@@ -121,6 +121,36 @@ var _ = Describe("CertWatcher", func() {
121121 Expect (called .Load ()).To (BeNumerically (">=" , 1 ))
122122 })
123123
124+ It ("should reload currentCert when changed with rename" , func () {
125+ doneCh := startWatcher ()
126+ called := atomic.Int64 {}
127+ watcher .RegisterCallback (func (crt tls.Certificate ) {
128+ called .Add (1 )
129+ Expect (crt .Certificate ).ToNot (BeEmpty ())
130+ })
131+
132+ firstcert , _ := watcher .GetCertificate (nil )
133+
134+ err := writeCerts (certPath + ".new" , keyPath + ".new" , "192.168.0.2" )
135+ Expect (err ).ToNot (HaveOccurred ())
136+
137+ Expect (os .Link (certPath , certPath + ".old" )).To (Succeed ())
138+ Expect (os .Rename (certPath + ".new" , certPath )).To (Succeed ())
139+
140+ Expect (os .Link (keyPath , keyPath + ".old" )).To (Succeed ())
141+ Expect (os .Rename (keyPath + ".new" , keyPath )).To (Succeed ())
142+
143+ Eventually (func () bool {
144+ secondcert , _ := watcher .GetCertificate (nil )
145+ first := firstcert .PrivateKey .(* rsa.PrivateKey )
146+ return first .Equal (secondcert .PrivateKey )
147+ }).ShouldNot (BeTrue ())
148+
149+ ctxCancel ()
150+ Eventually (doneCh , "4s" ).Should (BeClosed ())
151+ Expect (called .Load ()).To (BeNumerically (">=" , 1 ))
152+ })
153+
124154 Context ("prometheus metric read_certificate_total" , func () {
125155 var readCertificateTotalBefore float64
126156 var readCertificateErrorsBefore float64
0 commit comments