Add IPsec certificate to "system certificate-list"
check for /etc/swanctl/x509/system-ipsec-certificate-<hostname>.crt exist and show in the output of "system certificate-list" also show certificate details with "system certificate-show IPsec" Test Cases: PASS: Enable IPsec on controller-0, verify that IPsec certificate list in the output of "system certificate-list" and "system certificate-show IPsec" shows details of IPsec certificate PASS: Enable IPsec on controller-1, verify that IPsec certificate list in the output of "system certificate-list" and "system certificate-show IPsec" shows details of IPsec certificate PASS: verify that IPsec certificate not shown in the output of "system certificate-list" if /etc/swanctl/x509/system-ipsec- certificate-<hostname>.crt doesn't exit Story: 2010940 Task: 49891 Change-Id: I95be304d99feff83e69750b90de289c1dde18b0c Signed-off-by: amantri <ayyappa.mantri@windriver.com>
This commit is contained in:
parent
4d02bf979a
commit
62b74f93f5
@ -19208,6 +19208,15 @@ class ConductorManager(service.PeriodicService):
|
||||
"/etc/kubernetes/pki/apiserver-kubelet-client.crt"),
|
||||
("front-proxy-client", constants.AUTOMATIC, "/etc/kubernetes/pki/front-proxy-client.crt"),
|
||||
("front-proxy-ca", constants.AUTOMATIC, "/etc/kubernetes/pki/front-proxy-ca.crt")]
|
||||
|
||||
# IPsec certificate
|
||||
try:
|
||||
hostname = socket.gethostname()
|
||||
ipsec_path = f"/etc/swanctl/x509/system-ipsec-certificate-{hostname}.crt"
|
||||
certs.append(("ipsec", constants.AUTOMATIC, ipsec_path))
|
||||
except socket.error:
|
||||
LOG.debug("Failed to get local hostname to retrieve IPsec certificate")
|
||||
|
||||
kube_operator = kubernetes.KubeOperator()
|
||||
certificates = kube_operator.list_custom_resources("cert-manager.io", "v1", "certificates")
|
||||
k8s_secrets_list = [cert["spec"]["secretName"] for cert in certificates]
|
||||
|
Loading…
Reference in New Issue
Block a user