From 8200377dbb3d0e6aa2b35ea369cceb03976b508b Mon Sep 17 00:00:00 2001 From: Kenny Woodson Date: Tue, 21 Feb 2017 10:26:17 -0500 Subject: Added copy support when modifying cert and key on existence --- roles/lib_openshift/library/oc_adm_ca_server_cert.py | 20 +++++++++++++++++++- .../src/ansible/oc_adm_ca_server_cert.py | 2 +- .../lib_openshift/src/class/oc_adm_ca_server_cert.py | 12 ++++++++++++ roles/lib_openshift/src/doc/ca_server_cert | 6 ++++++ 4 files changed, 38 insertions(+), 2 deletions(-) (limited to 'roles') diff --git a/roles/lib_openshift/library/oc_adm_ca_server_cert.py b/roles/lib_openshift/library/oc_adm_ca_server_cert.py index 9c8c62621..9c57435e7 100644 --- a/roles/lib_openshift/library/oc_adm_ca_server_cert.py +++ b/roles/lib_openshift/library/oc_adm_ca_server_cert.py @@ -124,6 +124,12 @@ options: required: false default: None aliases: [] + backup: + description: + - Whether to backup the cert and key files before writing them. + required: false + default: True + aliases: [] author: - "Kenny Woodson " extends_documentation_fragment: [] @@ -1345,6 +1351,17 @@ class CAServerCert(OpenShiftCLI): def create(self): '''run openshift oc adm ca create-server-cert cmd''' + + # Added this here as a safegaurd for stomping on the + # cert and key files if they exist + if self.config.config_options['backup']['value']: + if os.path.exists(self.config.config_options['key']['value']): + shutil.copy(self.config.config_options['key']['value'], + "%s.orig" % self.config.config_options['key']['value']) + if os.path.exists(self.config.config_options['cert']['value']): + shutil.copy(self.config.config_options['cert']['value'], + "%s.orig" % self.config.config_options['cert']['value']) + options = self.config.to_option_list() cmd = ['ca', 'create-server-cert'] @@ -1384,6 +1401,7 @@ class CAServerCert(OpenShiftCLI): 'signer_cert': {'value': params['signer_cert'], 'include': True}, 'signer_key': {'value': params['signer_key'], 'include': True}, 'signer_serial': {'value': params['signer_serial'], 'include': True}, + 'backup': {'value': params['backup'], 'include': False}, }) server_cert = CAServerCert(config) @@ -1429,7 +1447,7 @@ def main(): state=dict(default='present', type='str', choices=['present']), debug=dict(default=False, type='bool'), kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'), - cmd=dict(default=None, require=True, type='str'), + backup=dict(default=True, type='bool'), # oadm ca create-server-cert [options] cert=dict(default=None, type='str'), key=dict(default=None, type='str'), diff --git a/roles/lib_openshift/src/ansible/oc_adm_ca_server_cert.py b/roles/lib_openshift/src/ansible/oc_adm_ca_server_cert.py index 3518a2de4..367f6d932 100644 --- a/roles/lib_openshift/src/ansible/oc_adm_ca_server_cert.py +++ b/roles/lib_openshift/src/ansible/oc_adm_ca_server_cert.py @@ -11,7 +11,7 @@ def main(): state=dict(default='present', type='str', choices=['present']), debug=dict(default=False, type='bool'), kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'), - cmd=dict(default=None, require=True, type='str'), + backup=dict(default=True, type='bool'), # oadm ca create-server-cert [options] cert=dict(default=None, type='str'), key=dict(default=None, type='str'), diff --git a/roles/lib_openshift/src/class/oc_adm_ca_server_cert.py b/roles/lib_openshift/src/class/oc_adm_ca_server_cert.py index 7f9ff9e1d..ee6cd4a29 100644 --- a/roles/lib_openshift/src/class/oc_adm_ca_server_cert.py +++ b/roles/lib_openshift/src/class/oc_adm_ca_server_cert.py @@ -33,6 +33,17 @@ class CAServerCert(OpenShiftCLI): def create(self): '''run openshift oc adm ca create-server-cert cmd''' + + # Added this here as a safegaurd for stomping on the + # cert and key files if they exist + if self.config.config_options['backup']['value']: + if os.path.exists(self.config.config_options['key']['value']): + shutil.copy(self.config.config_options['key']['value'], + "%s.orig" % self.config.config_options['key']['value']) + if os.path.exists(self.config.config_options['cert']['value']): + shutil.copy(self.config.config_options['cert']['value'], + "%s.orig" % self.config.config_options['cert']['value']) + options = self.config.to_option_list() cmd = ['ca', 'create-server-cert'] @@ -72,6 +83,7 @@ class CAServerCert(OpenShiftCLI): 'signer_cert': {'value': params['signer_cert'], 'include': True}, 'signer_key': {'value': params['signer_key'], 'include': True}, 'signer_serial': {'value': params['signer_serial'], 'include': True}, + 'backup': {'value': params['backup'], 'include': False}, }) server_cert = CAServerCert(config) diff --git a/roles/lib_openshift/src/doc/ca_server_cert b/roles/lib_openshift/src/doc/ca_server_cert index bb57a3e11..58720b09f 100644 --- a/roles/lib_openshift/src/doc/ca_server_cert +++ b/roles/lib_openshift/src/doc/ca_server_cert @@ -73,6 +73,12 @@ options: required: false default: None aliases: [] + backup: + description: + - Whether to backup the cert and key files before writing them. + required: false + default: True + aliases: [] author: - "Kenny Woodson " extends_documentation_fragment: [] -- cgit v1.2.3