From d95453f3a2234518b6c6d8ffd136543ba08bd238 Mon Sep 17 00:00:00 2001 From: Isman Firmansyah Date: Thu, 20 Jan 2022 17:10:48 +0700 Subject: [PATCH] fix(certmanager): patches for auth handler (#626) * fix(certmanager): ensure jansRevision always updated #614 * fix(certmanager): ensure backup for auth-server private keys is created #615 --- docker-jans-certmanager/scripts/auth_handler.py | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/docker-jans-certmanager/scripts/auth_handler.py b/docker-jans-certmanager/scripts/auth_handler.py index 9f208cdc34f..d49d35e5809 100644 --- a/docker-jans-certmanager/scripts/auth_handler.py +++ b/docker-jans-certmanager/scripts/auth_handler.py @@ -433,13 +433,18 @@ def patch(self): if int(self.privkey_push_delay) > 0: logger.info(f"Waiting for private key push delay ({int(self.privkey_push_delay)} seconds) ...") time.sleep(int(self.privkey_push_delay)) + for container in auth_containers: + logger.info(f"creating backup of {name}:{jks_fn}") + self.meta_client.exec_cmd(container, f"cp {jks_fn} {jks_fn}.backup") logger.info(f"creating new {name}:{jks_fn}") self.meta_client.copy_to_container(container, jks_fn) - # key selection is changed - if self.privkey_push_strategy != self.key_strategy: - rev = rev + 1 + # as new JKS pushed to container, we need to tell auth-server to reload the private keys + # by increasing jansRevision again; note that as jansRevision may have been modified externally + # we need to ensure we have fresh jansRevision value to increase to + config = self.backend.get_auth_config() + rev = int(config["jansRevision"]) + 1 conf_dynamic.update({ "keySelectionStrategy": self.privkey_push_strategy, })