fix: gen-pkcs12-keystore adds ca.crt input option if it exists (apach…

…e#684)
intershop · Feb 12, 2024 · 759df01 · 759df01
1 parent dedf33c
commit 759df01
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 3 deletions.
diff --git a/controllers/solrcloud_controller_tls_test.go b/controllers/solrcloud_controller_tls_test.go
@@ -526,7 +526,7 @@ func expectTLSConfigOnPodTemplateWithGomega(g Gomega, tls *solrv1beta1.SolrTLSOp
 				break
 			}
 		}
-		expCmd := "openssl pkcs12 -export -in /var/solr/tls/tls.crt -in /var/solr/tls/ca.crt -inkey /var/solr/tls/tls.key -out /var/solr/tls/pkcs12/keystore.p12 -passout pass:${SOLR_SSL_KEY_STORE_PASSWORD}"
+		expCmd := "OPTIONAL_CACRT=$(test -e /var/solr/tls/ca.crt && echo ' -in /var/solr/tls/ca.crt'); openssl pkcs12 -export -in /var/solr/tls/tls.crt $OPTIONAL_CACRT -inkey /var/solr/tls/tls.key -out /var/solr/tls/pkcs12/keystore.p12 -passout pass:${SOLR_SSL_KEY_STORE_PASSWORD}"
 		g.Expect(expInitContainer).To(Not(BeNil()), "Didn't find the gen-pkcs12-keystore InitContainer in the sts!")
 		g.Expect(expInitContainer.Command[2]).To(Equal(expCmd), "Wrong TLS initContainer command")
 	}

diff --git a/controllers/util/solr_tls_util.go b/controllers/util/solr_tls_util.go
@@ -622,8 +622,11 @@ func (tls *TLSConfig) generatePkcs12InitContainer(imageName string, imagePullPol
 		},
 	}
 
-	cmd := "openssl pkcs12 -export -in " + DefaultKeyStorePath + "/" + TLSCertKey + " -in " + DefaultKeyStorePath +
-		"/ca.crt -inkey " + DefaultKeyStorePath + "/tls.key -out " + DefaultKeyStorePath +
+	caCrtFileName := DefaultKeyStorePath + "/ca.crt"
+
+	cmd := "OPTIONAL_CACRT=$(test -e " + caCrtFileName + " && echo ' -in " + caCrtFileName + "'); " +
+		"openssl pkcs12 -export -in " + DefaultKeyStorePath + "/" + TLSCertKey + " $OPTIONAL_CACRT " +
+		"-inkey " + DefaultKeyStorePath + "/tls.key -out " + DefaultKeyStorePath +
 		"/pkcs12/" + DefaultPkcs12KeystoreFile + " -passout pass:${SOLR_SSL_KEY_STORE_PASSWORD}"
 
 	return corev1.Container{