backward-compatible default value for kojid/kojira/koji-gc certs

2017-01-05 14:54:07 +01:00 · 2017-01-05 14:54:07 +01:00 · 7fb7bd28a9
commit 7fb7bd28a9
parent 5612b1a709
3 changed files with 40 additions and 10 deletions
--- a/builder/kojid
+++ b/builder/kojid
@ -5015,9 +5015,9 @@ def get_options():
                                     'resolver-status.properties *.lastUpdated',
                'failed_buildroot_lifetime' : 3600 * 4,
                'rpmbuild_timeout' : 3600 * 24,
-                'cert': '/etc/kojid/client.crt',
+                'cert': None,
                'ca': '',  # FIXME: Unused, remove in next major release
-                'serverca': '/etc/kojid/serverca.crt'}
+                'serverca': None}
    if config.has_section('kojid'):
        for name, value in config.items('kojid'):
            if name in ['sleeptime', 'maxjobs', 'minspace', 'retry_interval',
@ -5074,6 +5074,17 @@ def get_options():
    if options.debug_mock:
        logger.warning("The debug-mock option is obsolete")

+    # special handling for cert defaults
+    cert_defaults = {
+        'cert': '/etc/kojid/client.crt',
+        'serverca': '/etc/kojid/serverca.crt',
+    }
+    for name in cert_defaults:
+        if getattr(options, name, None) is None:
+            fn = cert_defaults[name]
+            if os.path.exists(fn):
+                setattr(options, name, fn)
+
    return options

 def quit(msg=None, code=1):
--- a/util/koji-gc
+++ b/util/koji-gc
@ -62,12 +62,10 @@ def get_options():
                      help=_("do not authenticate"))
    parser.add_option("--network-hack", action="store_true", default=False,
                      help=optparse.SUPPRESS_HELP)  # no longer used
-    parser.add_option("--cert", default='/etc/koji-gc/client.crt',
-                      help=_("Client SSL certificate file for authentication"))
+    parser.add_option("--cert", help=_("Client SSL certificate file for authentication"))
    parser.add_option("--ca", default='',
                      help=_("ignored"))  # FIXME: remove in next major release
-    parser.add_option("--serverca", default='/etc/koji-gc/serverca.crt',
-                      help=_("CA cert file that issued the hub certificate"))
+    parser.add_option("--serverca", help=_("CA cert file that issued the hub certificate"))
    parser.add_option("-n", "--test", action="store_true", default=False,
                      help=_("test mode"))
    parser.add_option("-d", "--debug", action="store_true", default=False,
@ -213,6 +211,17 @@ def get_options():
        except ValueError:
            parser.error(_("Invalid time interval: %s") % value)

+    # special handling for cert defaults
+    cert_defaults = {
+        'cert': '/etc/koji-gc/client.crt',
+        'serverca': '/etc/koji-gc/serverca.crt',
+    }
+    for name in cert_defaults:
+        if getattr(options, name, None) is None:
+            fn = cert_defaults[name]
+            if os.path.exists(fn):
+                setattr(options, name, fn)
+
    return options, args

 def check_tag(name):
@ -350,7 +359,7 @@ def activate_session(session):
    if options.noauth:
        #skip authentication
        pass
-    elif os.path.isfile(options.cert):
+    elif options.cert is not None and os.path.isfile(options.cert):
        # authenticate using SSL client cert
        session.ssl_login(options.cert, None, options.serverca, proxyuser=options.runas)
    elif options.user:
--- a/util/kojira
+++ b/util/kojira
@ -729,9 +729,9 @@ def get_options():
                'deleted_repo_lifetime': 7*24*3600,
                #XXX should really be called expired_repo_lifetime
                'sleeptime' : 15,
-                'cert': '/etc/kojira/client.crt',
+                'cert': None,
                'ca': '',  # FIXME: unused, remove in next major release
-                'serverca': '/etc/kojira/serverca.crt'
+                'serverca': None,
                }
    if config.has_section(section):
        int_opts = ('deleted_repo_lifetime', 'max_repo_tasks', 'repo_tasks_limit',
@ -755,6 +755,16 @@ def get_options():
            setattr(options, name, value)
    if options.logfile in ('','None','none'):
        options.logfile = None
+    # special handling for cert defaults
+    cert_defaults = {
+        'cert': '/etc/kojira/client.crt',
+        'serverca': '/etc/kojira/serverca.crt',
+    }
+    for name in cert_defaults:
+        if getattr(options, name, None) is None:
+            fn = cert_defaults[name]
+            if os.path.exists(fn):
+                setattr(options, name, fn)
    return options

 def quit(msg=None, code=1):
@ -797,7 +807,7 @@ if  __name__ == "__main__":

    session_opts = koji.grab_session_options(options)
    session = koji.ClientSession(options.server,session_opts)
-    if os.path.isfile(options.cert):
+    if options.cert is not None and os.path.isfile(options.cert):
        # authenticate using SSL client certificates
        session.ssl_login(options.cert, None, options.serverca)
    elif options.user: