Allow certificate install when HTTPS is false
The removal of this limitation is needed to enable HTTPS on Openstack without errors when it's already present in the system (avoid app reapply errors). The limitation was also removed for other certificates besides "openstack" and "openstack_ca" because there is no reason to keep this limitation. The following tests were executed on AIO-SX created from StarlingX dev ISO containing the changes in this commit. The installation of certificates is done through "system certificate-install" command. Test Plan: PASS: Successfully install "openstack", "openstack_ca", "ssl_ca", "docker_registry" and "ssl" certificates while system attribute "https_enabled" is "False", then set "https_enabled" to "True" with no errors. PASS: Set "https_enabled" to "True" with no errors and then successfully install "openstack", "openstack_ca", "ssl_ca", "docker_registry" and "ssl" certificates. Closes-Bug: 1952360 Signed-off-by: Joao Victor Portal <Joao.VictorPortal@windriver.com> Change-Id: I9c56e6efa49a981dcc9aacb45e18a231f0747074
This commit is contained in:
parent
c129fce039
commit
adc0556df9
|
@ -305,9 +305,6 @@ class CertificateController(rest.RestController):
|
|||
# Default certificate install is non-tpm SSL
|
||||
mode = constants.CERT_MODE_SSL
|
||||
|
||||
system = pecan.request.dbapi.isystem_get_one()
|
||||
capabilities = system.capabilities
|
||||
|
||||
# platform-cert 'force' check for backward compatibility
|
||||
if self._is_mode_supported_by_cert_manager(mode):
|
||||
# Call may not contain 'force' parameter
|
||||
|
@ -331,29 +328,6 @@ class CertificateController(rest.RestController):
|
|||
LOG.info(msg)
|
||||
return dict(success="", error=msg)
|
||||
|
||||
standalone_certs = [constants.CERT_MODE_DOCKER_REGISTRY,
|
||||
constants.CERT_MODE_SSL_CA]
|
||||
if mode not in standalone_certs:
|
||||
system_https_enabled = capabilities.get('https_enabled', False)
|
||||
if system_https_enabled is False or system_https_enabled == 'n':
|
||||
msg = "No certificates have been added, https is not enabled."
|
||||
LOG.info(msg)
|
||||
return dict(success="", error=msg)
|
||||
|
||||
if mode.startswith(constants.CERT_MODE_OPENSTACK):
|
||||
try:
|
||||
pecan.request.dbapi.certificate_get_by_certtype(
|
||||
constants.CERT_MODE_SSL)
|
||||
except exception.CertificateTypeNotFound:
|
||||
try:
|
||||
pecan.request.dbapi.certificate_get_by_certtype(
|
||||
constants.CERT_MODE_TPM)
|
||||
except exception.CertificateTypeNotFound:
|
||||
msg = "No openstack certificates have been added, " \
|
||||
"platform SSL certificate is not installed."
|
||||
LOG.info(msg)
|
||||
return dict(success="", error=msg)
|
||||
|
||||
if not fileitem.filename:
|
||||
return dict(success="", error="Error: No file uploaded")
|
||||
try:
|
||||
|
|
Loading…
Reference in New Issue