()
| 928 | } |
| 929 | |
| 930 | func (t *TLS) cleanStorageUnits() { |
| 931 | storageCleanMu.Lock() |
| 932 | defer storageCleanMu.Unlock() |
| 933 | |
| 934 | // TODO: This check might not be needed anymore now that CertMagic syncs |
| 935 | // and throttles storage cleaning globally across the cluster. |
| 936 | // The original comment below might be outdated: |
| 937 | // |
| 938 | // If storage was cleaned recently, don't do it again for now. Although the ticker |
| 939 | // calling this function drops missed ticks for us, config reloads discard the old |
| 940 | // ticker and replace it with a new one, possibly invoking a cleaning to happen again |
| 941 | // too soon. (We divide the interval by 2 because the actual cleaning takes non-zero |
| 942 | // time, and we don't want to skip cleanings if we don't have to; whereas if a cleaning |
| 943 | // took most of the interval, we'd probably want to skip the next one so we aren't |
| 944 | // constantly cleaning. This allows cleanings to take up to half the interval's |
| 945 | // duration before we decide to skip the next one.) |
| 946 | if !storageClean.IsZero() && time.Since(storageClean) < t.storageCleanInterval()/2 { |
| 947 | return |
| 948 | } |
| 949 | |
| 950 | id, err := caddy.InstanceID() |
| 951 | if err != nil { |
| 952 | if c := t.logger.Check(zapcore.WarnLevel, "unable to get instance ID; storage clean stamps will be incomplete"); c != nil { |
| 953 | c.Write(zap.Error(err)) |
| 954 | } |
| 955 | } |
| 956 | options := certmagic.CleanStorageOptions{ |
| 957 | Logger: t.logger, |
| 958 | InstanceID: id.String(), |
| 959 | Interval: t.storageCleanInterval(), |
| 960 | OCSPStaples: true, |
| 961 | ExpiredCerts: true, |
| 962 | ExpiredCertGracePeriod: 24 * time.Hour * 14, |
| 963 | } |
| 964 | |
| 965 | // start with the default/global storage |
| 966 | err = certmagic.CleanStorage(t.ctx, t.ctx.Storage(), options) |
| 967 | if err != nil { |
| 968 | // probably don't want to return early, since we should still |
| 969 | // see if any other storages can get cleaned up |
| 970 | if c := t.logger.Check(zapcore.ErrorLevel, "could not clean default/global storage"); c != nil { |
| 971 | c.Write(zap.Error(err)) |
| 972 | } |
| 973 | } |
| 974 | |
| 975 | // then clean each storage defined in ACME automation policies |
| 976 | if t.Automation != nil { |
| 977 | for _, ap := range t.Automation.Policies { |
| 978 | if ap.storage == nil { |
| 979 | continue |
| 980 | } |
| 981 | if err := certmagic.CleanStorage(t.ctx, ap.storage, options); err != nil { |
| 982 | if c := t.logger.Check(zapcore.ErrorLevel, "could not clean storage configured in automation policy"); c != nil { |
| 983 | c.Write(zap.Error(err)) |
| 984 | } |
| 985 | } |
| 986 | } |
| 987 | } |
no test coverage detected