From 667a3da2be1c6351496d3584ee658d58f479f4b0 Mon Sep 17 00:00:00 2001 From: Mike Milner Date: Sat, 14 Jan 2012 12:22:27 -0400 Subject: Handle config flag for removing default trusted CAs. --- cloudinit/CloudConfig/cc_ca_certs.py | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'cloudinit') diff --git a/cloudinit/CloudConfig/cc_ca_certs.py b/cloudinit/CloudConfig/cc_ca_certs.py index 07074e2f..a51dbe9f 100644 --- a/cloudinit/CloudConfig/cc_ca_certs.py +++ b/cloudinit/CloudConfig/cc_ca_certs.py @@ -56,6 +56,12 @@ def add_ca_certs(certs): cert_file_contents = "\n".join(certs) write_file(CERT_FILENAME, cert_file_contents, "root", "root", "644") +def remove_default_ca_certs(): + """ + Removes all default trusted CA certificates from the system. + """ + raise NotImplementedError() + def handle(name, cfg, cloud, log, args): """ Call to handle ca-cert sections in cloud-config file. @@ -71,6 +77,9 @@ def handle(name, cfg, cloud, log, args): return ca_cert_cfg = cfg['ca-certs'] + if ca_cert_cfg.get("remove-defaults", False): + remove_default_ca_certs() + # set the validation key based on the presence of either 'validation_key' # or 'validation_cert'. In the case where both exist, 'validation_key' # takes precedence -- cgit v1.2.3