From d0395f7de8dea655f0e4ea214462311e23f45a78 Mon Sep 17 00:00:00 2001
From: Jack Lucas <jflucas@research.att.com>
Date: Tue, 4 Jun 2019 12:47:56 -0400
Subject: Update bootstrap to support TLS for CM

Change-Id: Ie44a55eb7e209bbad1970530f9d723ac9540b156
Issue-ID: DCAEGEN2-1586
Signed-off-by: Jack Lucas <jflucas@research.att.com>
---
 k8s-bootstrap-container/bootstrap.sh | 24 ++++++++++++++++++++++--
 k8s-bootstrap-container/pom.xml      |  2 +-
 2 files changed, 23 insertions(+), 3 deletions(-)

diff --git a/k8s-bootstrap-container/bootstrap.sh b/k8s-bootstrap-container/bootstrap.sh
index 838e1e0..82df4b4 100755
--- a/k8s-bootstrap-container/bootstrap.sh
+++ b/k8s-bootstrap-container/bootstrap.sh
@@ -27,6 +27,26 @@
 #   Input files for components to be installed in /inputs
 #   Configuration JSON files that need to be loaded into Consul in /dcae-configs
 #   Consul is installed in /opt/consul/bin/consul, with base config in /opt/consul/config/00consul.json
+# Optionally, allows:
+#   CM protocol in CMPROTO environment variable (defaults to HTTP)
+#   CM port in CMPORT environment variable (defaults to 80)
+# If CMPROTO is set to "https", bootstrap will use HTTPS to communicate with CM.  Otherwise,
+# it will use HTTP.
+# If CMPROTO is set to "https", the script assumes the CA cert needed to verify the cert
+# presented by CM is mounted at /certs/cacert.pem.
+
+# Set defaults for CM protocol and port
+CMPROTO=${CMPROTO:-http}
+CMPORT=${CMPORT:-80}
+
+# Set up additional parameters for using HTTPS
+CFYTLS=""
+CURLTLS=""
+if [ $CMPROTO = "https" ]
+then
+    CFYTLS="--rest-certificate /certs/cacert.pem --ssl"
+    CURLTLS="--cacert /certs/cacert.pem"
+fi
 
 ### FUNCTION DEFINITIONS ###
 
@@ -45,7 +65,7 @@ function cm_hasany {
     # We use _include=id to limit the amount of data the CM sends back
     # We rely on the "metadata.pagination.total" field in the response
     # for the total number of matching entities
-    COUNT=$(curl -Ss -H "Tenant: default_tenant" --user admin:${CMPASS} "${CMADDR}/api/v3.1/$1&_include=id" \
+    COUNT=$(curl -Ss -H "Tenant: default_tenant" --user admin:${CMPASS} ${CURLTLS} "${CMPROTO}://${CMADDR}:${CMPORT}/api/v3.1/$1&_include=id" \
              | /bin/jq .metadata.pagination.total)
     if (( $COUNT > 0 ))
     then
@@ -133,7 +153,7 @@ fi
 PH_REG="${PH_REG}\"}"
 
 # Set up profile to access Cloudify Manager
-cfy profiles use -u admin -t default_tenant -p "${CMPASS}"  "${CMADDR}"
+cfy profiles use -u admin -t default_tenant -p "${CMPASS}" ${CFYTLS} "${CMADDR}"
 
 # Output status, for debugging purposes
 cfy status
diff --git a/k8s-bootstrap-container/pom.xml b/k8s-bootstrap-container/pom.xml
index 04af8c7..98c2a83 100644
--- a/k8s-bootstrap-container/pom.xml
+++ b/k8s-bootstrap-container/pom.xml
@@ -27,7 +27,7 @@ limitations under the License.
   <groupId>org.onap.dcaegen2.deployments</groupId>
   <artifactId>k8s-bootstrap-container</artifactId>
   <name>dcaegen2-deployments-k8s-bootstrap-container</name>
-  <version>1.5.1</version>
+  <version>1.6.0</version>
   <url>http://maven.apache.org</url>
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-- 
cgit 1.2.3-korg