Update config in save_successor

2026-01-24 19:22:07 +03:00 · 2016-02-03 15:13:17 -08:00
parent 3b5112c527
commit ca8b4751ad
2 changed files with 50 additions and 11 deletions
--- a/letsencrypt/storage.py
+++ b/letsencrypt/storage.py
@@ -87,6 +87,31 @@ def write_renewal_config(filename, target, cli_config):
    return config


+def update_configuration(lineagename, target, cli_config):
+    """Modifies lineagename's config to contain the specified values.
+
+    :param str lineagename: Name of the lineage being modified
+    :param dict target: Maps ALL_FOUR to their symlink paths
+    :param .RenewerConfiguration cli_config: parsed command line
+        arguments
+
+    :returns: Configuration object for the updated config file
+    :rtype: configobj.ConfigObj
+
+    """
+    config_filename = os.path.join(
+        cli_config.renewal_configs_dir, lineagename) + ".conf"
+    temp_filename = config_filename + ".new"
+
+    # If an existing tempfile exists, delete it
+    if os.path.exists(temp_filename):
+        os.unlink(temp_filename)
+    write_renewal_config(temp_filename, target, cli_config)
+    os.rename(temp_filename, config_filename)
+
+    return configobj.ConfigObj(config_filename)
+
+
 class RenewableCert(object):  # pylint: disable=too-many-instance-attributes
    """Renewable certificate.

@@ -711,7 +736,8 @@ class RenewableCert(object):  # pylint: disable=too-many-instance-attributes
        new_config = write_renewal_config(config_filename, target, cli_config)
        return cls(new_config.filename, cli_config)

-    def save_successor(self, prior_version, new_cert, new_privkey, new_chain):
+    def save_successor(self, prior_version, new_cert,
+                       new_privkey, new_chain, cli_config):
        """Save new cert and chain as a successor of a prior version.

        Returns the new version number that was created.
@@ -727,6 +753,8 @@ class RenewableCert(object):  # pylint: disable=too-many-instance-attributes
        :param str new_privkey: the new private key, in PEM format,
            or ``None``, if the private key has not changed
        :param str new_chain: the new chain, in PEM format
+        :param .RenewerConfiguration cli_config: parsed command line
+            arguments

        :returns: the new version number that was created
        :rtype: int
@@ -775,4 +803,10 @@ class RenewableCert(object):  # pylint: disable=too-many-instance-attributes
        with open(target["fullchain"], "w") as f:
            logger.debug("Writing full chain to %s.", target["fullchain"])
            f.write(new_cert + new_chain)
+
+        # Update renewal config file
+        self.configfile = update_configuration(
+            self.lineagename, target, cli_config)
+        self.configuration = config_with_defaults(self.configfile)
+
        return target_version
--- a/letsencrypt/tests/storage_test.py
+++ b/letsencrypt/tests/storage_test.py
@@ -504,8 +504,9 @@ class RenewableCertTests(BaseRenewableCertTest):
                with open(where, "w") as f:
                    f.write(kind)
        self.test_rc.update_all_links_to(3)
-        self.assertEqual(6, self.test_rc.save_successor(3, "new cert", None,
-                                                        "new chain"))
+        self.assertEqual(
+            6, self.test_rc.save_successor(3, "new cert", None,
+                                           "new chain", self.cli_config))
        with open(self.test_rc.version("cert", 6)) as f:
            self.assertEqual(f.read(), "new cert")
        with open(self.test_rc.version("chain", 6)) as f:
@@ -516,10 +517,12 @@ class RenewableCertTests(BaseRenewableCertTest):
        self.assertFalse(os.path.islink(self.test_rc.version("privkey", 3)))
        self.assertTrue(os.path.islink(self.test_rc.version("privkey", 6)))
        # Let's try two more updates
-        self.assertEqual(7, self.test_rc.save_successor(6, "again", None,
-                                                        "newer chain"))
-        self.assertEqual(8, self.test_rc.save_successor(7, "hello", None,
-                                                        "other chain"))
+        self.assertEqual(
+            7, self.test_rc.save_successor(6, "again", None,
+                                           "newer chain", self.cli_config))
+        self.assertEqual(
+            8, self.test_rc.save_successor(7, "hello", None,
+                                           "other chain", self.cli_config))
        # All of the subsequent versions should link directly to the original
        # privkey.
        for i in (6, 7, 8):
@@ -532,8 +535,9 @@ class RenewableCertTests(BaseRenewableCertTest):
            self.assertEqual(self.test_rc.current_version(kind), 3)
        # Test updating from latest version rather than old version
        self.test_rc.update_all_links_to(8)
-        self.assertEqual(9, self.test_rc.save_successor(8, "last", None,
-                                                        "attempt"))
+        self.assertEqual(
+            9, self.test_rc.save_successor(8, "last", None,
+                                           "attempt", self.cli_config))
        for kind in ALL_FOUR:
            self.assertEqual(self.test_rc.available_versions(kind),
                             range(1, 10))
@@ -542,8 +546,9 @@ class RenewableCertTests(BaseRenewableCertTest):
            self.assertEqual(f.read(), "last" + "attempt")
        # Test updating when providing a new privkey.  The key should
        # be saved in a new file rather than creating a new symlink.
-        self.assertEqual(10, self.test_rc.save_successor(9, "with", "a",
-                                                         "key"))
+        self.assertEqual(
+            10, self.test_rc.save_successor(9, "with", "a",
+                                            "key", self.cli_config))
        self.assertTrue(os.path.exists(self.test_rc.version("privkey", 10)))
        self.assertFalse(os.path.islink(self.test_rc.version("privkey", 10)))