Issue #848: Remove '7 days' check/warnings

With OpenShift 4.2.2, when the cluster is started close to the cert expiry date (I tried a few days before), the certificates will be automatically renewed a few minutes after the cluster starts, so we no longer need to warn the user about it. This fixes #848
crc-org · Nov 28, 2019 · df7c9cf · df7c9cf
1 parent 90d0c54
commit df7c9cf
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 32 deletions.
diff --git a/pkg/crc/cluster/cluster.go b/pkg/crc/cluster/cluster.go
@@ -22,30 +22,25 @@ func WaitForSsh(sshRunner *ssh.SSHRunner) error {
 	return errors.RetryAfter(60, checkSshConnectivity, time.Second)
 }
 
-// CheckCertsValidityUsingBundleBuildTime check if the cluster certs going to expire soon.
-func CheckCertsValidityUsingBundleBuildTime(buildTime time.Time) (bool, int) {
-	certExpiryDate := buildTime.AddDate(0, 1, 0)
-	// Warn user if the cert expiry going to happen starting of the 7 days
-	timeAfter7Days := time.Now().AddDate(0, 0, 7)
-	return timeAfter7Days.After(certExpiryDate), int(time.Until(certExpiryDate).Hours()) / 24
-}
+type CertExpiryState int
+
+const (
+	Unknown CertExpiryState = iota
+	CertNotExpired
+	CertExpired
+)
 
 // CheckCertsValidity checks if the cluster certs have expired or going to expire in next 7 days
-func CheckCertsValidity(sshRunner *ssh.SSHRunner) (bool, int, error) {
+func CheckCertsValidity(sshRunner *ssh.SSHRunner) (CertExpiryState, error) {
 	certExpiryDate, err := getcertExpiryDateFromVM(sshRunner)
 	if err != nil {
-		return false, 0, err
+		return Unknown, err
 	}
 	if time.Now().After(certExpiryDate) {
-		return false, 0, fmt.Errorf("Certs have expired, they were valid till: %s", certExpiryDate.Format(time.RFC822))
+		return CertExpired, fmt.Errorf("Certs have expired, they were valid till: %s", certExpiryDate.Format(time.RFC822))
 	}
 
-	// Warn user if the cert expiry going to happen starting of the 7 days
-	timeAfter7Days := time.Now().AddDate(0, 0, 7)
-	if timeAfter7Days.After(certExpiryDate) {
-		return true, int(time.Until(certExpiryDate).Hours()) / 24, nil
-	}
-	return false, 0, nil
+	return CertNotExpired, nil
 }
 
 func getcertExpiryDateFromVM(sshRunner *ssh.SSHRunner) (time.Time, error) {

diff --git a/pkg/crc/machine/machine.go b/pkg/crc/machine/machine.go
@@ -131,16 +131,6 @@ func Start(startConfig StartConfig) (StartResult, error) {
 			return *result, errors.Newf("Error getting bundle metadata: %v", err)
 		}
 
-		// Check if certificate is going to expire in next 7 days
-		buildTime, err := crcBundleMetadata.GetBundleBuildTime()
-		if err != nil {
-			result.Error = err.Error()
-			return *result, errors.Newf("Error getting bundle build time: %v", err)
-		}
-		if goingToExpire, duration := cluster.CheckCertsValidityUsingBundleBuildTime(buildTime); goingToExpire {
-			logging.Warnf("Bundle certificates are going to expire in %d days, better to use new release", duration)
-		}
-
 		openshiftVersion := crcBundleMetadata.GetOpenshiftVersion()
 		if openshiftVersion == "" {
 			logging.Infof("Creating VM...")
@@ -257,13 +247,13 @@ func Start(startConfig StartConfig) (StartResult, error) {
 	// Check the certs validity inside the vm
 	needsCertsRenewal := false
 	logging.Info("Verifying validity of the cluster certificates ...")
-	expiringIn7Days, duration, err := cluster.CheckCertsValidity(sshRunner)
+	certExpiryState, err := cluster.CheckCertsValidity(sshRunner)
 	if err != nil {
-		needsCertsRenewal = true
-	} else if exists {
-		// Only show when VM is started from stopped state.
-		if expiringIn7Days {
-			logging.Warnf("Bundle certificates are going to expire in %d days, better to use new release", duration)
+		if certExpiryState == cluster.CertExpired {
+			needsCertsRenewal = true
+		} else {
+			result.Error = err.Error()
+			return *result, errors.New(err.Error())
 		}
 	}
 	// Add nameserver to VM if provided by User