From 3a978ad552b9c89ef3c5acf86c5e390c6028b73c Mon Sep 17 00:00:00 2001
From: Bharath B <bhb@redhat.com>
Date: Fri, 17 Nov 2023 13:04:14 +0530
Subject: [PATCH] CFE-986: Reload router when defaultDestinationCA is updated

---
 pkg/router/template/router.go | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/pkg/router/template/router.go b/pkg/router/template/router.go
index fb61493c0..f684efc76 100644
--- a/pkg/router/template/router.go
+++ b/pkg/router/template/router.go
@@ -281,6 +281,9 @@ func newTemplateRouter(cfg templateRouterCfg) (*templateRouter, error) {
 	if err := router.watchMutualTLSCert(); err != nil {
 		return nil, err
 	}
+	if err := router.watchCABundleCert(); err != nil {
+		return nil, err
+	}
 	if router.dynamicConfigManager != nil {
 		log.V(0).Info("initializing dynamic config manager ... ")
 		router.dynamicConfigManager.Initialize(router, router.defaultCertificatePath)
@@ -1489,3 +1492,24 @@ func privateKeysFromPEM(pemCerts []byte) ([]byte, error) {
 	}
 	return buf.Bytes(), nil
 }
+
+// watchCABundleCert watches the directory containing the CA bundle certificate
+// and reloads the router if the directory contents change.
+func (r *templateRouter) watchCABundleCert() error {
+	caBundleDir := filepath.Dir(r.defaultDestinationCAPath)
+
+	reloadFn := func() {
+		if err := r.reloadRouter(false); err != nil {
+			log.V(0).Error(err, "failed to reload router after detecting changes in CA bundle certificate directory")
+			return
+		}
+		log.V(0).Info("router was reloaded after detecting changes in CA bundle certificate directory")
+	}
+
+	if err := r.watchVolumeMountDir(caBundleDir, reloadFn); err != nil {
+		log.V(0).Error(err, "failed to establish watch on CA bundle certificate directory")
+		return nil
+	}
+
+	return nil
+}