91 lines
3.1 KiB
Diff
91 lines
3.1 KiB
Diff
From 7a530e186e791858bf70accd2fab80dd9b43ee7e Mon Sep 17 00:00:00 2001
|
|
From: Robert Schweikert <rjschwei@suse.com>
|
|
Date: Thu, 23 Feb 2023 16:43:56 -0500
|
|
Subject: [PATCH] Enable SUSE based distros for ca handling (#2036)
|
|
|
|
CA handling in the configuration module was previously not supported
|
|
for SUSE based distros. Enable this functionality by creating the
|
|
necessary configuration settings.
|
|
|
|
Secondly update the test such that it does not bleed through to the
|
|
test system.
|
|
|
|
(cherry picked from commit 46fcd03187d70f405c748f7a6cfdb02ecb8c6ee7)
|
|
Signed-off-by: Ani Sinha <anisinha@redhat.com>
|
|
---
|
|
cloudinit/config/cc_ca_certs.py | 31 +++++++++++++++++++++-
|
|
tests/unittests/config/test_cc_ca_certs.py | 2 ++
|
|
2 files changed, 32 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/cloudinit/config/cc_ca_certs.py b/cloudinit/config/cc_ca_certs.py
|
|
index 169b0e18..51b8577c 100644
|
|
--- a/cloudinit/config/cc_ca_certs.py
|
|
+++ b/cloudinit/config/cc_ca_certs.py
|
|
@@ -32,8 +32,25 @@ DISTRO_OVERRIDES = {
|
|
"ca_cert_config": None,
|
|
"ca_cert_update_cmd": ["update-ca-trust"],
|
|
},
|
|
+ "opensuse": {
|
|
+ "ca_cert_path": "/etc/pki/trust/",
|
|
+ "ca_cert_local_path": "/usr/share/pki/trust/",
|
|
+ "ca_cert_filename": "anchors/cloud-init-ca-cert-{cert_index}.crt",
|
|
+ "ca_cert_config": None,
|
|
+ "ca_cert_update_cmd": ["update-ca-certificates"],
|
|
+ },
|
|
}
|
|
|
|
+for distro in (
|
|
+ "opensuse-microos",
|
|
+ "opensuse-tumbleweed",
|
|
+ "opensuse-leap",
|
|
+ "sle_hpc",
|
|
+ "sle-micro",
|
|
+ "sles",
|
|
+):
|
|
+ DISTRO_OVERRIDES[distro] = DISTRO_OVERRIDES["opensuse"]
|
|
+
|
|
MODULE_DESCRIPTION = """\
|
|
This module adds CA certificates to the system's CA store and updates any
|
|
related files using the appropriate OS-specific utility. The default CA
|
|
@@ -48,7 +65,19 @@ configuration option ``remove_defaults``.
|
|
Alpine Linux requires the ca-certificates package to be installed in
|
|
order to provide the ``update-ca-certificates`` command.
|
|
"""
|
|
-distros = ["alpine", "debian", "rhel", "ubuntu"]
|
|
+distros = [
|
|
+ "alpine",
|
|
+ "debian",
|
|
+ "rhel",
|
|
+ "opensuse",
|
|
+ "opensuse-microos",
|
|
+ "opensuse-tumbleweed",
|
|
+ "opensuse-leap",
|
|
+ "sle_hpc",
|
|
+ "sle-micro",
|
|
+ "sles",
|
|
+ "ubuntu",
|
|
+]
|
|
|
|
meta: MetaSchema = {
|
|
"id": "cc_ca_certs",
|
|
diff --git a/tests/unittests/config/test_cc_ca_certs.py b/tests/unittests/config/test_cc_ca_certs.py
|
|
index 19e5d422..6db17485 100644
|
|
--- a/tests/unittests/config/test_cc_ca_certs.py
|
|
+++ b/tests/unittests/config/test_cc_ca_certs.py
|
|
@@ -311,6 +311,7 @@ class TestRemoveDefaultCaCerts(TestCase):
|
|
"cloud_dir": tmpdir,
|
|
}
|
|
)
|
|
+ self.add_patch("cloudinit.config.cc_ca_certs.os.stat", "m_stat")
|
|
|
|
def test_commands(self):
|
|
ca_certs_content = "# line1\nline2\nline3\n"
|
|
@@ -318,6 +319,7 @@ class TestRemoveDefaultCaCerts(TestCase):
|
|
"# line1\n# Modified by cloud-init to deselect certs due to"
|
|
" user-data\n!line2\n!line3\n"
|
|
)
|
|
+ self.m_stat.return_value.st_size = 1
|
|
|
|
for distro_name in cc_ca_certs.distros:
|
|
conf = cc_ca_certs._distro_ca_certs_configs(distro_name)
|