From 2f5eb38cb2e7de65e13f2b487b29e8c89ca6531e Mon Sep 17 00:00:00 2001
From: Andy Ning <andy.ning@windriver.com>
Date: Wed, 20 Nov 2019 16:23:40 -0500
Subject: [PATCH] DC sync ssl and docker registry certificates

This change added support to synchronize ssl and docker registry
certificates from central cloud to subclouds.

Change-Id: I4cdcf32264d8e177fee3549ce17d172f9fc36c36
Closes-Bug: 1851252
Depends-On: https://review.opendev.org/#/c/695308
Signed-off-by: Andy Ning <andy.ning@windriver.com>
---
 .../dcorch/drivers/openstack/sysinv_v1.py     | 28 ++++++-------------
 1 file changed, 9 insertions(+), 19 deletions(-)

diff --git a/distributedcloud/dcorch/drivers/openstack/sysinv_v1.py b/distributedcloud/dcorch/drivers/openstack/sysinv_v1.py
index c8c9e4157..fb0f3ceb6 100644
--- a/distributedcloud/dcorch/drivers/openstack/sysinv_v1.py
+++ b/distributedcloud/dcorch/drivers/openstack/sysinv_v1.py
@@ -514,12 +514,6 @@ class SysinvClient(base.DriverBase):
         LOG.info("update_certificate signature {} data {}".format(
             signature, data))
         if not certificate:
-            tpmconfigs = self.client.tpmconfig.list()
-            if tpmconfigs:
-                LOG.info("region={} no certificates available, "
-                         "tpm configured".format(self.region_name))
-                return
-
             if data:
                 data['passphrase'] = None
                 mode = data.get('mode', sysinv_constants.CERT_MODE_SSL)
@@ -527,11 +521,10 @@ class SysinvClient(base.DriverBase):
                     certificate_files = [sysinv_constants.SSL_CERT_CA_FILE]
                 elif mode == sysinv_constants.CERT_MODE_SSL:
                     certificate_files = [sysinv_constants.SSL_PEM_FILE]
-                elif mode == sysinv_constants.CERT_MODE_MURANO_CA:
-                    certificate_files = [sysinv_constants.MURANO_CERT_CA_FILE]
-                elif mode == sysinv_constants.CERT_MODE_MURANO:
-                    certificate_files = [sysinv_constants.MURANO_CERT_KEY_FILE,
-                                         sysinv_constants.MURANO_CERT_FILE]
+                elif mode == sysinv_constants.CERT_MODE_DOCKER_REGISTRY:
+                    certificate_files = \
+                        [sysinv_constants.DOCKER_REGISTRY_KEY_FILE,
+                         sysinv_constants.DOCKER_REGISTRY_CERT_FILE]
                 else:
                     LOG.warn("update_certificate mode {} not supported".format(
                         mode))
@@ -545,14 +538,11 @@ class SysinvClient(base.DriverBase):
                 data['mode'] = sysinv_constants.CERT_MODE_SSL
                 certificate_files = [sysinv_constants.SSL_PEM_FILE]
             elif signature and signature.startswith(
-                    sysinv_constants.CERT_MODE_MURANO_CA):
-                data['mode'] = sysinv_constants.CERT_MODE_MURANO_CA
-                certificate_files = [sysinv_constants.MURANO_CERT_CA_FILE]
-            elif signature and signature.startswith(
-                    sysinv_constants.CERT_MODE_MURANO + '_'):
-                data['mode'] = sysinv_constants.CERT_MODE_MURANO
-                certificate_files = [sysinv_constants.MURANO_CERT_KEY_FILE,
-                                     sysinv_constants.MURANO_CERT_FILE]
+                    sysinv_constants.CERT_MODE_DOCKER_REGISTRY):
+                data['mode'] = sysinv_constants.CERT_MODE_DOCKER_REGISTRY
+                certificate_files = \
+                    [sysinv_constants.DOCKER_REGISTRY_KEY_FILE,
+                     sysinv_constants.DOCKER_REGISTRY_CERT_FILE]
             else:
                 LOG.warn("update_certificate signature {} "
                          "not supported".format(signature))