)]}'
{"cert-rotation/templates/bin/_rotate-certs.sh.tpl":[{"author":{"_account_id":33282,"name":"Huy Tran","email":"huy.q.tran@ericsson.com","username":"ht095u"},"change_message_id":"334f5409416503a74e7f782978408f9789d06f16","unresolved":true,"context_lines":[{"line_number":64,"context_line":"                    # Seems certificate is not in ready state yet, may be there is an issue be renewing the certificate."},{"line_number":65,"context_line":"                    # Try one more time before failing it. The name of the secret would be different at this time (when in"},{"line_number":66,"context_line":"                    # process of issuing)"},{"line_number":67,"context_line":"                    priSeckeyName\u003d$(kubectl get certificate -n ${namespace} ${cert} -o json | jq -r \u0027.status[\"nextPrivateKeySecretName\"]\u0027)"},{"line_number":68,"context_line":""},{"line_number":69,"context_line":"                    if [ ${retried} \u003d false ] \u0026\u0026 [ ! -z ${priSeckeyName} ]"},{"line_number":70,"context_line":"                    then"}],"source_content_type":"text/x-smarty","patch_set":2,"id":"cc743f9e_025eaa2a","line":67,"range":{"start_line":67,"start_character":0,"end_line":67,"end_character":138},"updated":"2021-08-24 21:32:25.000000000","message":"For efficiency, may want to consider checking for \u0027retried\u0027 before doing the stuff from L67-L74.","commit_id":"c8805e11fce272ee165606682adede9eee8ef18a"},{"author":{"_account_id":18250,"name":"Roy Tang","email":"roy.s.tang@att.com","username":"rt7380"},"change_message_id":"3e70e5490ab5fc4b6fb5c64c91a4815a562e6e0c","unresolved":true,"context_lines":[{"line_number":64,"context_line":"                    # Seems certificate is not in ready state yet, may be there is an issue be renewing the certificate."},{"line_number":65,"context_line":"                    # Try one more time before failing it. The name of the secret would be different at this time (when in"},{"line_number":66,"context_line":"                    # process of issuing)"},{"line_number":67,"context_line":"                    priSeckeyName\u003d$(kubectl get certificate -n ${namespace} ${cert} -o json | jq -r \u0027.status[\"nextPrivateKeySecretName\"]\u0027)"},{"line_number":68,"context_line":""},{"line_number":69,"context_line":"                    if [ ${retried} \u003d false ] \u0026\u0026 [ ! -z ${priSeckeyName} ]"},{"line_number":70,"context_line":"                    then"}],"source_content_type":"text/x-smarty","patch_set":2,"id":"6ee5a06b_b2cb6c82","line":67,"range":{"start_line":67,"start_character":0,"end_line":67,"end_character":138},"in_reply_to":"bdb3e890_00724678","updated":"2021-08-25 15:41:44.000000000","message":"actually I don\u0027t understand what we are trying to do here, so if the counter -ge 30 is reached, it tries one more time, if retried is false and key is not null, then try to delete it, and you reset the counter, so this would cause it to loop thru the while loop again for another 300s potentially?  (next time it hits this block again it will go to else and break)","commit_id":"c8805e11fce272ee165606682adede9eee8ef18a"},{"author":{"_account_id":24780,"name":"Sangeet Gupta","email":"sg774j@att.com","username":"sgupta"},"change_message_id":"41f84161d52d91c632bd0e5830deed61d28498fc","unresolved":true,"context_lines":[{"line_number":64,"context_line":"                    # Seems certificate is not in ready state yet, may be there is an issue be renewing the certificate."},{"line_number":65,"context_line":"                    # Try one more time before failing it. The name of the secret would be different at this time (when in"},{"line_number":66,"context_line":"                    # process of issuing)"},{"line_number":67,"context_line":"                    priSeckeyName\u003d$(kubectl get certificate -n ${namespace} ${cert} -o json | jq -r \u0027.status[\"nextPrivateKeySecretName\"]\u0027)"},{"line_number":68,"context_line":""},{"line_number":69,"context_line":"                    if [ ${retried} \u003d false ] \u0026\u0026 [ ! -z ${priSeckeyName} ]"},{"line_number":70,"context_line":"                    then"}],"source_content_type":"text/x-smarty","patch_set":2,"id":"bdb3e890_00724678","line":67,"range":{"start_line":67,"start_character":0,"end_line":67,"end_character":138},"in_reply_to":"cc743f9e_025eaa2a","updated":"2021-08-24 