Allow certificate install when HTTPS is false

The removal of this limitation is needed to enable HTTPS on Openstack without errors when it's already present in the system (avoid app reapply errors). The limitation was also removed for other certificates besides "openstack" and "openstack_ca" because there is no reason to keep this limitation. The following tests were executed on AIO-SX created from StarlingX dev ISO containing the changes in this commit. The installation of certificates is done through "system certificate-install" command. Test Plan: PASS: Successfully install "openstack", "openstack_ca", "ssl_ca", "docker_registry" and "ssl" certificates while system attribute "https_enabled" is "False", then set "https_enabled" to "True" with no errors. PASS: Set "https_enabled" to "True" with no errors and then successfully install "openstack", "openstack_ca", "ssl_ca", "docker_registry" and "ssl" certificates. Closes-Bug: 1952360 Signed-off-by: Joao Victor Portal <Joao.VictorPortal@windriver.com> Change-Id: I9c56e6efa49a981dcc9aacb45e18a231f0747074
2021-11-25 19:04:26 -03:00 · 2021-11-25 19:04:26 -03:00 · adc0556df9
parent c129fce039
commit adc0556df9
1 changed files with 0 additions and 26 deletions
--- a/sysinv/sysinv/sysinv/sysinv/api/controllers/v1/certificate.py
+++ b/sysinv/sysinv/sysinv/sysinv/api/controllers/v1/certificate.py
@ -305,9 +305,6 @@ class CertificateController(rest.RestController):
            # Default certificate install is non-tpm SSL
            mode = constants.CERT_MODE_SSL

-        system = pecan.request.dbapi.isystem_get_one()
-        capabilities = system.capabilities
-
        # platform-cert 'force' check for backward compatibility
        if self._is_mode_supported_by_cert_manager(mode):
            # Call may not contain 'force' parameter
@ -331,29 +328,6 @@ class CertificateController(rest.RestController):
                LOG.info(msg)
                return dict(success="", error=msg)

-        standalone_certs = [constants.CERT_MODE_DOCKER_REGISTRY,
-                            constants.CERT_MODE_SSL_CA]
-        if mode not in standalone_certs:
-            system_https_enabled = capabilities.get('https_enabled', False)
-            if system_https_enabled is False or system_https_enabled == 'n':
-                msg = "No certificates have been added, https is not enabled."
-                LOG.info(msg)
-                return dict(success="", error=msg)
-
-        if mode.startswith(constants.CERT_MODE_OPENSTACK):
-            try:
-                pecan.request.dbapi.certificate_get_by_certtype(
-                    constants.CERT_MODE_SSL)
-            except exception.CertificateTypeNotFound:
-                try:
-                    pecan.request.dbapi.certificate_get_by_certtype(
-                        constants.CERT_MODE_TPM)
-                except exception.CertificateTypeNotFound:
-                    msg = "No openstack certificates have been added, " \
-                          "platform SSL certificate is not installed."
-                    LOG.info(msg)
-                    return dict(success="", error=msg)
-
        if not fileitem.filename:
            return dict(success="", error="Error: No file uploaded")
        try: