pki: T5905: do not use expand_nodes=Diff.ADD|Diff.DELETE) in node_changed() - vyos-1x.git - VyOS command definitions, scripts, and utilities (mirror of https://github.com/vyos/vyos-1x.git)

diff options

author	Christian Breunig <christian@breunig.cc>	2024-01-07 11:36:09 +0100
committer	Christian Breunig <christian@breunig.cc>	2024-01-07 11:36:09 +0100
commit	9162631f12ade65392ea2fa53642ea4af39627c7 (patch)
tree	13e2db8e3dceaf84e524ada23d5bb29f17922f66 /sonar-project.properties
parent	410458c00e6202dd9a5c52b3c5ac00a90db5bc53 (diff)
download	vyos-1x-9162631f12ade65392ea2fa53642ea4af39627c7.tar.gz vyos-1x-9162631f12ade65392ea2fa53642ea4af39627c7.zip

pki: T5905: do not use expand_nodes=Diff.ADD|Diff.DELETE) in node_changed()

This fixes a priority inversion when doing initial certificate commits. * pki subsystem is executed with priority 300 * vti uses priority 381 * ipsec uses priority 901 On commit pki.py will be executed first, detecting a change in dependencies for vpn_ipsec.py which will be executed second. The VTI interface was yet not created leading to ConfigError('VTI interface XX for site-to-site peer YY does not exist!') The issue is caused by this new line of code in commit b8db1a9d7ba ("pki: T5886: add support for ACME protocol (LetsEncrypt)") file src/conf_mode/pki.py line 139 which triggers the dependency update even if a key is newly added. This commit changes the "detection" based on the cerbot configuration on disk.

Diffstat (limited to 'sonar-project.properties')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: