From 3ceb1f808e2a80965c924b12d74a07bdfdbf3306 Mon Sep 17 00:00:00 2001
From: Vadim Rutkovsky <vrutkovs@redhat.com>
Date: Mon, 24 Jun 2024 09:17:25 +0200
Subject: [PATCH] Post-bump fixes

---
 .../etcdcertsigner/etcdcertsignercontroller.go      | 13 +++++++------
 pkg/tlshelpers/target_cert_creator.go               |  8 +++++---
 pkg/tlshelpers/target_cert_creator_test.go          | 11 ++++++-----
 3 files changed, 18 insertions(+), 14 deletions(-)

diff --git a/pkg/operator/etcdcertsigner/etcdcertsignercontroller.go b/pkg/operator/etcdcertsigner/etcdcertsignercontroller.go
index d97c1b0af7..0562d04142 100644
--- a/pkg/operator/etcdcertsigner/etcdcertsignercontroller.go
+++ b/pkg/operator/etcdcertsigner/etcdcertsignercontroller.go
@@ -4,6 +4,11 @@ import (
 	"context"
 	"crypto/x509"
 	"fmt"
+	"reflect"
+	"strconv"
+	"strings"
+	"time"
+
 	"github.com/openshift/library-go/pkg/crypto"
 	"github.com/openshift/library-go/pkg/operator/bootstrap"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
@@ -13,10 +18,6 @@ import (
 	"k8s.io/client-go/tools/cache"
 	"k8s.io/component-base/metrics"
 	"k8s.io/klog/v2"
-	"reflect"
-	"strconv"
-	"strings"
-	"time"
 
 	apiannotations "github.com/openshift/api/annotations"
 	operatorv1 "github.com/openshift/api/operator/v1"
@@ -355,7 +356,7 @@ func (c *EtcdCertSignerController) ensureBundles(ctx context.Context,
 	metricsCA *crypto.CA,
 	currentRevision int32,
 ) (serverBundle []*x509.Certificate, metricsBundle []*x509.Certificate, rolloutTriggered bool, err error) {
-	serverBundle, err = c.certConfig.signerCaBundle.EnsureConfigMapCABundle(ctx, serverCA)
+	serverBundle, err = c.certConfig.signerCaBundle.EnsureConfigMapCABundle(ctx, serverCA, "")
 	if err != nil {
 		return nil, nil, false, err
 	}
@@ -365,7 +366,7 @@ func (c *EtcdCertSignerController) ensureBundles(ctx context.Context,
 		return nil, nil, false, fmt.Errorf("could not encode server bundle: %w", err)
 	}
 
-	metricsBundle, err = c.certConfig.metricsSignerCaBundle.EnsureConfigMapCABundle(ctx, metricsCA)
+	metricsBundle, err = c.certConfig.metricsSignerCaBundle.EnsureConfigMapCABundle(ctx, metricsCA, "")
 	if err != nil {
 		return nil, nil, false, err
 	}
diff --git a/pkg/tlshelpers/target_cert_creator.go b/pkg/tlshelpers/target_cert_creator.go
index 16b69abfb5..2307be6897 100644
--- a/pkg/tlshelpers/target_cert_creator.go
+++ b/pkg/tlshelpers/target_cert_creator.go
@@ -4,10 +4,11 @@ import (
 	"bytes"
 	"crypto/x509"
 	"fmt"
+	"time"
+
 	"github.com/openshift/library-go/pkg/crypto"
 	"github.com/openshift/library-go/pkg/operator/certrotation"
 	corev1 "k8s.io/api/core/v1"
-	"time"
 )
 
 // CARotatingTargetCertCreator ensures we also rotate leaf certificates when we detect a change in signer.
@@ -22,9 +23,10 @@ func (c *CARotatingTargetCertCreator) NeedNewTargetCertKeyPair(
 	signer *crypto.CA,
 	caBundleCerts []*x509.Certificate,
 	refresh time.Duration,
-	refreshOnlyWhenExpired bool) string {
+	refreshOnlyWhenExpired bool,
+	secretDoesntExist bool) string {
 
-	result := c.TargetCertCreator.NeedNewTargetCertKeyPair(secret, signer, caBundleCerts, refresh, refreshOnlyWhenExpired)
+	result := c.TargetCertCreator.NeedNewTargetCertKeyPair(secret, signer, caBundleCerts, refresh, refreshOnlyWhenExpired, secretDoesntExist)
 	if result != "" {
 		return result
 	}
diff --git a/pkg/tlshelpers/target_cert_creator_test.go b/pkg/tlshelpers/target_cert_creator_test.go
index 6073d926d7..39235b6ec1 100644
--- a/pkg/tlshelpers/target_cert_creator_test.go
+++ b/pkg/tlshelpers/target_cert_creator_test.go
@@ -8,13 +8,14 @@ import (
 	"crypto/x509"
 	"crypto/x509/pkix"
 	"errors"
-	"github.com/openshift/library-go/pkg/operator/certrotation"
-	"github.com/stretchr/testify/require"
-	corev1 "k8s.io/api/core/v1"
 	"math/big"
 	"testing"
 	"time"
 
+	"github.com/openshift/library-go/pkg/operator/certrotation"
+	"github.com/stretchr/testify/require"
+	corev1 "k8s.io/api/core/v1"
+
 	"github.com/davecgh/go-spew/spew"
 
 	"github.com/openshift/library-go/pkg/crypto"
@@ -38,13 +39,13 @@ func (t *testEmbed) SetAnnotations(_ *crypto.TLSCertificateConfig, _ map[string]
 	panic("implement me")
 }
 
-func (t *testEmbed) NeedNewTargetCertKeyPair(_ *corev1.Secret, _ *crypto.CA, _ []*x509.Certificate, _ time.Duration, _ bool) string {
+func (t *testEmbed) NeedNewTargetCertKeyPair(_ *corev1.Secret, _ *crypto.CA, _ []*x509.Certificate, _ time.Duration, _, _ bool) string {
 	return t.result
 }
 
 func TestEmbeddedStructHasPriority(t *testing.T) {
 	embedded := CARotatingTargetCertCreator{&testEmbed{result: "definitive-result"}}
-	require.Equal(t, "definitive-result", embedded.NeedNewTargetCertKeyPair(nil, nil, nil, time.Minute, false))
+	require.Equal(t, "definitive-result", embedded.NeedNewTargetCertKeyPair(nil, nil, nil, time.Minute, false, false))
 }
 
 func TestSignerSignatureRotation(t *testing.T) {