From 8621904168b5e99cbf03158d888e6883e627e1e9 Mon Sep 17 00:00:00 2001
From: Kenny Woodson <kwoodson@redhat.com>
Date: Wed, 1 Mar 2017 16:54:14 -0500
Subject: Fixed error handling when oc adm ca create-server-cert fails.  Fixed
 a logic error in secure.

---
 roles/lib_openshift/library/oc_adm_ca_server_cert.py   | 3 +++
 roles/lib_openshift/src/class/oc_adm_ca_server_cert.py | 3 +++
 roles/openshift_hosted/tasks/registry/secure.yml       | 2 +-
 3 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/roles/lib_openshift/library/oc_adm_ca_server_cert.py b/roles/lib_openshift/library/oc_adm_ca_server_cert.py
index 9390ea7c1..74ef57b4e 100644
--- a/roles/lib_openshift/library/oc_adm_ca_server_cert.py
+++ b/roles/lib_openshift/library/oc_adm_ca_server_cert.py
@@ -1492,6 +1492,9 @@ class CAServerCert(OpenShiftCLI):
 
                 api_rval = server_cert.create()
 
+                if api_rval['returncode'] != 0:
+                    return {'Failed': True, 'msg': api_rval}
+
                 return {'changed': True, 'results': api_rval, 'state': state}
 
             ########
diff --git a/roles/lib_openshift/src/class/oc_adm_ca_server_cert.py b/roles/lib_openshift/src/class/oc_adm_ca_server_cert.py
index 6ed1f2f35..18c69f2fa 100644
--- a/roles/lib_openshift/src/class/oc_adm_ca_server_cert.py
+++ b/roles/lib_openshift/src/class/oc_adm_ca_server_cert.py
@@ -122,6 +122,9 @@ class CAServerCert(OpenShiftCLI):
 
                 api_rval = server_cert.create()
 
+                if api_rval['returncode'] != 0:
+                    return {'Failed': True, 'msg': api_rval}
+
                 return {'changed': True, 'results': api_rval, 'state': state}
 
             ########
diff --git a/roles/openshift_hosted/tasks/registry/secure.yml b/roles/openshift_hosted/tasks/registry/secure.yml
index bd513b943..f9ea2ebeb 100644
--- a/roles/openshift_hosted/tasks/registry/secure.yml
+++ b/roles/openshift_hosted/tasks/registry/secure.yml
@@ -8,7 +8,7 @@
     backup: True
     dest: "/etc/origin/master/named_certificates/{{ item.value | basename }}"
     src: "{{ item.value }}"
-  when: item.key in ['certfile', 'keyfile', 'cafile'] and item.value is not None
+  when: item.key in ['certfile', 'keyfile', 'cafile'] and item.value
   with_dict: "{{ openshift_hosted_registry_routecertificates }}"
 
 # When certificates are defined we will create the reencrypt
-- 
cgit v1.2.1