Fix OIDC CA cert info in the show-certs.sh output
The OIDC CA cert "issuer_root_ca_secret" renewal shows as "Manual" instead of "Automatic" when the corresponding secret exist and managed by cert-manager, this fix addresses this issue. Test Cases: PASS: Apply oidc app and run show-certs script and verify all oidc cert info is properly displayed PASS: Apply WRA app and run show-certs script and verify all oidc cert info is properly displayed PASS: Run show-certs.sh script info on DC system and verify all the certs info is properly displayed PASS: Run show-certs.sh with -k option and verify that all the certificate info is properly displayed Closes-Bug: 2052327 Change-Id: Ieef047d5143fce522bf534d5d9ac663e9293e036 Signed-off-by: amantri <ayyappa.mantri@windriver.com>
This commit is contained in:
parent
a272f7c247
commit
6762425bc4
|
@ -137,7 +137,7 @@ PrintCertInfo-fromTlsSecret () {
|
|||
kubectl --kubeconfig /etc/kubernetes/admin.conf -n $NAMESPACE get secret $SECRET &> /dev/null
|
||||
if [ $? -eq 0 ]; then
|
||||
|
||||
kubectl --kubeconfig /etc/kubernetes/admin.conf -n $NAMESPACE get secret $SECRET -o yaml | fgrep tls.crt | fgrep -v "f:tls.crt" | awk '{print $2}' | base64 --decode > $TMP_SECRET_SECRET_FILE
|
||||
kubectl --kubeconfig /etc/kubernetes/admin.conf -n $NAMESPACE get secret $SECRET -o jsonpath='{.data.tls\.crt}' | base64 --decode > $TMP_SECRET_SECRET_FILE
|
||||
|
||||
if [ -n "$NAME" ]; then
|
||||
NAME="$NAME ($NAMESPACE/$SECRET) CERTIFICATE: $RESET"
|
||||
|
@ -172,10 +172,13 @@ PrintCertInfo-fromGenericSecret () {
|
|||
RENEWAL=$5
|
||||
fi
|
||||
|
||||
ESCAPEDSTRING="${SECRETFILE/./\\.}"
|
||||
JSONPATH="{.data.${ESCAPEDSTRING}}"
|
||||
|
||||
kubectl --kubeconfig /etc/kubernetes/admin.conf -n $NAMESPACE get secret $SECRET &> /dev/null
|
||||
if [ $? -eq 0 ]; then
|
||||
|
||||
SECRET_VALUE=$(kubectl --kubeconfig /etc/kubernetes/admin.conf -n $NAMESPACE get secret $SECRET -o yaml | fgrep " $SECRETFILE:" | awk '{print $2}')
|
||||
SECRET_VALUE=$(kubectl --kubeconfig /etc/kubernetes/admin.conf -n $NAMESPACE get secret $SECRET -o jsonpath=$JSONPATH)
|
||||
|
||||
if ! IsACertificate $SECRET_VALUE; then
|
||||
return
|
||||
|
@ -188,7 +191,14 @@ PrintCertInfo-fromGenericSecret () {
|
|||
elif [[ "ext-ca.crt" == $SECRETFILE ]]; then
|
||||
TLS_SECRET_NAME="mon-elastic-services-extca-crt"
|
||||
fi
|
||||
TLS_SECRET_VALUE=$(kubectl --kubeconfig /etc/kubernetes/admin.conf -n $NAMESPACE get secret $TLS_SECRET_NAME -o yaml 2> /dev/null | fgrep " tls.crt" | awk '{print $2}')
|
||||
TLS_SECRET_VALUE=$(kubectl --kubeconfig /etc/kubernetes/admin.conf -n $NAMESPACE get secret $TLS_SECRET_NAME -o jsonpath='{.data.tls\.crt}')
|
||||
if [[ $TLS_SECRET_VALUE == $SECRET_VALUE && $CERT_MANAGER_SECRETS == *$TLS_SECRET_NAME* ]]; then
|
||||
RENEWAL="${GREEN}$AUTO_LABEL${RESET}"
|
||||
fi
|
||||
fi
|
||||
|
||||
if [[ "OIDC CA" == $NAME ]]; then
|
||||
TLS_SECRET_VALUE=$(kubectl --kubeconfig /etc/kubernetes/admin.conf -n $NAMESPACE get secret $SECRET -o jsonpath='{.data.tls\.crt}')
|
||||
if [[ $TLS_SECRET_VALUE == $SECRET_VALUE && $CERT_MANAGER_SECRETS == *$TLS_SECRET_NAME* ]]; then
|
||||
RENEWAL="${GREEN}$AUTO_LABEL${RESET}"
|
||||
fi
|
||||
|
|
Loading…
Reference in New Issue