fixup! fixup! fixup! fixup! feat: certificate renewal

liqotech · Dec 24, 2024 · 1db6a55 · 1db6a55
1 parent ac12aa3
commit 1db6a55
Showing 1 changed file with 2 additions and 10 deletions.
diff --git a/pkg/liqo-controller-manager/authentication/localrenwer-controller/localrenewer_controller.go b/pkg/liqo-controller-manager/authentication/localrenwer-controller/localrenewer_controller.go
@@ -119,14 +119,6 @@ func (r *LocalRenewerReconciler) shouldRenew(ctx context.Context, identity *auth
 		return false, fmt.Errorf("identity %s/%s has no kubeconfig secret reference", identity.Namespace, identity.Name)
 	}
 
-	secret := &corev1.Secret{}
-	if err := r.Get(ctx, client.ObjectKey{
-		Namespace: identity.Namespace,
-		Name:      identity.Status.KubeconfigSecretRef.Name,
-	}, secret); err != nil {
-		return false, fmt.Errorf("unable to get kubeconfig secret: %w", err)
-	}
-
 	// Get the signed certificate from the kubeconfig
 	signedCrt := identity.Spec.AuthParams.SignedCRT
 	if len(signedCrt) == 0 {
@@ -146,12 +138,12 @@ func (r *LocalRenewerReconciler) shouldRenew(ctx context.Context, identity *auth
 
 	// // Calculate if we need to renew based on 2/3 life rule
 	// lifetime := cert.NotAfter.Sub(cert.NotBefore)
-	// if !time.Now().After(cert.NotAfter.Add(-lifetime / 3)) {
+	// if time.Now().Before(cert.NotAfter.Add(-lifetime / 3)) {
 	// 	return false, nil // Certificate needs renewal
 	// }
 
 	// for testing, renew when the certificate is older than 30 seconds
-	if !time.Now().After(cert.NotAfter.Add(-30 * time.Second)) {
+	if time.Now().Before(cert.NotBefore.Add(30 * time.Second)) {
 		return false, nil // Certificate needs renewal
 	}