Fixes for the auth_nets configuration

2024-11-22 17:43:14 +00:00 · 2022-10-25 12:35:18 -04:00 · 2022-10-25 12:35:18 -04:00 · 0d2a1b856b
commit 0d2a1b856b
parent 4864d6abb0
1 changed files with 14 additions and 4 deletions
--- a/confluent_server/confluent/credserver.py
+++ b/confluent_server/confluent/credserver.py
@ -43,28 +43,38 @@ libc = ctypes.CDLL(ctypes.util.find_library('c'))
 _semitrusted = []

 def read_authnets(cfgpath):
+    global _semitrusted
    with open(cfgpath, 'r') as cfgin:
            _semitrusted = []
-            for line in cfgin.readlines:
+            for line in cfgin.readlines():
                line = line.split('#', 1)[0].strip()
                if '/' not in line:
                    continue
                subnet, prefix = line.split('/')
+                prefix = int(prefix)
                _semitrusted.append((subnet, prefix))


 def watch_trusted():
+    cfgpath = '/etc/confluent/auth_nets'
+    if isinstance(cfgpath, bytes):
+        bcfgpath = cfgpath
+    else:
+        bcfgpath = cfgpath.encode('utf8')
    while True:
        watcher = libc.inotify_init1(os.O_NONBLOCK)
-        cfgpath = '/etc/confluent/auth_nets'
        if not os.path.exists(cfgpath):
            with open(cfgpath, 'w') as cfgout:
                cfgout.write(
                    '# This is a list of networks in addition to local\n'
                    '# networks to allow grant of initial deployment token,\n'
                    '# when a node has deployment API armed\n')
-        read_authnets(cfgpath)
-        if libc.inotify_add_watch(watcher, cfgpath, 0xcc2) <= -1:
+        try:
+            read_authnets(cfgpath)
+        except Exceptien:
+            eventlet.sleep(15)
+            continue
+        if libc.inotify_add_watch(watcher, bcfgpath, 0xcc2) <= -1:
            eventlet.sleep(15)
            continue
        select.select((watcher,), (), (), 86400)