summaryrefslogtreecommitdiff
path: root/cloudinit/CloudConfig/cc_ca_certs.py
diff options
context:
space:
mode:
Diffstat (limited to 'cloudinit/CloudConfig/cc_ca_certs.py')
-rw-r--r--cloudinit/CloudConfig/cc_ca_certs.py9
1 files changed, 9 insertions, 0 deletions
diff --git a/cloudinit/CloudConfig/cc_ca_certs.py b/cloudinit/CloudConfig/cc_ca_certs.py
index 07074e2f..a51dbe9f 100644
--- a/cloudinit/CloudConfig/cc_ca_certs.py
+++ b/cloudinit/CloudConfig/cc_ca_certs.py
@@ -56,6 +56,12 @@ def add_ca_certs(certs):
cert_file_contents = "\n".join(certs)
write_file(CERT_FILENAME, cert_file_contents, "root", "root", "644")
+def remove_default_ca_certs():
+ """
+ Removes all default trusted CA certificates from the system.
+ """
+ raise NotImplementedError()
+
def handle(name, cfg, cloud, log, args):
"""
Call to handle ca-cert sections in cloud-config file.
@@ -71,6 +77,9 @@ def handle(name, cfg, cloud, log, args):
return
ca_cert_cfg = cfg['ca-certs']
+ if ca_cert_cfg.get("remove-defaults", False):
+ remove_default_ca_certs()
+
# set the validation key based on the presence of either 'validation_key'
# or 'validation_cert'. In the case where both exist, 'validation_key'
# takes precedence