From 0729913a806fde5d9d159b49b7ff77c040ff4e5d Mon Sep 17 00:00:00 2001
From: Massimiliano Adamo <maxadamo@gmail.com>
Date: Mon, 17 Feb 2025 16:35:36 +0100
Subject: [PATCH] refactor: update keys function to use configparser for CA
file retrieval
---
wile_coyote/bin/anvil | 7 ++++---
wile_coyote/common/combine.py | 11 +++++------
wile_coyote/tools/__init__.py | 3 ++-
3 files changed, 11 insertions(+), 10 deletions(-)
diff --git a/wile_coyote/bin/anvil b/wile_coyote/bin/anvil
index f8990c8..8d90a49 100755
--- a/wile_coyote/bin/anvil
+++ b/wile_coyote/bin/anvil
@@ -145,7 +145,6 @@ if __name__ == "__main__":
log.handler(constants.GIVEUP, LOGFILE, True)
sys_kit.coyote_exit(LOGFILE, START_TIMEDATE, 1)
- ACME_PROVIDERS = wile_coyote.tools.ACME_PROVIDERS
REDIS_HOST = wile_coyote.tools.REDIS_HOST
REDIS_TOKEN = wile_coyote.tools.REDIS_TOKEN
VAULT_HOST = wile_coyote.tools.VAULT_HOST
@@ -154,6 +153,8 @@ if __name__ == "__main__":
CONSUL_LEADER, _, __ = wile_coyote.tools.consul_kit.get_leader(LOGFILE)
MOUNT_POINTS_V1 = wile_coyote.tools.MOUNT_POINTS_V1
MOUNT_POINTS_V2 = wile_coyote.tools.MOUNT_POINTS_V2
+ ACME_PROVIDERS = wile_coyote.tools.ACME_PROVIDERS
+ acme_providers_list = ACME_PROVIDERS.replace(' ', '').split(',')
# keys define in .acme.ini
REDIS_KEYS = wile_coyote.tools.REDIS_KEYS
@@ -163,11 +164,11 @@ if __name__ == "__main__":
# prune certificates locally
if PRUNE:
if "all" in PRUNE:
- prune = ACME_PROVIDERS
+ prune = acme_providers_list
else:
prune = PRUNE
for prov in prune:
- if prov not in ACME_PROVIDERS:
+ if prov not in acme_providers_list:
log.handler(f"{prov} is not a valid provider", LOGFILE, True)
log.handler(constants.GIVEUP, LOGFILE, True)
sys_kit.coyote_exit(LOGFILE, START_TIMEDATE, 1)
diff --git a/wile_coyote/common/combine.py b/wile_coyote/common/combine.py
index 7c27452..f570e5c 100644
--- a/wile_coyote/common/combine.py
+++ b/wile_coyote/common/combine.py
@@ -4,7 +4,7 @@ import os
import wile_coyote.tools
-def keys(certpath, provider, keypath, outpath):
+def keys(cert_path, provider, key_path, outpath):
"""combine certificate, CA and private key"""
if os.path.isdir("/etc/ssl/certs"):
ssl_dir = "/etc/ssl/certs"
@@ -13,13 +13,12 @@ def keys(certpath, provider, keypath, outpath):
else:
raise NotImplementedError("OS not supported")
- # providers and CAs are mapped in acme.ini
- acme_providers = wile_coyote.tools.ACME_PROVIDERS
- capath = os.path.join(ssl_dir, acme_providers[provider])
- filenames = [certpath, capath, keypath]
+ ca_file = wile_coyote.tools.PROVIDERS_CA[provider]
+ ca_path = os.path.join(ssl_dir, ca_file)
+ file_names = [cert_path, ca_path, key_path]
with open(outpath, "w", encoding="utf-8") as outfile:
- for fname in filenames:
+ for fname in file_names:
with open(fname, "r", encoding="utf-8") as infile:
outfile.write(infile.read())
outfile.close()
diff --git a/wile_coyote/tools/__init__.py b/wile_coyote/tools/__init__.py
index 56dfb2b..644327a 100644
--- a/wile_coyote/tools/__init__.py
+++ b/wile_coyote/tools/__init__.py
@@ -21,7 +21,8 @@ for loader, module_name, is_pkg in pkgutil.walk_packages(__path__):
CONSUL_SERVERS = config.get('acme', 'consul_servers')
CONSUL_TOKEN = config.get('acme', 'consul_token')
WEB_BASE = config.get('acme', 'web_base')
- ACME_PROVIDERS = l_eval(config.get('acme', 'acme_providers'))
+ ACME_PROVIDERS = config.get('acme', 'acme_providers')
+ PROVIDERS_CA = l_eval(config.get('acme', 'providers_ca'))
# these parameters only work in test
if 'unit-test' not in config.sections():
--
GitLab