fix(cqlshrc): safely update cqlshrc

Cqlshrc config can require update depending on whether client encryption is enabled/disabled in the configuration under test. Until now the update was not safe in terms that it was expected that 'ssl' section is present in the config by default. The change updates how 'ssl' section is set in the cqlshrc. Fixes #8113
scylladb · Jul 24, 2024 · b3885be · b3885be
1 parent b77c4de
commit b3885be
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/sdcm/provision/scylla_yaml/certificate_builder.py b/sdcm/provision/scylla_yaml/certificate_builder.py
@@ -31,7 +31,12 @@
 def update_cqlshrc(cqlshrc_file: str = CQLSHRC_FILE, client_encrypt: bool = False) -> None:
     config = configparser.ConfigParser()
     config.read(cqlshrc_file)
-    config['ssl']['validate'] = 'true' if client_encrypt else 'false'
+    config['ssl'] = {
+        'validate': 'true' if client_encrypt else 'false',
+        'certfile': f'{SCYLLA_SSL_CONF_DIR / CA_CERT_FILE.name}',
+        'userkey': f'{SCYLLA_SSL_CONF_DIR / CLIENT_FACING_KEYFILE.name}',
+        'usercert': f'{SCYLLA_SSL_CONF_DIR / CLIENT_FACING_CERTFILE.name}'
+    }
     with open(cqlshrc_file, 'w', encoding='utf-8') as file:
         config.write(file)