2 files changed, 15 insertions, 3 deletions

diff --git a/roles/lib_openshift/library/oc_adm_csr.py b/roles/lib_openshift/library/oc_adm_csr.py
index d1dc4caf8..324f52689 100644
--- a/roles/lib_openshift/library/oc_adm_csr.py
+++ b/roles/lib_openshift/library/oc_adm_csr.py
@@ -1478,11 +1478,23 @@ class OCcsr(OpenShiftCLI):
 
         return False
 
+    def get_csr_request(self, request):
+        '''base64 decode the request object and call openssl to determine the
+           subject and specifically the CN: from the request
+
+           Output:
+           (0, '...
+                Subject: O=system:nodes, CN=system:node:ip-172-31-54-54.ec2.internal
+                ...')
+        '''
+        import base64
+        return self._run(['openssl', 'req', '-noout', '-text'], base64.b64decode(request))[1]
+
     def match_node(self, csr):
         '''match an inc csr to a node in self.nodes'''
         for node in self.nodes:
-            # we have a match
-            if node['name'] in csr['metadata']['name']:
+            # we need to match based upon the csr's request certificate's CN
+            if node['name'] in self.get_csr_request(csr['spec']['request']):
                 node['csrs'][csr['metadata']['name']] = csr
 
                 # check that the username is the node and type is 'Approved'
diff --git a/roles/lib_openshift/library/oc_secret.py b/roles/lib_openshift/library/oc_secret.py
index 0614f359d..62bda33ad 100644
--- a/roles/lib_openshift/library/oc_secret.py
+++ b/roles/lib_openshift/library/oc_secret.py
@@ -1633,7 +1633,7 @@ class OCSecret(OpenShiftCLI):
            This receives a list of file names and converts it into a secret.
            The secret is then written to disk and passed into the `oc replace` command.
         '''
-        secret = self.prep_secret(files, force)
+        secret = self.prep_secret(files, force=force)
         if secret['returncode'] != 0:
             return secret