rpmmd/RHSMSecrets: don't store as global variable

Read in when instantiating the rpmmd object, and cache it there instead. Signed-off-by: Tom Gundersen <teg@jklm.no>
2020-05-26 12:02:24 +02:00 · 2020-05-26 12:02:24 +02:00 · b2cd76ef69
commit b2cd76ef69
parent a4ebf1cd28
1 changed files with 23 additions and 27 deletions
--- a/internal/rpmmd/repository.go
+++ b/internal/rpmmd/repository.go
@ -159,27 +159,22 @@ type RHSMSecrets struct {
 	SSLClientCert string `json:"sslclientcert,omitempty"`
 }
-var rhsmSecrets RHSMSecrets
+func getRHSMSecrets() *RHSMSecrets {
-
+	keys, err := filepath.Glob("/etc/pki/entitlement/*-key.pem")
-func getRHSMSecrets() (RHSMSecrets, error) {
+	if err != nil {
-	if rhsmSecrets == (RHSMSecrets{}) {
+		return nil
-		keys, err := filepath.Glob("/etc/pki/entitlement/*-key.pem")
+	}
-		if err != nil {
+	for _, key := range keys {
-			return rhsmSecrets, &RepositoryError{fmt.Sprintf("unable to find client key in /etc/pki/entitlement/: %v", err)}
+		cert := strings.TrimSuffix(key, "-key.pem") + ".pem"
-		}
+		if _, err := os.Stat(cert); err == nil {
-		for _, key := range keys {
+			return &RHSMSecrets{
-			cert := strings.TrimSuffix(key, "-key.pem") + ".pem"
+				SSLCACert:     "/etc/rhsm/ca/redhat-uep.pem",
-			if _, err := os.Stat(cert); err == nil {
+				SSLClientKey:  key,
-				rhsmSecrets = RHSMSecrets{
+				SSLClientCert: cert,
 					SSLCACert:     "/etc/rhsm/ca/redhat-uep.pem",
 					SSLClientKey:  key,
 					SSLClientCert: cert,
 				}
 				break
 			}
 		}
 	}
-	return rhsmSecrets, nil
+	return nil
 }
 func LoadRepositories(confPaths []string, distro string) (map[string][]RepoConfig, error) {
@ -288,15 +283,17 @@ func runDNF(command string, arguments interface{}, result interface{}) error {
 type rpmmdImpl struct {
 	CacheDir string
 	RHSM     *RHSMSecrets
 }
 func NewRPMMD(cacheDir string) RPMMD {
 	return &rpmmdImpl{
 		CacheDir: cacheDir,
 		RHSM:     getRHSMSecrets(),
 	}
 }
-func (repo RepoConfig) toDNFRepoConfig(i int) (dnfRepoConfig, error) {
+func (repo RepoConfig) toDNFRepoConfig(rpmmd *rpmmdImpl, i int) (dnfRepoConfig, error) {
 	id := strconv.Itoa(i)
 	dnfRepo := dnfRepoConfig{
 		ID:             id,
@ -308,13 +305,12 @@ func (repo RepoConfig) toDNFRepoConfig(i int) (dnfRepoConfig, error) {
 		MetadataExpire: repo.MetadataExpire,
 	}
 	if repo.RHSM {
-		secrets, err := getRHSMSecrets()
+		if rpmmd.RHSM == nil {
-		if err != nil {
+			return dnfRepoConfig{}, fmt.Errorf("RHSM secrets not fonud on host")
 			return dnfRepoConfig{}, err
 		}
-		dnfRepo.SSLCACert = secrets.SSLCACert
+		dnfRepo.SSLCACert = rpmmd.RHSM.SSLCACert
-		dnfRepo.SSLClientKey = secrets.SSLClientKey
+		dnfRepo.SSLClientKey = rpmmd.RHSM.SSLClientKey
-		dnfRepo.SSLClientCert = secrets.SSLClientCert
+		dnfRepo.SSLClientCert = rpmmd.RHSM.SSLClientCert
 	}
 	return dnfRepo, nil
 }
@ -322,7 +318,7 @@ func (repo RepoConfig) toDNFRepoConfig(i int) (dnfRepoConfig, error) {
 func (r *rpmmdImpl) FetchMetadata(repos []RepoConfig, modulePlatformID string, arch string) (PackageList, map[string]string, error) {
 	var dnfRepoConfigs []dnfRepoConfig
 	for i, repo := range repos {
-		dnfRepo, err := repo.toDNFRepoConfig(i)
+		dnfRepo, err := repo.toDNFRepoConfig(r, i)
 		if err != nil {
 			return nil, nil, err
 		}
@ -352,7 +348,7 @@ func (r *rpmmdImpl) Depsolve(specs, excludeSpecs []string, repos []RepoConfig, m
 	var dnfRepoConfigs []dnfRepoConfig
 	for i, repo := range repos {
-		dnfRepo, err := repo.toDNFRepoConfig(i)
+		dnfRepo, err := repo.toDNFRepoConfig(r, i)
 		if err != nil {
 			return nil, nil, err
 		}