log more when deleting endpoint certificates (#19587)

* log more when deleting endpoint certificates * log before issuing delete * add missing format argument
author: Andreas Eriksen <andreer@verizonmedia.com> 2021-10-15 16:04:09 +0200
committer: GitHub <noreply@github.com> 2021-10-15 16:04:09 +0200
commit: c9a9fab7a40304502fb8fbe957c03bfe9e75c465 (patch)
tree: 8a5b9022bd4bba691784808a8699004d064d1f50
parent: 3a755750ba601440cee41d2f19d4370e2817b3c1 (diff)
1 files changed, 10 insertions, 5 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/EndpointCertificateMaintainer.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/EndpointCertificateMaintainer.java
index 6b6c9084e87..f7e46aaa34a 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/EndpointCertificateMaintainer.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/EndpointCertificateMaintainer.java
@@ -160,16 +160,21 @@ public class EndpointCertificateMaintainer extends ControllerMaintainer {
         List<EndpointCertificateRequestMetadata> endpointCertificateMetadata = endpointCertificateProvider.listCertificates();
         Set<String> managedRequestIds = curator.readAllEndpointCertificateMetadata().values().stream().map(EndpointCertificateMetadata::requestId).collect(Collectors.toSet());
 
-        for (var cameoCertificateMetadata : endpointCertificateMetadata) {
-            if (!managedRequestIds.contains(cameoCertificateMetadata.requestId())) {
+        for (var providerCertificateMetadata : endpointCertificateMetadata) {
+            if (!managedRequestIds.contains(providerCertificateMetadata.requestId())) {
                 if (deleteUnmaintainedCertificates.value()) {
                     // The certificate is not known - however it could be in the process of being requested by us or another controller.
                     // So we only delete if it was requested more than 7 days ago.
-                    if (Instant.parse(cameoCertificateMetadata.createTime()).isBefore(Instant.now().minus(7, ChronoUnit.DAYS))) {
-                        endpointCertificateProvider.deleteCertificate(ApplicationId.fromSerializedForm("applicationid:is:unknown"), cameoCertificateMetadata.requestId());
+                    if (Instant.parse(providerCertificateMetadata.createTime()).isBefore(Instant.now().minus(7, ChronoUnit.DAYS))) {
+                        log.log(Level.INFO, String.format("Deleting unmaintained certificate with request_id %s and SANs %s",
+                                providerCertificateMetadata.requestId(),
+                                providerCertificateMetadata.dnsNames().stream().map(d -> d.dnsName).collect(Collectors.joining(", "))));
+                        endpointCertificateProvider.deleteCertificate(ApplicationId.fromSerializedForm("applicationid:is:unknown"), providerCertificateMetadata.requestId());
                     }
                 } else {
-                    log.info("Certificate metadata exists with provider but is not managed by controller: " + cameoCertificateMetadata);
+                    log.log(Level.INFO, String.format("Found unmaintained certificate with request_id %s and SANs %s",
+                            providerCertificateMetadata.requestId(),
+                            providerCertificateMetadata.dnsNames().stream().map(d -> d.dnsName).collect(Collectors.joining(", "))));
                 }
             }
         }
author	Andreas Eriksen <andreer@verizonmedia.com>	2021-10-15 16:04:09 +0200
committer	GitHub <noreply@github.com>	2021-10-15 16:04:09 +0200
commit	c9a9fab7a40304502fb8fbe957c03bfe9e75c465 (patch)
tree	8a5b9022bd4bba691784808a8699004d064d1f50
parent	3a755750ba601440cee41d2f19d4370e2817b3c1 (diff)