diff options
| author |   Jim Hahn <jrh3@att.com> | 2021-06-28 13:28:12 -0400 |
|---|---|---|
| committer | Jim Hahn <jrh3@att.com> | 2021-06-28 13:30:43 -0400 |
| commit | 29ed0d71a625d62f2f86f1d39257089df4c75ddc (patch) | |
| tree | 4dc7201350b770f9451b164a408080f49f344752 | |
| parent | 4d0a1d766e645046a9bcbe3c0dbeb59d82fd2fa3 (diff) | |
Don't regenerate policy root CA in CSITs
If the truststore already contains a root CA for policy, then the
script should not regenerate a root CA, as it interferes with pods
that are brought up in subsequent runs.
Issue-ID: POLICY-3384
Change-Id: I0c46fd23bd24ffd2add4e2d4914b6198a6f4b18f
Signed-off-by: Jim Hahn <jrh3@att.com>
| -rwxr-xr-x | csit/gen_truststore.sh | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/csit/gen_truststore.sh b/csit/gen_truststore.sh index 2ee96341..748d5f30 100755 --- a/csit/gen_truststore.sh +++ b/csit/gen_truststore.sh @@ -26,15 +26,24 @@ DIR="${0%/*}/config" cd "${DIR}" OUTFILE=policy-truststore +ALIAS=onap.policy.csit.root.ca PASS=Pol1cy_0nap +keytool -list -alias ${ALIAS} -keystore ${OUTFILE} -storepass "${PASS}" \ + >/dev/null 2>&1 +if [ $? -eq 0 ] +then + echo "Truststore already contains a policy root CA - not re-generating" + exit 0 +fi + openssl req -new -keyout cakey.pem -out careq.pem -passout "pass:${PASS}" \ -subj "/C=US/ST=New Jersey/OU=ONAP/CN=policy.onap" openssl x509 -signkey cakey.pem -req -days 3650 -in careq.pem \ -out caroot.cer -extensions v3_ca -passin "pass:${PASS}" -keytool -import -noprompt -trustcacerts -alias onap.policy.csit.root.ca \ +keytool -import -noprompt -trustcacerts -alias ${ALIAS} \ -file caroot.cer -keystore "${OUTFILE}" -storepass "${PASS}" chmod 644 "$OUTFILE" |