From 6ce8efdc8dafef67541bed89fc7dc7cd83335bf4 Mon Sep 17 00:00:00 2001
From: Christian Breunig <christian@breunig.cc>
Date: Sun, 9 Jun 2024 20:45:04 +0200
Subject: pki: T6463: reverse-proxy service not reloaded when updating SSL
 certificate(s)

The haproxy reverse proxy was not reloaded/restarted with the new SSL
certificate(s) after a change in the PKI subsystem. This was due to missing
dependencies.
---
 data/config-mode-dependencies/vyos-1x.json | 1 +
 src/conf_mode/pki.py                       | 4 ++++
 2 files changed, 5 insertions(+)

diff --git a/data/config-mode-dependencies/vyos-1x.json b/data/config-mode-dependencies/vyos-1x.json
index 13de434bd..20ec12f04 100644
--- a/data/config-mode-dependencies/vyos-1x.json
+++ b/data/config-mode-dependencies/vyos-1x.json
@@ -29,6 +29,7 @@
         "https": ["service_https"],
         "ipsec": ["vpn_ipsec"],
         "openconnect": ["vpn_openconnect"],
+        "reverse_proxy": ["load-balancing_reverse-proxy"],
         "rpki": ["protocols_rpki"],
         "sstp": ["vpn_sstp"]
     },
diff --git a/src/conf_mode/pki.py b/src/conf_mode/pki.py
index 8deec0e85..f37cac524 100755
--- a/src/conf_mode/pki.py
+++ b/src/conf_mode/pki.py
@@ -66,6 +66,10 @@ sync_search = [
         'keys': ['ca_certificate'],
         'path': ['interfaces', 'sstpc'],
     },
+    {
+        'keys': ['certificate', 'ca_certificate'],
+        'path': ['load_balancing', 'reverse_proxy'],
+    },
     {
         'keys': ['key'],
         'path': ['protocols', 'rpki', 'cache'],
-- 
cgit v1.2.3