Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: gen-pkcs12-keystore adds ca.crt input option if it exists (#684) #685

Merged
2 changes: 1 addition & 1 deletion controllers/solrcloud_controller_tls_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -522,7 +522,7 @@ func expectTLSConfigOnPodTemplateWithGomega(g Gomega, solrCloud *solrv1beta1.Sol
break
}
}
expCmd := "openssl pkcs12 -export -in /var/solr/tls/tls.crt -in /var/solr/tls/ca.crt -inkey /var/solr/tls/tls.key -out /var/solr/tls/pkcs12/keystore.p12 -passout pass:${SOLR_SSL_KEY_STORE_PASSWORD}"
expCmd := "OPTIONAL_CACRT=$(test -e /var/solr/tls/ca.crt && echo ' -in /var/solr/tls/ca.crt'); openssl pkcs12 -export -in /var/solr/tls/tls.crt $OPTIONAL_CACRT -inkey /var/solr/tls/tls.key -out /var/solr/tls/pkcs12/keystore.p12 -passout pass:${SOLR_SSL_KEY_STORE_PASSWORD}"
smoldenhauer-ish marked this conversation as resolved.
Show resolved Hide resolved
g.Expect(expInitContainer).To(Not(BeNil()), "Didn't find the gen-pkcs12-keystore InitContainer in the sts!")
g.Expect(expInitContainer.Command[2]).To(Equal(expCmd), "Wrong TLS initContainer command")
}
Expand Down
7 changes: 5 additions & 2 deletions controllers/util/solr_tls_util.go
Original file line number Diff line number Diff line change
Expand Up @@ -707,8 +707,11 @@ func (tls *TLSConfig) generatePkcs12InitContainer(imageName string, imagePullPol
},
}

cmd := "openssl pkcs12 -export -in " + DefaultKeyStorePath + "/" + TLSCertKey + " -in " + DefaultKeyStorePath +
"/ca.crt -inkey " + DefaultKeyStorePath + "/tls.key -out " + DefaultKeyStorePath +
caCrtFileName := DefaultKeyStorePath + "/ca.crt"

cmd := "OPTIONAL_CACRT=$(test -e " + caCrtFileName + " && echo ' -in " + caCrtFileName + "'); " +
smoldenhauer-ish marked this conversation as resolved.
Show resolved Hide resolved
"openssl pkcs12 -export -in " + DefaultKeyStorePath + "/" + TLSCertKey + " $OPTIONAL_CACRT " +
"-inkey " + DefaultKeyStorePath + "/tls.key -out " + DefaultKeyStorePath +
"/pkcs12/" + DefaultPkcs12KeystoreFile + " -passout pass:${SOLR_SSL_KEY_STORE_PASSWORD}"

return corev1.Container{
Expand Down
Loading