From ba998fc142a8e8d9ebe91845e0666beb3bc85066 Mon Sep 17 00:00:00 2001
From: "Gupta, Sangeet (sg774j)" <sg774j@att.com>
Date: Fri, 6 Aug 2021 02:52:25 +0000
Subject: [PATCH] cert-rotation: Return true if grep finds no match

If grep does not find a match, it return 1 which fails the shell
script. Hence made it return true if no match is found.
Also, removed returning of error from the script becasue any failure
will cause the job to re-run which may re-renew certificates and
restart the pods again. And this can continue if the error persists.

Chaange-Id: I2a38b59789fd522e8163ff9b12ff847eb1fe2f3a
Change-Id: Ica456ef6c5bec2bd29f51aaeef7b5ce5e8681beb
---
 cert-rotation/Chart.yaml                         |  2 +-
 cert-rotation/templates/bin/_rotate-certs.sh.tpl | 13 ++++---------
 releasenotes/notes/cert-rotation.yaml            |  1 +
 3 files changed, 6 insertions(+), 10 deletions(-)

diff --git a/cert-rotation/Chart.yaml b/cert-rotation/Chart.yaml
index 2b62e1481..91e7743b5 100644
--- a/cert-rotation/Chart.yaml
+++ b/cert-rotation/Chart.yaml
@@ -16,5 +16,5 @@ appVersion: "1.0"
 description: Rotate the certificates generated by cert-manager
 home: https://cert-manager.io/
 name: cert-rotation
-version: 0.1.0
+version: 0.1.1
 ...
diff --git a/cert-rotation/templates/bin/_rotate-certs.sh.tpl b/cert-rotation/templates/bin/_rotate-certs.sh.tpl
index 48683e421..6504679ef 100644
--- a/cert-rotation/templates/bin/_rotate-certs.sh.tpl
+++ b/cert-rotation/templates/bin/_rotate-certs.sh.tpl
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-set -e
+set -x
 
 {{/*
 Licensed under the Apache License, Version 2.0 (the "License");
@@ -24,9 +24,6 @@ minDaysToExpiry={{ .Values.jobs.rotate.max_days_to_expiry }}
 
 rotateBefore=$(($(date +%s) + (86400*$minDaysToExpiry)))
 
-# Return Code, initialized to success
-rc=0
-
 function rotate_and_get_certs_list(){
     # Rotate the certificates if the expiry date of certificates is within the
     # max_days_to_expiry days
@@ -64,9 +61,7 @@ function rotate_and_get_certs_list(){
                 if [ ${counter} -ge 30 ]
                 then
                     echo "ERROR: Rotated certificate  ${cert} in ${namespace} is not ready."
-                    # Set return code to error and continue so that the certificates that are
-                    # rotated successfully are deployed.
-                    rc=1
+                    # Continue so that the certificates that are rotated successfully are deployed.
                     break
                 fi
                 echo "Rotated certificate ${cert} in ${namespace} is not ready yet ... waiting"
@@ -126,7 +121,7 @@ function restart_the_pods(){
         # - find if tls.crt was mounted to the container: get the subpaths of volumeMount in
         #   the container and grep for tls.crt. (This will be index 2 = idx+2)
 
-        resource=($(kubectl get ${kind} -n ${namespace} -o custom-columns='NAME:.metadata.name,SECRETS:.spec.template.spec.volumes[*].secret.secretName,TLS:.spec.template.spec.containers[*].volumeMounts[*].subPath' --no-headers | grep tls.crt))
+        resource=($(kubectl get ${kind} -n ${namespace} -o custom-columns='NAME:.metadata.name,SECRETS:.spec.template.spec.volumes[*].secret.secretName,TLS:.spec.template.spec.containers[*].volumeMounts[*].subPath' --no-headers | grep tls.crt || true))
 
         idx=0
         while [[ $idx -lt ${#resource[@]} ]]
@@ -204,4 +199,4 @@ function rotate_job(){
 }
 
 $COMMAND
-exit ${rc}
+exit 0
diff --git a/releasenotes/notes/cert-rotation.yaml b/releasenotes/notes/cert-rotation.yaml
index 93cb4381a..390466543 100644
--- a/releasenotes/notes/cert-rotation.yaml
+++ b/releasenotes/notes/cert-rotation.yaml
@@ -1,4 +1,5 @@
 ---
 cert-rotation:
   - 0.1.0 Initial Chart
+  - 0.1.1 Return true if grep finds no match
 ...