fix(certmanager): patches for auth handler (#626)

* fix(certmanager): ensure jansRevision always updated #614 * fix(certmanager): ensure backup for auth-server private keys is created #615
JanssenProject · Jan 20, 2022 · d95453f · d95453f
1 parent d19fbfd
commit d95453f
Showing 1 changed file with 8 additions and 3 deletions.
diff --git a/docker-jans-certmanager/scripts/auth_handler.py b/docker-jans-certmanager/scripts/auth_handler.py
@@ -433,13 +433,18 @@ def patch(self):
             if int(self.privkey_push_delay) > 0:
                 logger.info(f"Waiting for private key push delay ({int(self.privkey_push_delay)} seconds) ...")
                 time.sleep(int(self.privkey_push_delay))
+
                 for container in auth_containers:
+                    logger.info(f"creating backup of {name}:{jks_fn}")
+                    self.meta_client.exec_cmd(container, f"cp {jks_fn} {jks_fn}.backup")
                     logger.info(f"creating new {name}:{jks_fn}")
                     self.meta_client.copy_to_container(container, jks_fn)
 
-                # key selection is changed
-                if self.privkey_push_strategy != self.key_strategy:
-                    rev = rev + 1
+                    # as new JKS pushed to container, we need to tell auth-server to reload the private keys
+                    # by increasing jansRevision again; note that as jansRevision may have been modified externally
+                    # we need to ensure we have fresh jansRevision value to increase to
+                    config = self.backend.get_auth_config()
+                    rev = int(config["jansRevision"]) + 1
                     conf_dynamic.update({
                         "keySelectionStrategy": self.privkey_push_strategy,
                     })