23:08:56.000000000","message":"Its a script that is not run many time so this will not make any difference.","commit_id":"c8805e11fce272ee165606682adede9eee8ef18a"},{"author":{"_account_id":18250,"name":"Roy Tang","email":"roy.s.tang@att.com","username":"rt7380"},"change_message_id":"3e70e5490ab5fc4b6fb5c64c91a4815a562e6e0c","unresolved":true,"context_lines":[{"line_number":68,"context_line":""},{"line_number":69,"context_line":"                    if [ ${retried} \u003d false ] \u0026\u0026 [ ! -z ${priSeckeyName} ]"},{"line_number":70,"context_line":"                    then"},{"line_number":71,"context_line":"                        echo \"Deleting intrem failed secret ${priSeckeyName} in namespace ${namespace}\""},{"line_number":72,"context_line":"                        kubectl delete secret -n ${namespace} ${priSeckeyName}"},{"line_number":73,"context_line":"                        retried\u003dtrue"},{"line_number":74,"context_line":"                        counter\u003d0"}],"source_content_type":"text/x-smarty","patch_set":2,"id":"32148dad_6895760f","line":71,"range":{"start_line":71,"start_character":39,"end_line":71,"end_character":46},"updated":"2021-08-25 15:41:44.000000000","message":"sp","commit_id":"c8805e11fce272ee165606682adede9eee8ef18a"},{"author":{"_account_id":24780,"name":"Sangeet Gupta","email":"sg774j@att.com","username":"sgupta"},"change_message_id":"8dfd0250eb0bf55b0f41848a3fbcd2ea80f4cceb","unresolved":false,"context_lines":[{"line_number":68,"context_line":""},{"line_number":69,"context_line":"                    if [ ${retried} \u003d false ] \u0026\u0026 [ ! -z ${priSeckeyName} ]"},{"line_number":70,"context_line":"                    then"},{"line_number":71,"context_line":"                        echo \"Deleting intrem failed secret ${priSeckeyName} in namespace ${namespace}\""},{"line_number":72,"context_line":"                        kubectl delete secret -n ${namespace} ${priSeckeyName}"},{"line_number":73,"context_line":"                        retried\u003dtrue"},{"line_number":74,"context_line":"                        counter\u003d0"}],"source_content_type":"text/x-smarty","patch_set":2,"id":"5150fb56_9998182d","line":71,"range":{"start_line":71,"start_character":39,"end_line":71,"end_character":46},"in_reply_to":"32148dad_6895760f","updated":"2021-08-25 15:51:05.000000000","message":"Done","commit_id":"c8805e11fce272ee165606682adede9eee8ef18a"},{"author":{"_account_id":33282,"name":"Huy Tran","email":"huy.q.tran@ericsson.com","username":"ht095u"},"change_message_id":"334f5409416503a74e7f782978408f9789d06f16","unresolved":true,"context_lines":[{"line_number":70,"context_line":"                    then"},{"line_number":71,"context_line":"                        echo \"Deleting intrem failed secret ${priSeckeyName} in namespace ${namespace}\""},{"line_number":72,"context_line":"                        kubectl delete secret -n ${namespace} ${priSeckeyName}"},{"line_number":73,"context_line":"                        retried\u003dtrue"},{"line_number":74,"context_line":"                        counter\u003d0"},{"line_number":75,"context_line":"                    else"},{"line_number":76,"context_line":"                        echo \"ERROR: Rotated certificate  ${cert} in ${namespace} is not ready.\""},{"line_number":77,"context_line":"                        # Continue so that the certificates that are rotated successfully are deployed."}],"source_content_type":"text/x-smarty","patch_set":2,"id":"8bf63f33_0f9c37fd","line":74,"range":{"start_line":73,"start_character":0,"end_line":74,"end_character":33},"updated":"2021-08-24 21:32:25.000000000","message":"Should these be set regardless whether priSeckeyName is empty? or the intention really try more than once until preSeckeyName is non-empty?","commit_id":"c8805e11fce272ee165606682adede9eee8ef18a"},{"author":{"_account_id":24780,"name":"Sangeet Gupta","email":"sg774j@att.com","username":"sgupta"},"change_message_id":"41f84161d52d91c632bd0e5830deed61d28498fc","unresolved":true,"context_lines":[{"line_number":70,"context_line":"                    then"},{"line_number":71,"context_line":"                        echo \"Deleting intrem failed secret ${priSeckeyName} in namespace ${namespace}\""},{"line_number":72,"context_line":"                        kubectl delete secret -n ${namespace} ${priSeckeyName}"},{"line_number":73,"context_line":"                        retried\u003dtrue"},{"line_number":74,"context_line":"                        counter\u003d0"},{"line_number":75,"context_line":"                    else"},{"line_number":76,"context_line":"                        echo \"ERROR: Rotated certificate  ${cert} in ${namespace} is not ready.