forked from rpms/cloud-init
89 lines
3.2 KiB
Diff
89 lines
3.2 KiB
Diff
|
From 8b9627be7ed3e44c6890e52723cb86375f56a0e4 Mon Sep 17 00:00:00 2001
|
||
|
From: Shreenidhi Shedi <53473811+sshedi@users.noreply.github.com>
|
||
|
Date: Fri, 17 Mar 2023 03:01:22 +0530
|
||
|
Subject: [PATCH 05/11] Handle non existent ca-cert-config situation (#2073)
|
||
|
|
||
|
Currently if a cert file doesn't exist, cc_ca_certs module crashes
|
||
|
This fix makes it possible to handle it gracefully.
|
||
|
|
||
|
Also, out_lines variable may not be available if os.stat returns 0.
|
||
|
This issue is also taken care of.
|
||
|
|
||
|
Added tests for the same.
|
||
|
|
||
|
(cherry picked from commit 3634678465e7b8f8608bcb9a1f5773ae7837cbe9)
|
||
|
Signed-off-by: Ani Sinha <anisinha@redhat.com>
|
||
|
---
|
||
|
cloudinit/config/cc_ca_certs.py | 19 +++++++++++++------
|
||
|
tests/unittests/config/test_cc_ca_certs.py | 12 ++++++++++++
|
||
|
2 files changed, 25 insertions(+), 6 deletions(-)
|
||
|
|
||
|
diff --git a/cloudinit/config/cc_ca_certs.py b/cloudinit/config/cc_ca_certs.py
|
||
|
index 51b8577c..4dc08681 100644
|
||
|
--- a/cloudinit/config/cc_ca_certs.py
|
||
|
+++ b/cloudinit/config/cc_ca_certs.py
|
||
|
@@ -177,14 +177,20 @@ def disable_system_ca_certs(distro_cfg):
|
||
|
|
||
|
@param distro_cfg: A hash providing _distro_ca_certs_configs function.
|
||
|
"""
|
||
|
- if distro_cfg["ca_cert_config"] is None:
|
||
|
+
|
||
|
+ ca_cert_cfg_fn = distro_cfg["ca_cert_config"]
|
||
|
+
|
||
|
+ if not ca_cert_cfg_fn or not os.path.exists(ca_cert_cfg_fn):
|
||
|
return
|
||
|
+
|
||
|
header_comment = (
|
||
|
"# Modified by cloud-init to deselect certs due to user-data"
|
||
|
)
|
||
|
+
|
||
|
added_header = False
|
||
|
- if os.stat(distro_cfg["ca_cert_config"]).st_size != 0:
|
||
|
- orig = util.load_file(distro_cfg["ca_cert_config"])
|
||
|
+
|
||
|
+ if os.stat(ca_cert_cfg_fn).st_size:
|
||
|
+ orig = util.load_file(ca_cert_cfg_fn)
|
||
|
out_lines = []
|
||
|
for line in orig.splitlines():
|
||
|
if line == header_comment:
|
||
|
@@ -197,9 +203,10 @@ def disable_system_ca_certs(distro_cfg):
|
||
|
out_lines.append(header_comment)
|
||
|
added_header = True
|
||
|
out_lines.append("!" + line)
|
||
|
- util.write_file(
|
||
|
- distro_cfg["ca_cert_config"], "\n".join(out_lines) + "\n", omode="wb"
|
||
|
- )
|
||
|
+
|
||
|
+ util.write_file(
|
||
|
+ ca_cert_cfg_fn, "\n".join(out_lines) + "\n", omode="wb"
|
||
|
+ )
|
||
|
|
||
|
|
||
|
def remove_default_ca_certs(distro_cfg):
|
||
|
diff --git a/tests/unittests/config/test_cc_ca_certs.py b/tests/unittests/config/test_cc_ca_certs.py
|
||
|
index 6db17485..5f1894e7 100644
|
||
|
--- a/tests/unittests/config/test_cc_ca_certs.py
|
||
|
+++ b/tests/unittests/config/test_cc_ca_certs.py
|
||
|
@@ -365,6 +365,18 @@ class TestRemoveDefaultCaCerts(TestCase):
|
||
|
else:
|
||
|
assert mock_subp.call_count == 0
|
||
|
|
||
|
+ def test_non_existent_cert_cfg(self):
|
||
|
+ self.m_stat.return_value.st_size = 0
|
||
|
+
|
||
|
+ for distro_name in cc_ca_certs.distros:
|
||
|
+ conf = cc_ca_certs._distro_ca_certs_configs(distro_name)
|
||
|
+ with ExitStack() as mocks:
|
||
|
+ mocks.enter_context(
|
||
|
+ mock.patch.object(util, "delete_dir_contents")
|
||
|
+ )
|
||
|
+ mocks.enter_context(mock.patch.object(subp, "subp"))
|
||
|
+ cc_ca_certs.disable_default_ca_certs(distro_name, conf)
|
||
|
+
|
||
|
|
||
|
class TestCACertsSchema:
|
||
|
"""Directly test schema rather than through handle."""
|
||
|
--
|
||
|
2.39.3
|
||
|
|