From 351aa195f987e3d8ee3585701109358c3ab4494d Mon Sep 17 00:00:00 2001
From: Marcelo Loebens <Marcelo.DeCastroLoebens@windriver.com>
Date: Tue, 2 Apr 2024 09:50:39 -0400
Subject: [PATCH] Retrieve system-local-ca old values in legacy restore

Included code to retrieve the values during legacy restore,
avoiding changes in system-local-ca secret values.

Test plan:
PASS: Bootstrap AIO-DX w/ system-local-ca overrides.
      Run backup playbook.
      Reinstall system.
      Run restore playbook (legacy).
      Observe that system-local-ca maintained same values.

Story: 2009811
Task: 49797

Change-Id: Ifdb1458a95dbf96639a08d6ca06637d82c5d7784
Signed-off-by: Marcelo Loebens <Marcelo.DeCastroLoebens@windriver.com>
---
 .../tasks/retrieve-system-local-ca-data.yml           | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/playbookconfig/src/playbooks/roles/common/install-platform-certificates/tasks/retrieve-system-local-ca-data.yml b/playbookconfig/src/playbooks/roles/common/install-platform-certificates/tasks/retrieve-system-local-ca-data.yml
index e4d46ac9b..a0a8bad71 100644
--- a/playbookconfig/src/playbooks/roles/common/install-platform-certificates/tasks/retrieve-system-local-ca-data.yml
+++ b/playbookconfig/src/playbooks/roles/common/install-platform-certificates/tasks/retrieve-system-local-ca-data.yml
@@ -1,6 +1,6 @@
 ---
 #
-# Copyright (c) 2023 Wind River Systems, Inc.
+# Copyright (c) 2023-2024 Wind River Systems, Inc.
 #
 # SPDX-License-Identifier: Apache-2.0
 #
@@ -21,9 +21,10 @@
     - system_local_ca_overrides
     - not upgrade_in_progress
 
-# When bootstrapping subclouds or upgrading we have to retrieve the current values
-# in the Standalone controller or in the DC's SystemController.
-# We must install the RCA as a Trusted CA if bootstrapping.
+# When bootstrapping subclouds, upgrading or restoring, we have to
+# retrieve the current values in the Standalone controller or in
+# the DC's SystemController.
+# We must install the RCA as a Trusted CA if bootstrapping/rehoming.
 - block:
   - name: Check if 'system-local-ca' secret exists
     shell: |
@@ -68,7 +69,7 @@
     when: system_local_ca_exists.stdout | bool
 
   when:
-    - distributed_cloud_role == 'subcloud' or upgrade_in_progress
+    - distributed_cloud_role == 'subcloud' or upgrade_in_progress or mode == 'restore'
     - not system_local_ca_data_obtained
   connection: local