From e11804237e81c8488bd008603638d5f62758acb7 Mon Sep 17 00:00:00 2001
From: Tim Rozet <trozet@redhat.com>
Date: Tue, 20 Mar 2018 09:27:12 -0400
Subject: [PATCH] Fixes incorrect ownership of ODL TLS cert/key

Deployments were failing because the owner/group of the TLS generated
certificate and key were set to 'odl'.  This user and group does not
exist in a containerized deployment because the ODL RPM is only
installed in the container.

This patch leaves the owner as root for the files which works because
the files are only used to generate a keystore for ODL (which is owned
by odl), and the cert/key files themselves are never read by ODL.

Closes-Bug: 1757135

Change-Id: Ie5b9e98ea2fc16b820d56272653df4874e81cf68
Signed-off-by: Tim Rozet <trozet@redhat.com>
---
 manifests/certmonger/opendaylight.pp                       | 4 ----
 releasenotes/notes/fix-odl-tls-owner-77d2d71fe39ea3e7.yaml | 5 +++++
 spec/classes/tripleo_certmonger_opendaylight_spec.rb       | 4 ----
 3 files changed, 5 insertions(+), 8 deletions(-)
 create mode 100644 releasenotes/notes/fix-odl-tls-owner-77d2d71fe39ea3e7.yaml

diff --git a/manifests/certmonger/opendaylight.pp b/manifests/certmonger/opendaylight.pp
index cde40a9bf..bd2d3d981 100644
--- a/manifests/certmonger/opendaylight.pp
+++ b/manifests/certmonger/opendaylight.pp
@@ -62,13 +62,9 @@ class tripleo::certmonger::opendaylight (
     require      => Class['::certmonger'],
   }
   file { $service_certificate :
-    owner   => 'odl',
-    group   => 'odl',
     require => Certmonger_certificate['opendaylight']
   }
   file { $service_key :
-    owner   => 'odl',
-    group   => 'odl',
     require => Certmonger_certificate['opendaylight']
   }
 
diff --git a/releasenotes/notes/fix-odl-tls-owner-77d2d71fe39ea3e7.yaml b/releasenotes/notes/fix-odl-tls-owner-77d2d71fe39ea3e7.yaml
new file mode 100644
index 000000000..4b6353638
--- /dev/null
+++ b/releasenotes/notes/fix-odl-tls-owner-77d2d71fe39ea3e7.yaml
@@ -0,0 +1,5 @@
+---
+fixes:
+  - |
+    Fixes a bug where TLS certificates for ODL could not be generated correctly
+    for deployment due to wrong owner/group applied to the files.
diff --git a/spec/classes/tripleo_certmonger_opendaylight_spec.rb b/spec/classes/tripleo_certmonger_opendaylight_spec.rb
index f76a38b54..f918d0e4c 100644
--- a/spec/classes/tripleo_certmonger_opendaylight_spec.rb
+++ b/spec/classes/tripleo_certmonger_opendaylight_spec.rb
@@ -47,13 +47,9 @@ describe 'tripleo::certmonger::opendaylight' do
         :wait         => true,
       )
       is_expected.to contain_file(params[:service_certificate]).with(
-        :owner   => 'odl',
-        :group   => 'odl',
         :require => 'Certmonger_certificate[opendaylight]'
       )
       is_expected.to contain_file(params[:service_key]).with(
-        :owner   => 'odl',
-        :group   => 'odl',
         :require => 'Certmonger_certificate[opendaylight]'
       )
     end