From 42f8056d56b0632071fa7cad273b7e5b284b1875 Mon Sep 17 00:00:00 2001
From: Jarrod Johnson <jjohnson2@lenovo.com>
Date: Thu, 24 Jun 2021 14:53:54 -0400
Subject: [PATCH] Fix apiclient with TPM managed token

The retry mechanism is amended
to clear out the useless key
and start trying to get a network grant again.
---
 confluent_osdeploy/common/opt/confluent/bin/apiclient | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/confluent_osdeploy/common/opt/confluent/bin/apiclient b/confluent_osdeploy/common/opt/confluent/bin/apiclient
index 181171fb..d4d6e625 100644
--- a/confluent_osdeploy/common/opt/confluent/bin/apiclient
+++ b/confluent_osdeploy/common/opt/confluent/bin/apiclient
@@ -20,7 +20,10 @@ def get_apikey(nodename, mgr):
         if apikey:
             return apikey
     while not apikey:
-        apikey = subprocess.check_output(['/opt/confluent/bin/clortho', nodename, mgr])
+        try:
+            apikey = subprocess.check_output(['/opt/confluent/bin/clortho', nodename, mgr])
+        except subprocess.CalledProcessError:
+            apikey = ''
         if not isinstance(apikey, str):
             apikey = apikey.decode('utf8')
         if apikey.startswith('SEALED:'):
@@ -116,6 +119,8 @@ class HTTPSClient(client.HTTPConnection, object):
             if rsp.status == 401:
                 authed = False
                 rsp.read()
+                with open('/etc/confluent/confluent.apikey', 'w+') as akfile:
+                    akfile.write()
                 self.stdheaders['CONFLUENT_APIKEY'] = get_apikey(
                     self.node, self.host)
         raise Exception(rsp.read())