Merge pull request #2674 from pperiyasamy/cert-signer-controller-status

openshift-merge-bot[bot] · web-flow · commit e6d5a38c5423 · 2025-04-23T16:24:17.000Z
OCPBUGS-54238: Update CSR status condition appropriately
diff --git a/pkg/controller/signer/signer-controller.go b/pkg/controller/signer/signer-controller.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"log"
+	"time"
 
 	cnoclient "github.com/openshift/cluster-network-operator/pkg/client"
 	"github.com/openshift/cluster-network-operator/pkg/controller/statusmanager"
@@ -251,7 +252,7 @@ func signerFailure(r *ReconcileCSR, csr *csrv1.CertificateSigningRequest, reason
 
 // Update the status conditions on the CSR object
 func updateCSRStatusConditions(r *ReconcileCSR, csr *csrv1.CertificateSigningRequest, reason string, message string) {
-	csr.Status.Conditions = append(csr.Status.Conditions, csrv1.CertificateSigningRequestCondition{
+	setCertificateSigningRequestCondition(&csr.Status.Conditions, csrv1.CertificateSigningRequestCondition{
 		Type:    csrv1.CertificateFailed,
 		Status:  "True",
 		Reason:  reason,
@@ -264,3 +265,24 @@ func updateCSRStatusConditions(r *ReconcileCSR, csr *csrv1.CertificateSigningReq
 			fmt.Sprintf("Unable to update csr: %v", err))
 	}
 }
+
+func setCertificateSigningRequestCondition(conditions *[]csrv1.CertificateSigningRequestCondition, newCondition csrv1.CertificateSigningRequestCondition) {
+	if conditions == nil {
+		conditions = &[]csrv1.CertificateSigningRequestCondition{}
+	}
+	var existingCondition *csrv1.CertificateSigningRequestCondition
+	for i := range *conditions {
+		if (*conditions)[i].Type == newCondition.Type {
+			existingCondition = &(*conditions)[i]
+		}
+	}
+	if existingCondition == nil {
+		newCondition.LastTransitionTime = metav1.NewTime(time.Now())
+		*conditions = append(*conditions, newCondition)
+		return
+	}
+	existingCondition.Status = newCondition.Status
+	existingCondition.Reason = newCondition.Reason
+	existingCondition.Message = newCondition.Message
+	existingCondition.LastTransitionTime = metav1.NewTime(time.Now())
+}
diff --git a/pkg/controller/signer/signer_test.go b/pkg/controller/signer/signer_test.go
@@ -158,6 +158,13 @@ func TestSigner_reconciler_withInvalidUserName(t *testing.T) {
 	g.Expect(len(csrConditions)).To(Equal(1))
 	g.Expect(csrConditions[0].Reason).To(Equal("CSRInvalidUser"))
 	g.Expect(csrConditions[0].Type).To(Equal(certificatev1.CertificateFailed))
+
+	co, _, err = getStatuses(client, "testing")
+	if err != nil {
+		t.Fatalf("error getting network.operator: %v", err)
+	}
+	g.Expect(err).NotTo(HaveOccurred())
+	g.Expect(len(co.Status.Conditions)).To(BeZero())
 }
 
 func generateCSR() (string, error) {
