From da72c37017784a87bf7876bd5066b3ad44b8d38e Mon Sep 17 00:00:00 2001 From: "Maddie Ford (SHE/HER)" Date: Tue, 8 Nov 2022 15:09:09 -0800 Subject: [PATCH 01/16] Update version to dummy 1.0.0.0' --- azurelinuxagent/common/version.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/azurelinuxagent/common/version.py b/azurelinuxagent/common/version.py index ff9c903b93..9a41c2e109 100644 --- a/azurelinuxagent/common/version.py +++ b/azurelinuxagent/common/version.py @@ -209,7 +209,7 @@ def has_logrotate(): # # When doing a release, be sure to use the actual agent version. Current agent version: 2.4.0.0 # -AGENT_VERSION = '9.9.9.9' +AGENT_VERSION = '1.0.0.0' AGENT_LONG_VERSION = "{0}-{1}".format(AGENT_NAME, AGENT_VERSION) AGENT_DESCRIPTION = """ The Azure Linux Agent supports the provisioning and running of Linux From 59dbd2245d6f55e8e4c0eb494bd0d01dcd44a2e3 Mon Sep 17 00:00:00 2001 From: "Maddie Ford (SHE/HER)" Date: Tue, 8 Nov 2022 15:40:54 -0800 Subject: [PATCH 02/16] Revert version change --- azurelinuxagent/common/version.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/azurelinuxagent/common/version.py b/azurelinuxagent/common/version.py index 9a41c2e109..ff9c903b93 100644 --- a/azurelinuxagent/common/version.py +++ b/azurelinuxagent/common/version.py @@ -209,7 +209,7 @@ def has_logrotate(): # # When doing a release, be sure to use the actual agent version. Current agent version: 2.4.0.0 # -AGENT_VERSION = '1.0.0.0' +AGENT_VERSION = '9.9.9.9' AGENT_LONG_VERSION = "{0}-{1}".format(AGENT_NAME, AGENT_VERSION) AGENT_DESCRIPTION = """ The Azure Linux Agent supports the provisioning and running of Linux From 4365b8719ec379f2b1947d735738d80ed83ea933 Mon Sep 17 00:00:00 2001 From: "Maddie Ford (SHE/HER)" Date: Tue, 14 Feb 2023 09:59:18 -0800 Subject: [PATCH 03/16] Download certificate in case of ft gs source --- azurelinuxagent/common/protocol/goal_state.py | 38 +++++++++++-------- 1 file changed, 23 insertions(+), 15 deletions(-) diff --git a/azurelinuxagent/common/protocol/goal_state.py b/azurelinuxagent/common/protocol/goal_state.py index ed96159c8a..e7282c4315 100644 --- a/azurelinuxagent/common/protocol/goal_state.py +++ b/azurelinuxagent/common/protocol/goal_state.py @@ -56,8 +56,9 @@ class GoalStateProperties(object): HostingEnv = 0x2 SharedConfig = 0x4 ExtensionsGoalState = 0x8 - RemoteAccessInfo = 0x10 - All = RoleConfig | HostingEnv | SharedConfig | ExtensionsGoalState | RemoteAccessInfo + Certificates = 0x10 + RemoteAccessInfo = 0x20 + All = RoleConfig | HostingEnv | SharedConfig | ExtensionsGoalState | Certificates | RemoteAccessInfo class GoalStateInconsistentError(ProtocolError): @@ -140,7 +141,7 @@ def extensions_goal_state(self): @property def certs(self): - if not self._goal_state_properties & GoalStateProperties.ExtensionsGoalState: + if not self._goal_state_properties & GoalStateProperties.Certificates: raise ProtocolError("Certificates is not in goal state properties") else: return self._certs @@ -289,6 +290,9 @@ def _update(self, force_update): # case, to ensure it fetches the new certificate. # if self._extensions_goal_state.source == GoalStateSource.FastTrack: + certs_uri = findtext(xml_doc, "Certificates") + if certs_uri is not None: + self._download_certificates(certs_uri) self._check_certificates() def _check_certificates(self): @@ -301,6 +305,20 @@ def _check_certificates(self): message = "Certificate {0} needed by {1} is missing from the goal state".format(settings.certificateThumbprint, extension.name) raise GoalStateInconsistentError(message) + def _download_certificates(self, certs_uri): + xml_text = self._wire_client.fetch_config(certs_uri, self._wire_client.get_header_for_cert()) + certs = Certificates(xml_text, self.logger) + # Log and save the certificates summary (i.e. the thumbprint but not the certificate itself) to the goal state history + for c in certs.summary: + message = "Downloaded certificate {0}".format(c) + self.logger.info(message) + add_event(op=WALAEventOperation.GoalState, message=message) + if len(certs.warnings) > 0: + self.logger.warn(certs.warnings) + add_event(op=WALAEventOperation.GoalState, message=certs.warnings) + self._history.save_certificates(json.dumps(certs.summary)) + return certs + def _restore_wire_server_goal_state(self, incarnation, xml_text, xml_doc, vm_settings_support_stopped_error): msg = 'The HGAP stopped supporting vmSettings; will fetched the goal state from the WireServer.' self.logger.info(msg) @@ -435,18 +453,8 @@ def _fetch_full_wire_server_goal_state(self, incarnation, xml_doc): certs = EmptyCertificates() certs_uri = findtext(xml_doc, "Certificates") - if (GoalStateProperties.ExtensionsGoalState & self._goal_state_properties) and certs_uri is not None: - xml_text = self._wire_client.fetch_config(certs_uri, self._wire_client.get_header_for_cert()) - certs = Certificates(xml_text, self.logger) - # Log and save the certificates summary (i.e. the thumbprint but not the certificate itself) to the goal state history - for c in certs.summary: - message = "Downloaded certificate {0}".format(c) - self.logger.info(message) - add_event(op=WALAEventOperation.GoalState, message=message) - if len(certs.warnings) > 0: - self.logger.warn(certs.warnings) - add_event(op=WALAEventOperation.GoalState, message=certs.warnings) - self._history.save_certificates(json.dumps(certs.summary)) + if (GoalStateProperties.Certificates & self._goal_state_properties) and certs_uri is not None: + certs = self._download_certificates(certs_uri) remote_access = None if GoalStateProperties.RemoteAccessInfo & self._goal_state_properties: From 4783956675672ddbb0e1c771c06b9eada70b32b7 Mon Sep 17 00:00:00 2001 From: "Maddie Ford (SHE/HER)" Date: Tue, 14 Feb 2023 10:07:33 -0800 Subject: [PATCH 04/16] Update unit test after separating extensionsconfig and certificates --- tests/protocol/test_wire.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/protocol/test_wire.py b/tests/protocol/test_wire.py index bbf018fc30..2a36fc2913 100644 --- a/tests/protocol/test_wire.py +++ b/tests/protocol/test_wire.py @@ -1101,7 +1101,7 @@ def test_forced_update_should_update_the_goal_state_and_the_host_plugin_when_the def test_reset_should_init_provided_goal_state_properties(self): with mock_wire_protocol(mockwiredata.DATA_FILE) as protocol: - protocol.client.reset_goal_state(goal_state_properties=GoalStateProperties.All & ~GoalStateProperties.ExtensionsGoalState) + protocol.client.reset_goal_state(goal_state_properties=GoalStateProperties.All & ~GoalStateProperties.Certificates) with self.assertRaises(ProtocolError) as context: _ = protocol.client.get_certs() From 7ddfa9532ba18d3f8c9aab66391e490e60bd04e1 Mon Sep 17 00:00:00 2001 From: "Maddie Ford (SHE/HER)" Date: Tue, 14 Feb 2023 11:45:40 -0800 Subject: [PATCH 05/16] Update unit tests so that certificates are downloaded in all cases --- tests/protocol/test_goal_state.