Update GcpScretStore

author: jonmv <venstad@gmail.com> 2023-06-29 13:13:38 +0200
committer: jonmv <venstad@gmail.com> 2023-06-29 13:13:38 +0200
commit: 17dc0199ad162a4a90a53431347c24e6524bb4db (patch)
tree: ee45a8b43132ee0b0564e647ae634d933641eddc /controller-server
parent: 3a7301bfb4ac917c3543c5b041d556be425c759b (diff)
1 files changed, 15 insertions, 4 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/certificate/EndpointCertificates.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/certificate/EndpointCertificates.java
index 68852f90055..13703c25f15 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/certificate/EndpointCertificates.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/certificate/EndpointCertificates.java
@@ -59,6 +59,7 @@ public class EndpointCertificates {
     private final BooleanFlag useRandomizedCert;
     private final BooleanFlag useAlternateCertProvider;
     private final StringFlag endpointCertificateAlgo;
+    private final static Duration GCP_CERTIFICATE_EXPIRY_TIME = Duration.ofDays(100); // 100 days, 10 more than notAfter time
 
     public EndpointCertificates(Controller controller, EndpointCertificateProvider certificateProvider,
                                 EndpointCertificateValidator certificateValidator) {
@@ -88,10 +89,20 @@ public class EndpointCertificates {
                 GcpSecretStore gcpSecretStore = controller.serviceRegistry().gcpSecretStore();
                 String mangledCertName = "endpointCert_" + m.certName().replace('.', '_') + "-v" + m.version(); // Google cloud does not accept dots in secrets, but they accept underscores
                 String mangledKeyName = "endpointCert_" + m.keyName().replace('.', '_') + "-v" + m.version(); // Google cloud does not accept dots in secrets, but they accept underscores
-                if (gcpSecretStore.getSecret(mangledCertName, m.version()) == null)
-                    gcpSecretStore.createSecret(mangledCertName, controller.secretStore().getSecret(m.certName(), m.version()));
-                if (gcpSecretStore.getSecret(mangledKeyName, m.version()) == null)
-                    gcpSecretStore.createSecret(mangledKeyName, controller.secretStore().getSecret(m.keyName(), m.version()));
+                if (gcpSecretStore.getLatestSecretVersion(mangledCertName) == null) {
+                    gcpSecretStore.setSecret(mangledCertName,
+                                             Optional.of(GCP_CERTIFICATE_EXPIRY_TIME),
+                                             "endpoint-cert-accessor");
+                    gcpSecretStore.addSecretVersion(mangledCertName,
+                                                    controller.secretStore().getSecret(m.certName(), m.version()));
+                }
+                if (gcpSecretStore.getLatestSecretVersion(mangledKeyName) == null) {
+                    gcpSecretStore.setSecret(mangledKeyName,
+                                             Optional.of(GCP_CERTIFICATE_EXPIRY_TIME),
+                                             "endpoint-cert-accessor");
+                    gcpSecretStore.addSecretVersion(mangledKeyName,
+                                                    controller.secretStore().getSecret(m.keyName(), m.version()));
+                }
 
                 return Optional.of(m.withVersion(1).withKeyName(mangledKeyName).withCertName(mangledCertName));
             }
author	jonmv <venstad@gmail.com>	2023-06-29 13:13:38 +0200
committer	jonmv <venstad@gmail.com>	2023-06-29 13:13:38 +0200
commit	17dc0199ad162a4a90a53431347c24e6524bb4db (patch)
tree	ee45a8b43132ee0b0564e647ae634d933641eddc /controller-server
parent	3a7301bfb4ac917c3543c5b041d556be425c759b (diff)