[openvpn] Transferring routes from rotated certs (#382)

Signed-off-by: Paramoshka <parfenov_ivan_42a@mail.ru>
2025-12-13 04:16:14 -08:00 · 2025-07-22 09:04:15 +03:00 · 2025-07-22 09:04:15 +03:00 · fbee2c07dc
commit fbee2c07dc
parent 10e961ca0f
1 changed files with 19 additions and 1 deletions
--- a/kubernetes.go
+++ b/kubernetes.go
@ -32,7 +32,7 @@ const (
 	privKeyFileName  = "tls.key"
 )

-//<year><month><day><hour><minute><second>Z
+// <year><month><day><hour><minute><second>Z
 const indexTxtDateFormat = "060102150405Z"

 var namespace = "default"
@ -470,6 +470,11 @@ func (openVPNPKI *OpenVPNPKI) easyrsaRotate(commonName, newPassword string) (err
 		return
 	}

+	err = openVPNPKI.transferRoutes(secret, commonName)
+	if err != nil {
+		return
+	}
+
 	err = openVPNPKI.indexTxtUpdate()
 	if err != nil {
 		return
@ -774,3 +779,16 @@ func (openVPNPKI *OpenVPNPKI) secretCheckExists(name string) (bool, string) {
 	}
 	return true, secret.ResourceVersion
 }
+
+// transferRoutes transfers configured routes from revoked certs to a new one
+func (openVPNPKI *OpenVPNPKI) transferRoutes(revokedSecret *v1.Secret, newNameCert string) error {
+	ccd, ok := revokedSecret.Data["ccd"]
+	if !ok || len(ccd) == 0 {
+		log.Infof("No CCD data found in secret %s", revokedSecret.Name)
+		return nil
+	}
+
+	openVPNPKI.secretUpdateCcd(newNameCert, ccd)
+
+	return nil
+}