diff options
author | Ola Aunronning <olaa@yahooinc.com> | 2023-05-11 13:00:39 +0200 |
---|---|---|
committer | Ola Aunronning <olaa@yahooinc.com> | 2023-05-11 13:00:39 +0200 |
commit | 1691b1256f38c26d6d70f47d79ca61535ba2f275 (patch) | |
tree | d65f0576796e5380686cbe2f2a68d3fcd11104ff /node-admin | |
parent | 0e965b6816c61922cb394690208487b8c847f0a7 (diff) |
Fix role creds refresh check
Diffstat (limited to 'node-admin')
-rw-r--r-- | node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java index 9f645fc192c..e295241b066 100644 --- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java +++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java @@ -198,7 +198,7 @@ public class AthenzCredentialsMaintainer implements CredentialsMaintainer { .resolve(String.format("%s.cert.pem", role)); var roleKeyPath = siaDirectory.resolve("keys") .resolve(String.format("%s.key.pem", role)); - if (!Files.exists(roleCertificatePath)) { + if (Files.notExists(roleCertificatePath)) { writeRoleCredentials(context, privateKeyFile, certificateFile, roleCertificatePath, roleKeyPath, identity, identityDocument, role); modified = true; } else if (shouldRefreshCertificate(context, roleCertificatePath)) { @@ -215,8 +215,7 @@ public class AthenzCredentialsMaintainer implements CredentialsMaintainer { private boolean shouldRefreshCertificate(NodeAgentContext context, ContainerPath certificatePath) throws IOException { var certificate = readCertificateFromFile(certificatePath); var now = timer.currentTime(); - var shouldRefresh = now.isAfter(certificate.getNotAfter().toInstant()) || - now.isBefore(certificate.getNotBefore().toInstant().plus(REFRESH_PERIOD)); + var shouldRefresh = now.isAfter(certificate.getNotBefore().toInstant().plus(REFRESH_PERIOD)); return !shouldThrottleRefreshAttempts(context.containerName(), now) && shouldRefresh; } |