summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2024-01-08 20:42:17 +0100
committerChristian Breunig <christian@breunig.cc>2024-01-09 07:29:22 +0100
commitfc6926fdf32a7bdf9f943c7818ee6ea4a8131fba (patch)
tree2e2ba8c55f9b24c0c529f6fdba64c9048db04aec
parentd0d3071e99eb65edb888c26ef2fdc9e038438887 (diff)
downloadvyos-1x-fc6926fdf32a7bdf9f943c7818ee6ea4a8131fba.tar.gz
vyos-1x-fc6926fdf32a7bdf9f943c7818ee6ea4a8131fba.zip
pki: T5911: fix service update algorithm if certificate name contains a hyphen (-)
When testing for changed PKI certificates using node_changed(), we should not use key_mangling=('-', '_'), as this will make certificate updates with a hypen not possible.
-rwxr-xr-xsmoketest/scripts/cli/test_pki.py2
-rwxr-xr-xsrc/conf_mode/pki.py11
2 files changed, 6 insertions, 7 deletions
diff --git a/smoketest/scripts/cli/test_pki.py b/smoketest/scripts/cli/test_pki.py
index 940ff9ec0..02beafb26 100755
--- a/smoketest/scripts/cli/test_pki.py
+++ b/smoketest/scripts/cli/test_pki.py
@@ -205,7 +205,7 @@ class TestPKI(VyOSUnitTestSHIM.TestCase):
self.cli_delete(['service', 'https', 'certificates', 'certificate'])
def test_certificate_https_update(self):
- cert_name = 'smoketest'
+ cert_name = 'smoke-test_foo'
cert_path = f'/run/nginx/certs/{cert_name}_cert.pem'
self.cli_set(base_path + ['certificate', cert_name, 'certificate', valid_ca_cert.replace('\n','')])
self.cli_set(base_path + ['certificate', cert_name, 'private', 'key', valid_ca_private_key.replace('\n','')])
diff --git a/src/conf_mode/pki.py b/src/conf_mode/pki.py
index 239e44c3b..4be40e99e 100755
--- a/src/conf_mode/pki.py
+++ b/src/conf_mode/pki.py
@@ -130,28 +130,27 @@ def get_config(config=None):
if len(argv) > 1 and argv[1] == 'certbot_renew':
pki['certbot_renew'] = {}
- tmp = node_changed(conf, base + ['ca'], key_mangling=('-', '_'), recursive=True)
+ tmp = node_changed(conf, base + ['ca'], recursive=True)
if tmp:
if 'changed' not in pki: pki.update({'changed':{}})
pki['changed'].update({'ca' : tmp})
- tmp = node_changed(conf, base + ['certificate'], key_mangling=('-', '_'), recursive=True)
+ tmp = node_changed(conf, base + ['certificate'], recursive=True)
if tmp:
if 'changed' not in pki: pki.update({'changed':{}})
pki['changed'].update({'certificate' : tmp})
- tmp = node_changed(conf, base + ['dh'], key_mangling=('-', '_'), recursive=True)
+ tmp = node_changed(conf, base + ['dh'], recursive=True)
if tmp:
if 'changed' not in pki: pki.update({'changed':{}})
pki['changed'].update({'dh' : tmp})
- tmp = node_changed(conf, base + ['key-pair'], key_mangling=('-', '_'), recursive=True)
+ tmp = node_changed(conf, base + ['key-pair'], recursive=True)
if tmp:
if 'changed' not in pki: pki.update({'changed':{}})
pki['changed'].update({'key_pair' : tmp})
- tmp = node_changed(conf, base + ['openvpn', 'shared-secret'], key_mangling=('-', '_'),
- recursive=True)
+ tmp = node_changed(conf, base + ['openvpn', 'shared-secret'], recursive=True)
if tmp:
if 'changed' not in pki: pki.update({'changed':{}})
pki['changed'].update({'openvpn' : tmp})