Fix OIDC CA cert info in the show-certs.sh output
The OIDC CA cert "issuer_root_ca_secret" renewal shows as "Manual" instead of "Automatic" when the corresponding secret exist and managed by cert-manager, this fix addresses this issue. Test Cases: PASS: Apply oidc app and run show-certs script and verify all oidc cert info is properly displayed PASS: Apply WRA app and run show-certs script and verify all oidc cert info is properly displayed PASS: Run show-certs.sh script info on DC system and verify all the certs info is properly displayed PASS: Run show-certs.sh with -k option and verify that all the certificate info is properly displayed PASS: Deploy system-restapi-gui-certificate,system-registry- local-certificate,oidc-auth-apps-certificate and run show-certs.sh script and verify that all certificate values are showing fine the output Closes-Bug: 2052327 Change-Id: Ieef047d5143fce522bf534d5d9ac663e9293e036 Signed-off-by: amantri <ayyappa.mantri@windriver.com>
This commit is contained in:
parent
a272f7c247
commit
9d4a145517
|
@ -44,7 +44,7 @@ source /etc/platform/platform.conf
|
|||
source /etc/platform/openrc
|
||||
|
||||
# Gets the name of all secrets used by cert-manager certs
|
||||
CERT_MANAGER_SECRETS=$(kubectl --kubeconfig /etc/kubernetes/admin.conf get cert -A -o yaml | grep secretName: | grep -v f: | awk '{ print $2 }')
|
||||
CERT_MANAGER_SECRETS=$(kubectl --kubeconfig /etc/kubernetes/admin.conf get cert -A -o jsonpath='{range .items[*]}{.spec.secretName}{"\n"}{end}')
|
||||
|
||||
PrintCertInfo () {
|
||||
|
||||
|
@ -137,7 +137,7 @@ PrintCertInfo-fromTlsSecret () {
|
|||
kubectl --kubeconfig /etc/kubernetes/admin.conf -n $NAMESPACE get secret $SECRET &> /dev/null
|
||||
if [ $? -eq 0 ]; then
|
||||
|
||||
kubectl --kubeconfig /etc/kubernetes/admin.conf -n $NAMESPACE get secret $SECRET -o yaml | fgrep tls.crt | fgrep -v "f:tls.crt" | awk '{print $2}' | base64 --decode > $TMP_SECRET_SECRET_FILE
|
||||
kubectl --kubeconfig /etc/kubernetes/admin.conf -n $NAMESPACE get secret $SECRET -o jsonpath='{.data.tls\.crt}' | base64 --decode > $TMP_SECRET_SECRET_FILE
|
||||
|
||||
if [ -n "$NAME" ]; then
|
||||
NAME="$NAME ($NAMESPACE/$SECRET) CERTIFICATE: $RESET"
|
||||
|
@ -172,10 +172,13 @@ PrintCertInfo-fromGenericSecret () {
|
|||
RENEWAL=$5
|
||||
fi
|
||||
|
||||
ESCAPEDSTRING="${SECRETFILE/./\\.}"
|
||||
JSONPATH="{.data.${ESCAPEDSTRING}}"
|
||||
|
||||
kubectl --kubeconfig /etc/kubernetes/admin.conf -n $NAMESPACE get secret $SECRET &> /dev/null
|
||||
if [ $? -eq 0 ]; then
|
||||
|
||||
SECRET_VALUE=$(kubectl --kubeconfig /etc/kubernetes/admin.conf -n $NAMESPACE get secret $SECRET -o yaml | fgrep " $SECRETFILE:" | awk '{print $2}')
|
||||
SECRET_VALUE=$(kubectl --kubeconfig /etc/kubernetes/admin.conf -n $NAMESPACE get secret $SECRET -o jsonpath=$JSONPATH)
|
||||
|
||||
if ! IsACertificate $SECRET_VALUE; then
|
||||
return
|
||||
|
@ -188,12 +191,19 @@ PrintCertInfo-fromGenericSecret () {
|
|||
elif [[ "ext-ca.crt" == $SECRETFILE ]]; then
|
||||
TLS_SECRET_NAME="mon-elastic-services-extca-crt"
|
||||
fi
|
||||
TLS_SECRET_VALUE=$(kubectl --kubeconfig /etc/kubernetes/admin.conf -n $NAMESPACE get secret $TLS_SECRET_NAME -o yaml 2> /dev/null | fgrep " tls.crt" | awk '{print $2}')
|
||||
TLS_SECRET_VALUE=$(kubectl --kubeconfig /etc/kubernetes/admin.conf -n $NAMESPACE get secret $TLS_SECRET_NAME -o jsonpath='{.data.tls\.crt}')
|
||||
if [[ $TLS_SECRET_VALUE == $SECRET_VALUE && $CERT_MANAGER_SECRETS == *$TLS_SECRET_NAME* ]]; then
|
||||
RENEWAL="${GREEN}$AUTO_LABEL${RESET}"
|
||||
fi
|
||||
fi
|
||||
|
||||
if [[ "OIDC CA" == $NAME ]]; then
|
||||
TLS_SECRET_VALUE=$(kubectl --kubeconfig /etc/kubernetes/admin.conf -n $NAMESPACE get secret $SECRET -o jsonpath='{.data.tls\.crt}')
|
||||
if [[ $TLS_SECRET_VALUE == $SECRET_VALUE && $CERT_MANAGER_SECRETS == *$SECRET* ]]; then
|
||||
RENEWAL="${GREEN}$AUTO_LABEL${RESET}"
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ ! -z "$NAME" ]; then
|
||||
NAME=$(echo $NAME " / ")
|
||||
fi
|
||||
|
|
Loading…
Reference in New Issue