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/protocol/test_goal_state.py b/tests/protocol/test_goal_state.py index 869da68c8c..08a9391f9d 100644 --- a/tests/protocol/test_goal_state.py +++ b/tests/protocol/test_goal_state.py @@ -156,7 +156,7 @@ def http_get_handler(url, *_, **__): protocol.set_http_handlers(http_get_handler=None) goal_state.update() self._assert_directory_contents( - self._find_history_subdirectory("234-987"), ["VmSettings.json"]) + self._find_history_subdirectory("234-987"), ["VmSettings.json", "Certificates.json"]) def test_it_should_redact_the_protected_settings_when_saving_to_the_history_directory(self): with mock_wire_protocol(mockwiredata.DATA_FILE_VM_SETTINGS) as protocol: @@ -412,7 +412,7 @@ def http_get_handler(url, *_, **__): goal_state = GoalState(protocol.client) self.assertEqual(2, protocol.mock_wire_data.call_counts['goalstate'], "There should have been exactly 2 requests for the goal state (original + refresh)") - self.assertEqual(2, http_get_handler.certificate_requests, "There should have been exactly 2 requests for the goal state certificates (original + refresh)") + self.assertEqual(4, http_get_handler.certificate_requests, "There should have been exactly 2 requests for the goal state certificates (original + refresh)") thumbprints = [c.thumbprint for c in goal_state.certs.cert_list.certificates] From a8534b9f9ef41db6fd9368a406e6168e086042be Mon Sep 17 00:00:00 2001 From: "Maddie Ford (SHE/HER)" Date: Tue, 14 Feb 2023 15:29:52 -0800 Subject: [PATCH 06/16] Update unit test message --- tests/protocol/test_goal_state.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/protocol/test_goal_state.py b/tests/protocol/test_goal_state.py index 08a9391f9d..a931601104 100644 --- a/tests/protocol/test_goal_state.py +++ b/tests/protocol/test_goal_state.py @@ -412,7 +412,7 @@ def http_get_handler(url, *_, **__): goal_state = GoalState(protocol.client) self.assertEqual(2, protocol.mock_wire_data.call_counts['goalstate'], "There should have been exactly 2 requests for the goal state (original + refresh)") - self.assertEqual(4, http_get_handler.certificate_requests, "There should have been exactly 2 requests for the goal state certificates (original + refresh)") + self.assertEqual(4, http_get_handler.certificate_requests, "There should have been exactly 4 requests for the goal state certificates (2x original + 2x refresh)") thumbprints = [c.thumbprint for c in goal_state.certs.cert_list.certificates] From f5c20e679ed8a1a142d20598af55e7123bcf1e9a Mon Sep 17 00:00:00 2001 From: "Maddie Ford (SHE/HER)" Date: Mon, 27 Feb 2023 11:51:34 -0800 Subject: [PATCH 07/16] Add unit tests for downloading certs --- tests/protocol/test_goal_state.py | 47 +++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) diff --git a/tests/protocol/test_goal_state.py b/tests/protocol/test_goal_state.py index a931601104..4b736ffaab 100644 --- a/tests/protocol/test_goal_state.py +++ b/tests/protocol/test_goal_state.py @@ -382,6 +382,53 @@ def test_it_should_raise_when_the_tenant_certificate_is_missing(self): expected_message = "Certificate 59A10F50FFE2A0408D3F03FE336C8FD5716CF25C needed by Microsoft.OSTCExtensions.VMAccessForLinux is missing from the goal state" self.assertIn(expected_message, str(context.exception)) + def test_it_should_always_download_certs_when_source_is_fast_track(self): + data_file = mockwiredata.DATA_FILE_VM_SETTINGS.copy() + + with mock_wire_protocol(data_file) as protocol: + goal_state = GoalState(protocol.client) + + cert = "BD447EF71C3ADDF7C837E84D630F3FAC22CCD22F" + crt_path = os.path.join(self.tmp_dir, cert + ".crt") + prv_path = os.path.join(self.tmp_dir, cert + ".prv") + + # Check that crt and prv files are downloaded after processing goal state + self.assertTrue(os.path.isfile(crt_path)) + self.assertTrue(os.path.isfile(prv_path)) + + # Remove .crt file + os.remove(crt_path) + if os.path.isfile(crt_path): + raise Exception("{0}.crt was not removed.".format(cert)) + + # Update goal state and check that .crt was downloaded + goal_state.update() + self.assertTrue(os.path.isfile(crt_path)) + + def