[patch] Improvements to handling of files with multiple certificates #1097

andrercm · 2023-11-10T17:58:38Z

Fixes for:

Users can now export MAS_JDBC_CERT_LOCAL_FILE or MONGODB_CA_PEM_LOCAL_FILE pointing to pem files containing multiple cert entries while running the gencfg roles and we'll extract the certificate content and loop through a list to include all cert chain properly in the corresponding MAS config.

As example:

Having original-ca-central-1-bundle.pem containing the following list of certificates:

Then you can run gencfg_jdbc role as below:

export MAS_CONFIG_DIR=/maximoappsuite/devops-configs/config
export MAS_JDBC_CERT_LOCAL_FILE=$MAS_CONFIG_DIR/original-ca-central-1-bundle.pem
export SSL_ENABLED=true
export MAS_JDBC_URL='jdbc:db2://c-mas-tmp-andrercm-system-db2u-engn-svc.db2u.svc:50001/BLUDB:sslConnection=true;sslVersion=TLSv1.2;'
export MAS_JDBC_USER=myuser
export MAS_JDBC_PASSWORD=mypassword

The output will be:

---
apiVersion: v1
kind: Secret
type: Opaque
metadata:
  name: "jdbc-dbinst-credentials"
  namespace: "mas-tmp-andrercm-core"
stringData:
  username: "myuser"
  password: "mypassword"
---
apiVersion: config.mas.ibm.com/v1
kind: JdbcCfg
metadata:
  name: "tmp-andrercm-jdbc-wsapp-main-manage"
  namespace: "mas-tmp-andrercm-core"
  labels: {'mas.ibm.com/applicationId': 'manage', 'mas.ibm.com/configScope': 'workspace-application', 'mas.ibm.com/instanceId': 'tmp-andrercm', 'mas.ibm.com/workspaceId': 'main'}
spec:
  displayName: "tmp-andrercm-jdbc-wsapp-main-manage"
  config:
    url: "jdbc:db2://c-mas-tmp-andrercm-system-db2u-engn-svc.db2u.svc:50001/BLUDB:sslConnection=true;sslVersion=TLSv1.2;"
    sslEnabled: true
    credentials:
      secretName: "jdbc-dbinst-credentials"
  certificates: 
    - alias: "part1"
      crt: |
        -----BEGIN CERTIFICATE-----
        MIIEBjCCAu6gAwIBAgIJAMc0ZzaSUK51MA0GCSqGSIb3DQEBCwUAMIGPMQswCQYD
        VQQGEwJVUzEQMA4GA1UEBwwHU2VhdHRsZTETMBEGA1UECAwKV2FzaGluZ3RvbjEi
        MCAGA1UECgwZQW1hem9uIFdlYiBTZXJ2aWNlcywgSW5jLjETMBEGA1UECwwKQW1h
        em9uIFJEUzEgMB4GA1UEAwwXQW1hem9uIFJEUyBSb290IDIwMTkgQ0EwHhcNMTkw
        ODIyMTcwODUwWhcNMjQwODIyMTcwODUwWjCBjzELMAkGA1UEBhMCVVMxEDAOBgNV
        BAcMB1NlYXR0bGUxEzARBgNVBAgMCldhc2hpbmd0b24xIjAgBgNVBAoMGUFtYXpv
        biBXZWIgU2VydmljZXMsIEluYy4xEzARBgNVBAsMCkFtYXpvbiBSRFMxIDAeBgNV
        BAMMF0FtYXpvbiBSRFMgUm9vdCAyMDE5IENBMIIBIjANBgkqhkiG9w0BAQEFAAOC
        AQ8AMIIBCgKCAQEArXnF/E6/Qh+ku3hQTSKPMhQQlCpoWvnIthzX6MK3p5a0eXKZ
        oWIjYcNNG6UwJjp4fUXl6glp53Jobn+tWNX88dNH2n8DVbppSwScVE2LpuL+94vY
        0EYE/XxN7svKea8YvlrqkUBKyxLxTjh+U/KrGOaHxz9v0l6ZNlDbuaZw3qIWdD/I
        6aNbGeRUVtpM6P+bWIoxVl/caQylQS6CEYUk+CpVyJSkopwJlzXT07tMoDL5WgX9
        O08KVgDNz9qP/IGtAcRduRcNioH3E9v981QO1zt/Gpb2f8NqAjUUCUZzOnij6mx9
        McZ+9cWX88CRzR0vQODWuZscgI08NvM69Fn2SQIDAQABo2MwYTAOBgNVHQ8BAf8E
        BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUc19g2LzLA5j0Kxc0LjZa
        pmD/vB8wHwYDVR0jBBgwFoAUc19g2LzLA5j0Kxc0LjZapmD/vB8wDQYJKoZIhvcN
        AQELBQADggEBAHAG7WTmyjzPRIM85rVj+fWHsLIvqpw6DObIjMWokpliCeMINZFV
        ynfgBKsf1ExwbvJNzYFXW6dihnguDG9VMPpi2up/ctQTN8tm9nDKOy08uNZoofMc
        NUZxKCEkVKZv+IL4oHoeayt8egtv3ujJM6V14AstMQ6SwvwvA93EP/Ug2e4WAXHu
        cbI1NAbUgVDqp+DRdfvZkgYKryjTWd/0+1fS8X1bBZVWzl7eirNVnHbSH2ZDpNuY
        0SBd8dj5F6ld3t58ydZbrTHze7JJOd8ijySAp4/kiu9UfZWuTPABzDa/DSdz9Dk/
        zPW4CXXvhLmE02TA9/HeCw3KEHIwicNuEfw=
        -----END CERTIFICATE-----
    - alias: "part2"
      crt: |
        -----BEGIN CERTIFICATE-----
        MIIECjCCAvKgAwIBAgICEzUwDQYJKoZIhvcNAQELBQAwgY8xCzAJBgNVBAYTAlVT
        MRAwDgYDVQQHDAdTZWF0dGxlMRMwEQYDVQQIDApXYXNoaW5ndG9uMSIwIAYDVQQK
        DBlBbWF6b24gV2ViIFNlcnZpY2VzLCBJbmMuMRMwEQYDVQQLDApBbWF6b24gUkRT
        MSAwHgYDVQQDDBdBbWF6b24gUkRTIFJvb3QgMjAxOSBDQTAeFw0xOTA5MTAyMDUy
        MjVaFw0yNDA4MjIxNzA4NTBaMIGXMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2Fz
        aGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEiMCAGA1UECgwZQW1hem9uIFdlYiBT
        ZXJ2aWNlcywgSW5jLjETMBEGA1UECwwKQW1hem9uIFJEUzEoMCYGA1UEAwwfQW1h
        em9uIFJEUyBjYS1jZW50cmFsLTEgMjAxOSBDQTCCASIwDQYJKoZIhvcNAQEBBQAD
        ggEPADCCAQoCggEBAOxHqdcPSA2uBjsCP4DLSlqSoPuQ/X1kkJLusVRKiQE2zayB
        viuCBt4VB9Qsh2rW3iYGM+usDjltGnI1iUWA5KHcvHszSMkWAOYWLiMNKTlg6LCp
        XnE89tvj5dIH6U8WlDvXLdjB/h30gW9JEX7S8supsBSci2GxEzb5mRdKaDuuF/0O
        qvz4YE04pua3iZ9QwmMFuTAOYzD1M72aOpj+7Ac+YLMM61qOtU+AU6MndnQkKoQi
        qmUN2A9IFaqHFzRlSdXwKCKUA4otzmz+/N3vFwjb5F4DSsbsrMfjeHMo6o/nb6Nh
        YDb0VJxxPee6TxSuN7CQJ2FxMlFUezcoXqwqXD0CAwEAAaNmMGQwDgYDVR0PAQH/
        BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFDGGpon9WfIpsggE
        CxHq8hZ7E2ESMB8GA1UdIwQYMBaAFHNfYNi8ywOY9CsXNC42WqZg/7wfMA0GCSqG
        SIb3DQEBCwUAA4IBAQAvpeQYEGZvoTVLgV9rd2+StPYykMsmFjWQcyn3dBTZRXC2
        lKq7QhQczMAOhEaaN29ZprjQzsA2X/UauKzLR2Uyqc2qOeO9/YOl0H3qauo8C/W9
        r8xqPbOCDLEXlOQ19fidXyyEPHEq5WFp8j+fTh+s8WOx2M7IuC0ANEetIZURYhSp
        xl9XOPRCJxOhj7JdelhpweX0BJDNHeUFi0ClnFOws8oKQ7sQEv66d5ddxqqZ3NVv
        RbCvCtEutQMOUMIuaygDlMn1anSM8N7Wndx8G6+Uy67AnhjGx7jw/0YPPxopEj6x
        JXP8j0sJbcT9K/9/fPVLNT25RvQ/93T2+IQL4Ca2
        -----END CERTIFICATE-----
    - alias: "part3"
      crt: |
        -----BEGIN CERTIFICATE-----
