From 0205534f90e8b75d519579254749f6019b0faafa Mon Sep 17 00:00:00 2001 From: Spyros Trigazis Date: Fri, 15 Nov 2019 13:34:34 +0100 Subject: [PATCH] Fix cert_manager_api with x509keypair When magnum is using x509keypair as backend the db query fails to apply the tenant filters due to the missing context. Pass the context to the the cert_manager. story: 2006897 task: 37533 Change-Id: Ifdedac420fe4384013704865fa05ea6f1c15feb5 Signed-off-by: Spyros Trigazis --- magnum/drivers/heat/k8s_fedora_template_def.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/magnum/drivers/heat/k8s_fedora_template_def.py b/magnum/drivers/heat/k8s_fedora_template_def.py index a07fe0e448..b25f66fd37 100644 --- a/magnum/drivers/heat/k8s_fedora_template_def.py +++ b/magnum/drivers/heat/k8s_fedora_template_def.py @@ -119,7 +119,7 @@ class K8sFedoraTemplateDefinition(k8s_template_def.K8sTemplateDefinition): if not extra_params.get('max_node_count'): extra_params['max_node_count'] = cluster.node_count + 1 - self._set_cert_manager_params(cluster, extra_params) + self._set_cert_manager_params(context, cluster, extra_params) self._get_keystone_auth_default_policy(extra_params) self._set_volumes(context, cluster, extra_params) @@ -128,11 +128,12 @@ class K8sFedoraTemplateDefinition(k8s_template_def.K8sTemplateDefinition): extra_params=extra_params, **kwargs) - def _set_cert_manager_params(self, cluster, extra_params): + def _set_cert_manager_params(self, context, cluster, extra_params): cert_manager_api = cluster.labels.get('cert_manager_api') if strutils.bool_from_string(cert_manager_api): extra_params['cert_manager_api'] = cert_manager_api - ca_cert = cert_manager.get_cluster_ca_certificate(cluster) + ca_cert = cert_manager.get_cluster_ca_certificate(cluster, + context=context) if six.PY3 and isinstance(ca_cert.get_private_key_passphrase(), six.text_type): extra_params['ca_key'] = x509.decrypt_key(