func()

in goalresolvers/goal_resolver.go [43:74]

• 30 lines of code
• 7 McCabe index (conditional complexity)

func (g *webhookTlsManagerGoalResolver) shouldRotateCert(ctx context.Context) (bool, *error) {

	logger := log.MustGetLogger(ctx)
	logger.Infof(ctx, "config is %v", config.AppConfig)

	secret, getErr := g.kubeClient.CoreV1().Secrets(config.AppConfig.Namespace).Get(ctx, utils.SecretName(), metav1.GetOptions{})
	if k8serrors.IsNotFound(getErr) {
		logger.Infof(ctx, "secret %s not exists", utils.SecretName())
		return true, nil
	}
	if getErr != nil {
		logger.Errorf(ctx, "get secret %s failed. error: %s", utils.SecretName(), getErr)
		return false, &getErr
	}
	logger.Infof(ctx, "secret %s exists", utils.SecretName())
	if v, exist := secret.ObjectMeta.Labels[consts.ManagedLabelKey]; exist && v == consts.ManagedLabelValue {
		logger.Infof(ctx, "found secret %s managed by aks. checking expiration date.", utils.SecretName())
		expired, err := certificates.IsPEMCertificateExpired(ctx, string(secret.Data["serverCert.pem"]), utils.SecretName(), time.Now().AddDate(0, 1, 0))
		if err != nil {
			logger.Errorf(ctx, "failed to check cert %s. error: %s", utils.SecretName(), err)
			return false, &err
		}
		if expired {
			logger.Infof(ctx, "cert expired.")
			return true, nil
		}
		logger.Infof(ctx, "cert valid.")
		return false, nil
	}
	logger.Warningf(ctx, "found secret %s is not managed by AKS.", utils.SecretName())
	return false, nil
}