Merge pull request #3447 from kwoodson/router_no_default_cert

Fix for no default_cert or cert, key, cacert files

roles/lib_openshift/library/oc_adm_registry.py

@@ -2226,7 +2226,7 @@ class Registry(OpenShiftCLI):
         # probably need to parse this
         # pylint thinks results is a string
         # pylint: disable=no-member
-        if results['returncode'] != 0 and results['results'].has_key('items'):
+        if results['returncode'] != 0 and 'items' in results['results']:
             return results
 
         service = None
@@ -2307,7 +2307,7 @@ class Registry(OpenShiftCLI):
         # Currently we know that our deployment of a registry requires a few extra modifications
         # Modification 1
         # we need specific environment variables to be set
-        for key, value in self.config.config_options['env_vars']['value'].items():
+        for key, value in self.config.config_options['env_vars'].get('value', {}).items():
             if not deploymentconfig.exists_env_key(key):
                 deploymentconfig.add_env_value(key, value)
             else:

roles/lib_openshift/library/oc_adm_router.py

@@ -2611,10 +2611,14 @@ class Router(OpenShiftCLI):
 
         return deploymentconfig
 
+    # pylint: disable=too-many-branches
     def _prepare_router(self):
         '''prepare router for instantiation'''
-        # We need to create the pem file
-        if self.config.config_options['default_cert']['value'] is None:
+        # if cacert, key, and cert were passed, combine them into a pem file
+        if (self.config.config_options['cacert_file']['value'] and
+                self.config.config_options['cert_file']['value'] and
+                self.config.config_options['key_file']['value']):
+
             router_pem = '/tmp/router.pem'
             with open(router_pem, 'w') as rfd:
                 rfd.write(open(self.config.config_options['cert_file']['value']).read())
@@ -2624,8 +2628,13 @@ class Router(OpenShiftCLI):
                     rfd.write(open(self.config.config_options['cacert_file']['value']).read())
 
             atexit.register(Utils.cleanup, [router_pem])
+
             self.config.config_options['default_cert']['value'] = router_pem
 
+        elif self.config.config_options['default_cert']['value'] is None:
+            # No certificate was passed to us.  do not pass one to oc adm router
+            self.config.config_options['default_cert']['include'] = False
+
         options = self.config.to_option_list()
 
         cmd = ['router', self.config.name, '-n', self.config.namespace]
@@ -2666,7 +2675,8 @@ class Router(OpenShiftCLI):
         oc_objects['DeploymentConfig']['obj'] = self.add_modifications(oc_objects['DeploymentConfig']['obj'])
 
         for oc_type, oc_data in oc_objects.items():
-            oc_data['path'] = Utils.create_tmp_file_from_contents(oc_type, oc_data['obj'].yaml_dict)
+            if oc_data['obj'] is not None:
+                oc_data['path'] = Utils.create_tmp_file_from_contents(oc_type, oc_data['obj'].yaml_dict)
 
         return oc_objects
 
@@ -2676,7 +2686,8 @@ class Router(OpenShiftCLI):
 
         # pylint: disable=no-member
         for _, oc_data in self.prepared_router.items():
-            results.append(self._create(oc_data['path']))
+            if oc_data['obj'] is not None:
+                results.append(self._create(oc_data['path']))
 
         rval = 0
         for result in results:
@@ -2937,8 +2948,10 @@ def main():
         mutually_exclusive=[["router_type", "images"],
                             ["key_file", "default_cert"],
                             ["cert_file", "default_cert"],
+                            ["cacert_file", "default_cert"],
                            ],
 
+        required_together=[['cacert_file', 'cert_file', 'key_file']],
         supports_check_mode=True,
     )
     results = Router.run_ansible(module.params, module.check_mode)

roles/lib_openshift/src/ansible/oc_adm_router.py

@@ -51,8 +51,10 @@ def main():
         mutually_exclusive=[["router_type", "images"],
                             ["key_file", "default_cert"],
                             ["cert_file", "default_cert"],
+                            ["cacert_file", "default_cert"],
                            ],
 
+        required_together=[['cacert_file', 'cert_file', 'key_file']],
         supports_check_mode=True,
     )
     results = Router.run_ansible(module.params, module.check_mode)

roles/lib_openshift/src/class/oc_adm_registry.py

@@ -154,7 +154,7 @@ class Registry(OpenShiftCLI):
         # probably need to parse this
         # pylint thinks results is a string
         # pylint: disable=no-member
-        if results['returncode'] != 0 and results['results'].has_key('items'):
+        if results['returncode'] != 0 and 'items' in results['results']:
             return results
 
         service = None
@@ -235,7 +235,7 @@ class Registry(OpenShiftCLI):
         # Currently we know that our deployment of a registry requires a few extra modifications
         # Modification 1
         # we need specific environment variables to be set
-        for key, value in self.config.config_options['env_vars']['value'].items():
+        for key, value in self.config.config_options['env_vars'].get('value', {}).items():
             if not deploymentconfig.exists_env_key(key):
                 deploymentconfig.add_env_value(key, value)
             else:

roles/lib_openshift/src/class/oc_adm_router.py

@@ -180,10 +180,14 @@ class Router(OpenShiftCLI):
 
         return deploymentconfig
 
+    # pylint: disable=too-many-branches
     def _prepare_router(self):
         '''prepare router for instantiation'''
-        # We need to create the pem file
-        if self.config.config_options['default_cert']['value'] is None:
+        # if cacert, key, and cert were passed, combine them into a pem file
+        if (self.config.config_options['cacert_file']['value'] and
+                self.config.config_options['cert_file']['value'] and
+                self.config.config_options['key_file']['value']):
+
             router_pem = '/tmp/router.pem'
             with open(router_pem, 'w') as rfd:
                 rfd.write(open(self.config.config_options['cert_file']['value']).read())
@@ -193,8 +197,13 @@ class Router(OpenShiftCLI):
                     rfd.write(open(self.config.config_options['cacert_file']['value']).read())
 
             atexit.register(Utils.cleanup, [router_pem])
+
             self.config.config_options['default_cert']['value'] = router_pem
 
+        elif self.config.config_options['default_cert']['value'] is None:
+            # No certificate was passed to us.  do not pass one to oc adm router
+            self.config.config_options['default_cert']['include'] = False
+
         options = self.config.to_option_list()
 
         cmd = ['router', self.config.name, '-n', self.config.namespace]
@@ -235,7 +244,8 @@ class Router(OpenShiftCLI):
         oc_objects['DeploymentConfig']['obj'] = self.add_modifications(oc_objects['DeploymentConfig']['obj'])
 
         for oc_type, oc_data in oc_objects.items():
-            oc_data['path'] = Utils.create_tmp_file_from_contents(oc_type, oc_data['obj'].yaml_dict)
+            if oc_data['obj'] is not None:
+                oc_data['path'] = Utils.create_tmp_file_from_contents(oc_type, oc_data['obj'].yaml_dict)
 
         return oc_objects
 
@@ -245,7 +255,8 @@ class Router(OpenShiftCLI):
 
         # pylint: disable=no-member
         for _, oc_data in self.prepared_router.items():
-            results.append(self._create(oc_data['path']))
+            if oc_data['obj'] is not None:
+                results.append(self._create(oc_data['path']))
 
         rval = 0
         for result in results: