openstack/openstack-helm-infra
Code Issues Proposed changes

Generate CA crt and key if needed

Browse Source 
Generate CA cert and CA key, if they are not present in
the values.

Change-Id: I14610ab66b72ddd5e6e45f57b56968e462416234
This commit is contained in:
Ahmad Mahmoudi 2019-06-26 11:43:13 -05:00 committed by Mahmoudi, Ahmad (am495p)
parent 17a7eb5cdc
commit db164a2925
1 changed files with 16 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
helm-toolkit/templates/tls/_tls_generate_certs.tpl
View File

@ -28,6 +28,8 @@ values: |
- 127.0.0.1
- 192.168.0.1
life: 3
# Use ca.crt and ca.key to build a customized ca, if they are provided.
# Use hosts.names[0] and life to auto-generate a ca, if ca is not provided.
ca:
crt: |
<CA CRT>
@ -64,19 +66,30 @@ return: |
{{- $_ := set $local "certIps" $_ips }}
{{- end }}
{{- if hasKey $params "ca" }}
{{- if and (hasKey $params.ca "crt") (hasKey $params.ca "key") }}
{{- $ca := buildCustomCert ($params.ca.crt | b64enc ) ($params.ca.key | b64enc ) }}
{{- $_ := set $local "ca" $ca }}
{{- end }}
{{- else }}
{{- $ca := genCA (first $local.certHosts) (int $params.life) }}
{{- $_ := set $local "ca" $ca }}
{{- end }}
{{- $expDate := date_in_zone "2006-01-02T15:04:05Z07:00" ( date_modify (printf "+%sh" (mul $params.life 24 |toString)) now ) "UTC" }}
{{- $rawCert := genSignedCert (first $local.certHosts) ($local.certIps) $local.certHosts (int $params.life) $ca }}
{{- $rawCert := genSignedCert (first $local.certHosts) ($local.certIps) ($local.certHosts) (int $params.life) $local.ca }}
{{- $certificate := dict -}}
{{- if $encode -}}
{{- $_ := b64enc $rawCert.Cert | set $certificate "crt" -}}
{{- $_ := b64enc $rawCert.Key | set $certificate "key" -}}
{{- $_ := b64enc $params.ca.crt | set $certificate "ca" -}}
{{- $_ := b64enc $local.ca.Cert | set $certificate "ca" -}}
{{- $_ := b64enc $local.ca.Key | set $certificate "caKey" -}}
{{- $_ := b64enc $expDate | set $certificate "exp" -}}
{{- else -}}
{{- $_ := set $certificate "crt" $rawCert.Cert -}}
{{- $_ := set $certificate "key" $rawCert.Key -}}
{{- $_ := set $certificate "ca" $params.ca.crt -}}
{{- $_ := set $certificate "ca" $local.ca.Cert -}}
{{- $_ := set $certificate "caKey" $local.ca.Key -}}
{{- $_ := set $certificate "exp" $expDate -}}
{{- end -}}
{{- $certificate | toYaml }}