diff options
author | Christian Breunig <christian@breunig.cc> | 2024-01-08 20:42:17 +0100 |
---|---|---|
committer | Christian Breunig <christian@breunig.cc> | 2024-01-09 07:29:22 +0100 |
commit | fc6926fdf32a7bdf9f943c7818ee6ea4a8131fba (patch) | |
tree | 2e2ba8c55f9b24c0c529f6fdba64c9048db04aec | |
parent | d0d3071e99eb65edb888c26ef2fdc9e038438887 (diff) | |
download | vyos-1x-fc6926fdf32a7bdf9f943c7818ee6ea4a8131fba.tar.gz vyos-1x-fc6926fdf32a7bdf9f943c7818ee6ea4a8131fba.zip |
pki: T5911: fix service update algorithm if certificate name contains a hyphen (-)
When testing for changed PKI certificates using node_changed(), we should not
use key_mangling=('-', '_'), as this will make certificate updates with a hypen
not possible.
-rwxr-xr-x | smoketest/scripts/cli/test_pki.py | 2 | ||||
-rwxr-xr-x | src/conf_mode/pki.py | 11 |
2 files changed, 6 insertions, 7 deletions
diff --git a/smoketest/scripts/cli/test_pki.py b/smoketest/scripts/cli/test_pki.py index 940ff9ec0..02beafb26 100755 --- a/smoketest/scripts/cli/test_pki.py +++ b/smoketest/scripts/cli/test_pki.py @@ -205,7 +205,7 @@ class TestPKI(VyOSUnitTestSHIM.TestCase): self.cli_delete(['service', 'https', 'certificates', 'certificate']) def test_certificate_https_update(self): - cert_name = 'smoketest' + cert_name = 'smoke-test_foo' cert_path = f'/run/nginx/certs/{cert_name}_cert.pem' self.cli_set(base_path + ['certificate', cert_name, 'certificate', valid_ca_cert.replace('\n','')]) self.cli_set(base_path + ['certificate', cert_name, 'private', 'key', valid_ca_private_key.replace('\n','')]) diff --git a/src/conf_mode/pki.py b/src/conf_mode/pki.py index 239e44c3b..4be40e99e 100755 --- a/src/conf_mode/pki.py +++ b/src/conf_mode/pki.py @@ -130,28 +130,27 @@ def get_config(config=None): if len(argv) > 1 and argv[1] == 'certbot_renew': pki['certbot_renew'] = {} - tmp = node_changed(conf, base + ['ca'], key_mangling=('-', '_'), recursive=True) + tmp = node_changed(conf, base + ['ca'], recursive=True) if tmp: if 'changed' not in pki: pki.update({'changed':{}}) pki['changed'].update({'ca' : tmp}) - tmp = node_changed(conf, base + ['certificate'], key_mangling=('-', '_'), recursive=True) + tmp = node_changed(conf, base + ['certificate'], recursive=True) if tmp: if 'changed' not in pki: pki.update({'changed':{}}) pki['changed'].update({'certificate' : tmp}) - tmp = node_changed(conf, base + ['dh'], key_mangling=('-', '_'), recursive=True) + tmp = node_changed(conf, base + ['dh'], recursive=True) if tmp: if 'changed' not in pki: pki.update({'changed':{}}) pki['changed'].update({'dh' : tmp}) - tmp = node_changed(conf, base + ['key-pair'], key_mangling=('-', '_'), recursive=True) + tmp = node_changed(conf, base + ['key-pair'], recursive=True) if tmp: if 'changed' not in pki: pki.update({'changed':{}}) pki['changed'].update({'key_pair' : tmp}) - tmp = node_changed(conf, base + ['openvpn', 'shared-secret'], key_mangling=('-', '_'), - recursive=True) + tmp = node_changed(conf, base + ['openvpn', 'shared-secret'], recursive=True) if tmp: if 'changed' not in pki: pki.update({'changed':{}}) pki['changed'].update({'openvpn' : tmp}) |