reset certificate expiry time if not found

Yuvaraj Kakaraparthi · Yuvaraj Kakaraparthi · commit 954be1fa78b5 · 2022-09-15T10:27:02.000-07:00
diff --git a/internal/controllers/machine/machine_controller_phases.go b/internal/controllers/machine/machine_controller_phases.go
@@ -327,10 +327,13 @@ func (r *Reconciler) reconcileCertificateExpiry(ctx context.Context, _ *clusterv
 		return ctrl.Result{}, nil
 	}
 
+	var expiryInfoFound bool
+
 	// Check for certificate expiry information in the machine annotation.
 	// This should take precedence over other information.
 	annotations = m.GetAnnotations()
 	if expiry, ok := annotations[clusterv1.MachineCertificatesExpiryDateAnnotation]; ok {
+		expiryInfoFound = true
 		expiryTime, err := time.Parse(time.RFC3339, expiry)
 		if err != nil {
 			return ctrl.Result{}, errors.Wrapf(err, "failed to reconcile certificates expiry: failed to parse expiry date from annotation on %s", klog.KObj(m))
@@ -348,6 +351,7 @@ func (r *Reconciler) reconcileCertificateExpiry(ctx context.Context, _ *clusterv
 		// Check for certificate expiry information in the bootstrap config.
 		annotations = bootstrapConfig.GetAnnotations()
 		if expiry, ok := annotations[clusterv1.MachineCertificatesExpiryDateAnnotation]; ok {
+			expiryInfoFound = true
 			expiryTime, err := time.Parse(time.RFC3339, expiry)
 			if err != nil {
 				return ctrl.Result{}, errors.Wrapf(err, "failed to reconcile certificates expiry: failed to parse expiry date from annotation on %s", klog.KObj(bootstrapConfig))
@@ -357,5 +361,11 @@ func (r *Reconciler) reconcileCertificateExpiry(ctx context.Context, _ *clusterv
 		}
 	}
 
+	// If the certificates expiry information is not fond on the machine
+	// and on the bootstrap config then reset machine.status.certificatesExpiryDate.
+	if !expiryInfoFound {
+		m.Status.CertificatesExpiryDate = nil
+	}
+
 	return ctrl.Result{}, nil
 }
diff --git a/internal/controllers/machine/machine_controller_phases_test.go b/internal/controllers/machine/machine_controller_phases_test.go
@@ -1284,6 +1284,33 @@ func TestReconcileCertificateExpiry(t *testing.T) {
 				g.Expect(m.Status.CertificatesExpiryDate).To(Equal(fakeMetaTime2))
 			},
 		},
+		{
+			name: "reset certificates expiry information in machine status if the information is not available on the machine and the bootstrap config",
+			machine: &clusterv1.Machine{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "bootstrap-test-existing",
+					Namespace: metav1.NamespaceDefault,
+					Labels: map[string]string{
+						clusterv1.MachineControlPlaneLabelName: "",
+					},
+				},
+				Spec: clusterv1.MachineSpec{
+					Bootstrap: clusterv1.Bootstrap{
+						ConfigRef: &corev1.ObjectReference{
+							APIVersion: "bootstrap.cluster.x-k8s.io/v1beta1",
+							Kind:       "GenericBootstrapConfig",
+							Name:       "bootstrap-config-without-expiry",
+						},
+					},
+				},
+				Status: clusterv1.MachineStatus{
+					CertificatesExpiryDate: fakeMetaTime,
+				},
+			},
+			expected: func(g *WithT, m *clusterv1.Machine) {
+				g.Expect(m.Status.CertificatesExpiryDate).To(BeNil())
+			},
+		},
 	}
 
 	for _, tc := range tests {
