Merge pull request #1684 from jestabro/config-script-dependency

pki: T4847: correct calling of config mode script dependencies from pki.py
author: Christian Poessinger <christian@poessinger.com> 2022-12-01 14:20:28 +0100
committer: GitHub <noreply@github.com> 2022-12-01 14:20:28 +0100
commit: 33c0d77bfa10c81dfc93c4eca781279df9cf1034 (patch)
tree: 274033b3413e383820c665de2b874c929a91524c /src
parent: 97f36fe0c1f337d73e5f0af4e2fecefadc3325b4 (diff)
parent: 032de023c21d92262243a2abb34bfd4c2009958e (diff)
download: vyos-1x-33c0d77bfa10c81dfc93c4eca781279df9cf1034.tar.gz
vyos-1x-33c0d77bfa10c81dfc93c4eca781279df9cf1034.zip
2 files changed, 36 insertions, 37 deletions
diff --git a/src/conf_mode/interfaces-ethernet.py b/src/conf_mode/interfaces-ethernet.py
index e02841831..b49c945cd 100755
--- a/src/conf_mode/interfaces-ethernet.py
+++ b/src/conf_mode/interfaces-ethernet.py
@@ -175,7 +175,7 @@ def generate(ethernet):
 
         loaded_pki_cert = load_certificate(pki_cert['certificate'])
         loaded_ca_certs = {load_certificate(c['certificate'])
-            for c in ethernet['pki']['ca'].values()}
+            for c in ethernet['pki']['ca'].values()} if 'ca' in ethernet['pki'] else {}
 
         cert_full_chain = find_chain(loaded_pki_cert, loaded_ca_certs)
 
diff --git a/src/conf_mode/pki.py b/src/conf_mode/pki.py
index 29ed7b1b7..e8f3cc87a 100755
--- a/src/conf_mode/pki.py
+++ b/src/conf_mode/pki.py
@@ -16,20 +16,16 @@
 
 from sys import exit
 
-import jmespath
-
 from vyos.config import Config
+from vyos.configdep import set_dependents, call_dependents
 from vyos.configdict import dict_merge
 from vyos.configdict import node_changed
 from vyos.pki import is_ca_certificate
 from vyos.pki import load_certificate
-from vyos.pki import load_certificate_request
 from vyos.pki import load_public_key
 from vyos.pki import load_private_key
 from vyos.pki import load_crl
 from vyos.pki import load_dh_parameters
-from vyos.util import ask_input
-from vyos.util import call
 from vyos.util import dict_search_args
 from vyos.util import dict_search_recursive
 from vyos.xml import defaults
@@ -121,6 +117,39 @@ def get_config(config=None):
                                          get_first_key=True,
                                          no_tag_node_value_mangle=True)
 
+    if 'changed' in pki:
+        for search in sync_search:
+            for key in search['keys']:
+                changed_key = sync_translate[key]
+
+                if changed_key not in pki['changed']:
+                    continue
+
+                for item_name in pki['changed'][changed_key]:
+                    node_present = False
+                    if changed_key == 'openvpn':
+                        node_present = dict_search_args(pki, 'openvpn', 'shared_secret', item_name)
+                    else:
+                        node_present = dict_search_args(pki, changed_key, item_name)
+
+                    if node_present:
+                        search_dict = dict_search_args(pki['system'], *search['path'])
+
+                        if not search_dict:
+                            continue
+
+                        for found_name, found_path in dict_search_recursive(search_dict, key):
+                            if found_name == item_name:
+                                path = search['path']
+                                path_str = ' '.join(path + found_path)
+                                print(f'pki: Updating config: {path_str} {found_name}')
+
+                                if path[0] == 'interfaces':
+                                    ifname = found_path[0]
+                                    set_dependents(path[1], conf, ifname)
+                                else:
+                                    set_dependents(path[1], conf)
+
     return pki
 
 def is_valid_certificate(raw_data):
@@ -259,37 +288,7 @@ def apply(pki):
         return None
 
     if 'changed' in pki:
-        for search in sync_search:
-            for key in search['keys']:
-                changed_key = sync_translate[key]
-
-                if changed_key not in pki['changed']:
-                    continue
-
-                for item_name in pki['changed'][changed_key]:
-                    node_present = False
-                    if changed_key == 'openvpn':
-                        node_present = dict_search_args(pki, 'openvpn', 'shared_secret', item_name)
-                    else:
-                        node_present = dict_search_args(pki, changed_key, item_name)
-
-                    if node_present:
-                        search_dict = dict_search_args(pki['system'], *search['path'])
-
-                        if not search_dict:
-                            continue
-
-                        for found_name, found_path in dict_search_recursive(search_dict, key):
-                            if found_name == item_name:
-                                path_str = ' '.join(search['path'] + found_path)
-                                print(f'pki: Updating config: {path_str} {found_name}')
-
-                                script = search['script']
-                                if found_path[0] == 'interfaces':
-                                    ifname = found_path[2]
-                                    call(f'VYOS_TAGNODE_VALUE={ifname} {script}')
-                                else:
-                                    call(script)
+        call_dependents()
 
     return None
author	Christian Poessinger <christian@poessinger.com>	2022-12-01 14:20:28 +0100
committer	GitHub <noreply@github.com>	2022-12-01 14:20:28 +0100
commit	33c0d77bfa10c81dfc93c4eca781279df9cf1034 (patch)
tree	274033b3413e383820c665de2b874c929a91524c /src
parent	97f36fe0c1f337d73e5f0af4e2fecefadc3325b4 (diff)
parent	032de023c21d92262243a2abb34bfd4c2009958e (diff)
download	vyos-1x-33c0d77bfa10c81dfc93c4eca781279df9cf1034.tar.gz vyos-1x-33c0d77bfa10c81dfc93c4eca781279df9cf1034.zip