test_it_should_always_download_certs_when_source_is_fabric(self): + data_file = mockwiredata.DATA_FILE_VM_SETTINGS.copy() + + with mock_wire_protocol(data_file) as protocol: + protocol.mock_wire_data.set_vm_settings_source(GoalStateSource.Fabric) + goal_state = GoalState(protocol.client) + + cert = "BD447EF71C3ADDF7C837E84D630F3FAC22CCD22F" + crt_path = os.path.join(self.tmp_dir, cert + ".crt") + prv_path = os.path.join(self.tmp_dir, cert + ".prv") + + # Check that crt and prv files are downloaded after processing goal state + self.assertTrue(os.path.isfile(crt_path)) + self.assertTrue(os.path.isfile(prv_path)) + + # Remove .crt file + os.remove(crt_path) + if os.path.isfile(crt_path): + raise Exception("{0}.crt was not removed.".format(cert)) + + # Update goal state and check that .crt was downloaded + goal_state.update() + self.assertTrue(os.path.isfile(crt_path)) + def test_it_should_refresh_the_goal_state_when_it_is_inconsistent(self): # # Some scenarios can produce inconsistent goal states. For example, during hibernation/resume, the Fabric goal state changes (the From 81683ebc3bb3cf41b3e34b0a24e1a18c6e0d7612 Mon Sep 17 00:00:00 2001 From: "Maddie Ford (SHE/HER)" Date: Mon, 27 Feb 2023 13:14:28 -0800 Subject: [PATCH 08/16] Update goal state before checking for cert --- tests/protocol/test_goal_state.py | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/protocol/test_goal_state.py b/tests/protocol/test_goal_state.py index 4b736ffaab..c84a854619 100644 --- a/tests/protocol/test_goal_state.py +++ b/tests/protocol/test_goal_state.py @@ -426,6 +426,7 @@ def test_it_should_always_download_certs_when_source_is_fabric(self): raise Exception("{0}.crt was not removed.".format(cert)) # Update goal state and check that .crt was downloaded + protocol.mock_wire_data.set_incarnation(999) goal_state.update() self.assertTrue(os.path.isfile(crt_path)) From f8b6af07cf761c337a57ba421a7525c778ee4d14 Mon Sep 17 00:00:00 2001 From: "Maddie Ford (SHE/HER)" Date: Mon, 27 Feb 2023 16:11:07 -0800 Subject: [PATCH 09/16] Update unit test names --- tests/protocol/test_goal_state.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tests/protocol/test_goal_state.py b/tests/protocol/test_goal_state.py index c84a854619..1e98c18594 100644 --- a/tests/protocol/test_goal_state.py +++ b/tests/protocol/test_goal_state.py @@ -382,7 +382,7 @@ def test_it_should_raise_when_the_tenant_certificate_is_missing(self): expected_message = "Certificate 59A10F50FFE2A0408D3F03FE336C8FD5716CF25C needed by Microsoft.OSTCExtensions.VMAccessForLinux is missing from the goal state" self.assertIn(expected_message, str(context.exception)) - def test_it_should_always_download_certs_when_source_is_fast_track(self): + def test_it_should_download_certs_on_a_new_fast_track_goal_state(self): data_file = mockwiredata.DATA_FILE_VM_SETTINGS.copy() with mock_wire_protocol(data_file) as protocol: @@ -402,10 +402,11 @@ def test_it_should_always_download_certs_when_source_is_fast_track(self): raise Exception("{0}.crt was not removed.".format(cert)) # Update goal state and check that .crt was downloaded + # protocol.mock_wire_data.set_etag(888) goal_state.update() self.assertTrue(os.path.isfile(crt_path)) - def test_it_should_always_download_certs_when_source_is_fabric(self): + def test_it_should_download_certs_on_a_new_fabric_goal_state(self): data_file = mockwiredata.DATA_FILE_VM_SETTINGS.copy() with mock_wire_protocol(data_file) as protocol: From cefc941bee2415924af7dcf508c26f25870feab2 Mon Sep 17 00:00:00 2001 From: "Maddie Ford (SHE/HER)" Date: Tue, 28 Feb 2023 14:49:45 -0800 Subject: [PATCH 10/16] Update mock to check for etag before updating --- tests/protocol/mockwiredata.py | 