From 44a1e4da38e54d4c98d5b04f1ccf68545b1779d7 Mon Sep 17 00:00:00 2001
From: Ben Luzarraga <luzarragaben@gmail.com>
Date: Thu, 19 Sep 2024 15:06:41 -0500
Subject: [PATCH] reduce the number of certs and secrets labeled to just cs-ca
 and zen-ca plus already specified

Signed-off-by: Ben Luzarraga <luzarragaben@gmail.com>
---
 .../backup/cert-manager/label-cert-manager.sh | 26 +++++--------------
 1 file changed, 7 insertions(+), 19 deletions(-)

diff --git a/velero/backup/cert-manager/label-cert-manager.sh b/velero/backup/cert-manager/label-cert-manager.sh
index da323e1c7..b704bc6c3 100755
--- a/velero/backup/cert-manager/label-cert-manager.sh
+++ b/velero/backup/cert-manager/label-cert-manager.sh
@@ -35,8 +35,8 @@ do
     oc label issuer $NAME -n $NAMESPACE foundationservices.cloudpak.ibm.com=cert-manager --overwrite=true
 done
 
-# Get all certificates in all namespaces and add foundationservices.cloudpak.ibm.com=cert-manager
-CURRENT_CERTIFICATES=($(oc get certificates --all-namespaces -o custom-columns=NAME:.metadata.name,NAMESPACE:metadata.namespace --no-headers=True))
+# Label all cs-ca-certificates
+CURRENT_CERTIFICATES=($(oc get certificates --all-namespaces -o custom-columns=NAME:.metadata.name,NAMESPACE:metadata.namespace --no-headers=True | grep cs-ca-certificate))
 i=0
 len=${#CURRENT_CERTIFICATES[@]}
 while [ $i -lt $len ];
@@ -49,9 +49,11 @@ do
     echo $NAMESPACE
     echo "---"
     oc label certificates $NAME -n $NAMESPACE foundationservices.cloudpak.ibm.com=cert-manager --overwrite=true
+    oc label secret cs-ca-certificate-secret -n $NAMESPACE foundationservices.cloudpak.ibm.com=cert-manager --overwrite=true
 done
 
-CURRENT_CERTIFICATES=($(oc get certificates.cert-manager.io --all-namespaces -o custom-columns=NAME:.metadata.name,NAMESPACE:metadata.namespace --no-headers=True))
+#cover the different api for certificates
+CURRENT_CERTIFICATES=($(oc get certificates.cert-manager.io --all-namespaces -o custom-columns=NAME:.metadata.name,NAMESPACE:metadata.namespace --no-headers=True | grep cs-ca-certificate))
 i=0
 len=${#CURRENT_CERTIFICATES[@]}
 while [ $i -lt $len ];
@@ -64,22 +66,7 @@ do
     echo $NAMESPACE
     echo "---"
     oc label certificates $NAME -n $NAMESPACE foundationservices.cloudpak.ibm.com=cert-manager --overwrite=true
-done
-
-# Get all secrets with label operator.ibm.com/watched-by-cert-manager="" and add foundationservices.cloudpak.ibm.com=cert-manager
-CURRENT_SECRETS=($(oc get secrets -l operator.ibm.com/watched-by-cert-manager="" --all-namespaces -o custom-columns=NAME:.metadata.name,NAMESPACE:metadata.namespace --no-headers=True))
-i=0
-len=${#CURRENT_SECRETS[@]}
-while [ $i -lt $len ];
-do
-    NAME=${CURRENT_SECRETS[$i]}
-    let i++
-    NAMESPACE=${CURRENT_SECRETS[$i]}
-    let i++
-    echo $NAME
-    echo $NAMESPACE
-    echo "---"
-    oc label secret $NAME -n $NAMESPACE foundationservices.cloudpak.ibm.com=cert-manager --overwrite=true
+    oc label secret cs-ca-certificate-secret -n $NAMESPACE foundationservices.cloudpak.ibm.com=cert-manager --overwrite=true
 done
 
 CURRENT_CRD_ISSUERS=($(oc get crd | grep issuer | cut -d ' ' -f1))
@@ -119,6 +106,7 @@ if [[ $zen_namespace_list != "fail" ]]; then
             echo $zen_namespace
             echo "---"
             oc label secret $zen_secret_name -n $zen_namespace foundationservices.cloudpak.ibm.com=cert-manager --overwrite=true
+            oc label secret zen-ca-cert-secret -n $zen_namespace foundationservices.cloudpak.ibm.com=cert-manager --overwrite=true
         done
     done
 else