This repository has been archived by the owner on Feb 11, 2020. It is now read-only.
Update create-infrastructure task to use OS_CACERT #330
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
added 2 commits
May 8, 2018 21:11
Terraform needs to talk to the openstack endpoint, so we need to expose the OPENSTACK_CA_CERT as OS_CACERT like we do in other tasks for openstack
|
We have created an issue in Pivotal Tracker to manage this. Unfortunately, the Pivotal Tracker project is private so you may be unable to view the contents of the story. The labels on this github issue will be updated when the story is started. |
|
@iamtpage Please sign the Contributor License Agreement! Click here to manually synchronize the status of this Pull Request. See the FAQ for frequently asked questions. |
|
@iamtpage Thank you for signing the Contributor License Agreement! |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Thanks for contributing to pcf-pipelines. To speed up the process of reviewing your pull request please provide us with:
A short explanation of the proposed change:
Add a couple lines to the task.sh file to allow terraform to talk to the openstack API with self-signed certs
An explanation of the use cases your change solves:
This solves the use case where the create-infrastructure step fails when the openstack API cert is signed with an internal CA or is self-signed
Expected result after the change:
Terraform init/plan/apply will not fail with "x509 unknown certificate" when the openstack API is secured with a self-signed (or internal CA signed) certificate
Current result before the change:
Terraform commands fail with "x509 unknown certificate" when the openstack API cert is self-signed (or signed with an internal CA)
Links to any other associated PRs or issues:
This is present already in the other openstack tasks via API_SSL_CERT or OPENSTACK_CA_CERT, but doesn't seem to be present in the create-infrastructure task
I ran the test suite and returned the following results:
Ran 312 of 312 Specs in 0.108 seconds
FAIL! -- 306 Passed | 6 Failed | 0 Pending | 0 Skipped
The 6 that failed involve the upgrade-buildpacks pipeline and pcf-pipelines pipeline, not the openstack create-infrastructure task
I have viewed signed and have submitted the Contributor License Agreement
I have made this pull request to the
masterbranchI have run all the unit tests