ROX-9129: Determine secret expiration by parsing certificates stored in secrets#471
ROX-9129: Determine secret expiration by parsing certificates stored in secrets#471
Conversation
|
Tag for build #189113 is 💻 For deploying this image using the dev scripts, run the following first: export MAIN_IMAGE_TAG='3.68.x-174-g223a2eab7f'📦 You can also generate an installation bundle with: docker run -i --rm stackrox/main:3.68.x-174-g223a2eab7f central generate interactive > bundle.zip🕹️ A |
There was a problem hiding this comment.
Hm, doesn't this code always return the first certificate found instead of returning the shorter expiration date?
There was a problem hiding this comment.
renewalTimeInitialized is set to true the first time the renewalTime is set, so subsequent updates to renewalTime are only done if secretRenewalTime.Before(renewalTime). In any case I've added a test for GetSecretsCertRenewalTime that also checks this
porridge
left a comment
There was a problem hiding this comment.
Just a general note that it would be great to keep this code rather generic (i.e. not assume the secret is for scanner, since this would also be useful for https://issues.redhat.com/browse/ROX-8131
I removed the references to local scanner in |
6c8635f to
0943901
Compare
|
Turning into draft again until the repository interface in #457 is determined, as that would affect this change too |
4eecea6 to
223a2ea
Compare
Description
Checklist
No CHANGELOG entry or upgrade steps required.
Testing Performed
Added unit tests. Test are passing run as
go test -count=100 -race -v -p=1 github.com/stackrox/rox/sensor/kubernetes/localscanner -run TestGetSecretRenewalTime