rpms / cloud-init

Clone
Source Code
GIT

Files

  1.   0048d9ca8684c76977066072cd9f408cd1cb65b8
  2.   2073.patch
Blob Blame History Raw 
From 9ab893043254e7c8fdc219579fbc958366d32ca8 Mon Sep 17 00:00:00 2001
From: Shreenidhi Shedi <sshedi@vmware.com>
Date: Tue, 14 Mar 2023 15:51:15 +0530
Subject: [PATCH 1/5] cc_ca_certs.py: store distro_cfg['ca_cert_config'] in a
 variable

Signed-off-by: Shreenidhi Shedi <sshedi@vmware.com>
---
 cloudinit/config/cc_ca_certs.py | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/cloudinit/config/cc_ca_certs.py b/cloudinit/config/cc_ca_certs.py
index b1c4a2bf01..77375285b2 100644
--- a/cloudinit/config/cc_ca_certs.py
+++ b/cloudinit/config/cc_ca_certs.py
@@ -177,14 +177,20 @@ def disable_system_ca_certs(distro_cfg):
 
     @param distro_cfg: A hash providing _distro_ca_certs_configs function.
     """
-    if distro_cfg["ca_cert_config"] is None:
+
+    ca_cert_cfg_fn = distro_cfg["ca_cert_config"]
+
+    if ca_cert_cfg_fn is None:
         return
+
     header_comment = (
         "# Modified by cloud-init to deselect certs due to user-data"
     )
+
     added_header = False
-    if os.stat(distro_cfg["ca_cert_config"]).st_size != 0:
-        orig = util.load_file(distro_cfg["ca_cert_config"])
+
+    if os.stat(ca_cert_cfg_fn).st_size != 0:
+        orig = util.load_file(ca_cert_cfg_fn)
         out_lines = []
         for line in orig.splitlines():
             if line == header_comment:
@@ -198,7 +204,7 @@ def disable_system_ca_certs(distro_cfg):
                     added_header = True
                 out_lines.append("!" + line)
     util.write_file(
-        distro_cfg["ca_cert_config"], "\n".join(out_lines) + "\n", omode="wb"
+        ca_cert_cfg_fn, "\n".join(out_lines) + "\n", omode="wb"
     )
 
 

From 4f999f14b112b2b57a4596acf4de080967bca73b Mon Sep 17 00:00:00 2001
From: Shreenidhi Shedi <sshedi@vmware.com>
Date: Tue, 14 Mar 2023 15:52:40 +0530
Subject: [PATCH 2/5] cc_ca_certs.py: check for cert file existence before stat

Signed-off-by: Shreenidhi Shedi <sshedi@vmware.com>
---
 cloudinit/config/cc_ca_certs.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cloudinit/config/cc_ca_certs.py b/cloudinit/config/cc_ca_certs.py
index 77375285b2..bff27f4b45 100644
--- a/cloudinit/config/cc_ca_certs.py
+++ b/cloudinit/config/cc_ca_certs.py
@@ -180,7 +180,7 @@ def disable_system_ca_certs(distro_cfg):
 
     ca_cert_cfg_fn = distro_cfg["ca_cert_config"]
 
-    if ca_cert_cfg_fn is None:
+    if not ca_cert_cfg_fn or not os.path.exists(ca_cert_cfg_fn):
         return
 
     header_comment = (

From ea4b0042ea9bde41473e664b351d530e467c0a71 Mon Sep 17 00:00:00 2001
From: Shreenidhi Shedi <sshedi@vmware.com>
Date: Tue, 14 Mar 2023 15:55:50 +0530
Subject: [PATCH 3/5] cc_ca_certs.py: remove redundant check for zero

Signed-off-by: Shreenidhi Shedi <sshedi@vmware.com>
---
 cloudinit/config/cc_ca_certs.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cloudinit/config/cc_ca_certs.py b/cloudinit/config/cc_ca_certs.py
index bff27f4b45..2c0b1f335c 100644
--- a/cloudinit/config/cc_ca_certs.py
+++ b/cloudinit/config/cc_ca_certs.py
@@ -189,7 +189,7 @@ def disable_system_ca_certs(distro_cfg):
 
     added_header = False
 
-    if os.stat(ca_cert_cfg_fn).st_size != 0:
+    if os.stat(ca_cert_cfg_fn).st_size:
         orig = util.load_file(ca_cert_cfg_fn)
         out_lines = []
         for line in orig.splitlines():

From 562222dc8c40b9d0a5d1e2c33dc5619f0f2e8c22 Mon Sep 17 00:00:00 2001
From: Shreenidhi Shedi <sshedi@vmware.com>
Date: Tue, 14 Mar 2023 15:56:38 +0530
Subject: [PATCH 4/5] cc_ca_certs.py: move util.write_file with if block

if cert file size if zero, out_lines won't get initialized

Signed-off-by: Shreenidhi Shedi <sshedi@vmware.com>
---
 cloudinit/config/cc_ca_certs.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/cloudinit/config/cc_ca_certs.py b/cloudinit/config/cc_ca_certs.py
index 2c0b1f335c..54153638e3 100644
--- a/cloudinit/config/cc_ca_certs.py
+++ b/cloudinit/config/cc_ca_certs.py
@@ -203,9 +203,10 @@ def disable_system_ca_certs(distro_cfg):
                     out_lines.append(header_comment)
                     added_header = True
                 out_lines.append("!" + line)
-    util.write_file(
-        ca_cert_cfg_fn, "\n".join(out_lines) + "\n", omode="wb"
-    )
+
+        util.write_file(
+            ca_cert_cfg_fn, "\n".join(out_lines) + "\n", omode="wb"
+        )
 
 
 def remove_default_ca_certs(distro_cfg):

From d31144ededa0dd829405f0a21e372d254b082050 Mon Sep 17 00:00:00 2001
From: Shreenidhi Shedi <sshedi@vmware.com>
Date: Tue, 14 Mar 2023 17:52:30 +0530
Subject: [PATCH 5/5] test_cc_ca_certs.py: add tests for non existent ca-cert
 config

Signed-off-by: Shreenidhi Shedi <sshedi@vmware.com>
---
 tests/unittests/config/test_cc_ca_certs.py | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/tests/unittests/config/test_cc_ca_certs.py b/tests/unittests/config/test_cc_ca_certs.py
index adc3609a8e..07a2939523 100644
--- a/tests/unittests/config/test_cc_ca_certs.py
+++ b/tests/unittests/config/test_cc_ca_certs.py
@@ -367,6 +367,18 @@ def test_commands(self):
                     else:
                         assert mock_subp.call_count == 0
 
+    def test_non_existent_cert_cfg(self):
+        self.m_stat.return_value.st_size = 0
+
+        for distro_name in cc_ca_certs.distros:
+            conf = cc_ca_certs._distro_ca_certs_configs(distro_name)
+            with ExitStack() as mocks:
+                mocks.enter_context(
+                    mock.patch.object(util, "delete_dir_contents")
+                )
+                mocks.enter_context(mock.patch.object(subp, "subp"))
+                cc_ca_certs.disable_default_ca_certs(distro_name, conf)
+
 
 class TestCACertsSchema:
     """Directly test schema rather than through handle."""
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.