        MIICtTCCAjqgAwIBAgIRAK9BSZU6nIe6jqfODmuVctYwCgYIKoZIzj0EAwMwgZkx
        CzAJBgNVBAYTAlVTMSIwIAYDVQQKDBlBbWF6b24gV2ViIFNlcnZpY2VzLCBJbmMu
        MRMwEQYDVQQLDApBbWF6b24gUkRTMQswCQYDVQQIDAJXQTEyMDAGA1UEAwwpQW1h
        em9uIFJEUyBjYS1jZW50cmFsLTEgUm9vdCBDQSBFQ0MzODQgRzExEDAOBgNVBAcM
        B1NlYXR0bGUwIBcNMjEwNTIxMjIxMzA5WhgPMjEyMTA1MjEyMzEzMDlaMIGZMQsw
        CQYDVQQGEwJVUzEiMCAGA1UECgwZQW1hem9uIFdlYiBTZXJ2aWNlcywgSW5jLjET
        MBEGA1UECwwKQW1hem9uIFJEUzELMAkGA1UECAwCV0ExMjAwBgNVBAMMKUFtYXpv
        biBSRFMgY2EtY2VudHJhbC0xIFJvb3QgQ0EgRUNDMzg0IEcxMRAwDgYDVQQHDAdT
        ZWF0dGxlMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEUkEERcgxneT5H+P+fERcbGmf
        bVx+M7rNWtgWUr6w+OBENebQA9ozTkeSg4c4M+qdYSObFqjxITdYxT1z/nHz1gyx
        OKAhLjWu+nkbRefqy3RwXaWT680uUaAP6ccnkZOMo0IwQDAPBgNVHRMBAf8EBTAD
        AQH/MB0GA1UdDgQWBBSN6fxlg0s5Wny08uRBYZcQ3TUoyzAOBgNVHQ8BAf8EBAMC
        AYYwCgYIKoZIzj0EAwMDaQAwZgIxAORaz+MBVoFBTmZ93j2G2vYTwA6T5hWzBWrx
        CrI54pKn5g6At56DBrkjrwZF5T1enAIxAJe/LZ9xpDkAdxDgGJFN8gZYLRWc0NRy
        Rb4hihy5vj9L+w9uKc9VfEBIFuhT7Z3ljg==
        -----END CERTIFICATE-----
    - alias: "part4"
      crt: |
        -----BEGIN CERTIFICATE-----
        MIIEBTCCAu2gAwIBAgIRAKiaRZatN8eiz9p0s0lu0rQwDQYJKoZIhvcNAQELBQAw
        gZoxCzAJBgNVBAYTAlVTMSIwIAYDVQQKDBlBbWF6b24gV2ViIFNlcnZpY2VzLCBJ
        bmMuMRMwEQYDVQQLDApBbWF6b24gUkRTMQswCQYDVQQIDAJXQTEzMDEGA1UEAwwq
        QW1hem9uIFJEUyBjYS1jZW50cmFsLTEgUm9vdCBDQSBSU0EyMDQ4IEcxMRAwDgYD
        VQQHDAdTZWF0dGxlMCAXDTIxMDUyMTIyMDIzNVoYDzIwNjEwNTIxMjMwMjM1WjCB
        mjELMAkGA1UEBhMCVVMxIjAgBgNVBAoMGUFtYXpvbiBXZWIgU2VydmljZXMsIElu
        Yy4xEzARBgNVBAsMCkFtYXpvbiBSRFMxCzAJBgNVBAgMAldBMTMwMQYDVQQDDCpB
        bWF6b24gUkRTIGNhLWNlbnRyYWwtMSBSb290IENBIFJTQTIwNDggRzExEDAOBgNV
        BAcMB1NlYXR0bGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCygVMf
        qB865IR9qYRBRFHn4eAqGJOCFx+UbraQZmjr/mnRqSkY+nhbM7Pn/DWOrRnxoh+w
        q5F9ZxdZ5D5T1v6kljVwxyfFgHItyyyIL0YS7e2h7cRRscCM+75kMedAP7icb4YN
        LfWBqfKHbHIOqvvQK8T6+Emu/QlG2B5LvuErrop9K0KinhITekpVIO4HCN61cuOe
        CADBKF/5uUJHwS9pWw3uUbpGUwsLBuhJzCY/OpJlDqC8Y9aToi2Ivl5u3/Q/sKjr
        6AZb9lx4q3J2z7tJDrm5MHYwV74elGSXoeoG8nODUqjgklIWAPrt6lQ3WJpO2kug
        8RhCdSbWkcXHfX95AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE
        FOIxhqTPkKVqKBZvMWtKewKWDvDBMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0B
        AQsFAAOCAQEAqoItII89lOl4TKvg0I1EinxafZLXIheLcdGCxpjRxlZ9QMQUN3yb
        y/8uFKBL0otbQgJEoGhxm4h0tp54g28M6TN1U0332dwkjYxUNwvzrMaV5Na55I2Z
        1hq4GB3NMXW+PvdtsgVOZbEN+zOyOZ5MvJHEQVkT3YRnf6avsdntltcRzHJ16pJc
        Y8rR7yWwPXh1lPaPkxddrCtwayyGxNbNmRybjR48uHRhwu7v2WuAMdChL8H8bp89