4 ++++ tests/protocol/test_goal_state.py | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/tests/protocol/mockwiredata.py b/tests/protocol/mockwiredata.py index 7ec311af46..196ed32db8 100644 --- a/tests/protocol/mockwiredata.py +++ b/tests/protocol/mockwiredata.py @@ -165,6 +165,7 @@ def __init__(self, data_files=None): self.in_vm_artifacts_profile = None self.vm_settings = None self.etag = None + self.prev_etag = None self.imds_info = None self.reload() @@ -242,9 +243,12 @@ def mock_http_get(self, url, *_, **kwargs): elif "/vmSettings" in url: if self.vm_settings is None: resp.status = httpclient.NOT_FOUND + elif self.call_counts["vm_settings"] > 0 and self.prev_etag == self.etag: + resp.status = httpclient.NOT_MODIFIED else: content = self.vm_settings response_headers = [('ETag', self.etag)] + self.prev_etag = self.etag self.call_counts["vm_settings"] += 1 elif '{0}/metadata/compute'.format(IMDS_ENDPOINT) in url: content = json.dumps(self.imds_info.get("compute", "{}")) diff --git a/tests/protocol/test_goal_state.py b/tests/protocol/test_goal_state.py index 1e98c18594..e002e72ec8 100644 --- a/tests/protocol/test_goal_state.py +++ b/tests/protocol/test_goal_state.py @@ -402,7 +402,7 @@ def test_it_should_download_certs_on_a_new_fast_track_goal_state(self): raise Exception("{0}.crt was not removed.".format(cert)) # Update goal state and check that .crt was downloaded - # protocol.mock_wire_data.set_etag(888) + protocol.mock_wire_data.set_etag(888) goal_state.update() self.assertTrue(os.path.isfile(crt_path)) From 0252c3f196aebaa0109f1b552699cf6bd412e98f Mon Sep 17 00:00:00 2001 From: "Maddie Ford (SHE/HER)" Date: Wed, 1 Mar 2023 10:41:27 -0800 Subject: [PATCH 11/16] Update protected settings test --- tests/protocol/test_goal_state.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/protocol/test_goal_state.py b/tests/protocol/test_goal_state.py index e002e72ec8..9ed1e72830 100644 --- a/tests/protocol/test_goal_state.py +++ b/tests/protocol/test_goal_state.py @@ -161,6 +161,7 @@ def http_get_handler(url, *_, **__): def test_it_should_redact_the_protected_settings_when_saving_to_the_history_directory(self): with mock_wire_protocol(mockwiredata.DATA_FILE_VM_SETTINGS) as protocol: protocol.mock_wire_data.set_incarnation(888) + protocol.mock_wire_data.set_etag(888) goal_state = GoalState(protocol.client) @@ -173,7 +174,7 @@ def test_it_should_redact_the_protected_settings_when_saving_to_the_history_dire if len(protected_settings) == 0: raise Exception("The test goal state does not include any protected settings") - history_directory = self._find_history_subdirectory("888-1") + history_directory = self._find_history_subdirectory("888-888") extensions_config_file = os.path.join(history_directory, "ExtensionsConfig.xml") vm_settings_file = os.path.join(history_directory, "VmSettings.json") for file_name in extensions_config_file, vm_settings_file: From a93d09bef27cfbe699768233dc60d04a8d554107 Mon Sep 17 00:00:00 2001 From: "Maddie Ford (SHE/HER)" Date: Wed, 1 Mar 2023 11:09:24 -0800 Subject: [PATCH 12/16] Update failing unit tests after mock updatE --- tests/protocol/test_goal_state.py | 4 +++- tests/protocol/test_hostplugin.py | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/tests/protocol/test_goal_state.py b/tests/protocol/test_goal_state.py index 9ed1e72830..61653b2af6 100644 --- a/tests/protocol/test_goal_state.py +++ b/tests/protocol/test_goal_state.py @@ -28,6 +28,7 @@ class GoalStateTestCase(AgentTestCase, HttpRequestPredicates): def test_it_should_use_vm_settings_by_default(self): with mock_wire_protocol(mockwiredata.DATA_FILE_VM_SETTINGS) as protocol: + protocol.mock_wire_data.set_etag(888) extensions_goal_state = GoalState(protocol.client).extensions_goal_state self.assertTrue( isinstance(extensions_goal_state, ExtensionsGoalStateFromVmSettings), @@ -199,7 +200,6 @@ def test_it_should_save_vm_settings_on_parse_errors(self): data_file = mockwiredata.DATA_FILE_VM_SETTINGS.copy() data_file["vm_settings"] = invalid_vm_settings_file protocol.mock_wire_data = mockwiredata.WireProtocolData(data_file) - protocol.mock_wire_data.set_etag(888) with self.assertRaises(ProtocolError): # the parsing error will cause an exception _ = GoalState(protocol.client) @@ -207,6 +207,7 @@ def test_it_should_save_vm_settings_on_parse_errors(self): # Do an extra call to update the goal state; this should save the vmsettings to the history directory # only once (self._find_history_subdirectory asserts 1 single match) time.sleep(0.1) # add a short delay to ensure that a new timestamp would be saved in the history folder + protocol.mock_wire_data.set_etag(888) with self.assertRaises(ProtocolError): _ = GoalState(protocol.client) @@ -376,6 +377,7 @@ def test_it_should_raise_when_the_tenant_certificate_is_missing(self): with mock_wire_protocol(data_file) as protocol: data_file["vm_settings"] = "hostgaplugin/vm_settings-missing_cert.json" protocol.mock_wire_data.reload() + protocol.mock_wire_data.set_etag(888) with self.assertRaises(GoalStateInconsistentError) as context: _ = GoalState(protocol.client) diff --git a/tests/protocol/test_hostplugin.py b/tests/protocol/test_hostplugin.py index b85ed7574f..47e6871bea 100644 --- a/tests/protocol/test_hostplugin.py +++ b/tests/protocol/test_hostplugin.py @@ -998,7 +998,7 @@ def test_it_should_save_the_timestamp_of_the_most_recent_fast_track_goal_state(s # A fabric goal state should remove the state file protocol.mock_wire_data.set_vm_settings_source(GoalStateSource.Fabric) - + protocol.mock_wire_data.set_etag(888) _ = host_ga_plugin.fetch_vm_settings() self.assertFalse(os.path.exists(state_file), "{0} was not removed by a Fabric goal state".format(state_file)) From f74b629afd68daf404999d63dfaa322e90864bcc Mon Sep 17 00:00:00 2001 From: "Maddie Ford (SHE/HER)" Date: Wed, 1 Mar 2023 12:35:24 -0800 Subject: [PATCH 13/16] Update failing unit test --- tests/protocol/test_extensions_goal_state_from_vm_settings.py | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/protocol/test_extensions_goal_state_from_vm_settings.py b/tests/protocol/test_extensions_goal_state_from_vm_settings.py index fb97a075f6..1100b05bf9 100644 --- a/tests/protocol/test_extensions_goal_state_from_vm_settings.py +++ b/tests/protocol/test_extensions_goal_state_from_vm_settings.py @@ -58,6 +58,7 @@ def test_it_should_parse_requested_version_properly(self): data_file = mockwiredata.DATA_FILE_VM_SETTINGS.copy() data_file["vm_settings"] = "hostgaplugin/vm_settings-requested_version.json" with mock_wire_protocol(data_file) as protocol: + protocol.mock_wire_data.set_etag(888) goal_state = GoalState(protocol.client) families = goal_state.extensions_goal_state.agent_families for family in families: From be36724985dc5931f110cf8933469275031b4eaa Mon Sep 17 00:00:00 2001 From: "Maddie Ford (SHE/HER)" Date: Mon, 6 Mar 2023 16:23:22 -0800 Subject: [PATCH 14/16] Make cert re-download more readable --- azurelinuxagent/common/protocol/goal_state.py | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/azurelinuxagent/common/protocol/goal_state.py b/azurelinuxagent/common/protocol/goal_state.py index e7282c4315..ae169c2cd1 100644 --- a/azurelinuxagent/common/protocol/goal_state.py +++ b/azurelinuxagent/common/protocol/goal_state.py @@ -291,11 +291,13 @@ def _update(self, force_update): # if self._extensions_goal_state.source == GoalStateSource.FastTrack: certs_uri = findtext(xml_doc, "Certificates") - if certs_uri is not None: - self._download_certificates(certs_uri) - self._check_certificates() + self._check_certificates(certs_uri) - def _check_certificates(self): + def _check_certificates(self, certs_uri): + # Re-download certificates in case they have been removed from disk since last download + if certs_uri is not None: + self._download_certificates(certs_uri) + # Check that certificates needed by extensions are in goal state certs.summary for extension in self.extensions_goal_state.extensions: for settings in extension.settings: if settings.protectedSettings is None: From 7c13deda55c266b2108fb45ca3787691e19474e0 Mon Sep 17 00:00:00 2001 From: "Maddie Ford (SHE/HER)" Date: Tue, 7 Mar 2023 10:04:29 -0800 Subject: [PATCH 15/16] Make certs_uri a data member --- azurelinuxagent/common/protocol/goal_state.py | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/azurelinuxagent/common/protocol/goal_state.py b/azurelinuxagent/common/protocol/goal_state.py index ae169c2cd1..f32eb82d68 100644 --- a/azurelinuxagent/common/protocol/goal_state.py +++ b/azurelinuxagent/common/protocol/goal_state.py @@ -97,6 +97,7 @@ def __init__(self, wire_client, goal_state_properties=GoalStateProperties.All, s self._hosting_env = None self._shared_conf = None self._certs = EmptyCertificates() + self._certs_uri = None self._remote_access = None self.update(silent=silent) @@ -290,13 +291,12 @@ def _update(self, force_update): # case, to ensure it fetches the new certificate. # if self._extensions_goal_state.source == GoalStateSource.FastTrack: - certs_uri = findtext(xml_doc, "Certificates") - self._check_certificates(certs_uri) + self._check_certificates() - def _check_certificates(self, certs_uri): + def _check_certificates(self): # Re-download certificates in case they have been removed from disk since last download - if certs_uri is not None: - self._download_certificates(certs_uri) + if self._goal_state_properties & GoalStateProperties.Certificates != 0 and self._certs_uri is not None: + self._download_certificates(self._certs_uri) # Check that certificates needed by extensions are in goal state certs.summary for extension in self.extensions_goal_state.extensions: for settings in extension.settings: @@ -473,6 +473,7 @@ def _fetch_full_wire_server_goal_state(self, incarnation, xml_doc): self._hosting_env = hosting_env self._shared_conf = shared_config self._certs = certs + self._certs_uri = certs_uri self._remote_access = remote_access return extensions_config From 93ab9575ea76220a371a78013c5298408c9916b8 Mon Sep 17 00:00:00 2001 From: "Maddie Ford (SHE/HER)" Date: Tue, 7 Mar 2023 10:05:40 -0800 Subject: [PATCH 16/16] Update bitwise check for consistency --- azurelinuxagent/common/protocol/goal_state.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/azurelinuxagent/common/protocol/goal_state.py b/azurelinuxagent/common/protocol/goal_state.py index f32eb82d68..6b2a0c2cf8 100644 --- a/azurelinuxagent/common/protocol/goal_state.py +++ b/azurelinuxagent/common/protocol/goal_state.py @@ -295,7 +295,7 @@ def _update(self, force_update): def _check_certificates(self): # Re-download certificates in case they have been removed from disk since last download - if self._goal_state_properties & GoalStateProperties.Certificates != 0 and self._certs_uri is not None: + if self._goal_state_properties & GoalStateProperties.Certificates and self._certs_uri is not None: self._download_certificates(self._certs_uri) # Check that certificates needed by extensions are in goal state certs.summary for extension in self.extensions_goal_state.extensions: