microsoft/SDN

VMM Service Template makes assumption that only a single file will be in cert directories

eponerine opened this issue · 0 comments

In PrepareNodeForNetworkController.ps1, on the below lines, the script calls Get-ChildItem and only excludes the SCVMMCRTag.cr file.

If there are more files present in that directory, such as older, expired certificates or even a README file for user notes, that variable ends up being a collection and the script bombs out because it is expecting only 1 file and specifically only certificate files with certain extension.

I recommend requiring a specific filename for the certs or further limit the filter with an extension matching the .pfx or .cer

$sslCertFile = Get-ChildItem $sslCertPath -Recurse -Exclude @("SCVMMCRTag.cr")

https://github.com/microsoft/SDN/blob/master/VMM/Templates/NC/NCSetup.cr/PrepareNodeForNetworkController.ps1#L54

https://github.com/microsoft/SDN/blob/master/VMM/Templates/NC/NCSetup.cr/PrepareNodeForNetworkController.ps1#L134