diff options
author | Andreas Eriksen <andreer@verizonmedia.com> | 2021-10-15 16:04:09 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-10-15 16:04:09 +0200 |
commit | c9a9fab7a40304502fb8fbe957c03bfe9e75c465 (patch) | |
tree | 8a5b9022bd4bba691784808a8699004d064d1f50 | |
parent | 3a755750ba601440cee41d2f19d4370e2817b3c1 (diff) |
log more when deleting endpoint certificates (#19587)
* log more when deleting endpoint certificates
* log before issuing delete
* add missing format argument
-rw-r--r-- | controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/EndpointCertificateMaintainer.java | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/EndpointCertificateMaintainer.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/EndpointCertificateMaintainer.java index 6b6c9084e87..f7e46aaa34a 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/EndpointCertificateMaintainer.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/EndpointCertificateMaintainer.java @@ -160,16 +160,21 @@ public class EndpointCertificateMaintainer extends ControllerMaintainer { List<EndpointCertificateRequestMetadata> endpointCertificateMetadata = endpointCertificateProvider.listCertificates(); Set<String> managedRequestIds = curator.readAllEndpointCertificateMetadata().values().stream().map(EndpointCertificateMetadata::requestId).collect(Collectors.toSet()); - for (var cameoCertificateMetadata : endpointCertificateMetadata) { - if (!managedRequestIds.contains(cameoCertificateMetadata.requestId())) { + for (var providerCertificateMetadata : endpointCertificateMetadata) { + if (!managedRequestIds.contains(providerCertificateMetadata.requestId())) { if (deleteUnmaintainedCertificates.value()) { // The certificate is not known - however it could be in the process of being requested by us or another controller. // So we only delete if it was requested more than 7 days ago. - if (Instant.parse(cameoCertificateMetadata.createTime()).isBefore(Instant.now().minus(7, ChronoUnit.DAYS))) { - endpointCertificateProvider.deleteCertificate(ApplicationId.fromSerializedForm("applicationid:is:unknown"), cameoCertificateMetadata.requestId()); + if (Instant.parse(providerCertificateMetadata.createTime()).isBefore(Instant.now().minus(7, ChronoUnit.DAYS))) { + log.log(Level.INFO, String.format("Deleting unmaintained certificate with request_id %s and SANs %s", + providerCertificateMetadata.requestId(), + providerCertificateMetadata.dnsNames().stream().map(d -> d.dnsName).collect(Collectors.joining(", ")))); + endpointCertificateProvider.deleteCertificate(ApplicationId.fromSerializedForm("applicationid:is:unknown"), providerCertificateMetadata.requestId()); } } else { - log.info("Certificate metadata exists with provider but is not managed by controller: " + cameoCertificateMetadata); + log.log(Level.INFO, String.format("Found unmaintained certificate with request_id %s and SANs %s", + providerCertificateMetadata.requestId(), + providerCertificateMetadata.dnsNames().stream().map(d -> d.dnsName).collect(Collectors.joining(", ")))); } } } |