Merge pull request #27 from citrix/v0.9.8-beta-2

Citrix xDS-Adaptor v0.9.8-beta-2

Author: subashd

adsclient/ads_client.go

@@ -84,8 +84,8 @@ type apiRequest struct {
 	nonce       string
 	resources   map[string]interface{}
 	/*
-		ldsURL -> [filterChaninName]
-		rdsURL -> lds Name, filterChainName, serviceType
+		ldsURL -> [csVsName]
+		rdsURL -> lds Name, CsVsName, serviceType
 		cdsURL -> serviceType
 		edsURL -> cds Name
 	*/
@@ -181,7 +181,7 @@ func cdsHandler(client *AdsClient, m *discovery.DiscoveryResponse) {
 		edsName := ""
 		if _, ok := client.apiRequests[cdsURL].resources[cdsResource.Name]; ok {
 			edsName = client.cdsAddHandler(client.nsConfigAdaptor, cdsResource, client.apiRequests[cdsURL].resources[cdsResource.Name])
-		} else {
+		} else if multiClusterIngress {
 			edsName = client.cdsAddHandler(client.nsConfigAdaptor, cdsResource, "HTTP")
 		}
 		if edsName != "" {
@@ -229,8 +229,8 @@ func ldsHandler(client *AdsClient, m *discovery.DiscoveryResponse) {
 					client.apiRequests[cdsURL].resources[cdsConfigName] = dependentResources["serviceType"]
 				}
 			}
-			if dependentResources["filterChainName"].(string) != "" {
-				ldsResources[ldsResource.Name] = append(ldsResources[ldsResource.Name].([]string), dependentResources["filterChainName"].(string))
+			if dependentResources["csVsName"].(string) != "" {
+				ldsResources[ldsResource.Name] = append(ldsResources[ldsResource.Name].([]string), dependentResources["csVsName"].(string))
 			}
 		}
 	}
@@ -461,7 +461,9 @@ func (client *AdsClient) StartClient() {
 					rdsURL: &apiRequest{typeURL: rdsURL, handler: rdsHandler, resources: make(map[string]interface{})},
 				}
 				client.writeADSRequest(client.apiRequests[ldsURL])
-				client.writeADSRequest(client.apiRequests[cdsURL])
+				if multiClusterIngress {
+					client.writeADSRequest(client.apiRequests[cdsURL])
+				}
 				client.readADSResponse()
 				client.stopClientConnection(true)
 			}

adsclient/ads_client_test.go

@@ -96,6 +96,9 @@ func Test_StartClient(t *testing.T) {
 
 func Test_http_clusters(t *testing.T) {
 	t.Log("http clusters test start")
+	multiClusterIngress = true // To get all clusters from xds-server
+	multiClusterPolExprStr = ".global"
+	multiClusterListenPort = 15443
 	env.ClearNetscalerConfig()
 	grpcServer, err := env.NewGrpcADSServer(0)
 	if err != nil {

adsclient/ads_handler.go

@@ -310,6 +310,7 @@ func clusterDel(nsConfig *configAdaptor, clusterName string) {
 	}
 	nsConfig.delConfig(&confBl)
 }
+
 func getAuthConfig(nsConfig *configAdaptor, listenerName string, httpFilters []*envoyFilterHttp.HttpFilter) *nsconfigengine.AuthSpec {
 	for _, httpFilter := range httpFilters {
 		switch httpFilter.GetName() {
@@ -409,7 +410,8 @@ func getFrontEndTLSConfig(nsConfig *configAdaptor, csObj *nsconfigengine.CSApi,
 	}
 }
 
