Merge "Add subjectAltName back to CSR config"

2016-04-13 09:25:36 +00:00 · 2016-04-13 09:25:36 +00:00 · 39e8e1f054
parent a10af07e3d 785eb98d5a
commit 39e8e1f054
3 changed files with 7 additions and 22 deletions
--- a/magnum/templates/kubernetes/fragments/make-cert-client.sh
+++ b/magnum/templates/kubernetes/fragments/make-cert-client.sh
@ -82,10 +82,7 @@ CN = kubernetes.invalid
 [req_ext]
 keyUsage=critical,digitalSignature,keyEncipherment
 extendedKeyUsage=clientAuth
-# TODO(hongbin): This is a temporary work-around for a gate breakage.
-# Need to investigate the issue and revert this temporary fix.
-# Bug #1568212 - '\xac\x18\x05\x07' does not appear to be an IPv4 or IPv6 address
-#subjectAltName=dirName:kubelet,dirName:kubeproxy
+subjectAltName=dirName:kubelet,dirName:kubeproxy
 [kubelet]
 CN=kubelet
 [kubeproxy]
--- a/magnum/templates/kubernetes/fragments/make-cert.sh
+++ b/magnum/templates/kubernetes/fragments/make-cert.sh
@ -87,10 +87,7 @@ prompt = no
 [req_distinguished_name]
 CN = kubernetes.invalid
 [req_ext]
-# TODO(hongbin): This is a temporary work-around for a gate breakage.
-# Need to investigate the issue and revert this temporary fix.
-# Bug #1568212 - '\xac\x18\x05\x07' does not appear to be an IPv4 or IPv6 address
-#subjectAltName = ${sans}
+subjectAltName = ${sans}
 extendedKeyUsage = clientAuth,serverAuth
 EOF

--- a/magnum/templates/swarm/fragments/make-cert.py
+++ b/magnum/templates/swarm/fragments/make-cert.py
@ -40,11 +40,7 @@ copy_extensions = copyall
 [req_distinguished_name]
 CN = swarm.invalid
 [req_ext]
-# TODO(hongbin): This is a temporary work-around for a gate breakage.
-# Need to investigate the issue and revert this temporary fix.
-# Bug #1568212 - '\xac\x18\x05\x07' does not appear to be an IPv4 or IPv6
-# address
-#subjectAltName = %(subject_alt_names)s
+subjectAltName = %(subject_alt_names)s
 extendedKeyUsage = clientAuth,serverAuth
 """

@ -103,15 +99,10 @@ def write_server_key():

 def _write_csr_config(config):
    with open(SERVER_CONF_PATH, 'w') as fp:
-        # TODO(hongbin): This is a temporary work-around for a gate breakage.
-        # Need to investigate the issue and revert this temporary fix.
-        # Bug #1568212 - '\xac\x18\x05\x07' does not appear to be an IPv4 or
-        # IPv6 address
-        # params = {
-        #    'subject_alt_names': _build_subject_alt_names(config)
-        # }
-        # fp.write(CSR_CONFIG_TEMPLATE % params)
-        fp.write(CSR_CONFIG_TEMPLATE)
+        params = {
+            'subject_alt_names': _build_subject_alt_names(config)
+        }
+        fp.write(CSR_CONFIG_TEMPLATE % params)


 def create_server_csr(config):