if no key, cert, cacert, or default_cert is passed then do not pass to oc

author: Kenny Woodson <kwoodson@redhat.com> 2017-02-21 20:31:09 -0500
committer: Kenny Woodson <kwoodson@redhat.com> 2017-02-21 20:32:37 -0500
commit: fb2bf36d4e20fadac275d364c88a6586dd08bcb8 (patch)
tree: dccde620083a18cb73fcf4dfb039f06f6820d71a /roles/lib_openshift
parent: b718955622da88c875aa5814fd87bcb3f53599f6 (diff)
download: openshift-fb2bf36d4e20fadac275d364c88a6586dd08bcb8.tar.gz
openshift-fb2bf36d4e20fadac275d364c88a6586dd08bcb8.tar.bz2
openshift-fb2bf36d4e20fadac275d364c88a6586dd08bcb8.tar.xz
openshift-fb2bf36d4e20fadac275d364c88a6586dd08bcb8.zip
3 files changed, 22 insertions, 4 deletions
diff --git a/roles/lib_openshift/library/oc_adm_router.py b/roles/lib_openshift/library/oc_adm_router.py
index e6d0f795e..577772564 100644
--- a/roles/lib_openshift/library/oc_adm_router.py
+++ b/roles/lib_openshift/library/oc_adm_router.py
@@ -2613,8 +2613,11 @@ class Router(OpenShiftCLI):
 
     def _prepare_router(self):
         '''prepare router for instantiation'''
-        # We need to create the pem file
-        if self.config.config_options['default_cert']['value'] is None:
+        # if cacert, key, and cert were passed, combine them into a pem file
+        if (self.config.config_options['cacert_file']['value'] and
+             self.config.config_options['cert_file']['value'] and
+             self.config.config_options['key_file']['value']):
+
             router_pem = '/tmp/router.pem'
             with open(router_pem, 'w') as rfd:
                 rfd.write(open(self.config.config_options['cert_file']['value']).read())
@@ -2624,8 +2627,13 @@ class Router(OpenShiftCLI):
                     rfd.write(open(self.config.config_options['cacert_file']['value']).read())
 
             atexit.register(Utils.cleanup, [router_pem])
+
             self.config.config_options['default_cert']['value'] = router_pem
 
+        elif self.config.config_options['default_cert']['value'] is None:
+            # No certificate was passed to us.  do not pass one to oc adm router
+            self.config.config_options['default_cert']['include'] = False
+
         options = self.config.to_option_list()
 
         cmd = ['router', self.config.name, '-n', self.config.namespace]
@@ -2937,6 +2945,7 @@ def main():
         mutually_exclusive=[["router_type", "images"],
                             ["key_file", "default_cert"],
                             ["cert_file", "default_cert"],
+                            ["cacert_file", "default_cert"],
                            ],
 
         supports_check_mode=True,
diff --git a/roles/lib_openshift/src/ansible/oc_adm_router.py b/roles/lib_openshift/src/ansible/oc_adm_router.py
index 48c9f0ec1..794eff3c2 100644
--- a/roles/lib_openshift/src/ansible/oc_adm_router.py
+++ b/roles/lib_openshift/src/ansible/oc_adm_router.py
@@ -51,6 +51,7 @@ def main():
         mutually_exclusive=[["router_type", "images"],
                             ["key_file", "default_cert"],
                             ["cert_file", "default_cert"],
+                            ["cacert_file", "default_cert"],
                            ],
 
         supports_check_mode=True,
diff --git a/roles/lib_openshift/src/class/oc_adm_router.py b/roles/lib_openshift/src/class/oc_adm_router.py
index 9d61cfdf2..1c4e17cf6 100644
--- a/roles/lib_openshift/src/class/oc_adm_router.py
+++ b/roles/lib_openshift/src/class/oc_adm_router.py
@@ -182,8 +182,11 @@ class Router(OpenShiftCLI):
 
     def _prepare_router(self):
         '''prepare router for instantiation'''
-        # We need to create the pem file
-        if self.config.config_options['default_cert']['value'] is None:
+        # if cacert, key, and cert were passed, combine them into a pem file
+        if (self.config.config_options['cacert_file']['value'] and
+             self.config.config_options['cert_file']['value'] and
+             self.config.config_options['key_file']['value']):
+
             router_pem = '/tmp/router.pem'
             with open(router_pem, 'w') as rfd:
                 rfd.write(open(self.config.config_options['cert_file']['value']).read())
@@ -193,8 +196,13 @@ class Router(OpenShiftCLI):
                     rfd.write(open(self.config.config_options['cacert_file']['value']).read())
 
             atexit.register(Utils.cleanup, [router_pem])
+
             self.config.config_options['default_cert']['value'] = router_pem
 
+        elif self.config.config_options['default_cert']['value'] is None:
+            # No certificate was passed to us.  do not pass one to oc adm router
+            self.config.config_options['default_cert']['include'] = False
+
         options = self.config.to_option_list()
 
         cmd = ['router', self.config.name, '-n', self.config.namespace]
author	Kenny Woodson <kwoodson@redhat.com>	2017-02-21 20:31:09 -0500
committer	Kenny Woodson <kwoodson@redhat.com>	2017-02-21 20:32:37 -0500
commit	fb2bf36d4e20fadac275d364c88a6586dd08bcb8 (patch)
tree	dccde620083a18cb73fcf4dfb039f06f6820d71a /roles/lib_openshift
parent	b718955622da88c875aa5814fd87bcb3f53599f6 (diff)
download	openshift-fb2bf36d4e20fadac275d364c88a6586dd08bcb8.tar.gz openshift-fb2bf36d4e20fadac275d364c88a6586dd08bcb8.tar.bz2 openshift-fb2bf36d4e20fadac275d364c88a6586dd08bcb8.tar.xz openshift-fb2bf36d4e20fadac275d364c88a6586dd08bcb8.zip