diff options
| -rw-r--r-- | cloudinit/CloudConfig/cc_ca_certs.py | 25 | ||||
| -rw-r--r-- | tests/unittests/test_handler_ca_certs.py | 37 |
2 files changed, 55 insertions, 7 deletions
diff --git a/cloudinit/CloudConfig/cc_ca_certs.py b/cloudinit/CloudConfig/cc_ca_certs.py index e2110890..81ed7237 100644 --- a/cloudinit/CloudConfig/cc_ca_certs.py +++ b/cloudinit/CloudConfig/cc_ca_certs.py @@ -16,7 +16,7 @@ import os import pwd import socket -import subprocess +from subprocess import check_call import json import StringIO import ConfigParser @@ -26,10 +26,29 @@ import cloudinit.util as util CERT_FILENAME = "/usr/share/ca-certificates/cloud-init-provided.crt" def write_file(filename, contents, owner, group, mode): - raise Exception() + """ + Write a file to disk with specified owner, group, and mode. If the file + exists already it will be overwritten. + + @param filename: Full path to the new file. + @param contents: The contents of the newly created file. + @param owner: The username who should own the file. + @param group: The group for the new file. + @param mode: The octal mode (as string) for the new file. + """ + raise NotImplementedError() + +def update_ca_certs(): + """ + Updates the CA certificate cache on the current machine. + """ + check_call(["dpkg-reconfigure", "ca-certificates"]) + check_call(["update-ca-certificates"]) def handle(name, cfg, cloud, log, args): """ + Call to handle ca-cert sections in cloud-config file. + @param name: The module name "ca-cert" from cloud.cfg @param cfg: A nested dict containing the entire cloud config contents. @param cloud: The L{CloudInit} object in use @@ -49,3 +68,5 @@ def handle(name, cfg, cloud, log, args): if trusted_certs: cert_file_contents = "\n".join(trusted_certs) write_file(CERT_FILENAME, cert_file_contents, "root", "root", "644") + + update_ca_certs() diff --git a/tests/unittests/test_handler_ca_certs.py b/tests/unittests/test_handler_ca_certs.py index 21eddf18..254c8727 100644 --- a/tests/unittests/test_handler_ca_certs.py +++ b/tests/unittests/test_handler_ca_certs.py @@ -1,25 +1,42 @@ from unittest import TestCase from mocker import MockerTestCase -from cloudinit.CloudConfig.cc_ca_certs import handle, write_file +from cloudinit.CloudConfig.cc_ca_certs import handle, write_file, update_ca_certs -class TestAddCaCerts(MockerTestCase): +class TestNoConfig(MockerTestCase): def setUp(self): - super(TestAddCaCerts, self).setUp() + super(TestNoConfig, self).setUp() self.name = "ca-certs" self.cloud_init = None self.log = None self.args = [] def test_no_config(self): - """Test that no certificate are written if not provided.""" + """ + Test that nothing is done if no ca-certs configuration is provided. + """ config = {"unknown-key": "value"} - mock = self.mocker.replace(write_file, passthrough=False) + self.mocker.replace(write_file, passthrough=False) + self.mocker.replace(update_ca_certs, passthrough=False) self.mocker.replay() handle(self.name, config, self.cloud_init, self.log, self.args) + +class TestAddCaCerts(MockerTestCase): + def setUp(self): + super(TestAddCaCerts, self).setUp() + self.name = "ca-certs" + self.cloud_init = None + self.log = None + self.args = [] + + # The config option is present for all these tests so + # update_ca_certs should always be called. + mock = self.mocker.replace(update_ca_certs, passthrough=False) + mock() + def test_no_trusted_list(self): """Test that no certificate are written if not provided.""" config = {"ca-certs": {}} @@ -62,3 +79,13 @@ class TestAddCaCerts(MockerTestCase): self.mocker.replay() handle(self.name, config, self.cloud_init, self.log, self.args) + +class TestUpdateCaCerts(MockerTestCase): + def test_commands(self): + mock_check_call = self.mocker.replace("subprocess.check_call", + passthrough=False) + mock_check_call(["dpkg-reconfigure", "ca-certificates"]) + mock_check_call(["update-ca-certificates"]) + self.mocker.replay() + + update_ca_certs() |