diff options
| author | Zohar Galor <zgalor@redhat.com> | 2017-07-27 10:26:45 +0300 |
|---|---|---|
| committer | Zohar Galor <zgalor@redhat.com> | 2017-08-01 14:09:33 +0300 |
| commit | 1371fdf611fbdc7982d6b1cfa881ce35855ccfbb (patch) | |
| tree | 802b83977866011069f4163a306cbb79e977173d /roles/lib_openshift | |
| parent | bf0bf407479458206f48885e43d3e1d3a2eab6e1 (diff) | |
| download | openshift-1371fdf611fbdc7982d6b1cfa881ce35855ccfbb.tar.gz openshift-1371fdf611fbdc7982d6b1cfa881ce35855ccfbb.tar.bz2 openshift-1371fdf611fbdc7982d6b1cfa881ce35855ccfbb.tar.xz openshift-1371fdf611fbdc7982d6b1cfa881ce35855ccfbb.zip | |
Only validate certificates that are passed to oc_route
In 3.6 destination ca certifate is not mandatory for tls_termination==reencrypt.
Instead of validating that the certificate/key was passed, only validate the content or correct path,
before sending request to API.
Diffstat (limited to 'roles/lib_openshift')
| -rw-r--r-- | roles/lib_openshift/library/oc_route.py | 7 | ||||
| -rw-r--r-- | roles/lib_openshift/src/class/oc_route.py | 7 |
2 files changed, 4 insertions, 10 deletions
diff --git a/roles/lib_openshift/library/oc_route.py b/roles/lib_openshift/library/oc_route.py index 0c0bc9386..b16503367 100644 --- a/roles/lib_openshift/library/oc_route.py +++ b/roles/lib_openshift/library/oc_route.py @@ -1666,9 +1666,6 @@ class OCRoute(OpenShiftCLI): @staticmethod def get_cert_data(path, content): '''get the data for a particular value''' - if not path and not content: - return None - rval = None if path and os.path.exists(path) and os.access(path, os.R_OK): rval = open(path).read() @@ -1707,14 +1704,14 @@ class OCRoute(OpenShiftCLI): if params['tls_termination'] and params['tls_termination'].lower() != 'passthrough': # E501 for key, option in files.items(): - if key == 'destcacert' and params['tls_termination'] != 'reencrypt': + if not option['path'] and not option['content']: continue option['value'] = OCRoute.get_cert_data(option['path'], option['content']) # E501 if not option['value']: return {'failed': True, - 'msg': 'Verify that you pass a value for %s' % key} + 'msg': 'Verify that you pass a correct value for %s' % key} rconfig = RouteConfig(params['name'], params['namespace'], diff --git a/roles/lib_openshift/src/class/oc_route.py b/roles/lib_openshift/src/class/oc_route.py index 3935525f1..3a1bd732f 100644 --- a/roles/lib_openshift/src/class/oc_route.py +++ b/roles/lib_openshift/src/class/oc_route.py @@ -68,9 +68,6 @@ class OCRoute(OpenShiftCLI): @staticmethod def get_cert_data(path, content): '''get the data for a particular value''' - if not path and not content: - return None - rval = None if path and os.path.exists(path) and os.access(path, os.R_OK): rval = open(path).read() @@ -109,14 +106,14 @@ class OCRoute(OpenShiftCLI): if params['tls_termination'] and params['tls_termination'].lower() != 'passthrough': # E501 for key, option in files.items(): - if key == 'destcacert' and params['tls_termination'] != 'reencrypt': + if not option['path'] and not option['content']: continue option['value'] = OCRoute.get_cert_data(option['path'], option['content']) # E501 if not option['value']: return {'failed': True, - 'msg': 'Verify that you pass a value for %s' % key} + 'msg': 'Verify that you pass a correct value for %s' % key} rconfig = RouteConfig(params['name'], params['namespace'], |