diff --git a/src/api/che.ts b/src/api/che.ts index 1128a6a03..559a6fa62 100644 --- a/src/api/che.ts +++ b/src/api/che.ts @@ -21,7 +21,7 @@ import * as os from 'os' import * as path from 'path' import { OpenShiftHelper } from '../api/openshift' -import { CHE_ROOT_CA_SECRET_NAME, DEFAULT_CA_CERT_FILE_NAME } from '../constants' +import { CHE_ROOT_CA_SECRET_NAME } from '../constants' import { base64Decode } from '../util' import { CheApiClient } from './che-api-client' @@ -180,22 +180,35 @@ export class CheHelper { throw new Error(`Secret "${CHE_ROOT_CA_SECRET_NAME}" has invalid format: "ca.crt" key not found in data.`) } - async saveCheCaCert(cheCaCert: string, destinaton?: string): Promise { - if (destinaton && fs.existsSync(destinaton)) { - if (fs.lstatSync(destinaton).isDirectory()) { - destinaton = path.join(destinaton, DEFAULT_CA_CERT_FILE_NAME) - } - } else { - // Fallback to default location - destinaton = path.join(os.homedir(), DEFAULT_CA_CERT_FILE_NAME) + async saveCheCaCert(cheCaCert: string, destination?: string): Promise { + const cheCaCertFile = this.getTargetFile(destination) + fs.writeFileSync(cheCaCertFile, cheCaCert) + return cheCaCertFile + } + + /** + * Handles certificate target location and returns string which points to the target file. + */ + private getTargetFile(destination: string | undefined): string { + const cluster = KubeHelper.KUBE_CONFIG.getCurrentCluster() + if (!cluster) { + throw new Error('Failed to get current Kubernetes cluster. Check if the current context is set via kubectl/oc') + } + const clusterName = cluster.name.replace(/[^a-zA-Z0-9-_]/g, '-') + + if (!destination) { + return path.join(os.tmpdir(), `${clusterName}-cheCA.crt`) + } + + if (fs.existsSync(destination)) { + return fs.lstatSync(destination).isDirectory() ? path.join(destination, `${clusterName}-cheCA.crt`) : destination } - fs.writeFileSync(destinaton, cheCaCert) - return destinaton + throw new Error(`Given path \'${destination}\' doesn't exist.`) } /** - * Retreives Keycloak admin user credentials. + * Retrieves Keycloak admin user credentials. * Works only with installers which use Che CR (operator, olm). * Returns credentials as an array of two values: [login, password] * In case of an error an array with undefined values will be returned. diff --git a/src/commands/cacert/export.ts b/src/commands/cacert/export.ts index 6d846d73c..71a0d12b2 100644 --- a/src/commands/cacert/export.ts +++ b/src/commands/cacert/export.ts @@ -10,14 +10,10 @@ import { Command, flags } from '@oclif/command' import { string } from '@oclif/parser/lib/flags' -import * as fs from 'fs' -import * as os from 'os' -import * as path from 'path' import { CheHelper } from '../../api/che' import { KubeHelper } from '../../api/kube' import { cheNamespace, skipKubeHealthzCheck } from '../../common-flags' -import { DEFAULT_CA_CERT_FILE_NAME } from '../../constants' export default class Export extends Command { static description = 'Retrieves Eclipse Che self-signed certificate' @@ -29,8 +25,8 @@ export default class Export extends Command { char: 'd', description: `Destination where to store Che self-signed CA certificate. If the destination is a file (might not exist), then the certificate will be saved there in PEM format. - If the destination is a directory, then ${DEFAULT_CA_CERT_FILE_NAME} file will be created there with Che certificate in PEM format. - If this option is ommited, then Che certificate will be stored in user's home directory as ${DEFAULT_CA_CERT_FILE_NAME}`, + If the destination is a directory, then a new file will be created there with Che certificate in PEM format. + If this option is omitted, then Che certificate will be stored in the user's temp directory`, env: 'CHE_CA_CERT_LOCATION', default: '' }), @@ -52,7 +48,7 @@ export default class Export extends Command { try { const cheCaCert = await cheHelper.retrieveCheCaCert(flags.chenamespace) if (cheCaCert) { - const targetFile = await cheHelper.saveCheCaCert(cheCaCert, this.getTargetFile(flags.destination)) + const targetFile = await cheHelper.saveCheCaCert(cheCaCert, flags.destination) this.log(`Eclipse Che self-signed CA certificate is exported to ${targetFile}`) } else { this.log('Self signed certificate secret not found. Is commonly trusted certificate used?') @@ -61,20 +57,4 @@ export default class Export extends Command { this.error(error) } } - - /** - * Handles certificate target location and returns string which points to the target file. - */ - private getTargetFile(destinaton: string): string { - if (!destinaton) { - return path.join(os.homedir(), DEFAULT_CA_CERT_FILE_NAME) - } - - if (fs.existsSync(destinaton)) { - return fs.lstatSync(destinaton).isDirectory() ? path.join(destinaton, DEFAULT_CA_CERT_FILE_NAME) : destinaton - } - - this.error(`Given path "${destinaton}" doesn't exist.`) - } - } diff --git a/src/constants.ts b/src/constants.ts index ef599034f..e381ebe35 100644 --- a/src/constants.ts +++ b/src/constants.ts @@ -19,7 +19,6 @@ export const CA_CERT_GENERATION_JOB_IMAGE = 'quay.io/eclipse/che-cert-manager-ca export const CERT_MANAGER_NAMESPACE_NAME = 'cert-manager' export const CHE_TLS_SECRET_NAME = 'che-tls' export const CHE_ROOT_CA_SECRET_NAME = 'self-signed-certificate' -export const DEFAULT_CA_CERT_FILE_NAME = 'cheCA.crt' export const CHE_CLUSTER_CR_NAME = 'eclipse-che' export const CHE_CLUSTER_CRD = 'checlusters.org.eclipse.che'