setup: Renew vmconsole proxy helper certificate

Currently, vmconsole-proxy-helper.cer is updated only if it doesn't exist. Let's update it also when the CA certificate is newer, to ensure the proxy helper certificate is valid. Change-Id: I4dea0df0633d21417c71e7ea0a6eddb47f091174 Bug-Url: https://bugzilla.redhat.com/1988496 Signed-off-by: Milan Zamazal <mzamazal@redhat.com>
mz-pdm · Aug 16, 2021 · 35e8f51 · 35e8f51
1 parent 1492457
commit 35e8f51
Showing 1 changed file with 11 additions and 19 deletions.
diff --git a/packaging/setup/plugins/ovirt-engine-setup/vmconsole_proxy_helper/pki.py b/packaging/setup/plugins/ovirt-engine-setup/vmconsole_proxy_helper/pki.py
@@ -29,6 +29,12 @@ def _(m):
     return gettext.dgettext(message=m, domain='ovirt-engine-setup')
 
 
+def _refresh_needed(cert_path):
+    ca_cert_path = oenginecons.FileLocations.OVIRT_ENGINE_PKI_ENGINE_CA_CERT
+    return (not os.path.exists(cert_path) or
+            os.stat(ca_cert_path).st_mtime > os.stat(cert_path).st_mtime)
+
+
 @util.export
 class Plugin(plugin.PluginBase):
     """vmconsole proxy configuration plugin."""
@@ -178,7 +184,7 @@ def _setup(self):
         condition=lambda self: (
             self.environment[
                 ovmpcons.ConfigEnv.VMCONSOLE_PROXY_CONFIG
-            ] and not os.path.exists(
+            ] and _refresh_needed(
                 ovmpcons.FileLocations.
                 OVIRT_ENGINE_PKI_VMCONSOLE_PROXY_HELPER_KEY
             )
@@ -273,24 +279,10 @@ def _miscPKIEngine(self):
         condition=lambda self: (
             self.environment[
                 ovmpcons.ConfigEnv.VMCONSOLE_PROXY_CONFIG
-            ] and (
-                not os.path.exists(
-                    os.path.join(
-                        ovmpcons.FileLocations.VMCONSOLE_PKI_DIR,
-                        'proxy-ssh_host_rsa',
-                    )
-                ) or
-                (
-                    os.stat(
-                        oenginecons.FileLocations.
-                        OVIRT_ENGINE_PKI_ENGINE_CA_CERT
-                    ).st_mtime >
-                    os.stat(
-                        os.path.join(
-                            ovmpcons.FileLocations.VMCONSOLE_PKI_DIR,
-                            'proxy-ssh_host_rsa',
-                        )
-                    ).st_mtime
+            ] and _refresh_needed(
+                os.path.join(
+                    ovmpcons.FileLocations.VMCONSOLE_PKI_DIR,
+                    'proxy-ssh_host_rsa',
                 )
             )
         ),