        TQLMrMHgSbZfee9hKhO4Zebelf1/cslRSrhkG0ESq6G5MUINj6lMg2g6F0F7Xz2v
        ncD/vuRN5P+vT8th/oZ0Q2Gc68Pun0cn/g==
        -----END CERTIFICATE-----
    - alias: "part5"
      crt: |
        -----BEGIN CERTIFICATE-----
        MIIGBTCCA+2gAwIBAgIRAJfKe4Zh4aWNt3bv6ZjQwogwDQYJKoZIhvcNAQEMBQAw
        gZoxCzAJBgNVBAYTAlVTMSIwIAYDVQQKDBlBbWF6b24gV2ViIFNlcnZpY2VzLCBJ
        bmMuMRMwEQYDVQQLDApBbWF6b24gUkRTMQswCQYDVQQIDAJXQTEzMDEGA1UEAwwq
        QW1hem9uIFJEUyBjYS1jZW50cmFsLTEgUm9vdCBDQSBSU0E0MDk2IEcxMRAwDgYD
        VQQHDAdTZWF0dGxlMCAXDTIxMDUyMTIyMDg1M1oYDzIxMjEwNTIxMjMwODUzWjCB
        mjELMAkGA1UEBhMCVVMxIjAgBgNVBAoMGUFtYXpvbiBXZWIgU2VydmljZXMsIElu
        Yy4xEzARBgNVBAsMCkFtYXpvbiBSRFMxCzAJBgNVBAgMAldBMTMwMQYDVQQDDCpB
        bWF6b24gUkRTIGNhLWNlbnRyYWwtMSBSb290IENBIFJTQTQwOTYgRzExEDAOBgNV
        BAcMB1NlYXR0bGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCpgUH6
        Crzd8cOw9prAh2rkQqAOx2vtuI7xX4tmBG4I/um28eBjyVmgwQ1fpq0Zg2nCKS54
        Nn0pCmT7f3h6Bvopxn0J45AzXEtajFqXf92NQ3iPth95GVfAJSD7gk2LWMhpmID9
        JGQyoGuDPg+hYyr292X6d0madzEktVVGO4mKTF989qEg+tY8+oN0U2fRTrqa2tZp
        iYsmg350ynNopvntsJAfpCO/srwpsqHHLNFZ9jvhTU8uW90wgaKO9i31j/mHggCE
        +CAOaJCM3g+L8DPl/2QKsb6UkBgaaIwKyRgKSj1IlgrK+OdCBCOgM9jjId4Tqo2j
        ZIrrPBGl6fbn1+etZX+2/tf6tegz+yV0HHQRAcKCpaH8AXF44bny9andslBoNjGx
        H6R/3ib4FhPrnBMElzZ5i4+eM/cuPC2huZMBXb/jKgRC/QN1Wm3/nah5FWq+yn+N
        tiAF10Ga0BYzVhHDEwZzN7gn38bcY5yi/CjDUNpY0OzEe2+dpaBKPlXTaFfn9Nba
        CBmXPRF0lLGGtPeTAgjcju+NEcVa82Ht1pqxyu2sDtbu3J5bxp4RKtj+ShwN8nut
        Tkf5Ea9rSmHEY13fzgibZlQhXaiFSKA2ASUwgJP19Putm0XKlBCNSGCoECemewxL
        +7Y8FszS4Uu4eaIwvXVqUEE2yf+4ex0hqQ1acQIDAQABo0IwQDAPBgNVHRMBAf8E
        BTADAQH/MB0GA1UdDgQWBBSeUnXIRxNbYsZLtKomIz4Y1nOZEzAOBgNVHQ8BAf8E
        BAMCAYYwDQYJKoZIhvcNAQEMBQADggIBAIpRvxVS0dzoosBh/qw65ghPUGSbP2D4
        dm6oYCv5g/zJr4fR7NzEbHOXX5aOQnHbQL4M/7veuOCLNPOW1uXwywMg6gY+dbKe
        YtPVA1as8G9sUyadeXyGh2uXGsziMFXyaESwiAXZyiYyKChS3+g26/7jwECFo5vC
        XGhWpIO7Hp35Yglp8AnwnEAo/PnuXgyt2nvyTSrxlEYa0jus6GZEZd77pa82U1JH
        qFhIgmKPWWdvELA3+ra1nKnvpWM/xX0pnMznMej5B3RT3Y+k61+kWghJE81Ix78T
        +tG4jSotgbaL53BhtQWBD1yzbbilqsGE1/DXPXzHVf9yD73fwh2tGWSaVInKYinr
        a4tcrB3KDN/PFq0/w5/21lpZjVFyu/eiPj6DmWDuHW73XnRwZpHo/2OFkei5R7cT
        rn/YdDD6c1dYtSw5YNnS6hdCQ3sOiB/xbPRN9VWJa6se79uZ9NLz6RMOr73DNnb2
        bhIR9Gf7XAA5lYKqQk+A+stoKbIT0F65RnkxrXi/6vSiXfCh/bV6B41cf7MY/6YW
        ehserSdjhQamv35rTFdM+foJwUKz1QN9n9KZhPxeRmwqPitAV79PloksOnX25ElN
        SlyxdndIoA1wia1HRd26EFm2pqfZ2vtD2EjU3wD42CXX4H8fKVDna30nNFSYF0yn
        jGKc3k6UNxpg
        -----END CERTIFICATE-----

