nit: return crtExpiry even for External Certs (#5173)

This change updates `FetchExternalIssuerData` to be more like `FetchIssuerData` and return expiry correctly. This field is currently not used anywhere and is just done for consistentcy purposes. Signed-off-by: Tarun Pothulapati <tarunpothulapati@outlook.com>
2020-11-03 23:45:53 +05:30 · 2020-11-03 23:45:53 +05:30 · d9a6e217f9
parent 4d85b6cd65
commit d9a6e217f9
1 changed files with 6 additions and 1 deletions
--- a/pkg/issuercerts/issuercerts.go
+++ b/pkg/issuercerts/issuercerts.go
@ -74,7 +74,12 @@ func FetchExternalIssuerData(ctx context.Context, api kubernetes.Interface, cont
 		return nil, fmt.Errorf(keyMissingError, corev1.TLSPrivateKeyKey, "issuer key", k8s.IdentityIssuerSecretName, true)
 	}

-	return &IssuerCertData{string(anchors), string(crt), string(key), nil}, nil
+	cert, err := tls.DecodePEMCrt(string(crt))
+	if err != nil {
+		return nil, fmt.Errorf("could not parse issuer certificate: %w", err)
+	}
+
+	return &IssuerCertData{string(anchors), string(crt), string(key), &cert.Certificate.NotAfter}, nil
 }

 // LoadIssuerCrtAndKeyFromFiles loads the issuer certificate and key from files