Added copy support when modifying cert and key on existence

roles/lib_openshift/library/oc_adm_ca_server_cert.py

@@ -124,6 +124,12 @@ options:
     required: false
     default: None
     aliases: []
+  backup:
+    description:
+    - Whether to backup the cert and key files before writing them.
+    required: false
+    default: True
+    aliases: []
 author:
 - "Kenny Woodson <kwoodson@redhat.com>"
 extends_documentation_fragment: []
@@ -1345,6 +1351,17 @@ class CAServerCert(OpenShiftCLI):
 
     def create(self):
         '''run openshift oc adm ca create-server-cert cmd'''
+
+        # Added this here as a safegaurd for stomping on the
+        # cert and key files if they exist
+        if self.config.config_options['backup']['value']:
+            if os.path.exists(self.config.config_options['key']['value']):
+                shutil.copy(self.config.config_options['key']['value'],
+                            "%s.orig" % self.config.config_options['key']['value'])
+            if os.path.exists(self.config.config_options['cert']['value']):
+                shutil.copy(self.config.config_options['cert']['value'],
+                            "%s.orig" % self.config.config_options['cert']['value'])
+
         options = self.config.to_option_list()
 
         cmd = ['ca', 'create-server-cert']
@@ -1384,6 +1401,7 @@ class CAServerCert(OpenShiftCLI):
                                      'signer_cert':   {'value': params['signer_cert'], 'include': True},
                                      'signer_key':    {'value': params['signer_key'], 'include': True},
                                      'signer_serial': {'value': params['signer_serial'], 'include': True},
+                                     'backup':        {'value': params['backup'], 'include': False},
                                     })
 
         server_cert = CAServerCert(config)
@@ -1429,7 +1447,7 @@ def main():
             state=dict(default='present', type='str', choices=['present']),
             debug=dict(default=False, type='bool'),
             kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'),
-            cmd=dict(default=None, require=True, type='str'),
+            backup=dict(default=True, type='bool'),
             # oadm ca create-server-cert [options]
             cert=dict(default=None, type='str'),
             key=dict(default=None, type='str'),

roles/lib_openshift/src/ansible/oc_adm_ca_server_cert.py

@@ -11,7 +11,7 @@ def main():
             state=dict(default='present', type='str', choices=['present']),
             debug=dict(default=False, type='bool'),
             kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'),
-            cmd=dict(default=None, require=True, type='str'),
+            backup=dict(default=True, type='bool'),
             # oadm ca create-server-cert [options]
             cert=dict(default=None, type='str'),
             key=dict(default=None, type='str'),

roles/lib_openshift/src/class/oc_adm_ca_server_cert.py

@@ -33,6 +33,17 @@ class CAServerCert(OpenShiftCLI):
 
     def create(self):
         '''run openshift oc adm ca create-server-cert cmd'''
+
+        # Added this here as a safegaurd for stomping on the
+        # cert and key files if they exist
+        if self.config.config_options['backup']['value']:
+            if os.path.exists(self.config.config_options['key']['value']):
+                shutil.copy(self.config.config_options['key']['value'],
+                            "%s.orig" % self.config.config_options['key']['value'])
+            if os.path.exists(self.config.config_options['cert']['value']):
+                shutil.copy(self.config.config_options['cert']['value'],
+                            "%s.orig" % self.config.config_options['cert']['value'])
+
         options = self.config.to_option_list()
 
         cmd = ['ca', 'create-server-cert']
@@ -72,6 +83,7 @@ class CAServerCert(OpenShiftCLI):
                                      'signer_cert':   {'value': params['signer_cert'], 'include': True},
                                      'signer_key':    {'value': params['signer_key'], 'include': True},
                                      'signer_serial': {'value': params['signer_serial'], 'include': True},
+                                     'backup':        {'value': params['backup'], 'include': False},
                                     })
 
         server_cert = CAServerCert(config)

roles/lib_openshift/src/doc/ca_server_cert

@@ -73,6 +73,12 @@ options:
     required: false
     default: None
     aliases: []
+  backup:
+    description:
+    - Whether to backup the cert and key files before writing them.
+    required: false
+    default: True
+    aliases: []
 author:
 - "Kenny Woodson <kwoodson@redhat.com>"
 extends_documentation_fragment: []