Bug 963419

Summary: RHC unable to upload custom ssl
Product: OKD Reporter: Diego Castro <spinolacastro>
Component: ocAssignee: Clayton Coleman <ccoleman>
Status: CLOSED CURRENTRELEASE QA Contact: libra bugs <libra-bugs>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 2.xCC: jinzhang, wsun, xtian
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-06-11 03:58:16 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Diego Castro 2013-05-15 18:41:31 UTC 
Description of problem:
Unable to add custom ssl via rhc

Version-Release number of selected component (if applicable):
rhc (1.8.9)

How reproducible:
rhc alias-update-cert secure2 secure2.teste.com.br --certificate mysitename.crt --private-key mysitename.key

Result:

/Users/diego/.rvm/gems/ruby-1.8.7-p370/gems/rhc-1.8.9/lib/rhc/rest/base.rb:21:in `rest_method': No link defined for UPDATE (RuntimeError)
	from /Users/diego/.rvm/gems/ruby-1.8.7-p370/gems/rhc-1.8.9/lib/rhc/rest/alias.rb:20:in `add_certificate'
	from /Users/diego/.rvm/gems/ruby-1.8.7-p370/gems/rhc-1.8.9/lib/rhc/commands/alias.rb:81:in `update_cert'
	from /Users/diego/.rvm/gems/ruby-1.8.7-p370/gems/rhc-1.8.9/lib/rhc/commands.rb:240:in `send'
	from /Users/diego/.rvm/gems/ruby-1.8.7-p370/gems/rhc-1.8.9/lib/rhc/commands.rb:240:in `execute'
	from /Users/diego/.rvm/gems/ruby-1.8.7-p370/gems/rhc-1.8.9/lib/rhc/commands.rb:231:in `to_commander'
	from /Users/diego/.rvm/gems/ruby-1.8.7-p370/gems/commander-4.1.3/lib/commander/command.rb:180:in `call'
	from /Users/diego/.rvm/gems/ruby-1.8.7-p370/gems/commander-4.1.3/lib/commander/command.rb:180:in `call'
	from /Users/diego/.rvm/gems/ruby-1.8.7-p370/gems/commander-4.1.3/lib/commander/command.rb:155:in `run'
	from /Users/diego/.rvm/gems/ruby-1.8.7-p370/gems/commander-4.1.3/lib/commander/runner.rb:402:in `run_active_command'
	from /Users/diego/.rvm/gems/ruby-1.8.7-p370/gems/rhc-1.8.9/lib/rhc/command_runner.rb:70:in `run!'
	from /Users/diego/.rvm/gems/ruby-1.8.7-p370/gems/commander-4.1.3/lib/commander/delegates.rb:7:in `run!'
	from /Users/diego/.rvm/gems/ruby-1.8.7-p370/gems/rhc-1.8.9/lib/rhc/cli.rb:36:in `start'
	from /Users/diego/.rvm/gems/ruby-1.8.7-p370/gems/rhc-1.8.9/bin/rhc:18
	from /Users/diego/.rvm/gems/ruby-1.8.7-p370/bin/rhc:19:in `load'
	from /Users/diego/.rvm/gems/ruby-1.8.7-p370/bin/rhc:19
	from /Users/diego/.rvm/gems/ruby-1.8.7-p370/bin/ruby_noexec_wrapper:14
Comment 1 joycezhang 2013-05-16 02:55:41 UTC 
QE can't reproduce this bug as below:

Build version:
rhc-1.8.9

Step:
1. Add alias to an app
# rhc alias add ruby182 secure2.teste.com.br
Alias 'secure2.teste.com.br' has been added.

2. Update cert to the alias
# rhc alias-update-cert ruby182 secure2.teste.com.br --certificate server.crt --private-key server.key
SSL certificate successfully added.
Comment 2 Clayton Coleman 2013-05-16 13:56:08 UTC 
Fixed it so that we use the presence of the UPDATE link to detect whether the certificate can be set. https://github.com/openshift/rhc/pull/385

Please validate that your server supports the UPDATE operation on keys in version 1.4 - we added those two together so it should be supported.
Comment 3 openshift-github-bot 2013-05-16 16:29:52 UTC 
Commit pushed to master at https://github.com/openshift/rhc

https://github.com/openshift/rhc/commit/2911261b4503394598f57731dd5d9cd9b608c069
Bug 963419 - Don't check API versions, check client links
Comment 4 joycezhang 2013-05-17 10:12:37 UTC 
Verified this bug with rhc-1.9.2 , the error message is returned when updating certs against a server which can't support SSL as below:

#rhc alias-update-cert app1  secure2.teste.com.br --certificate server.crt --private-key server.key  
The server does not support SSL certificates for custom aliases.
Comment 5 Xiaoli Tian 2013-05-17 10:25:36 UTC 
(In reply to comment #4)
> Verified this bug with rhc-1.9.2 , the error message is returned when
> updating certs against a server which can't support SSL as below:
> 
> #rhc alias-update-cert app1  secure2.teste.com.br --certificate server.crt
> --private-key server.key  
> The server does not support SSL certificates for custom aliases.

To simulate the not-supported api by removing or commenting out the following code in /openshift-origin-controller-1.9.2/app/rest_models/rest-alias.rb file and restart broker service

#        "UPDATE" => Link.new("Update alias", "PUT", URI::join(url, "domains/#{domain_id}/applications/#{app_id}/aliases/#{self.id}"),
#          [Param.new("ssl_certificate", "string", "Content of SSL Certificate"), 
#            Param.new("private_key", "string", "Private key for the certificate.  Required if adding a certificate")], 
#            [OptionalParam.new("pass_phrase", "string", "Optional passphrase for the private key")]),