163 lines
5.6 KiB
Diff
163 lines
5.6 KiB
Diff
From 9ab893043254e7c8fdc219579fbc958366d32ca8 Mon Sep 17 00:00:00 2001
|
|
From: Shreenidhi Shedi <sshedi@vmware.com>
|
|
Date: Tue, 14 Mar 2023 15:51:15 +0530
|
|
Subject: [PATCH 1/5] cc_ca_certs.py: store distro_cfg['ca_cert_config'] in a
|
|
variable
|
|
|
|
Signed-off-by: Shreenidhi Shedi <sshedi@vmware.com>
|
|
---
|
|
cloudinit/config/cc_ca_certs.py | 14 ++++++++++----
|
|
1 file changed, 10 insertions(+), 4 deletions(-)
|
|
|
|
diff --git a/cloudinit/config/cc_ca_certs.py b/cloudinit/config/cc_ca_certs.py
|
|
index b1c4a2bf01..77375285b2 100644
|
|
--- a/cloudinit/config/cc_ca_certs.py
|
|
+++ b/cloudinit/config/cc_ca_certs.py
|
|
@@ -177,14 +177,20 @@ def disable_system_ca_certs(distro_cfg):
|
|
|
|
@param distro_cfg: A hash providing _distro_ca_certs_configs function.
|
|
"""
|
|
- if distro_cfg["ca_cert_config"] is None:
|
|
+
|
|
+ ca_cert_cfg_fn = distro_cfg["ca_cert_config"]
|
|
+
|
|
+ if ca_cert_cfg_fn is None:
|
|
return
|
|
+
|
|
header_comment = (
|
|
"# Modified by cloud-init to deselect certs due to user-data"
|
|
)
|
|
+
|
|
added_header = False
|
|
- if os.stat(distro_cfg["ca_cert_config"]).st_size != 0:
|
|
- orig = util.load_file(distro_cfg["ca_cert_config"])
|
|
+
|
|
+ if os.stat(ca_cert_cfg_fn).st_size != 0:
|
|
+ orig = util.load_file(ca_cert_cfg_fn)
|
|
out_lines = []
|
|
for line in orig.splitlines():
|
|
if line == header_comment:
|
|
@@ -198,7 +204,7 @@ def disable_system_ca_certs(distro_cfg):
|
|
added_header = True
|
|
out_lines.append("!" + line)
|
|
util.write_file(
|
|
- distro_cfg["ca_cert_config"], "\n".join(out_lines) + "\n", omode="wb"
|
|
+ ca_cert_cfg_fn, "\n".join(out_lines) + "\n", omode="wb"
|
|
)
|
|
|
|
|
|
|
|
From 4f999f14b112b2b57a4596acf4de080967bca73b Mon Sep 17 00:00:00 2001
|
|
From: Shreenidhi Shedi <sshedi@vmware.com>
|
|
Date: Tue, 14 Mar 2023 15:52:40 +0530
|
|
Subject: [PATCH 2/5] cc_ca_certs.py: check for cert file existence before stat
|
|
|
|
Signed-off-by: Shreenidhi Shedi <sshedi@vmware.com>
|
|
---
|
|
cloudinit/config/cc_ca_certs.py | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/cloudinit/config/cc_ca_certs.py b/cloudinit/config/cc_ca_certs.py
|
|
index 77375285b2..bff27f4b45 100644
|
|
--- a/cloudinit/config/cc_ca_certs.py
|
|
+++ b/cloudinit/config/cc_ca_certs.py
|
|
@@ -180,7 +180,7 @@ def disable_system_ca_certs(distro_cfg):
|
|
|
|
ca_cert_cfg_fn = distro_cfg["ca_cert_config"]
|
|
|
|
- if ca_cert_cfg_fn is None:
|
|
+ if not ca_cert_cfg_fn or not os.path.exists(ca_cert_cfg_fn):
|
|
return
|
|
|
|
header_comment = (
|
|
|
|
From ea4b0042ea9bde41473e664b351d530e467c0a71 Mon Sep 17 00:00:00 2001
|
|
From: Shreenidhi Shedi <sshedi@vmware.com>
|
|
Date: Tue, 14 Mar 2023 15:55:50 +0530
|
|
Subject: [PATCH 3/5] cc_ca_certs.py: remove redundant check for zero
|
|
|
|
Signed-off-by: Shreenidhi Shedi <sshedi@vmware.com>
|
|
---
|
|
