diff options
| author | Scott Dodson <sdodson@redhat.com> | 2017-10-18 07:48:17 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-10-18 07:48:17 -0400 |
| commit | 63b77fbe00e4c724452a0256c6fdafc165755962 (patch) | |
| tree | 6b2b32616fe25f91d0658ea4ef73b79b1b3ab526 /roles/lib_openshift | |
| parent | 5ff1e1bec64ea99830003a7f7d44de0ac1e65a57 (diff) | |
| parent | 47d2e205fa6c76ec66cd22b9100b561cd71e6976 (diff) | |
| download | openshift-63b77fbe00e4c724452a0256c6fdafc165755962.tar.gz openshift-63b77fbe00e4c724452a0256c6fdafc165755962.tar.bz2 openshift-63b77fbe00e4c724452a0256c6fdafc165755962.tar.xz openshift-63b77fbe00e4c724452a0256c6fdafc165755962.zip | |
Merge pull request #5361 from kwoodson/fix_bootstrap_files
Provisioning updates.
Diffstat (limited to 'roles/lib_openshift')
| -rw-r--r-- | roles/lib_openshift/library/oc_adm_csr.py | 16 | ||||
| -rw-r--r-- | roles/lib_openshift/src/class/oc_adm_csr.py | 16 |
2 files changed, 28 insertions, 4 deletions
diff --git a/roles/lib_openshift/library/oc_adm_csr.py b/roles/lib_openshift/library/oc_adm_csr.py index d1dc4caf8..324f52689 100644 --- a/roles/lib_openshift/library/oc_adm_csr.py +++ b/roles/lib_openshift/library/oc_adm_csr.py @@ -1478,11 +1478,23 @@ class OCcsr(OpenShiftCLI): return False + def get_csr_request(self, request): + '''base64 decode the request object and call openssl to determine the + subject and specifically the CN: from the request + + Output: + (0, '... + Subject: O=system:nodes, CN=system:node:ip-172-31-54-54.ec2.internal + ...') + ''' + import base64 + return self._run(['openssl', 'req', '-noout', '-text'], base64.b64decode(request))[1] + def match_node(self, csr): '''match an inc csr to a node in self.nodes''' for node in self.nodes: - # we have a match - if node['name'] in csr['metadata']['name']: + # we need to match based upon the csr's request certificate's CN + if node['name'] in self.get_csr_request(csr['spec']['request']): node['csrs'][csr['metadata']['name']] = csr # check that the username is the node and type is 'Approved' diff --git a/roles/lib_openshift/src/class/oc_adm_csr.py b/roles/lib_openshift/src/class/oc_adm_csr.py index ea11c6ca9..22b8f9165 100644 --- a/roles/lib_openshift/src/class/oc_adm_csr.py +++ b/roles/lib_openshift/src/class/oc_adm_csr.py @@ -66,11 +66,23 @@ class OCcsr(OpenShiftCLI): return False + def get_csr_request(self, request): + '''base64 decode the request object and call openssl to determine the + subject and specifically the CN: from the request + + Output: + (0, '... + Subject: O=system:nodes, CN=system:node:ip-172-31-54-54.ec2.internal + ...') + ''' + import base64 + return self._run(['openssl', 'req', '-noout', '-text'], base64.b64decode(request))[1] + def match_node(self, csr): '''match an inc csr to a node in self.nodes''' for node in self.nodes: - # we have a match - if node['name'] in csr['metadata']['name']: + # we need to match based upon the csr's request certificate's CN + if node['name'] in self.get_csr_request(csr['spec']['request']): node['csrs'][csr['metadata']['name']] = csr # check that the username is the node and type is 'Approved' |