URL: https://github.com/freeipa/freeipa/pull/1379 Author: tiran Title: #1379: Prevent set_directive from clobbering other keys / safe directive setter Action: opened
PR body: """ This PR combines @frasertweedale PR #1347 with a safe directive setter (https://pagure.io/freeipa/issue/7312)
## Original PR message
`set_directive` only looks for a prefix of the line matching the given directive (key). If a directive is encountered for which the given key is prefix, it will be vanquished.
This occurs in the case of `{ca,kra}.sslserver.cert[req]`; the `cert` directive gets updated after certificate renewal, and the `certreq` directive gets clobbered. This can cause failures later on during KRA installation, and possibly cloning.
Match the whole directive to avoid this issue.
Fixes: https://pagure.io/freeipa/issue/7288
-----
Cause: corner case.
How to test:
1. ensure `ca.sslserver.certreq=<base64 CSR>` exists in `ca/CS.cfg`. 2. resubmit Certmonger tracking request for `Server-Cert cert-pki-ca` Dogtag system cert. 3. verify that `ca.sslserver.certreq=<base64 CSR>` still exists in `ca/CS.cfg`.
## safe DirectiveSetter
The new context manager ``DirectiveSetter`` avoids several possible issues that can lead to destroyed configuration files. """
To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1379/head:pr1379 git checkout pr1379
URL: https://github.com/freeipa/freeipa/pull/1379 Author: tiran Title: #1379: Prevent set_directive from clobbering other keys / safe directive setter Action: closed
To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1379/head:pr1379 git checkout pr1379
freeipa-devel@lists.fedorahosted.org