BUG/MINOR: fix clean-certs default behavior

Fix that default behavior does not remove unused certificates.

Author: ivanmatmati

controller/annotations/annotations.go

@@ -130,15 +130,22 @@ func SetDefaultValue(annotation, value string) {
 }
 
 func Bool(name string, annotations ...map[string]string) (out bool, err error) {
+	boolean, err := ParseBool(name, annotations...)
+	out = boolean == "true"
+	return
+}
+
+func ParseBool(name string, annotations ...map[string]string) (out string, err error) {
 	input := common.GetValue(name, annotations...)
 	if input == "" {
 		return
 	}
-	out, err = utils.GetBoolValue(input, name)
+	_, err = utils.GetBoolValue(input, name)
 	if err != nil {
 		err = fmt.Errorf("%s annotation: %w", name, err)
 		return
 	}
+	out = input
 	return
 }
 

controller/handler/refresh.go

@@ -24,12 +24,9 @@ import (
 type Refresh struct{}
 
 func (h Refresh) Update(k store.K8s, cfg *config.ControllerCfg, api api.HAProxyClient) (reload bool, err error) {
-	var cleanCrts bool
-	cleanCrts, err = annotations.Bool("clean-certs", k.ConfigMaps.Main.Annotations)
-	if err != nil {
-		cleanCrts = true
-	}
-	if cleanCrts {
+	cleanCrtsAnn, err := annotations.ParseBool("clean-certs", k.ConfigMaps.Main.Annotations)
+	// cleanCrtsAnn is empty if clean-certs not set or set with a non boolean value =>  error
+	if cleanCrtsAnn == "" || cleanCrtsAnn == "true" {
 		reload = cfg.Certificates.Refresh() || reload
 	}
 	reload = cfg.HAProxyRules.Refresh(api) || reload

controller/haproxy/certs/main.go

@@ -175,7 +175,7 @@ func refreshCerts(certs map[string]*cert, certDir string) (reload bool) {
 			logger.Error(os.Remove(path.Join(certDir, filename)))
 			delete(certs, certName)
 			reload = true
-			logger.Debug("secret %s removed, reload required", crt.name)
+			logger.Debugf("secret %s removed, reload required", crt.name)
 		}
 	}
 	return