In uds role, I have added a fix for #1058
that retrieves the UDS cert chain from the ingress secret, and includes all parts of the chain in the BasCfg.
Optionally you can now choose to not include ISRG x1 root cert, if not really needed, by just export UDS_INCLUDE_ISRG_ROOT_CERT=false

Here's a sample output:

---
apiVersion: v1
kind: Secret
type: opaque
metadata:
  name: uds-apikey
  namespace: "mas-tmp-andrercm-core"
stringData:
  api_key: "myapikey"
---
apiVersion: config.mas.ibm.com/v1
kind: BasCfg
metadata:
  name: "tmp-andrercm-bas-system"
  namespace: "mas-tmp-andrercm-core"
  labels:
    mas.ibm.com/configScope: system
    mas.ibm.com/instanceId: "tmp-andrercm"
spec:
  displayName: UDS tmp-andrercm
  config:
    url: "https://uds-endpoint-ibm-common-services.mycluster-6f1620198115433da1cac8216c06779b-0000.eu-gb.containers.appdomain.cloud"
    contact:
      email: "bas@test.com"
      firstName: "andre"
      lastName: "marcelino"
    credentials:
      secretName: uds-apikey
  certificates: 
    - alias: "part1"
      crt: |
        -----BEGIN CERTIFICATE-----
        MIIF3zCCBMegAwIBAgISA9KOyNfzH4+PzoXsYAhHWr0sMA0GCSqGSIb3DQEBCwUA
        MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
        EwJSMzAeFw0yMzExMTAwNTI4NDFaFw0yNDAyMDgwNTI4NDBaMDoxODA2BgNVBAMT
        L2Z2dHJlbGVhc2U4MTF4LmV1LWdiLmNvbnRhaW5lcnMuYXBwZG9tYWluLmNsb3Vk
        MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArNN4NQx0pEQH6OtXD1J6
        PgmRIQxob6G3UuAy1ShZzuzB2z6Bb/2tKfILc4Lrr5YDhV7rGci9dMaTdtqgtFKG
        Mf0GMf5hTQLNE7zMWzHeu/HR3us5ZVdc/O0GQuieu5ZrWVzgIEdtKhTlCKxtaG0P
        8HQrhhjqqCTllx9+4QxmFiKWzXO2AVWilgBRMqKCVTc/heZoGIEDWKeZJxrLAX6R
        xBpKfJt8IdCeotyz5hlchNKlQcAIEQ8f2/sG8TdWK+nIWODhEpfrhzHW2RMzPPx5
        XJVExg4hLWDq47Gmg4bMdOTk1O/PLFycDWHRUvY+Biv5/RPVJtUk/9xC0SN8HiF5
        bwIDAQABo4IC5TCCAuEwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF
        BwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSFz/dKKegRRKrw
        8S41xcuK17u5DjAfBgNVHSMEGDAWgBQULrMXt1hWy65QCUDmH6+dixTCxjBVBggr
        BgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9yMy5vLmxlbmNyLm9yZzAi
        BggrBgEFBQcwAoYWaHR0cDovL3IzLmkubGVuY3Iub3JnLzCB7AYDVR0RBIHkMIHh
        glcqLmZ2dHJlbGVhc2U4MTF4LTZmMTYyMDE5ODExNTQzM2RhMWNhYzgyMTZjMDY3
        NzliLTAwMDAuZXUtZ2IuY29udGFpbmVycy5hcHBkb21haW4uY2xvdWSCVWZ2dHJl
        bGVhc2U4MTF4LTZmMTYyMDE5ODExNTQzM2RhMWNhYzgyMTZjMDY3NzliLTAwMDAu
        ZXUtZ2IuY29udGFpbmVycy5hcHBkb21haW4uY2xvdWSCL2Z2dHJlbGVhc2U4MTF4
        LmV1LWdiLmNvbnRhaW5lcnMuYXBwZG9tYWluLmNsb3VkMBMGA1UdIAQMMAowCAYG
        Z4EMAQIBMIIBBQYKKwYBBAHWeQIEAgSB9gSB8wDxAHcAO1N3dT4tuYBOizBbBv5A
        O2fYT8P0x70ADS1yb+H61BcAAAGLt+shxAAABAMASDBGAiEA7B+tgyltlir6VGGa
        poDlQRxenvWmBnw0KNq7kZySoU8CIQDvkVivYMVEMS5Dt6e7+Z0CPvQ+aYJH8/IG
        hMhrCWpT9wB2AO7N0GTV2xrOxVy3nbTNE6Iyh0Z8vOzew1FIWUZxH7WbAAABi7fr
        IcIAAAQDAEcwRQIhAIZc+GpAeYE2bV0QHYPfic+Igf3C0pm1gp9q/ajhUtwQAiBz
        MHU4VRshqDxnlSFw1vuAPNKp9nKs/3zh7L1XabeaDDANBgkqhkiG9w0BAQsFAAOC
        AQEAVP+XY6zqyZBmjtS6dmcwoZBuKXQNwSYHVj5u7gaChECYQEmCL+jo9MxhCM5j
        JUzOxdTaE3rKK+m4G9P0Bbq7dVcD3EDGKR0uLDjqRuiYMu8mgezWhbLKritAP0ZU
        klDzXO6EznclxOojNsy8HPpFJO4/qXmLdb+tWdNsfRzcWy/fXnwwDIlhi1imMXf3
        /aO2NXesU/j3VVuyIU6kluRqPxv6DGbzaBWbhugiNBGJV40yR4LiB9/f/IIfwHEM
        hc4/6c3hAXj9AaepO1OzqZuQr7EVX2qhCRlUa25ptNRbFNLFkjI1rbeR5v9c0qQr
        4iFYj61gVNLSfff7vU0CgAz5Ww==
        -----END CERTIFICATE-----
    - alias: "part2"
      crt: |
        -----BEGIN CERTIFICATE-----
        MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
        TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
        cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
        WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
        RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
        AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP
        R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx
        sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm
        NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg
        Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG
        /kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC
        AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB
        Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA
        FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw
        AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw
        Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB
        gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W
        PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl
        ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz
        CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm
        lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4
        avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2
        yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O
        yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids
        hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+
        HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv
        MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
        nLRbwHOoq7hHwg==
        -----END CERTIFICATE-----
    - alias: isrgrootx1 # default root certificate used by Let's Encrypt
      crt: |
        -----BEGIN CERTIFICATE-----
        MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw
        TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
        cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4
        WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu
        ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY
        MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc
        h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+
        0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U
        A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW
        T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH
        B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC
        B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv
        KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn
        OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn
        jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw
        qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI
        rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV
        HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq
        hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL
        ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ
        3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK
        NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5
        ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur
        TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC
        jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc
        oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq
        4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA
        mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d
        emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=
        -----END CERTIFICATE-----

