| #!/bin/bash |
| |
| # SPDX-License-Identifier: Apache-2.0 |
| |
| # |
| # Create root certificate CA (Certificate Authority) and its private key. |
| # Create the package certificate issued by CA |
| # Copy the stuff to SDC ONBOARDING and Robot pods. |
| # |
| |
| |
| |
| SDCVALID=sdc-valid |
| SDCINVALID=sdc-invalid |
| ROBOTPOD=$(kubectl -n $NAMESPACE get pods --no-headers=true -o custom-columns=:metadata.name | grep robot ) |
| SDCONBOARDINGPOD=$(kubectl -n $NAMESPACE get pods --no-headers=true -o custom-columns=:metadata.name | grep sdc-onboarding-be | grep -v cassandra) |
| |
| generate_ca_key_cert_and_package_cert_issued_by_CA () { |
| openssl req -batch -new -nodes -x509 -days 36500 -keyout rootCA-private-robot-$1.key -out rootCA-robot-$1.cert |
| openssl req -batch -new -nodes -keyout package-private-robot-$1.key -out package-robot-$1.csr |
| openssl x509 -req -CA rootCA-robot-$1.cert -CAkey rootCA-private-robot-$1.key -CAcreateserial -in package-robot-$1.csr -out package-robot-$1.cert |
| } |
| |
| |
| copy_root_cert_to_sdc_onboarding () { |
| kubectl cp $1/rootCA-robot-$5.cert $2/$3:$4 |
| } |
| |
| copy_package_certs_to_robot () { |
| for f in package-robot-$5.cert package-private-robot-$5.key |
| do |
| kubectl cp $1/$f $2/$3:$4 |
| done |
| } |
| |
| mkdir "$DIR/$SCRIPTDIR/tmp" |
| cd "$DIR/$SCRIPTDIR/tmp" |
| if [[ -f rootCA-robot-$SDCVALID.cert && -f package-robot-$SDCVALID.cert && -f package-robot-$SDCINVALID.cert && -f package-private-robot-$SDCVALID.key && -f package-private-robot-$SDCINVALID.key ]]; then |
| echo "All files are present"; |
| else |
| generate_ca_key_cert_and_package_cert_issued_by_CA $SDCVALID |
| generate_ca_key_cert_and_package_cert_issued_by_CA $SDCINVALID |
| |
| fi |
| cd ../../.. |
| copy_root_cert_to_sdc_onboarding "$DIR/$SCRIPTDIR/tmp" "$NAMESPACE" "$SDCONBOARDINGPOD" "/var/lib/jetty/cert" $SDCVALID |
| copy_package_certs_to_robot "$DIR/$SCRIPTDIR/tmp" "$NAMESPACE" "$ROBOTPOD" "/tmp" $SDCVALID |
| copy_package_certs_to_robot "$DIR/$SCRIPTDIR/tmp" "$NAMESPACE" "$ROBOTPOD" "/tmp" $SDCINVALID |
| |