openstack-armada-app/openstack-helm-infra/files/0020-Fix-tls-in-openstack-helm-infra.patch

From d7d223ef40ab11e5c9a00b4b30000f6905885c04 Mon Sep 17 00:00:00 2001
From: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
Date: Wed, 19 Jan 2022 11:54:38 -0300
Subject: [PATCH] Fix Support for TLS in openstack-helm-infra

WIP

Signed-off-by: Lucas Cavalcante <lucasmedeiros.cavalcante@windriver.com>
Change-Id: I382e0fc68c9a92c6a9570097db2c6a959525059d
---
 .../templates/manifests/_secret-tls.yaml.tpl  | 97 +++++++------------
 1 file changed, 33 insertions(+), 64 deletions(-)

diff --git a/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl b/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl
index 24a70450..f34ac527 100644
--- a/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl
+++ b/helm-toolkit/templates/manifests/_secret-tls.yaml.tpl
@@ -15,66 +15,36 @@ limitations under the License.
 {{/*
 abstract: |
   Creates a manifest for a services public tls secret
-examples:
-  - values: |
-      secrets:
-        tls:
-          key_manager:
-            api:
-              public: barbican-tls-public
-      endpoints:
-        key_manager:
-          host_fqdn_override:
-            public:
-              tls:
-                crt: |
-                  FOO-CRT
-                key: |
-                  FOO-KEY
-                ca: |
-                  FOO-CA_CRT
-  usage: |
-    {{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "key-manager" ) -}}
-  return: |
-    ---
-    apiVersion: v1
-    kind: Secret
-    metadata:
-      name: barbican-tls-public
-    type: kubernetes.io/tls
-    data:
-      tls.key: Rk9PLUtFWQo=
-      tls.crt: Rk9PLUNSVAoKRk9PLUNBX0NSVAo=
-
-  - values: |
-      secrets:
-        tls:
-          key_manager:
-            api:
-              public: barbican-tls-public
-      endpoints:
-        key_manager:
-          host_fqdn_override:
-            public:
-              tls:
-                crt: |
-                  FOO-CRT
-                  FOO-INTERMEDIATE_CRT
-                  FOO-CA_CRT
-                key: |
-                  FOO-KEY
-  usage: |
-    {{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "key-manager" ) -}}
-  return: |
-    ---
-    apiVersion: v1
-    kind: Secret
-    metadata:
-      name: barbican-tls-public
-    type: kubernetes.io/tls
-    data:
-      tls.key: Rk9PLUtFWQo=
-      tls.crt: Rk9PLUNSVApGT08tSU5URVJNRURJQVRFX0NSVApGT08tQ0FfQ1JUCg==
+values: |
+  secrets:
+    tls:
+      key_manager:
+        api:
+          public: barbican-tls-public
+  endpoints:
+    key_manager:
+      host_fqdn_override:
+        public:
+          tls:
+            crt: |
+              FOO-CRT
+            key: |
+              FOO-KEY
+            ca: |
+              FOO-CA_CRT
+usage: |
+  {{- include "helm-toolkit.manifests.secret_ingress_tls" ( dict "envAll" . "backendServiceType" "key-manager" ) -}}
+return: |
+  ---
+  apiVersion: v1
+  kind: Secret
+  metadata:
+    name: barbican-tls-public
+  type: kubernetes.io/tls
+  data:
+    tls.crt: Rk9PLUNSVAo=
+    tls.key: Rk9PLUtFWQo=
+    ca.crt: Rk9PLUNBX0NSVAo=
 */}}
 
 {{- define "helm-toolkit.manifests.secret_ingress_tls" }}
@@ -95,14 +65,13 @@ metadata:
   name: {{ index $envAll.Values.secrets.tls ( $backendServiceType | replace "-" "_" ) $backendService $endpoint }}
 type: kubernetes.io/tls
 data:
+  tls.crt: {{ $endpointHost.tls.crt | b64enc }}
   tls.key: {{ $endpointHost.tls.key | b64enc }}
 {{- if $endpointHost.tls.ca }}
-  tls.crt: {{ list $endpointHost.tls.crt $endpointHost.tls.ca | join "\n" | b64enc }}
-{{- else }}
-  tls.crt: {{ $endpointHost.tls.crt | b64enc }}
-{{- end }}
+  ca.crt: {{ $endpointHost.tls.ca | b64enc }}
 {{- end }}
 {{- end }}
 {{- end }}
 {{- end }}
 {{- end }}
+{{- end }}
\ No newline at end of file
-- 
2.17.1