From b21f570e2cf98229f7b10f0b1a81d37a0fd21b66 Mon Sep 17 00:00:00 2001
From: Anatolii Bazko <abazko@redhat.com>
Date: Wed, 21 Oct 2020 10:08:30 +0300
Subject: [PATCH] Store cheCA.crt into tmp director (#931)

Signed-off-by: Anatolii Bazko <abazko@redhat.com>
---
 src/api/che.ts                | 29 ++++++++++++++++++-----------
 src/commands/cacert/export.ts | 23 ++---------------------
 2 files changed, 20 insertions(+), 32 deletions(-)

diff --git a/src/api/che.ts b/src/api/che.ts
index 1128a6a03..42455a44f 100644
--- a/src/api/che.ts
+++ b/src/api/che.ts
@@ -180,22 +180,29 @@ export class CheHelper {
     throw new Error(`Secret "${CHE_ROOT_CA_SECRET_NAME}" has invalid format: "ca.crt" key not found in data.`)
   }
 
-  async saveCheCaCert(cheCaCert: string, destinaton?: string): Promise<string> {
-    if (destinaton && fs.existsSync(destinaton)) {
-      if (fs.lstatSync(destinaton).isDirectory()) {
-        destinaton = path.join(destinaton, DEFAULT_CA_CERT_FILE_NAME)
-      }
-    } else {
-      // Fallback to default location
-      destinaton = path.join(os.homedir(), DEFAULT_CA_CERT_FILE_NAME)
+  async saveCheCaCert(cheCaCert: string, destination?: string): Promise<string> {
+    const cheCaCertFile = this.getTargetFile(destination)
+    fs.writeFileSync(cheCaCertFile, cheCaCert)
+    return cheCaCertFile
+  }
+
+  /**
+   * Handles certificate target location and returns string which points to the target file.
+   */
+  private getTargetFile(destination: string | undefined): string {
+    if (!destination) {
+      return path.join(os.tmpdir(), DEFAULT_CA_CERT_FILE_NAME)
+    }
+
+    if (fs.existsSync(destination)) {
+      return fs.lstatSync(destination).isDirectory() ? path.join(destination, DEFAULT_CA_CERT_FILE_NAME) : destination
     }
 
-    fs.writeFileSync(destinaton, cheCaCert)
-    return destinaton
+    throw new Error(`Given path \'${destination}\' doesn't exist.`)
   }
 
   /**
-   * Retreives Keycloak admin user credentials.
+   * Retrieves Keycloak admin user credentials.
    * Works only with installers which use Che CR (operator, olm).
    * Returns credentials as an array of two values: [login, password]
    * In case of an error an array with undefined values will be returned.
diff --git a/src/commands/cacert/export.ts b/src/commands/cacert/export.ts
index 6d846d73c..3b9116882 100644
--- a/src/commands/cacert/export.ts
+++ b/src/commands/cacert/export.ts
@@ -10,9 +10,6 @@
 
 import { Command, flags } from '@oclif/command'
 import { string } from '@oclif/parser/lib/flags'
-import * as fs from 'fs'
-import * as os from 'os'
-import * as path from 'path'
 
 import { CheHelper } from '../../api/che'
 import { KubeHelper } from '../../api/kube'
@@ -30,7 +27,7 @@ export default class Export extends Command {
       description: `Destination where to store Che self-signed CA certificate.
                     If the destination is a file (might not exist), then the certificate will be saved there in PEM format.
                     If the destination is a directory, then ${DEFAULT_CA_CERT_FILE_NAME} file will be created there with Che certificate in PEM format.
-                    If this option is ommited, then Che certificate will be stored in user's home directory as ${DEFAULT_CA_CERT_FILE_NAME}`,
+                    If this option is omitted, then Che certificate will be stored in a user's temporary directory as ${DEFAULT_CA_CERT_FILE_NAME}.`,
       env: 'CHE_CA_CERT_LOCATION',
       default: ''
     }),
@@ -52,7 +49,7 @@ export default class Export extends Command {
     try {
       const cheCaCert = await cheHelper.retrieveCheCaCert(flags.chenamespace)
       if (cheCaCert) {
-        const targetFile = await cheHelper.saveCheCaCert(cheCaCert, this.getTargetFile(flags.destination))
+        const targetFile = await cheHelper.saveCheCaCert(cheCaCert, flags.destination)
         this.log(`Eclipse Che self-signed CA certificate is exported to ${targetFile}`)
       } else {
         this.log('Self signed certificate secret not found. Is commonly trusted certificate used?')
@@ -61,20 +58,4 @@ export default class Export extends Command {
       this.error(error)
     }
   }
-
-  /**
-   * Handles certificate target location and returns string which points to the target file.
-   */
-  private getTargetFile(destinaton: string): string {
-    if (!destinaton) {
-      return path.join(os.homedir(), DEFAULT_CA_CERT_FILE_NAME)
-    }
-
-    if (fs.existsSync(destinaton)) {
-      return fs.lstatSync(destinaton).isDirectory() ? path.join(destinaton, DEFAULT_CA_CERT_FILE_NAME) : destinaton
-    }
-
-    this.error(`Given path "${destinaton}" doesn't exist.`)
-  }
-
 }