Fix empty key value in mine
We need to use another source of certificate if 'key' in mine is
'None' or we can't finish the state.
Related-PROD: PROD-36372
Change-Id: Ic2a248b19c273d6f5d737427f7e002c63b20d2c4
diff --git a/barbican/map.jinja b/barbican/map.jinja
index b6856ce..1566905 100644
--- a/barbican/map.jinja
+++ b/barbican/map.jinja
@@ -51,12 +51,11 @@
{# Dogtag cert source case #2: Cert from Mine. #}
{%- if server.dogtag_admin_cert.engine == 'mine' %}
-{%- set dogtag_mine_admin_certs = salt['mine.get']('I@dogtag:server', 'dogtag_admin_cert', 'compound') %}
-{%- if dogtag_mine_admin_certs.get(server.dogtag_admin_cert.minion) == None %}
-{%- do server.dogtag_admin_cert.pop('key', None) %}
-{%- else %}
-{%- do server.dogtag_admin_cert.update({'key': dogtag_mine_admin_certs.get(server.dogtag_admin_cert.minion) }) %}
-{%- endif %}
+ {%- set dogtag_mine_admin_certs = salt['mine.get']('I@dogtag:server', 'dogtag_admin_cert', 'compound') %}
+ {%- if dogtag_mine_admin_certs.get(server.dogtag_admin_cert.minion) == None %}
+ {%- do salt['mine.send']('I@dogtag:server:role:master', 'dogtag_admin_cert', "cmd.run 'cat /etc/dogtag/kra_admin_cert.pem'") %}
+ {%- endif %}
+ {%- do server.dogtag_admin_cert.update({'key': dogtag_mine_admin_certs.get(server.dogtag_admin_cert.minion) }) %}
{%- endif %}
{%- set client = salt['grains.filter_by'](client_defaults, merge=salt['pillar.get']('barbican:client')) %}