blob: 19864d438c9b36829cf9a0559caeea295aa4e091 [file] [log] [blame]
#!/bin/bash
# SPDX-License-Identifier: Apache-2.0
#
# Create root certificate CA (Certificate Authority) and its private key.
# Create the package certificate issued by CA
# Copy the stuff to SDC ONBOARDING and Robot pods.
#
SDCVALID=sdc-valid
SDCINVALID=sdc-invalid
ROBOTPOD=$(kubectl -n $NAMESPACE get pods --no-headers=true -o custom-columns=:metadata.name | grep robot )
SDCONBOARDINGPOD=$(kubectl -n $NAMESPACE get pods --no-headers=true -o custom-columns=:metadata.name | grep sdc-onboarding-be | grep -v cassandra)
generate_ca_key_cert_and_package_cert_issued_by_CA () {
openssl req -batch -new -nodes -x509 -days 36500 -keyout rootCA-private-robot-$1.key -out rootCA-robot-$1.cert
openssl req -batch -new -nodes -keyout package-private-robot-$1.key -out package-robot-$1.csr
openssl x509 -req -CA rootCA-robot-$1.cert -CAkey rootCA-private-robot-$1.key -CAcreateserial -in package-robot-$1.csr -out package-robot-$1.cert
}
copy_root_cert_to_sdc_onboarding () {
kubectl cp $1/rootCA-robot-$5.cert $2/$3:$4
}
copy_package_certs_to_robot () {
for f in package-robot-$5.cert package-private-robot-$5.key
do
kubectl cp $1/$f $2/$3:$4
done
}
mkdir "$DIR/$SCRIPTDIR/tmp"
cd "$DIR/$SCRIPTDIR/tmp"
if [[ -f rootCA-robot-$SDCVALID.cert && -f package-robot-$SDCVALID.cert && -f package-robot-$SDCINVALID.cert && -f package-private-robot-$SDCVALID.key && -f package-private-robot-$SDCINVALID.key ]]; then
echo "All files are present";
else
generate_ca_key_cert_and_package_cert_issued_by_CA $SDCVALID
generate_ca_key_cert_and_package_cert_issued_by_CA $SDCINVALID
fi
cd ../../..
copy_root_cert_to_sdc_onboarding "$DIR/$SCRIPTDIR/tmp" "$NAMESPACE" "$SDCONBOARDINGPOD" "/var/lib/jetty/cert" $SDCVALID
copy_package_certs_to_robot "$DIR/$SCRIPTDIR/tmp" "$NAMESPACE" "$ROBOTPOD" "/tmp" $SDCVALID
copy_package_certs_to_robot "$DIR/$SCRIPTDIR/tmp" "$NAMESPACE" "$ROBOTPOD" "/tmp" $SDCINVALID