cloud-init/Fedora-Enable-CA-handling.patch

From 7ea5446f0e46d0e7a8a6226cf1f5949b44f83d72 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Franti=C5=A1ek=20Zatloukal?= <fzatlouk@redhat.com>
Date: Wed, 22 Mar 2023 11:51:52 +0100
Subject: [PATCH] Fedora: Enable CA handling

Fedora wasn't previously supported for CA handling. Enabling this
allows the testsuite to pass when ran on a Fedora system. The conf
override is the same as for rhel.
---
 cloudinit/config/cc_ca_certs.py            | 9 ++++++++-
 tests/unittests/config/test_cc_ca_certs.py | 2 ++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/cloudinit/config/cc_ca_certs.py b/cloudinit/config/cc_ca_certs.py
index 169b0e18..599145c8 100644
--- a/cloudinit/config/cc_ca_certs.py
+++ b/cloudinit/config/cc_ca_certs.py
@@ -25,6 +25,13 @@ DEFAULT_CONFIG = {
     "ca_cert_update_cmd": ["update-ca-certificates"],
 }
 DISTRO_OVERRIDES = {
+    "fedora": {
+        "ca_cert_path": "/etc/pki/ca-trust/",
+        "ca_cert_local_path": "/usr/share/pki/ca-trust-source/",
+        "ca_cert_filename": "anchors/cloud-init-ca-cert-{cert_index}.crt",
+        "ca_cert_config": None,
+        "ca_cert_update_cmd": ["update-ca-trust"],
+    },
     "rhel": {
         "ca_cert_path": "/etc/pki/ca-trust/",
         "ca_cert_local_path": "/usr/share/pki/ca-trust-source/",
@@ -48,7 +55,7 @@ configuration option ``remove_defaults``.
     Alpine Linux requires the ca-certificates package to be installed in
     order to provide the ``update-ca-certificates`` command.
 """
-distros = ["alpine", "debian", "rhel", "ubuntu"]
+distros = ["alpine", "debian", "fedora", "rhel", "ubuntu"]
 
 meta: MetaSchema = {
     "id": "cc_ca_certs",
diff --git a/tests/unittests/config/test_cc_ca_certs.py b/tests/unittests/config/test_cc_ca_certs.py
index 19e5d422..6db17485 100644
--- a/tests/unittests/config/test_cc_ca_certs.py
+++ b/tests/unittests/config/test_cc_ca_certs.py
@@ -311,6 +311,7 @@ class TestRemoveDefaultCaCerts(TestCase):
                 "cloud_dir": tmpdir,
             }
         )
+        self.add_patch("cloudinit.config.cc_ca_certs.os.stat", "m_stat")
 
     def test_commands(self):
         ca_certs_content = "# line1\nline2\nline3\n"
@@ -318,6 +319,7 @@ class TestRemoveDefaultCaCerts(TestCase):
             "# line1\n# Modified by cloud-init to deselect certs due to"
             " user-data\n!line2\n!line3\n"
         )
+        self.m_stat.return_value.st_size = 1
 
         for distro_name in cc_ca_certs.distros:
             conf = cc_ca_certs._distro_ca_certs_configs(distro_name)
-- 
2.39.2
Rebase to 23.1.1 2023-03-22 13:35:32 +00:00			`From 7ea5446f0e46d0e7a8a6226cf1f5949b44f83d72 Mon Sep 17 00:00:00 2001`
			`From: =?UTF-8?q?Franti=C5=A1ek=20Zatloukal?= <fzatlouk@redhat.com>`
			`Date: Wed, 22 Mar 2023 11:51:52 +0100`
			`Subject: [PATCH] Fedora: Enable CA handling`

			`Fedora wasn't previously supported for CA handling. Enabling this`
			`allows the testsuite to pass when ran on a Fedora system. The conf`
			`override is the same as for rhel.`
			`---`
			`cloudinit/config/cc_ca_certs.py \| 9 ++++++++-`
			`tests/unittests/config/test_cc_ca_certs.py \| 2 ++`
			`2 files changed, 10 insertions(+), 1 deletion(-)`

			`diff --git a/cloudinit/config/cc_ca_certs.py b/cloudinit/config/cc_ca_certs.py`
			`index 169b0e18..599145c8 100644`
			`--- a/cloudinit/config/cc_ca_certs.py`
			`+++ b/cloudinit/config/cc_ca_certs.py`
			`@@ -25,6 +25,13 @@ DEFAULT_CONFIG = {`
			`"ca_cert_update_cmd": ["update-ca-certificates"],`
			`}`
			`DISTRO_OVERRIDES = {`
			`+ "fedora": {`
			`+ "ca_cert_path": "/etc/pki/ca-trust/",`
			`+ "ca_cert_local_path": "/usr/share/pki/ca-trust-source/",`
			`+ "ca_cert_filename": "anchors/cloud-init-ca-cert-{cert_index}.crt",`
			`+ "ca_cert_config": None,`
			`+ "ca_cert_update_cmd": ["update-ca-trust"],`
			`+ },`
			`"rhel": {`
			`"ca_cert_path": "/etc/pki/ca-trust/",`
			`"ca_cert_local_path": "/usr/share/pki/ca-trust-source/",`
			@@ -48,7 +55,7 @@ configuration option ``remove_defaults``.
			`Alpine Linux requires the ca-certificates package to be installed in`
			order to provide the ``update-ca-certificates`` command.
			`"""`
			`-distros = ["alpine", "debian", "rhel", "ubuntu"]`
			`+distros = ["alpine", "debian", "fedora", "rhel", "ubuntu"]`

			`meta: MetaSchema = {`
			`"id": "cc_ca_certs",`
			`diff --git a/tests/unittests/config/test_cc_ca_certs.py b/tests/unittests/config/test_cc_ca_certs.py`
			`index 19e5d422..6db17485 100644`
			`--- a/tests/unittests/config/test_cc_ca_certs.py`
			`+++ b/tests/unittests/config/test_cc_ca_certs.py`
			`@@ -311,6 +311,7 @@ class TestRemoveDefaultCaCerts(TestCase):`
			`"cloud_dir": tmpdir,`
			`}`
			`)`
			`+ self.add_patch("cloudinit.config.cc_ca_certs.os.stat", "m_stat")`

			`def test_commands(self):`
			`ca_certs_content = "# line1\nline2\nline3\n"`
			`@@ -318,6 +319,7 @@ class TestRemoveDefaultCaCerts(TestCase):`
			`"# line1\n# Modified by cloud-init to deselect certs due to"`
			`" user-data\n!line2\n!line3\n"`
			`)`
			`+ self.m_stat.return_value.st_size = 1`

			`for distro_name in cc_ca_certs.distros:`
			`conf = cc_ca_certs._distro_ca_certs_configs(distro_name)`
			`--`
			`2.39.2`