From 569b457592d3f3c95aba72f5f52108316842b6fe Mon Sep 17 00:00:00 2001
From: Bin Qian <bin.qian@windriver.com>
Date: Wed, 14 Apr 2021 14:54:40 -0400
Subject: [PATCH] Generate admin ep cert on subcloud controllers in puppet

Enabled admin endpoint cert to be generated in manifest directly
from k8s secret data (via secure hieradata). This operation is
consistant to the system controller as well as admin endpoint cert
renewal.

Partial-Bug: 1923510

Change-Id: I442f3c2c97cf83588aefa8b4fe808834a31fdcc5
Signed-off-by: Bin Qian <bin.qian@windriver.com>
---
 puppet-manifests/src/modules/platform/manifests/config.pp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/puppet-manifests/src/modules/platform/manifests/config.pp b/puppet-manifests/src/modules/platform/manifests/config.pp
index 17099913f..50d4bd994 100644
--- a/puppet-manifests/src/modules/platform/manifests/config.pp
+++ b/puppet-manifests/src/modules/platform/manifests/config.pp
@@ -354,7 +354,8 @@ class platform::config::pre {
   include ::platform::config::file
   include ::platform::config::tpm
   include ::platform::config::certs::ssl_ca
-  if ($::platform::params::distributed_cloud_role =='systemcontroller' and
+  if (($::platform::params::distributed_cloud_role =='systemcontroller' or
+        $::platform::params::distributed_cloud_role =='subcloud') and
       $::personality == 'controller') {
     include ::platform::config::dc_root_ca
   }