\""},{"line_number":77,"context_line":"                        # Continue so that the certificates that are rotated successfully are deployed."}],"source_content_type":"text/x-smarty","patch_set":2,"id":"1b1f3b60_6bbfe609","line":74,"range":{"start_line":73,"start_character":0,"end_line":74,"end_character":33},"in_reply_to":"8bf63f33_0f9c37fd","updated":"2021-08-24 23:08:56.000000000","message":"No. We only come in here are trying for 5 minutes and if priSeckeyName is empty then there is something else that is wrong and can not be resolved here. So we need to move on and have manual intervention later.","commit_id":"c8805e11fce272ee165606682adede9eee8ef18a"},{"author":{"_account_id":18250,"name":"Roy Tang","email":"roy.s.tang@att.com","username":"rt7380"},"change_message_id":"3e70e5490ab5fc4b6fb5c64c91a4815a562e6e0c","unresolved":true,"context_lines":[{"line_number":73,"context_line":"                        retried\u003dtrue"},{"line_number":74,"context_line":"                        counter\u003d0"},{"line_number":75,"context_line":"                    else"},{"line_number":76,"context_line":"                        echo \"ERROR: Rotated certificate  ${cert} in ${namespace} is not ready.\""},{"line_number":77,"context_line":"                        # Continue so that the certificates that are rotated successfully are deployed."},{"line_number":78,"context_line":"                        break"},{"line_number":79,"context_line":"                    fi"},{"line_number":80,"context_line":"                fi"},{"line_number":81,"context_line":"                echo \"Rotated certificate ${cert} in ${namespace} is not ready yet ... waiting\""}],"source_content_type":"text/x-smarty","patch_set":2,"id":"7018ef98_ff969d23","line":78,"range":{"start_line":76,"start_character":0,"end_line":78,"end_character":29},"updated":"2021-08-25 15:41:44.000000000","message":"can you put some brief comments here on what \"continue so that certificates that are rotated successfully are deployed\" would mean to the system?  This seems to indicate not all certs are there yet, if there is no harm to simply move forward, then why all these checks and waits in the first place?","commit_id":"c8805e11fce272ee165606682adede9eee8ef18a"},{"author":{"_account_id":24780,"name":"Sangeet Gupta","email":"sg774j@att.com","username":"sgupta"},"change_message_id":"8dfd0250eb0bf55b0f41848a3fbcd2ea80f4cceb","unresolved":true,"context_lines":[{"line_number":73,"context_line":"                        retried\u003dtrue"},{"line_number":74,"context_line":"                        counter\u003d0"},{"line_number":75,"context_line":"                    else"},{"line_number":76,"context_line":"                        echo \"ERROR: Rotated certificate  ${cert} in ${namespace} is not ready.\""},{"line_number":77,"context_line":"                        # Continue so that the certificates that are rotated successfully are deployed."},{"line_number":78,"context_line":"                        break"},{"line_number":79,"context_line":"                    fi"},{"line_number":80,"context_line":"                fi"},{"line_number":81,"context_line":"                echo \"Rotated certificate ${cert} in ${namespace} is not ready yet ... waiting\""}],"source_content_type":"text/x-smarty","patch_set":2,"id":"c565eb17_87865865","line":78,"range":{"start_line":76,"start_character":0,"end_line":78,"end_character":29},"in_reply_to":"7018ef98_ff969d23","updated":"2021-08-25 15:51:05.000000000","message":"Some certificates have already been rotated successful, which means - the secrets that are mounted on pods have been updated. So if a pod restarts, it will start using new certificate which may cause problem when communicating with pods with old certificates. So we go ahead and restart the pods later to call the new certs can be deployed.\n\nThe wait is need to make sure that we are giving enough time for new certificates to be created.","commit_id":"c8805e11fce272ee165606682adede9eee8ef18a"}]}