-func getListenerFilterChainConfig(nsConfig *configAdaptor, csObjMap map[string]interface{}, listener *xdsListener.Listener, filterChain *xdsListener.FilterChain) (map[string]interface{}, error) {
+// constructVserverInfoFromListenerFC returns vserverName, vserverIP, vserverPort and filterChainName
+func constructVserverInfoFromListenerFC(nsConfig *configAdaptor, filterChain *xdsListener.FilterChain, listener *xdsListener.Listener) (string, string, uint32, string) {
 	entityName := nsconfigengine.GetNSCompatibleName(listener.GetName())
 	vserverAddress := listener.GetAddress().GetSocketAddress().GetAddress()
 	vserverPort := listener.GetAddress().GetSocketAddress().GetPortValue()
@@ -421,12 +423,18 @@ func getListenerFilterChainConfig(nsConfig *configAdaptor, csObjMap map[string]i
 	}
 	if vserverAddress == "0.0.0.0" {
 		vserverAddress = "*"
-		if nsConfig.vserverIP != "" {
+		if nsConfig.vserverIP != "" { // Gateway mode. Never a case in sidecar deployment
 			vserverAddress = nsConfig.vserverIP
+			entityName = nsconfigengine.GetPrefixForGateway(vserverAddress) + entityName
 		}
 	} else if vserverAddress == localHostIP {
 		vserverAddress = nsConfig.localHostVIP
 	}
+	return entityName, vserverAddress, vserverPort, filterChainName
+}
+
+func getListenerFilterChainConfig(nsConfig *configAdaptor, csObjMap map[string]interface{}, listener *xdsListener.Listener, filterChain *xdsListener.FilterChain) (map[string]interface{}, error) {
+	entityName, vserverAddress, vserverPort, _ := constructVserverInfoFromListenerFC(nsConfig, filterChain, listener)
 	vserverType, serviceType, err := getListenerFilterType(nsConfig, filterChain, listener)
 	if err != nil {
 		log.Printf("[TRACE] Listener's filter type not supported. %s", err.Error())
@@ -442,7 +450,7 @@ func getListenerFilterChainConfig(nsConfig *configAdaptor, csObjMap map[string]i
 			csObj.AllowACL = true
 			csObj.AnalyticsProfileNames = nsConfig.analyticsProfiles
 		}
-		csObjMap[csObjMapKey] = map[string]interface{}{"csObj": csObj, "rdsNames": nil, "cdsNames": nil, "serviceType": serviceType, "filterChainName": filterChainName, "listenerName": listener.GetName()}
+		csObjMap[csObjMapKey] = map[string]interface{}{"csObj": csObj, "rdsNames": nil, "cdsNames": nil, "serviceType": serviceType, "csVsName": entityName, "listenerName": listener.GetName()}
 		csObjMap[csObjMapKey].(map[string]interface{})["cdsNames"] = make([]string, 0)
 		csObjMap[csObjMapKey].(map[string]interface{})["rdsNames"] = make([]string, 0)
 	}
@@ -684,7 +692,7 @@ func listenerAdd(nsConfig *configAdaptor, listener *xdsListener.Listener) []map[
 						nsConfig.addConfig(&confBl)
 					}
 					if routeConfig := httpCM.GetRouteConfig(); routeConfig != nil {
-						cdsMap := routeUpdate(nsConfig, []*xdsRoute.RouteConfiguration{routeConfig}, map[string]interface{}{"listenerName": listener.GetName(), "filterChainName": filterChain.GetName(), "serviceType": csObjMap["serviceType"].(string)})
+						cdsMap := routeUpdate(nsConfig, []*xdsRoute.RouteConfiguration{routeConfig}, map[string]interface{}{"csVsName": csObj.Name, "listenerName": listener.GetName(), "filterChainName": filterChain.GetName(), "serviceType": csObjMap["serviceType"].(string)})
 						csObjMap["cdsNames"] = append(csObjMap["cdsNames"].([]string), cdsMap["cdsNames"].([]string)...)
 					}
 					if rds := httpCM.GetRds(); rds != nil {
@@ -721,12 +729,11 @@ func listenerAdd(nsConfig *configAdaptor, listener *xdsListener.Listener) []map[
 	return csObjList
 }
 
