From 65fba1cd27af67c543e120effc12882bd0191f03 Mon Sep 17 00:00:00 2001
From: Christian Breunig <christian@breunig.cc>
Date: Sat, 25 May 2024 21:26:08 +0200
Subject: op-mode: T6377: must call pki.py helper as root to work with ACME
 certificates

This fixes the error:

vyos@vyos:~$ show pki certificate
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/vyos/config.py", line 111, in config_dict_mangle_acme
    tmp = read_file(f'{vyos_certbot_dir}/live/{name}/cert.pem')
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/vyos/utils/file.py", line 44, in read_file
    raise e
  File "/usr/lib/python3/dist-packages/vyos/utils/file.py", line 38, in read_file
    with open(fname, 'r') as f:
         ^^^^^^^^^^^^^^^^
PermissionError: [Errno 13] Permission denied: '/config/auth/letsencrypt/live/vyos/cert.pem'
---
 op-mode-definitions/pki.xml.in | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/op-mode-definitions/pki.xml.in b/op-mode-definitions/pki.xml.in
index a5e01bade..f76b4f4e1 100644
--- a/op-mode-definitions/pki.xml.in
+++ b/op-mode-definitions/pki.xml.in
@@ -495,7 +495,7 @@
             <properties>
               <help>Show x509 CA certificates</help>
             </properties>
-            <command>${vyos_op_scripts_dir}/pki.py --action show --ca "all"</command>
+            <command>sudo ${vyos_op_scripts_dir}/pki.py --action show --ca "all"</command>
           </leafNode>
           <tagNode name="ca">
             <properties>
@@ -504,13 +504,13 @@
                 <path>pki ca</path>
               </completionHelp>
             </properties>
-            <command>${vyos_op_scripts_dir}/pki.py --action show --ca "$4"</command>
+            <command>sudo ${vyos_op_scripts_dir}/pki.py --action show --ca "$4"</command>
             <children>
               <leafNode name="pem">
                 <properties>
                   <help>Show x509 CA certificate in PEM format</help>
                 </properties>
-                <command>${vyos_op_scripts_dir}/pki.py --action show --ca "$4" --pem</command>
+                <command>sudo ${vyos_op_scripts_dir}/pki.py --action show --ca "$4" --pem</command>
               </leafNode>
             </children>
           </tagNode>
@@ -518,7 +518,7 @@
             <properties>
               <help>Show x509 certificates</help>
             </properties>
-            <command>${vyos_op_scripts_dir}/pki.py --action show --certificate "all"</command>
+            <command>sudo ${vyos_op_scripts_dir}/pki.py --action show --certificate "all"</command>
           </leafNode>
           <tagNode name="certificate">
             <properties>
@@ -527,7 +527,7 @@
                 <path>pki certificate</path>
               </completionHelp>
             </properties>
-            <command>${vyos_op_scripts_dir}/pki.py --action show --certificate "$4"</command>
+            <command>sudo ${vyos_op_scripts_dir}/pki.py --action show --certificate "$4"</command>
             <children>
               <leafNode name="pem">
                 <properties>
@@ -542,7 +542,7 @@
                     <list>sha256 sha384 sha512</list>
                   </completionHelp>
                 </properties>
-                <command>${vyos_op_scripts_dir}/pki.py --action show --certificate "$4" --fingerprint "$6"</command>
+                <command>sudo ${vyos_op_scripts_dir}/pki.py --action show --certificate "$4" --fingerprint "$6"</command>
               </tagNode>
             </children>
           </tagNode>
-- 
cgit v1.2.3