summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--cloudinit/CloudConfig/cc_ca_certs.py12
-rw-r--r--tests/unittests/test_util.py13
2 files changed, 20 insertions, 5 deletions
diff --git a/cloudinit/CloudConfig/cc_ca_certs.py b/cloudinit/CloudConfig/cc_ca_certs.py
index b7dd1781..cec70e5c 100644
--- a/cloudinit/CloudConfig/cc_ca_certs.py
+++ b/cloudinit/CloudConfig/cc_ca_certs.py
@@ -94,8 +94,8 @@ def handle(name, cfg, cloud, log, args):
@param name: The module name "ca-cert" from cloud.cfg
@param cfg: A nested dict containing the entire cloud config contents.
- @param cloud: The L{CloudInit} object in use
- @param log: Pre-initialized Python logger object to use for logging
+ @param cloud: The L{CloudInit} object in use.
+ @param log: Pre-initialized Python logger object to use for logging.
@param args: Any module arguments from cloud.cfg
"""
# If there isn't a ca-certs section in the configuration don't do anything
@@ -103,14 +103,16 @@ def handle(name, cfg, cloud, log, args):
return
ca_cert_cfg = cfg['ca-certs']
+ # If there is a remove-defaults option set to true, remove the system
+ # default trusted CA certs first.
if ca_cert_cfg.get("remove-defaults", False):
remove_default_ca_certs()
- # set the validation key based on the presence of either 'validation_key'
- # or 'validation_cert'. In the case where both exist, 'validation_key'
- # takes precedence
+ # If we are given any new trusted CA certs to add, add them.
if ca_cert_cfg.has_key('trusted'):
trusted_certs = util.get_cfg_option_list_or_str(ca_cert_cfg, 'trusted')
if trusted_certs:
add_ca_certs(trusted_certs)
+
+ # Update the system with the new cert configuration.
update_ca_certs()
diff --git a/tests/unittests/test_util.py b/tests/unittests/test_util.py
index ecbaba1a..4c512990 100644
--- a/tests/unittests/test_util.py
+++ b/tests/unittests/test_util.py
@@ -9,12 +9,14 @@ from cloudinit.util import mergedict, get_cfg_option_list_or_str, write_file
class TestMergeDict(TestCase):
def test_simple_merge(self):
+ """Test simple non-conflict merge."""
source = {"key1": "value1"}
candidate = {"key2": "value2"}
result = mergedict(source, candidate)
self.assertEqual({"key1": "value1", "key2": "value2"}, result)
def test_nested_merge(self):
+ """Test nested merge."""
source = {"key1": {"key1.1": "value1.1"}}
candidate = {"key1": {"key1.2": "value1.2"}}
result = mergedict(source, candidate)
@@ -22,36 +24,42 @@ class TestMergeDict(TestCase):
{"key1": {"key1.1": "value1.1", "key1.2": "value1.2"}}, result)
def test_merge_does_not_override(self):
+ """Test that candidate doesn't override source."""
source = {"key1": "value1", "key2": "value2"}
candidate = {"key2": "value2", "key2": "NEW VALUE"}
result = mergedict(source, candidate)
self.assertEqual(source, result)
def test_empty_candidate(self):
+ """Test empty candidate doesn't change source."""
source = {"key": "value"}
candidate = {}
result = mergedict(source, candidate)
self.assertEqual(source, result)
def test_empty_source(self):
+ """Test empty source is replaced by candidate."""
source = {}
candidate = {"key": "value"}
result = mergedict(source, candidate)
self.assertEqual(candidate, result)
def test_non_dict_candidate(self):
+ """Test non-dict candidate is discarded."""
source = {"key": "value"}
candidate = "not a dict"
result = mergedict(source, candidate)
self.assertEqual(source, result)
def test_non_dict_source(self):
+ """Test non-dict source is not modified with a dict candidate."""
source = "not a dict"
candidate = {"key": "value"}
result = mergedict(source, candidate)
self.assertEqual(source, result)
def test_neither_dict(self):
+ """Test if neither candidate or source is dict source wins."""
source = "source"
candidate = "candidate"
result = mergedict(source, candidate)
@@ -59,26 +67,31 @@ class TestMergeDict(TestCase):
class TestGetCfgOptionListOrStr(TestCase):
def test_not_found_no_default(self):
+ """None is returned if key is not found and no default given."""
config = {}
result = get_cfg_option_list_or_str(config, "key")
self.assertIsNone(result)
def test_not_found_with_default(self):
+ """Default is returned if key is not found."""
config = {}
result = get_cfg_option_list_or_str(config, "key", default=["DEFAULT"])
self.assertEqual(["DEFAULT"], result)
def test_found_with_default(self):
+ """Default is not returned if key is found."""
config = {"key": ["value1"]}
result = get_cfg_option_list_or_str(config, "key", default=["DEFAULT"])
self.assertEqual(["value1"], result)
def test_found_convert_to_list(self):
+ """Single string is converted to one element list."""
config = {"key": "value1"}
result = get_cfg_option_list_or_str(config, "key")
self.assertEqual(["value1"], result)
def test_value_is_none(self):
+ """If value is None empty list is returned."""
config = {"key": None}
result = get_cfg_option_list_or_str(config, "key")
self.assertEqual([], result)