cloudinit/config/cc_ca_certs.py | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/cloudinit/config/cc_ca_certs.py b/cloudinit/config/cc_ca_certs.py
|
|
index bff27f4b45..2c0b1f335c 100644
|
|
--- a/cloudinit/config/cc_ca_certs.py
|
|
+++ b/cloudinit/config/cc_ca_certs.py
|
|
@@ -189,7 +189,7 @@ def disable_system_ca_certs(distro_cfg):
|
|
|
|
added_header = False
|
|
|
|
- if os.stat(ca_cert_cfg_fn).st_size != 0:
|
|
+ if os.stat(ca_cert_cfg_fn).st_size:
|
|
orig = util.load_file(ca_cert_cfg_fn)
|
|
out_lines = []
|
|
for line in orig.splitlines():
|
|
|
|
From 562222dc8c40b9d0a5d1e2c33dc5619f0f2e8c22 Mon Sep 17 00:00:00 2001
|
|
From: Shreenidhi Shedi <sshedi@vmware.com>
|
|
Date: Tue, 14 Mar 2023 15:56:38 +0530
|
|
Subject: [PATCH 4/5] cc_ca_certs.py: move util.write_file with if block
|
|
|
|
if cert file size if zero, out_lines won't get initialized
|
|
|
|
Signed-off-by: Shreenidhi Shedi <sshedi@vmware.com>
|
|
---
|
|
cloudinit/config/cc_ca_certs.py | 7 ++++---
|
|
1 file changed, 4 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/cloudinit/config/cc_ca_certs.py b/cloudinit/config/cc_ca_certs.py
|
|
index 2c0b1f335c..54153638e3 100644
|
|
--- a/cloudinit/config/cc_ca_certs.py
|
|
+++ b/cloudinit/config/cc_ca_certs.py
|
|
@@ -203,9 +203,10 @@ def disable_system_ca_certs(distro_cfg):
|
|
out_lines.append(header_comment)
|
|
added_header = True
|
|
out_lines.append("!" + line)
|
|
- util.write_file(
|
|
- ca_cert_cfg_fn, "\n".join(out_lines) + "\n", omode="wb"
|
|
- )
|
|
+
|
|
+ util.write_file(
|
|
+ ca_cert_cfg_fn, "\n".join(out_lines) + "\n", omode="wb"
|
|
+ )
|
|
|
|
|
|
def remove_default_ca_certs(distro_cfg):
|
|
|
|
From d31144ededa0dd829405f0a21e372d254b082050 Mon Sep 17 00:00:00 2001
|
|
From: Shreenidhi Shedi <sshedi@vmware.com>
|
|
Date: Tue, 14 Mar 2023 17:52:30 +0530
|
|
Subject: [PATCH 5/5] test_cc_ca_certs.py: add tests for non existent ca-cert
|
|
config
|
|
|
|
Signed-off-by: Shreenidhi Shedi <sshedi@vmware.com>
|
|
---
|
|
tests/unittests/config/test_cc_ca_certs.py | 12 ++++++++++++
|
|
1 file changed, 12 insertions(+)
|
|
|
|
diff --git a/tests/unittests/config/test_cc_ca_certs.py b/tests/unittests/config/test_cc_ca_certs.py
|
|
index adc3609a8e..07a2939523 100644
|
|
--- a/tests/unittests/config/test_cc_ca_certs.py
|
|
+++ b/tests/unittests/config/test_cc_ca_certs.py
|
|
@@ -367,6 +367,18 @@ def test_commands(self):
|
|
else:
|
|
assert mock_subp.call_count == 0
|
|
|
|
+ def test_non_existent_cert_cfg(self):
|
|
+ self.m_stat.return_value.st_size = 0
|
|
+
|
|
+ for distro_name in cc_ca_certs.distros:
|
|
+ conf = cc_ca_certs._distro_ca_certs_configs(distro_name)
|
|
+ with ExitStack() as mocks:
|
|
+ mocks.enter_context(
|
|
+ mock.patch.object(util, "delete_dir_contents")
|
|
+ )
|
|
+ mocks.enter_context(mock.patch.object(subp, "subp"))
|
|
+ cc_ca_certs.disable_default_ca_certs(distro_name, conf)
|
|
+
|
|
|
|
class TestCACertsSchema:
|
|
"""Directly test schema rather than through handle."""
|