diff options
author | Andreas Eriksen <andreer@verizonmedia.com> | 2022-03-10 12:50:01 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-03-10 12:50:01 +0100 |
commit | 2d1c767b22fee1676a9f2666ab10783f62f0613e (patch) | |
tree | fe8fc7b92a646ea59b1b62c63f4b2a9c25ea1a16 | |
parent | f0cf22b5f0daf88f2ad72deea0cb6dff25eda7ae (diff) |
andreer/remove cert deletion feature flag (#21627)
* default deleting certs to true
* remove cert deletion feature flag
-rw-r--r-- | controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/EndpointCertificateMaintainer.java | 30 |
1 files changed, 8 insertions, 22 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/EndpointCertificateMaintainer.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/EndpointCertificateMaintainer.java index 783f34ec9ed..b996901c5d0 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/EndpointCertificateMaintainer.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/maintenance/EndpointCertificateMaintainer.java @@ -7,8 +7,6 @@ import com.yahoo.config.provision.ApplicationId; import com.yahoo.container.jdisc.secretstore.SecretNotFoundException; import com.yahoo.container.jdisc.secretstore.SecretStore; import com.yahoo.vespa.curator.Lock; -import com.yahoo.vespa.flags.BooleanFlag; -import com.yahoo.vespa.flags.Flags; import com.yahoo.vespa.hosted.controller.Controller; import com.yahoo.vespa.hosted.controller.Instance; import com.yahoo.vespa.hosted.controller.api.integration.certificates.EndpointCertificateDetails; @@ -49,7 +47,6 @@ public class EndpointCertificateMaintainer extends ControllerMaintainer { private final CuratorDb curator; private final SecretStore secretStore; private final EndpointCertificateProvider endpointCertificateProvider; - private final BooleanFlag deleteUnmaintainedCertificates = Flags.DELETE_UNMAINTAINED_CERTIFICATES.bindTo(controller().flagSource()); @Inject public EndpointCertificateMaintainer(Controller controller, Duration interval) { @@ -174,33 +171,22 @@ public class EndpointCertificateMaintainer extends ControllerMaintainer { matchFound = true; try (Lock lock = lock(storedApp)) { if (Optional.of(storedAppMetadata).equals(curator.readEndpointCertificateMetadata(storedApp))) { - if (deleteUnmaintainedCertificates.value()) { - log.log(Level.INFO, "Cert for app " + storedApp.serializedForm() - + " has a new leafRequestId " + unknownCertDetails.request_id() + ", updating in ZK"); - curator.writeEndpointCertificateMetadata(storedApp, storedAppMetadata.withLeafRequestId(Optional.of(unknownCertDetails.request_id()))); - } else { - log.log(Level.INFO, "Cert for app " + storedApp.serializedForm() - + " has a new leafRequestId " + unknownCertDetails.request_id()); - } + log.log(Level.INFO, "Cert for app " + storedApp.serializedForm() + + " has a new leafRequestId " + unknownCertDetails.request_id() + ", updating in ZK"); + curator.writeEndpointCertificateMetadata(storedApp, storedAppMetadata.withLeafRequestId(Optional.of(unknownCertDetails.request_id()))); } break; } } } if (!matchFound) { - if (deleteUnmaintainedCertificates.value()) { - // The certificate is not known - however it could be in the process of being requested by us or another controller. - // So we only delete if it was requested more than 7 days ago. - if (Instant.parse(providerCertificateMetadata.createTime()).isBefore(Instant.now().minus(7, ChronoUnit.DAYS))) { - log.log(Level.INFO, String.format("Deleting unmaintained certificate with request_id %s and SANs %s", - providerCertificateMetadata.requestId(), - providerCertificateMetadata.dnsNames().stream().map(d -> d.dnsName).collect(Collectors.joining(", ")))); - endpointCertificateProvider.deleteCertificate(ApplicationId.fromSerializedForm("applicationid:is:unknown"), providerCertificateMetadata.requestId()); - } - } else { - log.log(Level.INFO, () -> String.format("Found unmaintained certificate with request_id %s and SANs %s", + // The certificate is not known - however it could be in the process of being requested by us or another controller. + // So we only delete if it was requested more than 7 days ago. + if (Instant.parse(providerCertificateMetadata.createTime()).isBefore(Instant.now().minus(7, ChronoUnit.DAYS))) { + log.log(Level.INFO, String.format("Deleting unmaintained certificate with request_id %s and SANs %s", providerCertificateMetadata.requestId(), providerCertificateMetadata.dnsNames().stream().map(d -> d.dnsName).collect(Collectors.joining(", ")))); + endpointCertificateProvider.deleteCertificate(ApplicationId.fromSerializedForm("applicationid:is:unknown"), providerCertificateMetadata.requestId()); } } } |