Re: [PR] fix: gen-pkcs12-keystore adds ca.crt input option if it exists (#684) [solr-operator]

Wed, 03 Apr 2024 08:56:44 -0700 


HoustonPutman commented on code in PR #685:
URL: https://github.com/apache/solr-operator/pull/685#discussion_r1550003188


##########
controllers/util/solr_tls_util.go:
##########
@@ -707,8 +707,11 @@ func (tls *TLSConfig) 
generatePkcs12InitContainer(imageName string, imagePullPol
                },
        }
 
-       cmd := "openssl pkcs12 -export -in " + DefaultKeyStorePath + "/" + 
TLSCertKey + " -in " + DefaultKeyStorePath +
-               "/ca.crt -inkey " + DefaultKeyStorePath + "/tls.key -out " + 
DefaultKeyStorePath +
+       caCrtFileName := DefaultKeyStorePath + "/ca.crt"
+
+       cmd := "OPTIONAL_CACRT=$(test -e " + caCrtFileName + " && echo ' -in " 
+ caCrtFileName + "'); " +

Review Comment:
   One suggestion here is to put the `$(...)` inside of quotations, to make 
sure that the spaces are taken care of well. 
   ```suggestion
        cmd := "OPTIONAL_CACRT=\"$(test -e " + caCrtFileName + " && echo ' -in 
" + caCrtFileName + "')\"; " +
   ```
   
   We would need to test it out to make sure that they are happy though
   



##########
controllers/solrcloud_controller_tls_test.go:
##########
@@ -522,7 +522,7 @@ func expectTLSConfigOnPodTemplateWithGomega(g Gomega, 
solrCloud *solrv1beta1.Sol
                                break
                        }
                }
-               expCmd := "openssl pkcs12 -export -in /var/solr/tls/tls.crt -in 
/var/solr/tls/ca.crt -inkey /var/solr/tls/tls.key -out 
/var/solr/tls/pkcs12/keystore.p12 -passout pass:${SOLR_SSL_KEY_STORE_PASSWORD}"
+               expCmd := "OPTIONAL_CACRT=$(test -e /var/solr/tls/ca.crt && 
echo ' -in /var/solr/tls/ca.crt'); openssl pkcs12 -export -in 
/var/solr/tls/tls.crt $OPTIONAL_CACRT -inkey /var/solr/tls/tls.key -out 
/var/solr/tls/pkcs12/keystore.p12 -passout pass:${SOLR_SSL_KEY_STORE_PASSWORD}"

Review Comment:
   ```suggestion
                expCmd := "OPTIONAL_CACRT=\"$(test -e /var/solr/tls/ca.crt && 
echo ' -in /var/solr/tls/ca.crt')\"; openssl pkcs12 -export -in 
/var/solr/tls/tls.crt $OPTIONAL_CACRT -inkey /var/solr/tls/tls.key -out 
/var/solr/tls/pkcs12/keystore.p12 -passout pass:${SOLR_SSL_KEY_STORE_PASSWORD}"
   ```



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org

Reply via email to