Code Review / policy / docker.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 4d0a1d7)
Don't regenerate policy root CA in CSITs 78/122278/2
authorJim Hahn <jrh3@att.com>
Mon, 28 Jun 2021 17:28:12 +0000 (13:28 -0400)
committerJim Hahn <jrh3@att.com>
Mon, 28 Jun 2021 17:30:43 +0000 (13:30 -0400)
If the truststore already contains a root CA for policy, then the
script should not regenerate a root CA, as it interferes with pods
that are brought up in subsequent runs.

Issue-ID: POLICY-3384
Change-Id: I0c46fd23bd24ffd2add4e2d4914b6198a6f4b18f
Signed-off-by: Jim Hahn <jrh3@att.com>
csit/gen_truststore.sh patch | blob | history

diff --git a/csit/gen_truststore.sh b/csit/gen_truststore.sh
index 2ee9634..748d5f3 100755 (executable)
--- a/csit/gen_truststore.sh
+++ b/csit/gen_truststore.sh
@@ -26,15 +26,24 @@ DIR="${0%/*}/config"
 cd "${DIR}"
 
 OUTFILE=policy-truststore
+ALIAS=onap.policy.csit.root.ca
 PASS=Pol1cy_0nap
 
+keytool -list -alias ${ALIAS} -keystore ${OUTFILE} -storepass "${PASS}" \
+    >/dev/null 2>&1
+if [ $? -eq 0 ]
+then
+    echo "Truststore already contains a policy root CA - not re-generating"
+    exit 0
+fi
+
 openssl req -new -keyout cakey.pem -out careq.pem -passout "pass:${PASS}" \
             -subj "/C=US/ST=New Jersey/OU=ONAP/CN=policy.onap"
 
 openssl x509 -signkey cakey.pem -req -days 3650 -in careq.pem \
             -out caroot.cer -extensions v3_ca -passin "pass:${PASS}"
 
-keytool -import -noprompt -trustcacerts -alias onap.policy.csit.root.ca \
+keytool -import -noprompt -trustcacerts -alias ${ALIAS} \
             -file caroot.cer -keystore "${OUTFILE}" -storepass "${PASS}"
 
 chmod 644 "$OUTFILE"
Policy docker image