-func listenerDel(nsConfig *configAdaptor, listenerName string, filterChainNames []string) {
-	log.Printf("[TRACE] listenerDel: %s filterChains(%v)", listenerName, filterChainNames)
+func listenerDel(nsConfig *configAdaptor, listenerName string, csVsNames []string) {
+	log.Printf("[TRACE] listenerDel: %s csVsNames(%v)", listenerName, csVsNames)
 	csObjs := make([]*nsconfigengine.CSApi, 0)
-	csObjs = append(csObjs, &nsconfigengine.CSApi{Name: nsconfigengine.GetNSCompatibleName(listenerName)})
-	for _, filterChainName := range filterChainNames {
-		csObjs = append(csObjs, &nsconfigengine.CSApi{Name: nsconfigengine.GetNSCompatibleName(listenerName) + "_" + nsconfigengine.GetNSCompatibleName(filterChainName)})
+	for _, csVsName := range csVsNames {
+		csObjs = append(csObjs, &nsconfigengine.CSApi{Name: csVsName})
 	}
 	confBl := configBlock{
 		configType:   ldsDel,
@@ -888,15 +895,10 @@ func getFault(typedPerFilterConfig map[string]*any.Any) nsconfigengine.Fault {
 func routeUpdate(nsConfig *configAdaptor, routes []*xdsRoute.RouteConfiguration, data interface{}) map[string]interface{} {
 	inputMap := data.(map[string]interface{})
 	log.Printf("[TRACE] routeUpdate: %v", routes)
+	log.Printf("[TRACE] In routeUpdate: inputMap=%v", inputMap)
 	clusterNames := make([]string, 0)
 	serviceType := inputMap["serviceType"].(string)
-	listenerName := inputMap["listenerName"].(string)
-	filterChainName := inputMap["filterChainName"].(string)
-	entityName := nsconfigengine.GetNSCompatibleName(listenerName)
-	if filterChainName != "" {
-		entityName = entityName + "_" + nsconfigengine.GetNSCompatibleName(filterChainName)
-	}
-
+	entityName := inputMap["csVsName"].(string)
 	csBindings := nsconfigengine.NewCSBindingsAPI(entityName)
 	confBl := configBlock{
 		configType:   rdsAdd,
@@ -920,7 +922,6 @@ func routeUpdate(nsConfig *configAdaptor, routes []*xdsRoute.RouteConfiguration,
 				log.Printf("[DEBUG] vroute.GetRoute()=%+v", vroute.GetRoute())
 				binding.RwPolicy.PrefixRewrite = vroute.GetRoute().GetPrefixRewrite()
 				binding.RwPolicy.HostRewrite = vroute.GetRoute().GetHostRewriteLiteral() //TODO: confirm GetHostRewriteHeader()
-				//for _, reqAddHeader := range vroute.GetRoute().GetRequestHeadersToAdd()  OLD - 1.1.2
 				for _, reqAddHeader := range vroute.GetRequestHeadersToAdd() {
 					binding.RwPolicy.AddHeaders = append(binding.RwPolicy.AddHeaders, nsconfigengine.RwHeader{Key: reqAddHeader.GetHeader().GetKey(), Value: reqAddHeader.GetHeader().GetValue()})
 				}

