Rename GetSANsFromCert to GetDNSNamesFromCert

myJamong · myJamong · commit ece28363b009 · 2026-05-26T11:22:23.000+09:00
The function returns only cert.DNSNames, not all SAN types.
Renaming to match actual behavior per PR review feedback.
diff --git a/pkg/controller/perconaservermongodb/ssl.go b/pkg/controller/perconaservermongodb/ssl.go
@@ -531,7 +531,7 @@ func (r *ReconcilePerconaServerMongoDB) needsManualSSLUpdate(ctx context.Context
 		return false
 	}
 
-	currentSANs, err := tls.GetSANsFromCert(sslSecret.Data["tls.crt"])
+	currentSANs, err := tls.GetDNSNamesFromCert(sslSecret.Data["tls.crt"])
 	if err != nil {
 		return false
 	}
diff --git a/pkg/psmdb/tls/manual_tls_test.go b/pkg/psmdb/tls/manual_tls_test.go
@@ -146,7 +146,7 @@ func TestIssueWithCA_InvalidInputs(t *testing.T) {
 	})
 }
 
-func TestGetSANsFromCert(t *testing.T) {
+func TestGetDNSNamesFromCert(t *testing.T) {
 	hosts := []string{"localhost", "mongo-0.example.com", "*.mongo.ns"}
 
 	caCert, caKey, err := IssueCA()
@@ -155,19 +155,19 @@ func TestGetSANsFromCert(t *testing.T) {
 	tlsCert, _, err := IssueWithCA(hosts, caCert, caKey)
 	require.NoError(t, err)
 
-	sans, err := GetSANsFromCert(tlsCert)
+	sans, err := GetDNSNamesFromCert(tlsCert)
 	require.NoError(t, err)
 
 	sort.Strings(sans)
 	sort.Strings(hosts)
 	assert.Equal(t, hosts, sans)
 }
 
-func TestGetSANsFromCert_InvalidInput(t *testing.T) {
-	_, err := GetSANsFromCert([]byte("not-a-cert"))
+func TestGetDNSNamesFromCert_InvalidInput(t *testing.T) {
+	_, err := GetDNSNamesFromCert([]byte("not-a-cert"))
 	assert.Error(t, err)
 
-	_, err = GetSANsFromCert(nil)
+	_, err = GetDNSNamesFromCert(nil)
 	assert.Error(t, err)
 }
 
diff --git a/pkg/psmdb/tls/tls.go b/pkg/psmdb/tls/tls.go
@@ -185,8 +185,8 @@ func Issue(hosts []string) (caCert []byte, tlsCert []byte, tlsKey []byte, err er
 	return caCertPEM, tlsCertPEM, tlsKeyPEM, nil
 }
 
-// GetSANsFromCert extracts DNS SANs from a PEM-encoded TLS certificate.
-func GetSANsFromCert(tlsCertPEM []byte) ([]string, error) {
+// GetDNSNamesFromCert extracts DNS names from the SANs of a PEM-encoded TLS certificate.
+func GetDNSNamesFromCert(tlsCertPEM []byte) ([]string, error) {
 	block, _ := pem.Decode(tlsCertPEM)
 	if block == nil {
 		return nil, fmt.Errorf("failed to decode TLS certificate PEM")

Original file line number	Diff line number	Diff line change
`@@ -531,7 +531,7 @@ func (r *ReconcilePerconaServerMongoDB) needsManualSSLUpdate(ctx context.Context`
`531`	`531`	`return false`
`532`	`532`	`}`
`533`	`533`
`534`		`- currentSANs, err := tls.GetSANsFromCert(sslSecret.Data["tls.crt"])`
	`534`	`+ currentSANs, err := tls.GetDNSNamesFromCert(sslSecret.Data["tls.crt"])`
`535`	`535`	`if err != nil {`
`536`	`536`	`return false`
`537`	`537`	`}`