Added changes manually from main.

Signed-off-by: Atul Krishna <Atul.Krishna@progress.com>
chef · Nov 14, 2022 · ead628a · ead628a
1 parent 8827f70
commit ead628a
Showing 1 changed file with 23 additions and 17 deletions.
diff --git a/components/automate-cli/cmd/chef-automate/certRotate.go b/components/automate-cli/cmd/chef-automate/certRotate.go
@@ -24,17 +24,17 @@ var certFlags = struct {
 	adminKey    string
 }{}
 
+var nodeFlag = struct {
+	node string
+}{}
+
 var sshFlag = struct {
 	automate   bool
 	chefserver bool
 	postgres   bool
 	opensearch bool
 }{}
 
-var nodeFlag = struct {
-	node string
-}{}
-
 var certRotateCmd = &cobra.Command{
 	Use:   "cert-rotate",
 	Short: "Chef Automate rotate cert",
@@ -59,8 +59,7 @@ func init() {
 	certRotateCmd.PersistentFlags().StringVar(&certFlags.rootCA, "root-ca", "", "RootCA certificate")
 	certRotateCmd.PersistentFlags().StringVar(&certFlags.adminCert, "admin-cert", "", "Admin certificate")
 	certRotateCmd.PersistentFlags().StringVar(&certFlags.adminKey, "admin-key", "", "Admin Private certificate")
-
-	certRotateCmd.PersistentFlags().StringVar(&nodeFlag.node, "ip", "", "IP of a particular node")
+	certRotateCmd.PersistentFlags().StringVar(&nodeFlag.node, "node", "", "Node Ip address")
 }
 
 const (
@@ -143,6 +142,10 @@ func certRotate(cmd *cobra.Command, args []string) error {
 			log.Fatal(err)
 		}
 
+		if rootCA != "" && nodeFlag.node != "" {
+			writer.Warn("root-ca flag will be ignored when node flag is provided")
+		}
+
 		if sshFlag.automate || sshFlag.chefserver {
 			err := certRotateFrontend(publicCert, privateCert, rootCA, infra)
 			if err != nil {
@@ -395,7 +398,8 @@ func getCerts(infra *AutomteHAInfraDetails) (string, string, string, string, str
 	adminCertPath := certFlags.adminCert
 	adminKeyPath := certFlags.adminKey
 
-	var rootCA, adminCert, adminKey []byte
+	var rootCABytes, adminCert, adminKey []byte
+	var rootCA string
 	var err error
 
 	if privateCertPath == "" || publicCertPath == "" {
@@ -425,13 +429,16 @@ func getCerts(infra *AutomteHAInfraDetails) (string, string, string, string, str
 		if rootCaPath == "" && nodeFlag.node == "" {
 			return "", "", "", "", "", errors.New("Please provide rootCA path")
 		}
-		rootCA, err = getCertFromFile(rootCaPath, infra)
-		if err != nil {
-			return "", "", "", "", "", status.Wrap(
-				err,
-				status.FileAccessError,
-				fmt.Sprintf("failed reading data from the given source, %s", err.Error()),
-			)
+		if rootCaPath != "" {
+			rootCABytes, err = getCertFromFile(rootCaPath, infra)
+			rootCA = string(rootCABytes)
+			if err != nil {
+				return "", "", "", "", "", status.Wrap(
+					err,
+					status.FileAccessError,
+					fmt.Sprintf("failed reading data from the given source, %s", err.Error()),
+				)
+			}
 		}
 	}
 
@@ -458,7 +465,7 @@ func getCerts(infra *AutomteHAInfraDetails) (string, string, string, string, str
 			)
 		}
 	}
-	return string(rootCA), string(publicCert), string(privateCert), string(adminCert), string(adminKey), nil
+	return rootCA, string(publicCert), string(privateCert), string(adminCert), string(adminKey), nil
 }
 
 // This function will read the certificate from the given path (local or remote).
@@ -504,8 +511,7 @@ func getIPV4(path string) string {
 }
 
 /*
-	If we are working on backend service, then first we have to get the applied configurations
-
+If we are working on backend service, then first we have to get the applied configurations
 and then merge it with new configurations, then apply that configuration.
 Because if we directly apply the new configurations, then the old applied configurations will be gone.
 So, we have to retain the old configurations also.