Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

US-568873-Changes for certs manager to support custom keystore name #205

Merged
merged 14 commits into from
Jan 10, 2024
Merged

US-568873-Changes for certs manager to support custom keystore name #205

Show file tree
Hide file tree
Changes from 12 commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
7b80422
Merge branch 'pegasystems:master' into master
Saurabh-16 Jul 27, 2021
84543aa
Merge branch 'pegasystems:master' into master
Saurabh-16 Oct 12, 2023
ff0bf0c
US-572876 - Adding more extensions to certificate
Oct 12, 2023
8b41658
US-572876 - Adding more extensions to certificate
Oct 12, 2023
7a8eacf
US-572876 - Refactored certificate condition check to allow more exte…
Oct 13, 2023
bdd85ed
US-572876 - Refactored certificate condition check to allow more exte…
Oct 13, 2023
8f0ebe7
Merge branch 'pegasystems:master' into feature/US-572876
Saurabh-16 Dec 8, 2023
17d3767
Merge branch 'pegasystems:master' into feature/US-572876
Saurabh-16 Dec 11, 2023
690af3e
Merge branch 'pegasystems:master' into master
Saurabh-16 Dec 26, 2023
48b8e10
US-572876 - changes for certs manager to support custom keystore
Dec 26, 2023
a7fe84b
Merge branch 'master' of https://github.com/Saurabh-16/docker-pega-we…
Dec 26, 2023
2ff3c88
US-572876 - test cases fix
Dec 26, 2023
89191dc
Merge branch 'master' into feature/US-572876
Saurabh-16 Jan 9, 2024
c037ebf
US-572876 - Moving export statement out of if else block
Jan 10, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 16 additions & 3 deletions scripts/docker-entrypoint.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -82,9 +82,20 @@ do
fi
done

#tomcat ssl certs
tomcat_keystore_password_file="${tls_cert_root}/TOMCAT_KEYSTORE_PASSWORD"
tomcat_keystore_file="${tls_cert_root}/TOMCAT_KEYSTORE_CONTENT"
# tomcat ssl certs
if [ -n "$EXTERNAL_KEYSTORE_NAME" ]; then
echo "External custom keystore name key found"
tomcat_keystore_file="${tls_cert_root}/$EXTERNAL_KEYSTORE_NAME"
else
tomcat_keystore_file="${tls_cert_root}/TOMCAT_KEYSTORE_CONTENT"
fi

if [ -n "$EXTERNAL_KEYSTORE_PASSWORD" ]; then
echo "External custom keystore password key found"
tomcat_keystore_password_file="${tls_cert_root}/$EXTERNAL_KEYSTORE_PASSWORD"
else
tomcat_keystore_password_file="${tls_cert_root}/TOMCAT_KEYSTORE_PASSWORD"
fi

if [ -e "$tomcat_keystore_password_file" ]; then
TOMCAT_KEYSTORE_PASSWORD=$(<${tomcat_keystore_password_file})
Expand All @@ -94,10 +105,12 @@ else
fi

if [ -e "$tomcat_keystore_file" ]; then
export TOMCAT_KEYSTORE_CONTENT=$tomcat_keystore_file
echo "TLS certificate for tomcat exists"
cat ${tomcat_keystore_file} | xargs printf '%b\n' | base64 --decode > "${tomcat_cert_root}/tlskeystore.jks"
export TOMCAT_KEYSTORE_DIR="${tomcat_cert_root}/tlskeystore.jks"
else
export TOMCAT_KEYSTORE_CONTENT=$tomcat_keystore_file
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need this export statement here in else block?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah , we need this in else block as well. The reason is at the helm side , we have server.xml.tmpl where we are using this env variable always.
So whether this file exists or not , this variable should always be set to properly templatize the server.xml.
Also I want to keep this export in this block only , so put this condition in both if and else block.
https://github.com/pegasystems/pega-helm-charts/pull/688/files#diff-97c08b9274a6eb80565f293dbd88c227f1dbc0c53eae7c06401ce22baa8aaaa2R85

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The condition {{ if or (exists .Env.TOMCAT_KEYSTORE_CONTENT) (exists "/opt/pega/tomcatcertsmount/TOMCAT_CERTIFICATE_FILE") }} Would it not return false if env is not set? I could not understand the reason to export the env always.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If the environment variable is not set , then there are issues while detemplatizing server.xml in the containers.
I felt it is probably safe here to export this variable to avoid these XML parsing issue.

echo "TLS certificate does not exist"
fi

Expand Down
50 changes: 50 additions & 0 deletions tests/pega-web-ready-testcases.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2338,3 +2338,53 @@ commandTests:
if [ "$(ls /opt/pega/config | wc -l)" -ne "$(ls /opt/pega/decompressedconfig | wc -l)" ]; then echo "missing files in file_list variable"; fi
exitCode: 0
excludedOutput: [ "missing files in file_list variable" ]

# Verify external custom tomcat keystore
- name: "External Custom Tomcat Keystore files"
envVars:
- key: "JDBC_URL"
value: "jdbc:postgresql://localhost:5432/pegadb"
- key: "JDBC_CLASS"
value: "org.postgresql.Driver"
- key: "DB_USERNAME"
value: "postgres"
- key: "DB_PASSWORD"
value: "postgres"
- key: "RULES_SCHEMA"
value: "rules"
- key: "DATA_SCHEMA"
value: "data"
- key: "EXTERNAL_KEYSTORE_NAME"
value: "keystore.jks"
command: "bash"
args:
- -c
- |
bash -c './scripts/docker-entrypoint.sh'
exitCode: 0
expectedOutput: [ "External custom keystore name key found" ]

# Verify external custom tomcat keystore password key
- name: "External Custom Tomcat Keystore files"
envVars:
- key: "JDBC_URL"
value: "jdbc:postgresql://localhost:5432/pegadb"
- key: "JDBC_CLASS"
value: "org.postgresql.Driver"
- key: "DB_USERNAME"
value: "postgres"
- key: "DB_PASSWORD"
value: "postgres"
- key: "RULES_SCHEMA"
value: "rules"
- key: "DATA_SCHEMA"
value: "data"
- key: "EXTERNAL_KEYSTORE_PASSWORD"
value: "password"
command: "bash"
args:
- -c
- |
bash -c './scripts/docker-entrypoint.sh'
exitCode: 0
expectedOutput: [ "External custom keystore password key found" ]
Loading