From f68d708f41d70ecb1d6cc5946cbf2013facd5425 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Hunor=20Csomort=C3=A1ni?= <csomh@redhat.com>
Date: Thu, 8 Nov 2018 16:39:02 +0100
Subject: [PATCH] Add the test UMB server CA to the backend image
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Hunor Csomortáni <csomh@redhat.com>
---
 openshift/backend/Dockerfile     | 4 ++++
 openshift/mbs-test-template.yaml | 1 +
 2 files changed, 5 insertions(+)

diff --git a/openshift/backend/Dockerfile b/openshift/backend/Dockerfile
index 3492256f..62ad3efe 100644
--- a/openshift/backend/Dockerfile
+++ b/openshift/backend/Dockerfile
@@ -10,6 +10,7 @@ LABEL \
 # The caller can chose to provide an already built module-build-service RPM.
 ARG mbs_rpm=module-build-service
 ARG mbs_messaging_umb_rpm
+ARG umb_ca_crt
 
 RUN dnf -y install \
             python2-pungi \
@@ -19,6 +20,9 @@ RUN dnf -y install \
             $mbs_messaging_umb_rpm \
     && dnf -y clean all
 
+ADD $umb_ca_crt /etc/pki/ca-trust/source/anchors/umb_serverca.crt
+# Do this as a workaround instead of `update-ca-trust`
+RUN cat /etc/pki/ca-trust/source/anchors/umb_serverca.crt >> /etc/pki/tls/certs/ca-bundle.crt
 
 VOLUME ["/etc/module-build-service", "/etc/fedmsg.d", "/etc/mbs-certs"]
 ENTRYPOINT fedmsg-hub
diff --git a/openshift/mbs-test-template.yaml b/openshift/mbs-test-template.yaml
index 61dfcde1..fbdd70f6 100644
--- a/openshift/mbs-test-template.yaml
+++ b/openshift/mbs-test-template.yaml
@@ -492,6 +492,7 @@ objects:
           'stomp_heartbeat': 5000,
           'stomp_ssl_crt': '/etc/mbs-certs/messaging.crt',
           'stomp_ssl_key': '/etc/mbs-certs/messaging.key',
+          'stomp_ca_certs': None,
           'stomp_ack_mode': 'auto',
       }
     mbs-scheduler.py: |