From 9ab893043254e7c8fdc219579fbc958366d32ca8 Mon Sep 17 00:00:00 2001 From: Shreenidhi Shedi Date: Tue, 14 Mar 2023 15:51:15 +0530 Subject: [PATCH 1/5] cc_ca_certs.py: store distro_cfg['ca_cert_config'] in a variable Signed-off-by: Shreenidhi Shedi --- cloudinit/config/cc_ca_certs.py | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/cloudinit/config/cc_ca_certs.py b/cloudinit/config/cc_ca_certs.py index b1c4a2bf01..77375285b2 100644 --- a/cloudinit/config/cc_ca_certs.py +++ b/cloudinit/config/cc_ca_certs.py @@ -177,14 +177,20 @@ def disable_system_ca_certs(distro_cfg): @param distro_cfg: A hash providing _distro_ca_certs_configs function. """ - if distro_cfg["ca_cert_config"] is None: + + ca_cert_cfg_fn = distro_cfg["ca_cert_config"] + + if ca_cert_cfg_fn is None: return + header_comment = ( "# Modified by cloud-init to deselect certs due to user-data" ) + added_header = False - if os.stat(distro_cfg["ca_cert_config"]).st_size != 0: - orig = util.load_file(distro_cfg["ca_cert_config"]) + + if os.stat(ca_cert_cfg_fn).st_size != 0: + orig = util.load_file(ca_cert_cfg_fn) out_lines = [] for line in orig.splitlines(): if line == header_comment: @@ -198,7 +204,7 @@ def disable_system_ca_certs(distro_cfg): added_header = True out_lines.append("!" + line) util.write_file( - distro_cfg["ca_cert_config"], "\n".join(out_lines) + "\n", omode="wb" + ca_cert_cfg_fn, "\n".join(out_lines) + "\n", omode="wb" ) From 4f999f14b112b2b57a4596acf4de080967bca73b Mon Sep 17 00:00:00 2001 From: Shreenidhi Shedi Date: Tue, 14 Mar 2023 15:52:40 +0530 Subject: [PATCH 2/5] cc_ca_certs.py: check for cert file existence before stat Signed-off-by: Shreenidhi Shedi --- cloudinit/config/cc_ca_certs.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cloudinit/config/cc_ca_certs.py b/cloudinit/config/cc_ca_certs.py index 77375285b2..bff27f4b45 100644 --- a/cloudinit/config/cc_ca_certs.py +++ b/cloudinit/config/cc_ca_certs.py @@ -180,7 +180,7 @@ def disable_system_ca_certs(distro_cfg): ca_cert_cfg_fn = distro_cfg["ca_cert_config"] - if ca_cert_cfg_fn is None: + if not ca_cert_cfg_fn or not os.path.exists(ca_cert_cfg_fn): return header_comment = ( From ea4b0042ea9bde41473e664b351d530e467c0a71 Mon Sep 17 00:00:00 2001 From: Shreenidhi Shedi Date: Tue, 14 Mar 2023 15:55:50 +0530 Subject: [PATCH 3/5] cc_ca_certs.py: remove redundant check for zero Signed-off-by: Shreenidhi Shedi --- cloudinit/config/cc_ca_certs.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cloudinit/config/cc_ca_certs.py b/cloudinit/config/cc_ca_certs.py index bff27f4b45..2c0b1f335c 100644 --- a/cloudinit/config/cc_ca_certs.py +++ b/cloudinit/config/cc_ca_certs.py @@ -189,7 +189,7 @@ def disable_system_ca_certs(distro_cfg): added_header = False - if os.stat(ca_cert_cfg_fn).st_size != 0: + if os.stat(ca_cert_cfg_fn).st_size: orig = util.load_file(ca_cert_cfg_fn) out_lines = [] for line in orig.splitlines(): From 562222dc8c40b9d0a5d1e2c33dc5619f0f2e8c22 Mon Sep 17 00:00:00 2001 From: Shreenidhi Shedi Date: Tue, 14 Mar 2023 15:56:38 +0530 Subject: [PATCH 4/5] cc_ca_certs.py: move util.write_file with if block if cert file size if zero, out_lines won't get initialized Signed-off-by: Shreenidhi Shedi --- cloudinit/config/cc_ca_certs.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/cloudinit/config/cc_ca_certs.py b/cloudinit/config/cc_ca_certs.py index 2c0b1f335c..54153638e3 100644 --- a/cloudinit/config/cc_ca_certs.py +++ b/cloudinit/config/cc_ca_certs.py @@ -203,9 +203,10 @@ def disable_system_ca_certs(distro_cfg): out_lines.append(header_comment) added_header = True out_lines.append("!" + line) - util.write_file( - ca_cert_cfg_fn, "\n".join(out_lines) + "\n", omode="wb" - ) + + util.write_file( + ca_cert_cfg_fn, "\n".join(out_lines) + "\n", omode="wb" + ) def remove_default_ca_certs(distro_cfg): From d31144ededa0dd829405f0a21e372d254b082050 Mon Sep 17 00:00:00 2001 From: Shreenidhi Shedi Date: Tue, 14 Mar 2023 17:52:30 +0530 Subject: [PATCH 5/5] test_cc_ca_certs.py: add tests for non existent ca-cert config Signed-off-by: Shreenidhi Shedi --- tests/unittests/config/test_cc_ca_certs.py | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tests/unittests/config/test_cc_ca_certs.py b/tests/unittests/config/test_cc_ca_certs.py index adc3609a8e..07a2939523 100644 --- a/tests/unittests/config/test_cc_ca_certs.py +++ b/tests/unittests/config/test_cc_ca_certs.py @@ -367,6 +367,18 @@ def test_commands(self): else: assert mock_subp.call_count == 0 + def test_non_existent_cert_cfg(self): + self.m_stat.return_value.st_size = 0 + + for distro_name in cc_ca_certs.distros: + conf = cc_ca_certs._distro_ca_certs_configs(distro_name) + with ExitStack() as mocks: + mocks.enter_context( + mock.patch.object(util, "delete_dir_contents") + ) + mocks.enter_context(mock.patch.object(subp, "subp")) + cc_ca_certs.disable_default_ca_certs(distro_name, conf) + class TestCACertsSchema: """Directly test schema rather than through handle."""