…cert-fix

maulik-modi22 · 2023-11-17T09:06:09Z

@andrercm , I guess there is no change required in https://ibm-mas.github.io/ansible-devops/roles/gencfg_jdbc/ right?

andrercm · 2023-11-21T14:31:09Z

@maulik-modi22 no, no change required, we're just proposing a change on how we manage multiple certs in the chain, no doc changes required.

…cert-fix

commit 5206e1b Author: Conrad Kao <ckao@us.ibm.com> Date: Fri Jan 12 12:35:57 2024 -0600 [patch] add licensing sync cronjob sync frequency in slscfg (#1167) commit b1c6579 Author: David Parker <parkerda@uk.ibm.com> Date: Sun Jan 7 21:05:26 2024 +0000 [patch] Disable logging of docker credentials from mirror_ocp role (#1160) commit 81cb38f Author: David Parker <parkerda@uk.ibm.com> Date: Sun Jan 7 11:33:09 2024 +0000 Revert "[minor] Added failure handling for Maxinst setup script in suite_db2_setup_for_manage role (#1121)" This reverts commit b88d557. Refer to MASISMIG-49684 commit b88d557 Author: Sachin Balagopalan <sachin.balagopalan@us.ibm.com> Date: Fri Jan 5 04:01:44 2024 -0500 [minor] Added failure handling for Maxinst setup script in suite_db2_setup_for_manage role (#1121) Co-authored-by: Alexandre Quinteiro <alefq0@gmail.com> commit 04a32fc Author: André Marcelino <31037381+andrercm@users.noreply.github.com> Date: Wed Jan 3 12:28:57 2024 -0300 [patch] Fix condition that sets cert_manager_cluster_resource_namespace (#1156) commit d890dd6 Author: André Marcelino <31037381+andrercm@users.noreply.github.com> Date: Tue Jan 2 07:57:47 2024 -0300 [minor] Add support for Red Hat Certificate Manager (#1153) Co-authored-by: David Parker <parkerda@uk.ibm.com> commit 0d04acd Author: Sanjay Prabhakar <sanju7216@gmail.com> Date: Thu Dec 28 17:50:57 2023 +0000 [minor] Support December Catalog Update (#1148) Co-authored-by: Sanjay Prabhakar <sanjay.prabhakar@uk.ibm.com> commit 0d13647 Author: Sanjay Prabhakar <sanju7216@gmail.com> Date: Wed Dec 20 14:30:03 2023 +0000 [minor] Add support mongo 5.0.23 and 6.0.12 (#1144) Co-authored-by: Sanjay Prabhakar <sanjay.prabhakar@uk.ibm.com> commit 017a0ad Author: David Parker <parkerda@uk.ibm.com> Date: Wed Dec 20 12:59:43 2023 +0000 [patch] Include default channels in ImageSetConfiguration (#1150) commit d5c96fc Author: David Parker <parkerda@uk.ibm.com> Date: Wed Dec 20 10:34:32 2023 +0000 Default to patch version bump when no commit prefix provided (#1149) commit b4e06f0 Author: HariPalleti <hari.palleti@ibm.com> Date: Mon Dec 18 17:44:59 2023 -0600 [patch] add install in the DRO_ACTION list (#1146) commit 21c7b33 Author: Lokesh <110647904+lokesh-sreedhara@users.noreply.github.com> Date: Mon Dec 18 21:10:40 2023 +0530 [patch] fix dro_action assert error (#1145) Co-authored-by: Yuvraj Vansure <yuvraj.vansure1.ibm.com> Co-authored-by: yuvraj-vansure <81155309+yuvraj-vansure@users.noreply.github.com> commit 49b2546 Author: André Marcelino <31037381+andrercm@users.noreply.github.com> Date: Mon Dec 18 07:33:21 2023 -0300 [minor] Support MVI integration with Object Storage in oneclick_add_visualinspection (#1125) Co-authored-by: David Parker <parkerda@uk.ibm.com> commit 2e37184 Author: yuvraj-vansure <81155309+yuvraj-vansure@users.noreply.github.com> Date: Mon Dec 18 15:59:30 2023 +0530 [patch] Install DRO using DRO_STORAGE_CLASS and PVC (#1129) Co-authored-by: Yuvraj Vansure <yuvraj.vansure1.ibm.com> Co-authored-by: lokesh-sreedhara <lokesh.sreedhara@us.ibm.com> Co-authored-by: Lokesh <110647904+lokesh-sreedhara@users.noreply.github.com> commit fb7e3e0 Author: André Marcelino <31037381+andrercm@users.noreply.github.com> Date: Thu Dec 14 06:40:24 2023 -0300 [patch] Fix ocp_ingress_tls_secret_name support for Azure (#1141) Co-authored-by: David Parker <parkerda@uk.ibm.com> commit 7ffce37 Author: Sanjay Prabhakar <sanju7216@gmail.com> Date: Thu Dec 14 09:39:15 2023 +0000 [patch] Support for apply-db2cfg-settings.sh script in newer db2 operators (#1142) Co-authored-by: Sanjay Prabhakar <sanjay.prabhakar@uk.ibm.com> commit ca3da8e Author: yuvraj-vansure <81155309+yuvraj-vansure@users.noreply.github.com> Date: Wed Dec 13 16:02:15 2023 +0530 [patch] Include DRO in ImageSetConfig & ImageContentSourcePolicy (#1127) Co-authored-by: David Parker <parkerda@uk.ibm.com> commit f928af8 Author: chriscochran <140204950+chriscochran@users.noreply.github.com> Date: Wed Dec 13 04:22:11 2023 -0600 [patch] Exclude Maximo IT from mirror manifest by default (#1128) Co-authored-by: David Parker <parkerda@uk.ibm.com> Co-authored-by: André Marcelino <31037381+andrercm@users.noreply.github.com> Co-authored-by: Sanjay Prabhakar <sanju7216@gmail.com> Co-authored-by: Sanjay Prabhakar <sanjay.prabhakar@uk.ibm.com> commit 229e299 Author: André Marcelino <31037381+andrercm@users.noreply.github.com> Date: Tue Dec 12 10:41:46 2023 -0300 [patch] Fix cert content from string (#1137) Co-authored-by: David Parker <parkerda@uk.ibm.com> commit efd77d2 Author: David Parker <parkerda@uk.ibm.com> Date: Tue Dec 12 13:00:08 2023 +0000 [patch] Allow FYRE provision without storage configuration (#1138) commit e1473bf Author: Sanjay Prabhakar <sanju7216@gmail.com> Date: Sat Dec 9 02:38:32 2023 +0000 [patch] get db2u version from db2u-release configmap instead of secret (#1135) Co-authored-by: Sanjay Prabhakar <sanjay.prabhakar@uk.ibm.com> commit 41c0e98 Author: David Parker <parkerda@uk.ibm.com> Date: Thu Dec 7 12:45:11 2023 +0000 [patch] Ensure cluster_ingress_tls_crt_remove_it is defined (#1133) commit 9c9342e Author: André Marcelino <31037381+andrercm@users.noreply.github.com> Date: Wed Dec 6 17:38:36 2023 -0300 [patch] Filter DST X3 Root certificate part from the cluster's ingress chain (#1130) commit a080005 Author: André Marcelino <31037381+andrercm@users.noreply.github.com> Date: Wed Dec 6 07:24:36 2023 -0300 [patch] Fix "jdbc_tls_crt is undefined" (#1126) commit 0d5e016 Author: André Marcelino <31037381+andrercm@users.noreply.github.com> Date: Fri Dec 1 16:55:46 2023 -0300 [patch] fix bad indentation for BasCfg when podTemplates is set (#1124) commit b45e7fd Author: David Parker <parkerda@uk.ibm.com> Date: Fri Dec 1 18:16:17 2023 +0000 [patch] Clean up remnants of manual upgrade support (#1123) commit 803bcc3 Author: André Marcelino <31037381+andrercm@users.noreply.github.com> Date: Wed Nov 29 21:46:15 2023 -0300 [patch] Adding cluster's ingress in DNS record list for Route53 hosted zone (#1118) commit 7592542 Author: Sanjay Prabhakar <sanju7216@gmail.com> Date: Wed Nov 29 17:16:31 2023 +0000 [patch] update nov catalog digest and amlen 1.0.2 extras (#1120) Co-authored-by: Sanjay Prabhakar <sanjay.prabhakar@uk.ibm.com> commit c75455a Author: Sanjay Prabhakar <sanju7216@gmail.com> Date: Wed Nov 29 12:16:00 2023 +0000 [minor] Update v8-231128-amd64 catalog casebundle (#1117) Co-authored-by: Sanjay Prabhakar <sanjay.prabhakar@uk.ibm.com> commit c8fe880 Author: André Marcelino <31037381+andrercm@users.noreply.github.com> Date: Mon Nov 27 14:08:02 2023 -0300 [patch] Improvements to handling of files with multiple certificates (#1097) Co-authored-by: David Parker <parkerda@uk.ibm.com> commit 3f5a8c4 Author: André Marcelino <31037381+andrercm@users.noreply.github.com> Date: Mon Nov 27 13:57:47 2023 -0300 [patch] Fix playbook defaults and suite_dns default handling (#1114) Co-authored-by: David Parker <parkerda@uk.ibm.com> commit 9d798d2 Author: Sanjay Prabhakar <sanju7216@gmail.com> Date: Mon Nov 27 16:50:51 2023 +0000 [minor] Support November Catalog Update (#1103) Co-authored-by: Andre Ricardo De Campos Marcelino <andrercm@br.ibm.com> Co-authored-by: Terence Quinn <quinnt@us.ibm.com> Co-authored-by: Sanjay Prabhakar <sanjay.prabhakar@uk.ibm.com> commit acacf77 Author: David Parker <parkerda@uk.ibm.com> Date: Fri Nov 24 19:13:14 2023 +0000 [patch] Fixes and tweaks for better Red Hat content mirroring (#1115) commit 017d579 Author: Sanjay Prabhakar <sanju7216@gmail.com> Date: Fri Nov 24 19:04:32 2023 +0000 [minor] Re-issue October 04 and 31 catalog (#1113) Co-authored-by: Sanjay Prabhakar <sanjay.prabhakar@uk.ibm.com>

andrercm added 2 commits November 10, 2023 14:21

[patch] fix for #1059

affc576

[patch] also fix mongodb certs

b7ae7fa

andrercm marked this pull request as ready for review November 10, 2023 17:59

andrercm requested review from durera, sanjayprab, terenceq and whitfiea as code owners November 10, 2023 17:59

andrercm requested a review from cuddlyporcupine November 10, 2023 17:59

andrercm mentioned this pull request Nov 10, 2023

the gencfg_jdbc role does not support pem file with multiple certificates #1059

Closed

andrercm added 2 commits November 10, 2023 17:47

[patch] fix uds role to loop multiple certs

e0cb190

[patch] fix default

5dd2a9a

andrercm mentioned this pull request Nov 10, 2023

Script doesn't add all UDS certificates to basCfg #1058

Closed

andrercm and others added 6 commits November 10, 2023 18:15

[patch] minor typo

a9d36b4

Merge branch 'master' into jdbc-cert-fix

728cba2

Merge branch 'master' of github.com:ibm-mas/ansible-devops into jdbc-…

77083b0

…cert-fix

[patch] logic to loop thru cert chain for cos

cc2f373

[patch] add include_cluster_ingress_cert_chain

4823ce4

[patch] Format to list all certs in the chain

a5c3e53

andrercm and others added 3 commits November 21, 2023 11:40

Merge branch 'master' of github.com:ibm-mas/ansible-devops into jdbc-…

64b4007

…cert-fix

[patch] deal with multiple certs in dro

52f3f59

Merge branch 'master' into jdbc-cert-fix

636ac8f

andrercm mentioned this pull request Nov 23, 2023

Bug Report: Exception in Ansible Task Execution during Object Storage Configuration Copy #1106

Closed

andrercm and others added 2 commits November 27, 2023 11:06

Merge branch 'master' into jdbc-cert-fix

fb5a42b

Merge branch 'master' into jdbc-cert-fix

35dbffa

durera changed the title ~~[patch] the gencfg_jdbc & gencfg_mongo roles to support pem file with multiple certificates~~ [patch] Improvements to handling of files with multiple certificates Nov 27, 2023

durera approved these changes Nov 27, 2023

View reviewed changes

This was linked to issues Nov 27, 2023

Script doesn't add all UDS certificates to basCfg #1058

Closed

the gencfg_jdbc role does not support pem file with multiple certificates #1059

Closed

durera added this pull request to the merge queue Nov 27, 2023

Merged via the queue into master with commit c8fe880 Nov 27, 2023
2 checks passed

durera deleted the jdbc-cert-fix branch November 27, 2023 17:10

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[patch] Improvements to handling of files with multiple certificates #1097

[patch] Improvements to handling of files with multiple certificates #1097

andrercm commented Nov 10, 2023 •

edited by durera

Loading

maulik-modi22 commented Nov 17, 2023

andrercm commented Nov 21, 2023

[patch] Improvements to handling of files with multiple certificates #1097

[patch] Improvements to handling of files with multiple certificates #1097

Conversation

andrercm commented Nov 10, 2023 • edited by durera Loading

maulik-modi22 commented Nov 17, 2023

andrercm commented Nov 21, 2023

andrercm commented Nov 10, 2023 •

edited by durera

Loading