[openvpn] Transferring routes from rotated certs (#382)

Signed-off-by: Paramoshka <parfenov_ivan_42a@mail.ru>

kubernetes.go

@@ -32,7 +32,7 @@ const (
 	privKeyFileName  = "tls.key"
 )
 
-//<year><month><day><hour><minute><second>Z
+// <year><month><day><hour><minute><second>Z
 const indexTxtDateFormat = "060102150405Z"
 
 var namespace = "default"
@@ -470,6 +470,11 @@ func (openVPNPKI *OpenVPNPKI) easyrsaRotate(commonName, newPassword string) (err
 		return
 	}
 
+	err = openVPNPKI.transferRoutes(secret, commonName)
+	if err != nil {
+		return
+	}
+
 	err = openVPNPKI.indexTxtUpdate()
 	if err != nil {
 		return
@@ -774,3 +779,16 @@ func (openVPNPKI *OpenVPNPKI) secretCheckExists(name string) (bool, string) {
 	}
 	return true, secret.ResourceVersion
 }
+
+// transferRoutes transfers configured routes from revoked certs to a new one
+func (openVPNPKI *OpenVPNPKI) transferRoutes(revokedSecret *v1.Secret, newNameCert string) error {
+	ccd, ok := revokedSecret.Data["ccd"]
+	if !ok || len(ccd) == 0 {
+		log.Infof("No CCD data found in secret %s", revokedSecret.Name)
+		return nil
+	}
+
+	openVPNPKI.secretUpdateCcd(newNameCert, ccd)
+
+	return nil
+}