance.Spec.FernetRotationDays)
13821384

13831385
if err != nil {
1384-
labels[fernetLabel] = now.Format(time.RFC3339)
1386+
secret.Annotations[fernetAnnotation] = now.Format(time.RFC3339)
13851387
} else if rotatedAt.AddDate(0, 0, duration).After(now) {
13861388
secret.Data[extraKey] = secret.Data["FernetKeys0"]
13871389
secret.Data["FernetKeys0"] = []byte(keystone.GenerateFernetKey())
@@ -1445,11 +1447,12 @@ func (r *KeystoneAPIReconciler) ensureFernetKeys(
14451447

14461448
tmpl := []util.Template{
14471449
{
1448-
Name: secretName,
1449-
Namespace: instance.Namespace,
1450-
Type: util.TemplateTypeNone,
1451-
CustomData: fernetKeys,
1452-
Labels: labels,
1450+
Name: secretName,
1451+
Namespace: instance.Namespace,
1452+
Type: util.TemplateTypeNone,
1453+
CustomData: fernetKeys,
1454+
Labels: labels,
1455+
Annotations: secret.Annotations,
14531456
},
14541457
}
14551458

0 commit comments

Comments
 (0)