adsclient/ads_handler_test.go

@@ -113,7 +113,7 @@ func verifyObject(nsConfAdaptor *configAdaptor, configType discoveryType, resour
 	if configType == ldsAdd && len(receivedResponse.([]map[string]interface{})) > 1 {
 		listenerAddRet := receivedResponse.([]map[string]interface{})
 		sort.Slice(listenerAddRet[:], func(i, j int) bool {
-			return listenerAddRet[i]["filterChainName"].(string) < listenerAddRet[j]["filterChainName"].(string)
+			return listenerAddRet[i]["csVsName"].(string) < listenerAddRet[j]["csVsName"].(string)
 		})
 		receivedResponse = listenerAddRet
 	}
@@ -294,7 +294,7 @@ func Test_listenerAdd(t *testing.T) {
 		t.Errorf("MakeHttpListener failed with %v", err)
 	}
 	csObj := []*nsconfigengine.CSApi{&nsconfigengine.CSApi{Name: "l1", IP: "10.0.0.0", Port: 80, VserverType: "HTTP", AllowACL: false}}
-	err = verifyObject(nsConfAdaptor, ldsAdd, "l1", csObj, []map[string]interface{}{{"rdsNames": []string{"r1"}, "cdsNames": []string{}, "listenerName": "l1", "filterChainName": "", "serviceType": "HTTP"}}, listenerAdd(nsConfAdaptor, lds))
+	err = verifyObject(nsConfAdaptor, ldsAdd, "l1", csObj, []map[string]interface{}{{"rdsNames": []string{"r1"}, "cdsNames": []string{}, "listenerName": "l1", "csVsName": "l1", "serviceType": "HTTP"}}, listenerAdd(nsConfAdaptor, lds))
 	if err != nil {
 		t.Errorf("Verification failed - %v", err)
 	}
@@ -305,7 +305,7 @@ func Test_listenerAdd(t *testing.T) {
 		t.Errorf("MakeTcpListener failed with %v", err)
 	}
 	csObj = []*nsconfigengine.CSApi{&nsconfigengine.CSApi{Name: "l2", IP: "20.0.0.0", Port: 25, VserverType: "TCP", AllowACL: false, DefaultLbVserverName: "cl1"}}
-	err = verifyObject(nsConfAdaptor, ldsAdd, "l2", csObj, []map[string]interface{}{{"rdsNames": []string{}, "cdsNames": []string{"cl1"}, "listenerName": "l2", "filterChainName": "", "serviceType": "TCP"}}, listenerAdd(nsConfAdaptor, lds))
+	err = verifyObject(nsConfAdaptor, ldsAdd, "l2", csObj, []map[string]interface{}{{"rdsNames": []string{}, "cdsNames": []string{"cl1"}, "listenerName": "l2", "csVsName": "l2", "serviceType": "TCP"}}, listenerAdd(nsConfAdaptor, lds))
 	if err != nil {
 		t.Errorf("Verification failed - %v", err)
 	}
@@ -315,7 +315,7 @@ func Test_listenerAdd(t *testing.T) {
 		t.Errorf("MakeHttpsListener failed with %v", err)
 	}
 	csObj = []*nsconfigengine.CSApi{&nsconfigengine.CSApi{Name: "l3s", IP: "30.2.0.1", Port: 443, VserverType: "SSL", AllowACL: false, FrontendTLS: []nsconfigengine.SSLSpec{{SNICert: false, CertFilename: nsCertName, PrivateKeyFilename: nsKeyName, RootCertFilename: nsCertName + "_ic1"}}}}
-	err = verifyObject(nsConfAdaptor, ldsAdd, "l3s", csObj, []map[string]interface{}{{"rdsNames": []string{"r1"}, "cdsNames": []string{}, "listenerName": "l3s", "filterChainName": "", "serviceType": "HTTP"}}, listenerAdd(nsConfAdaptor, lds))
+	err = verifyObject(nsConfAdaptor, ldsAdd, "l3s", csObj, []map[string]interface{}{{"rdsNames": []string{"r1"}, "cdsNames": []string{}, "listenerName": "l3s", "csVsName": "l3s", "serviceType": "HTTP"}}, listenerAdd(nsConfAdaptor, lds))
 	if err != nil {
 		t.Errorf("Verification failed - %v", err)
 	}
@@ -326,7 +326,7 @@ func Test_listenerAdd(t *testing.T) {
 		t.Errorf("MakeHttpsListener failed with %v", err)
 	}
 	csObj = []*nsconfigengine.CSApi{&nsconfigengine.CSApi{Name: "l2s", IP: "30.0.0.1", Port: 443, VserverType: "SSL", AllowACL: false, FrontendTLS: []nsconfigengine.SSLSpec{{SNICert: false, CertFilename: nsCertFileName, PrivateKeyFilename: nsKeyFileName}}}}
