There are two jobs in the pipeline that deal with duplicate certificates
One that detects duplicate certificates for any service instances and reports them to Prometheus
One that actually removes any duplicate certificates for any service instances and updates the Prometheus metrics
However, when the new dedicated ALB service instances were added in #293, this duplicate certificate code was not updated to handle duplicates for these service instances.
This PR updates the duplicate certificate check and removal code to also handle any duplicate certificates for dedicated ALB service instances.
Things to check
For any logging statements, is there any chance that they could be logging sensitive data?
Are log statements using a logging library with a logging level set? Setting a logging level means that log statements "below" that level will not be written to the output. For example, if the logging level is set to INFO and debugging statements are written with log.debug or similar, then they won't be written to the otput, which can prevent unintentional leaks of sensitive data.
Security considerations
There should be no security issues, just refactoring code to handle and remove duplicate certificates for any dedicated ALB service instances. The only logging goes to Prometheus, which is an internal service only accessible to operators.
Changes proposed in this pull request:
There are two jobs in the pipeline that deal with duplicate certificates
However, when the new dedicated ALB service instances were added in #293, this duplicate certificate code was not updated to handle duplicates for these service instances.
This PR updates the duplicate certificate check and removal code to also handle any duplicate certificates for dedicated ALB service instances.
Things to check
INFO
and debugging statements are written withlog.debug
or similar, then they won't be written to the otput, which can prevent unintentional leaks of sensitive data.Security considerations
There should be no security issues, just refactoring code to handle and remove duplicate certificates for any dedicated ALB service instances. The only logging goes to Prometheus, which is an internal service only accessible to operators.