Skip to content

Commit

Permalink
fix(certmanager): patches for auth handler (#626)
Browse files Browse the repository at this point in the history
* fix(certmanager): ensure jansRevision always updated #614

* fix(certmanager): ensure backup for auth-server private keys is created #615
  • Loading branch information
iromli authored Jan 20, 2022
1 parent d19fbfd commit d95453f
Showing 1 changed file with 8 additions and 3 deletions.
11 changes: 8 additions & 3 deletions docker-jans-certmanager/scripts/auth_handler.py
Original file line number Diff line number Diff line change
Expand Up @@ -433,13 +433,18 @@ def patch(self):
if int(self.privkey_push_delay) > 0:
logger.info(f"Waiting for private key push delay ({int(self.privkey_push_delay)} seconds) ...")
time.sleep(int(self.privkey_push_delay))

for container in auth_containers:
logger.info(f"creating backup of {name}:{jks_fn}")
self.meta_client.exec_cmd(container, f"cp {jks_fn} {jks_fn}.backup")
logger.info(f"creating new {name}:{jks_fn}")
self.meta_client.copy_to_container(container, jks_fn)

# key selection is changed
if self.privkey_push_strategy != self.key_strategy:
rev = rev + 1
# as new JKS pushed to container, we need to tell auth-server to reload the private keys
# by increasing jansRevision again; note that as jansRevision may have been modified externally
# we need to ensure we have fresh jansRevision value to increase to
config = self.backend.get_auth_config()
rev = int(config["jansRevision"]) + 1
conf_dynamic.update({
"keySelectionStrategy": self.privkey_push_strategy,
})
Expand Down

0 comments on commit d95453f

Please sign in to comment.