-	err = verifyObject(nsConfAdaptor, ldsAdd, "l2s", csObj, []map[string]interface{}{{"rdsNames": []string{"r1"}, "cdsNames": []string{}, "listenerName": "l2s", "filterChainName": "", "serviceType": "HTTP"}}, listenerAdd(nsConfAdaptor, lds))
+	err = verifyObject(nsConfAdaptor, ldsAdd, "l2s", csObj, []map[string]interface{}{{"rdsNames": []string{"r1"}, "cdsNames": []string{}, "listenerName": "l2s", "csVsName": "l2s", "serviceType": "HTTP"}}, listenerAdd(nsConfAdaptor, lds))
 	if err != nil {
 		t.Errorf("Verification failed - %v", err)
 	}
@@ -358,9 +358,9 @@ func Test_listenerAdd(t *testing.T) {
 		{Name: "lm1_f3", IP: "1.1.1.1", Port: 1010, VserverType: "TCP", AllowACL: false, DefaultLbVserverName: "c3"},
 	}
 	listenerAddRetMapExp := []map[string]interface{}{
-		{"rdsNames": []string{}, "cdsNames": []string{"c1"}, "listenerName": "lm1", "filterChainName": "f1", "serviceType": "HTTP"},
-		{"rdsNames": []string{"r2"}, "cdsNames": []string{}, "listenerName": "lm1", "filterChainName": "f2", "serviceType": "HTTP"},
-		{"rdsNames": []string{}, "cdsNames": []string{"c3"}, "listenerName": "lm1", "filterChainName": "f3", "serviceType": "TCP"},
+		{"rdsNames": []string{}, "cdsNames": []string{"c1"}, "listenerName": "lm1", "csVsName": "lm1_f1", "serviceType": "HTTP"},
+		{"rdsNames": []string{"r2"}, "cdsNames": []string{}, "listenerName": "lm1", "csVsName": "lm1_f2", "serviceType": "HTTP"},
+		{"rdsNames": []string{}, "cdsNames": []string{"c3"}, "listenerName": "lm1", "csVsName": "lm1_f3", "serviceType": "TCP"},
 	}
 	err = verifyObject(nsConfAdaptor, ldsAdd, "lm1_f1", csObjExpLm1F1, listenerAddRetMapExp, listenerAdd(nsConfAdaptor, lds))
 	if err != nil {
@@ -383,14 +383,14 @@ func Test_listenerDel(t *testing.T) {
 	nsConfAdaptor := getNsConfAdaptor()
 	t.Logf("HTTP listener delete")
 	csObj := []*nsconfigengine.CSApi{&nsconfigengine.CSApi{Name: "l3"}}
-	listenerDel(nsConfAdaptor, "l3", []string{})
+	listenerDel(nsConfAdaptor, "l3", []string{"l3"})
 	err := verifyObject(nsConfAdaptor, ldsDel, "l3", csObj, nil, nil)
 	if err != nil {
 		t.Errorf("Verification failed - %v", err)
 	}
 	t.Logf("HTTP listener filterchains delete")
 	csObj = []*nsconfigengine.CSApi{{Name: "lm3"}, {Name: "lm3_fc1"}, {Name: "lm3_fc2"}}
-	listenerDel(nsConfAdaptor, "lm3", []string{"fc1", "fc2"})
+	listenerDel(nsConfAdaptor, "lm3", []string{"lm3", "lm3_fc1", "lm3_fc2"})
 	err = verifyObject(nsConfAdaptor, ldsDel, "lm3", csObj, nil, nil)
 	if err != nil {
 		t.Errorf("Verification failed - %v", err)
@@ -403,7 +403,7 @@ func Test_routeUpdate(t *testing.T) {
 	csBindings := nsconfigengine.NewCSBindingsAPI("cs1")
 	csBindings.Bindings = []nsconfigengine.CSBinding{{Rule: nsconfigengine.RouteMatch{Domains: []string{"*"}, Prefix: "/"}, CsPolicy: nsconfigengine.CsPolicy{Canary: []nsconfigengine.Canary{{LbVserverName: "cl1", LbVserverType: "HTTP", Weight: 100}}}}}
 	rds := env.MakeRoute("rt1", []env.RouteInfo{{Domain: "*", ClusterName: "cl1"}})
-	err := verifyObject(nsConfAdaptor, rdsAdd, "cs1", csBindings, map[string]interface{}{"cdsNames": []string{"cl1"}, "serviceType": "HTTP"}, routeUpdate(nsConfAdaptor, []*route.RouteConfiguration{rds}, map[string]interface{}{"listenerName": "cs1", "filterChainName": "", "serviceType": "HTTP"}))
+	err := verifyObject(nsConfAdaptor, rdsAdd, "cs1", csBindings, map[string]interface{}{"cdsNames": []string{"cl1"}, "serviceType": "HTTP"}, routeUpdate(nsConfAdaptor, []*route.RouteConfiguration{rds}, map[string]interface{}{"listenerName": "cs1", "csVsName": "cs1", "serviceType": "HTTP"}))
 	if err != nil {
 		t.Errorf("Verification failed - %v", err)
 	}

