From 1371fdf611fbdc7982d6b1cfa881ce35855ccfbb Mon Sep 17 00:00:00 2001
From: Zohar Galor <zgalor@redhat.com>
Date: Thu, 27 Jul 2017 10:26:45 +0300
Subject: Only validate certificates that are passed to oc_route

In 3.6 destination ca certifate is not mandatory for tls_termination==reencrypt.
Instead of validating that the certificate/key was passed, only validate the content or correct path,
before sending request to API.
---
 roles/lib_openshift/library/oc_route.py   | 7 ++-----
 roles/lib_openshift/src/class/oc_route.py | 7 ++-----
 2 files changed, 4 insertions(+), 10 deletions(-)

diff --git a/roles/lib_openshift/library/oc_route.py b/roles/lib_openshift/library/oc_route.py
index 0c0bc9386..b16503367 100644
--- a/roles/lib_openshift/library/oc_route.py
+++ b/roles/lib_openshift/library/oc_route.py
@@ -1666,9 +1666,6 @@ class OCRoute(OpenShiftCLI):
     @staticmethod
     def get_cert_data(path, content):
         '''get the data for a particular value'''
-        if not path and not content:
-            return None
-
         rval = None
         if path and os.path.exists(path) and os.access(path, os.R_OK):
             rval = open(path).read()
@@ -1707,14 +1704,14 @@ class OCRoute(OpenShiftCLI):
         if params['tls_termination'] and params['tls_termination'].lower() != 'passthrough':  # E501
 
             for key, option in files.items():
-                if key == 'destcacert' and params['tls_termination'] != 'reencrypt':
+                if not option['path'] and not option['content']:
                     continue
 
                 option['value'] = OCRoute.get_cert_data(option['path'], option['content'])  # E501
 
                 if not option['value']:
                     return {'failed': True,
-                            'msg': 'Verify that you pass a value for %s' % key}
+                            'msg': 'Verify that you pass a correct value for %s' % key}
 
         rconfig = RouteConfig(params['name'],
                               params['namespace'],
diff --git a/roles/lib_openshift/src/class/oc_route.py b/roles/lib_openshift/src/class/oc_route.py
index 3935525f1..3a1bd732f 100644
--- a/roles/lib_openshift/src/class/oc_route.py
+++ b/roles/lib_openshift/src/class/oc_route.py
@@ -68,9 +68,6 @@ class OCRoute(OpenShiftCLI):
     @staticmethod
     def get_cert_data(path, content):
         '''get the data for a particular value'''
-        if not path and not content:
-            return None
-
         rval = None
         if path and os.path.exists(path) and os.access(path, os.R_OK):
             rval = open(path).read()
@@ -109,14 +106,14 @@ class OCRoute(OpenShiftCLI):
         if params['tls_termination'] and params['tls_termination'].lower() != 'passthrough':  # E501
 
             for key, option in files.items():
-                if key == 'destcacert' and params['tls_termination'] != 'reencrypt':
+                if not option['path'] and not option['content']:
                     continue
 
                 option['value'] = OCRoute.get_cert_data(option['path'], option['content'])  # E501
 
                 if not option['value']:
                     return {'failed': True,
-                            'msg': 'Verify that you pass a value for %s' % key}
+                            'msg': 'Verify that you pass a correct value for %s' % key}
 
         rconfig = RouteConfig(params['name'],
                               params['namespace'],
-- 
cgit v1.2.3