summaryrefslogtreecommitdiff
path: root/cloudinit/CloudConfig
diff options
context:
space:
mode:
Diffstat (limited to 'cloudinit/CloudConfig')
-rw-r--r--cloudinit/CloudConfig/cc_ca_certs.py19
1 files changed, 9 insertions, 10 deletions
diff --git a/cloudinit/CloudConfig/cc_ca_certs.py b/cloudinit/CloudConfig/cc_ca_certs.py
index ef651f8b..e6cdc3f5 100644
--- a/cloudinit/CloudConfig/cc_ca_certs.py
+++ b/cloudinit/CloudConfig/cc_ca_certs.py
@@ -14,26 +14,23 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import os
-import pwd
-import socket
from subprocess import check_call
-import json
-import StringIO
-import ConfigParser
-import cloudinit.CloudConfig as cc
-from cloudinit.util import write_file, get_cfg_option_list_or_str, delete_dir_contents
+from cloudinit.util import (write_file, get_cfg_option_list_or_str,
+ delete_dir_contents)
CA_CERT_PATH = "/usr/share/ca-certificates/"
CA_CERT_FILENAME = "cloud-init-ca-certs.crt"
CA_CERT_CONFIG = "/etc/ca-certificates.conf"
CA_CERT_SYSTEM_PATH = "/etc/ssl/certs/"
+
def update_ca_certs():
"""
Updates the CA certificate cache on the current machine.
"""
check_call(["update-ca-certificates"])
+
def add_ca_certs(certs):
"""
Adds certificates to the system. To actually apply the new certificates
@@ -48,6 +45,7 @@ def add_ca_certs(certs):
# Append cert filename to CA_CERT_CONFIG file.
write_file(CA_CERT_CONFIG, "\n%s" % CA_CERT_FILENAME, omode="a")
+
def remove_default_ca_certs():
"""
Removes all default trusted CA certificates from the system. To actually
@@ -57,6 +55,7 @@ def remove_default_ca_certs():
delete_dir_contents(CA_CERT_SYSTEM_PATH)
write_file(CA_CERT_CONFIG, "", mode=0644)
+
def handle(name, cfg, cloud, log, args):
"""
Call to handle ca-cert sections in cloud-config file.
@@ -68,7 +67,7 @@ def handle(name, cfg, cloud, log, args):
@param args: Any module arguments from cloud.cfg
"""
# If there isn't a ca-certs section in the configuration don't do anything
- if not cfg.has_key('ca-certs'):
+ if "ca-certs" not in cfg:
return
ca_cert_cfg = cfg['ca-certs']
@@ -78,8 +77,8 @@ def handle(name, cfg, cloud, log, args):
remove_default_ca_certs()
# If we are given any new trusted CA certs to add, add them.
- if ca_cert_cfg.has_key('trusted'):
- trusted_certs = get_cfg_option_list_or_str(ca_cert_cfg, 'trusted')
+ if "trusted" in ca_cert_cfg:
+ trusted_certs = get_cfg_option_list_or_str(ca_cert_cfg, "trusted")
if trusted_certs:
add_ca_certs(trusted_certs)