summaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
authorZohar Galor <zgalor@redhat.com>2017-07-27 10:26:45 +0300
committerZohar Galor <zgalor@redhat.com>2017-08-01 14:09:33 +0300
commit1371fdf611fbdc7982d6b1cfa881ce35855ccfbb (patch)
tree802b83977866011069f4163a306cbb79e977173d /roles
parentbf0bf407479458206f48885e43d3e1d3a2eab6e1 (diff)
downloadopenshift-1371fdf611fbdc7982d6b1cfa881ce35855ccfbb.tar.gz
openshift-1371fdf611fbdc7982d6b1cfa881ce35855ccfbb.tar.bz2
openshift-1371fdf611fbdc7982d6b1cfa881ce35855ccfbb.tar.xz
openshift-1371fdf611fbdc7982d6b1cfa881ce35855ccfbb.zip
Only validate certificates that are passed to oc_route
In 3.6 destination ca certifate is not mandatory for tls_termination==reencrypt. Instead of validating that the certificate/key was passed, only validate the content or correct path, before sending request to API.
Diffstat (limited to 'roles')
-rw-r--r--roles/lib_openshift/library/oc_route.py7
-rw-r--r--roles/lib_openshift/src/class/oc_route.py7
2 files changed, 4 insertions, 10 deletions
diff --git a/roles/lib_openshift/library/oc_route.py b/roles/lib_openshift/library/oc_route.py
index 0c0bc9386..b16503367 100644
--- a/roles/lib_openshift/library/oc_route.py
+++ b/roles/lib_openshift/library/oc_route.py
@@ -1666,9 +1666,6 @@ class OCRoute(OpenShiftCLI):
@staticmethod
def get_cert_data(path, content):
'''get the data for a particular value'''
- if not path and not content:
- return None
-
rval = None
if path and os.path.exists(path) and os.access(path, os.R_OK):
rval = open(path).read()
@@ -1707,14 +1704,14 @@ class OCRoute(OpenShiftCLI):
if params['tls_termination'] and params['tls_termination'].lower() != 'passthrough': # E501
for key, option in files.items():
- if key == 'destcacert' and params['tls_termination'] != 'reencrypt':
+ if not option['path'] and not option['content']:
continue
option['value'] = OCRoute.get_cert_data(option['path'], option['content']) # E501
if not option['value']:
return {'failed': True,
- 'msg': 'Verify that you pass a value for %s' % key}
+ 'msg': 'Verify that you pass a correct value for %s' % key}
rconfig = RouteConfig(params['name'],
params['namespace'],
diff --git a/roles/lib_openshift/src/class/oc_route.py b/roles/lib_openshift/src/class/oc_route.py
index 3935525f1..3a1bd732f 100644
--- a/roles/lib_openshift/src/class/oc_route.py
+++ b/roles/lib_openshift/src/class/oc_route.py
@@ -68,9 +68,6 @@ class OCRoute(OpenShiftCLI):
@staticmethod
def get_cert_data(path, content):
'''get the data for a particular value'''
- if not path and not content:
- return None
-
rval = None
if path and os.path.exists(path) and os.access(path, os.R_OK):
rval = open(path).read()
@@ -109,14 +106,14 @@ class OCRoute(OpenShiftCLI):
if params['tls_termination'] and params['tls_termination'].lower() != 'passthrough': # E501
for key, option in files.items():
- if key == 'destcacert' and params['tls_termination'] != 'reencrypt':
+ if not option['path'] and not option['content']:
continue
option['value'] = OCRoute.get_cert_data(option['path'], option['content']) # E501
if not option['value']:
return {'failed': True,
- 'msg': 'Verify that you pass a value for %s' % key}
+ 'msg': 'Verify that you pass a correct value for %s' % key}
rconfig = RouteConfig(params['name'],
params['namespace'],