delete-certificate: improve handling of custom certs

* Remove the certificate from Redis if the requested FQDN was a custom one. * For custom certificates, avoid trying to remove the internal one.
NethServer · Sep 3, 2024 · bfe8317 · bfe8317
1 parent a46f683
commit bfe8317
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 3 deletions.
diff --git a/imageroot/actions/delete-certificate/20writeconfig b/imageroot/actions/delete-certificate/20writeconfig
@@ -28,14 +28,17 @@ if not agent_id:
     raise Exception("AGENT_ID not found inside the environemnt")
 
 # Try to delete uploaded certificate
+custom_certificate = False
 for cert in list_custom_certificates():
     if cert.get('fqdn') == data['fqdn']:
         delete_custom_certificate(data['fqdn'])
+        custom_certificate = True
 
 # Try to delete the route for obtained certificate
-cert_path = f'configs/certificate-{data["fqdn"]}.yml'
-if os.path.isfile(cert_path):
-    os.unlink(cert_path)
+if not custom_certificate:
+    cert_path = f'configs/certificate-{data["fqdn"]}.yml'
+    if os.path.isfile(cert_path):
+        os.unlink(cert_path)
 
 # Output valid JSON
 print("true")
diff --git a/imageroot/pypkg/custom_certificate_manager.py b/imageroot/pypkg/custom_certificate_manager.py
@@ -5,6 +5,9 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 #
 
+
+import agent
+import os
 from pathlib import Path
 
 CUSTOM_CERTIFICATES_DIR = 'custom_certificates'
@@ -64,5 +67,9 @@ def delete_custom_certificate(fqdn):
         cert_file_path.unlink()
         key_file_path.unlink()
         cert_config_path.unlink()
+        # remove the certificate and key from redis
+        rdb = agent.redis_connect(privileged=True)
+        rdb.delete(f'module/{os.environ["MODULE_ID"]}/certificate/{fqdn}')
+
     else:
         raise FileNotFoundError(f'Invalid custom certificate state for {fqdn}.')