URL: https://github.com/freeipa/freeipa/pull/1379 Author: tiran Title: #1379: Prevent set_directive from clobbering other keys / safe directive setter Action: opened

PR body: """ This PR combines @frasertweedale PR #1347 with a safe directive setter (https://pagure.io/freeipa/issue/7312)

## Original PR message

`set_directive` only looks for a prefix of the line matching the given directive (key). If a directive is encountered for which the given key is prefix, it will be vanquished.

This occurs in the case of `{ca,kra}.sslserver.cert[req]`; the `cert` directive gets updated after certificate renewal, and the `certreq` directive gets clobbered. This can cause failures later on during KRA installation, and possibly cloning.

Match the whole directive to avoid this issue.

Fixes: https://pagure.io/freeipa/issue/7288

-----

Cause: corner case.

How to test:

1. ensure `ca.sslserver.certreq=<base64 CSR>` exists in `ca/CS.cfg`. 2. resubmit Certmonger tracking request for `Server-Cert cert-pki-ca` Dogtag system cert. 3. verify that `ca.sslserver.certreq=<base64 CSR>` still exists in `ca/CS.cfg`.

## safe DirectiveSetter

The new context manager ``DirectiveSetter`` avoids several possible issues that can lead to destroyed configuration files. """

To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1379/head:pr1379 git checkout pr1379