Link chectl certificate to install platform

Signed-off-by: Anatolii Bazko <abazko@redhat.com>
che-incubator · Oct 15, 2020 · 587d6f6 · 587d6f6
1 parent d93d29f
commit 587d6f6
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 36 deletions.
diff --git a/src/api/che.ts b/src/api/che.ts
@@ -21,7 +21,7 @@ import * as os from 'os'
 import * as path from 'path'
 
 import { OpenShiftHelper } from '../api/openshift'
-import { CHE_ROOT_CA_SECRET_NAME, DEFAULT_CA_CERT_FILE_NAME } from '../constants'
+import { CHE_ROOT_CA_SECRET_NAME } from '../constants'
 import { base64Decode } from '../util'
 
 import { CheApiClient } from './che-api-client'
@@ -180,22 +180,35 @@ export class CheHelper {
     throw new Error(`Secret "${CHE_ROOT_CA_SECRET_NAME}" has invalid format: "ca.crt" key not found in data.`)
   }
 
-  async saveCheCaCert(cheCaCert: string, destinaton?: string): Promise<string> {
-    if (destinaton && fs.existsSync(destinaton)) {
-      if (fs.lstatSync(destinaton).isDirectory()) {
-        destinaton = path.join(destinaton, DEFAULT_CA_CERT_FILE_NAME)
-      }
-    } else {
-      // Fallback to default location
-      destinaton = path.join(os.homedir(), DEFAULT_CA_CERT_FILE_NAME)
+  async saveCheCaCert(cheCaCert: string, destination?: string): Promise<string> {
+    const cheCaCertFile = this.getTargetFile(destination)
+    fs.writeFileSync(cheCaCertFile, cheCaCert)
+    return cheCaCertFile
+  }
+
+  /**
+   * Handles certificate target location and returns string which points to the target file.
+   */
+  private getTargetFile(destination: string | undefined): string {
+    const cluster = KubeHelper.KUBE_CONFIG.getCurrentCluster()
+    if (!cluster) {
+      throw new Error('Failed to get current Kubernetes cluster. Check if the current context is set via kubectl/oc')
+    }
+    const clusterName = cluster.name.replace(/[^a-zA-Z0-9-_]/g, '-')
+
+    if (!destination) {
+      return path.join(os.tmpdir(), `${clusterName}-cheCA.crt`)
+    }
+
+    if (fs.existsSync(destination)) {
+      return fs.lstatSync(destination).isDirectory() ? path.join(destination, `${clusterName}-cheCA.crt`) : destination
     }
 
-    fs.writeFileSync(destinaton, cheCaCert)
-    return destinaton
+    throw new Error(`Given path \'${destination}\' doesn't exist.`)
   }
 
   /**
-   * Retreives Keycloak admin user credentials.
+   * Retrieves Keycloak admin user credentials.
    * Works only with installers which use Che CR (operator, olm).
    * Returns credentials as an array of two values: [login, password]
    * In case of an error an array with undefined values will be returned.

diff --git a/src/commands/cacert/export.ts b/src/commands/cacert/export.ts
@@ -10,14 +10,10 @@
 
 import { Command, flags } from '@oclif/command'
 import { string } from '@oclif/parser/lib/flags'
-import * as fs from 'fs'
-import * as os from 'os'
-import * as path from 'path'
 
 import { CheHelper } from '../../api/che'
 import { KubeHelper } from '../../api/kube'
 import { cheNamespace, skipKubeHealthzCheck } from '../../common-flags'
-import { DEFAULT_CA_CERT_FILE_NAME } from '../../constants'
 
 export default class Export extends Command {
   static description = 'Retrieves Eclipse Che self-signed certificate'
@@ -29,8 +25,8 @@ export default class Export extends Command {
       char: 'd',
       description: `Destination where to store Che self-signed CA certificate.
                     If the destination is a file (might not exist), then the certificate will be saved there in PEM format.
-                    If the destination is a directory, then ${DEFAULT_CA_CERT_FILE_NAME} file will be created there with Che certificate in PEM format.
-                    If this option is ommited, then Che certificate will be stored in user's home directory as ${DEFAULT_CA_CERT_FILE_NAME}`,
+                    If the destination is a directory, then a new file will be created there with Che certificate in PEM format.
+                    If this option is omitted, then Che certificate will be stored in the user's temp directory`,
       env: 'CHE_CA_CERT_LOCATION',
       default: ''
     }),
@@ -52,7 +48,7 @@ export default class Export extends Command {
     try {
       const cheCaCert = await cheHelper.retrieveCheCaCert(flags.chenamespace)
       if (cheCaCert) {
-        const targetFile = await cheHelper.saveCheCaCert(cheCaCert, this.getTargetFile(flags.destination))
+        const targetFile = await cheHelper.saveCheCaCert(cheCaCert, flags.destination)
         this.log(`Eclipse Che self-signed CA certificate is exported to ${targetFile}`)
       } else {
         this.log('Self signed certificate secret not found. Is commonly trusted certificate used?')
@@ -61,20 +57,4 @@ export default class Export extends Command {
       this.error(error)
     }
   }
-
-  /**
-   * Handles certificate target location and returns string which points to the target file.
-   */
-  private getTargetFile(destinaton: string): string {
-    if (!destinaton) {
-      return path.join(os.homedir(), DEFAULT_CA_CERT_FILE_NAME)
-    }
-
-    if (fs.existsSync(destinaton)) {
-      return fs.lstatSync(destinaton).isDirectory() ? path.join(destinaton, DEFAULT_CA_CERT_FILE_NAME) : destinaton
-    }
-
-    this.error(`Given path "${destinaton}" doesn't exist.`)
-  }
-
 }
diff --git a/src/constants.ts b/src/constants.ts
@@ -19,7 +19,6 @@ export const CA_CERT_GENERATION_JOB_IMAGE = 'quay.io/eclipse/che-cert-manager-ca
 export const CERT_MANAGER_NAMESPACE_NAME = 'cert-manager'
 export const CHE_TLS_SECRET_NAME = 'che-tls'
 export const CHE_ROOT_CA_SECRET_NAME = 'self-signed-certificate'
-export const DEFAULT_CA_CERT_FILE_NAME = 'cheCA.crt'
 export const CHE_CLUSTER_CR_NAME = 'eclipse-che'
 export const CHE_CLUSTER_CRD = 'checlusters.org.eclipse.che'