From b8ac4c5c540a79147d10a1b43c524867f7499357 Mon Sep 17 00:00:00 2001
From: Veronika Fisarova <vfisarov@redhat.com>
Date: Mon, 8 Jul 2024 16:25:07 +0200
Subject: [PATCH] Change CA time check to minutes instead of hours

Signed-off-by: Veronika Fisarova <vfisarov@redhat.com>
---
 pkg/openstack/ca.go | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/pkg/openstack/ca.go b/pkg/openstack/ca.go
index e7b69ac20..87d0263fb 100644
--- a/pkg/openstack/ca.go
+++ b/pkg/openstack/ca.go
@@ -558,6 +558,10 @@ func ensureCaBundles(
 		return ctrl.Result{}, err
 	}
 
+	if len(caCertStatusBundle.certs) == 0 {
+		return ctrl.Result{}, fmt.Errorf("caCertStatusBundle.certs is empty")
+	}
+
 	status := corev1.TLSCAStatus{
 		Name:    caName,
 		Expires: caCertStatusBundle.certs[0].expire.Format(time.RFC3339),
@@ -710,8 +714,8 @@ func getOperatorCABundle(caFile string) ([]byte, error) {
 	return contents, nil
 }
 
-func days(t time.Time) int {
-	return int(math.Round(time.Since(t).Hours() / 24))
+func minutes(t time.Time) int {
+	return int(math.Round(time.Since(t).Minutes()))
 }
 
 type caBundle struct {
@@ -765,7 +769,7 @@ func (cab *caBundle) getCertsFromPEM(PEMdata []byte) error {
 		}
 
 		// validate if the CA expired
-		if -days(certificate.NotAfter) <= 0 {
+		if -minutes(certificate.NotAfter) <= 0 {
 			continue
 		}