adsclient/watcher.go

@@ -145,24 +145,14 @@ func (w *Watcher) addDir(certPath, keyPath string) (string, string, string, erro
 					}
 				}
 				nsconfigengine.UploadCertData(w.nsConfig.client, certData, nsCertFileName, keyData, nsKeyFileName)
-				//nsconfigengine.AddCertKey(w.nsConfig.client, nsCertFileName, nsKeyFileName)
 				log.Println("[DEBUG] Added Key FIle", keyFile)
 				w.dirNames[dirName]["certFile"] = certFile
 				w.dirNames[dirName]["keyFile"] = keyFile
 				w.dirNames[dirName]["nsCertFileName"] = nsCertFileName
 				w.dirNames[dirName]["nsKeyFileName"] = nsKeyFileName
 				w.dirNames[dirName]["nsRootCertFile"] = ""
-				if totalCerts > 1 {
+				if multiClusterIngress && totalCerts > 1 {
 					w.dirNames[dirName]["nsRootCertFile"] = nsCertFileName + "_ic" + strconv.Itoa(totalCerts-1)
-					/*certChain, err := nsconfigengine.GetCertChain(w.nsConfig.client, nsCertFileName)
-					if err != nil {
-						log.Println("[ERROR] Failed getting CertChain", nsCertFileName, err)
-						return w.dirNames[dirName]["nsCertFileName"], w.dirNames[dirName]["nsKeyFileName"], w.dirNames[dirName]["nsRootCertFile"], err
-					}
-					if len(certChain) >= 1 {
-						log.Println("[DEBUG] rootCertFile", certChain[len(certChain)-1])
-						w.dirNames[dirName]["nsRootCertFile"] = certChain[len(certChain)-1]
-					}*/
 				}
 			}
 		} else {
@@ -183,7 +173,6 @@ func (w *Watcher) addDir(certPath, keyPath string) (string, string, string, erro
 			w.dirNames[dirName]["nsRootCertFile"] = nsRootFileName
 			log.Println("[DEBUG] nsRootfileName", nsRootFileName)
 			nsconfigengine.UploadCertData(w.nsConfig.client, certData, nsRootFileName, keyData, "")
-			//nsconfigengine.AddCertKey(w.nsConfig.client, nsRootFileName, "")
 			if err != nil {
 				log.Println("[ERROR] RootCertKey addition Failed ", nsRootFileName, err)
 				return "", "", "", err
@@ -212,8 +201,7 @@ func (w *Watcher) Run() {
 			if (event.Op&fsnotify.Remove == fsnotify.Remove) || (event.Op&fsnotify.Write == fsnotify.Write) {
 				log.Println("[DEBUG] Folder got Updated", event.Name)
 				// strings.Contains(event.Name, "..") this is for mounted certificates
-				//strings.Contains(event.Name, ClientCertFile)  for CSR generated
-				//if !strings.Contains(event.Name, "..") && !strings.Contains(event.Name, ClientCertFile) {
+				//strings.Contains(event.Name, ClientCertChainFile)  for CSR generated
 				if !strings.Contains(event.Name, "..") && !strings.Contains(event.Name, ClientCertChainFile) {
 					log.Println("[DEBUG] File not considered for update", event.Name)
 				} else {
@@ -233,7 +221,7 @@ func (w *Watcher) Run() {
 								if nsconfigengine.IsCertKeyPresent(w.nsConfig.client, nsCertFileName, nsKeyFileName) == false {
 									log.Println("[DEBUG] nsfileName", nsCertFileName, nsKeyFileName)
 									nsconfigengine.UploadCertData(w.nsConfig.client, certData, nsCertFileName, keyData, nsKeyFileName)
-									rootFileName, err := nsconfigengine.UpdateBindings(w.nsConfig.client, w.dirNames[uploadFilePath]["nsCertFileName"], w.dirNames[uploadFilePath]["nsCertFileName"], nsCertFileName, nsKeyFileName)
+									rootFileName, err := nsconfigengine.UpdateBindings(w.nsConfig.client, w.dirNames[uploadFilePath]["nsCertFileName"], w.dirNames[uploadFilePath]["nsCertFileName"], nsCertFileName, nsKeyFileName, multiClusterIngress)
 									if err == nil {
 										w.dirNames[uploadFilePath]["nsCertFileName"] = nsCertFileName
 										w.dirNames[uploadFilePath]["nsKeyFileName"] = nsKeyFileName
@@ -249,11 +237,11 @@ func (w *Watcher) Run() {
 							certData, _, err := getCertKeyData(certFile, "")
 							if err == nil {
 								nsRootFileName := nsconfigengine.GetNSCompatibleNameHash(string([]byte(certData)), 55)
-								log.Println("[DEBUG] nsRootiFileName", nsRootFileName)
+								log.Println("[DEBUG] nsRootFileName", nsRootFileName)
 								log.Println("[DEBUG] upload certFile Path", certFile)
 								var keyData []byte
 								nsconfigengine.UploadCertData(w.nsConfig.client, certData, nsRootFileName, keyData, "")
-								nsconfigengine.AddCertKey(w.nsConfig.client, nsRootFileName, "")
+								nsconfigengine.AddCertKey(w.nsConfig.client, nsRootFileName, "", false)
 								nsconfigengine.UpdateRootCABindings(w.nsConfig.client, w.dirNames[uploadFilePath]["nsRootFileName"], nsRootFileName)
 								nsconfigengine.DeleteCertKey(w.nsConfig.client, w.dirNames[uploadFilePath]["nsRootFileName"])
 								w.dirNames[uploadFilePath]["nsRootFileName"] = nsRootFileName