From 0d2a1b856bc7b1db214e17099e37b9f95115ddd7 Mon Sep 17 00:00:00 2001 From: Jarrod Johnson Date: Tue, 25 Oct 2022 12:35:18 -0400 Subject: [PATCH] Fixes for the auth_nets configuration --- confluent_server/confluent/credserver.py | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/confluent_server/confluent/credserver.py b/confluent_server/confluent/credserver.py index 8484e326..6eedb37c 100644 --- a/confluent_server/confluent/credserver.py +++ b/confluent_server/confluent/credserver.py @@ -43,28 +43,38 @@ libc = ctypes.CDLL(ctypes.util.find_library('c')) _semitrusted = [] def read_authnets(cfgpath): + global _semitrusted with open(cfgpath, 'r') as cfgin: _semitrusted = [] - for line in cfgin.readlines: + for line in cfgin.readlines(): line = line.split('#', 1)[0].strip() if '/' not in line: continue subnet, prefix = line.split('/') + prefix = int(prefix) _semitrusted.append((subnet, prefix)) def watch_trusted(): + cfgpath = '/etc/confluent/auth_nets' + if isinstance(cfgpath, bytes): + bcfgpath = cfgpath + else: + bcfgpath = cfgpath.encode('utf8') while True: watcher = libc.inotify_init1(os.O_NONBLOCK) - cfgpath = '/etc/confluent/auth_nets' if not os.path.exists(cfgpath): with open(cfgpath, 'w') as cfgout: cfgout.write( '# This is a list of networks in addition to local\n' '# networks to allow grant of initial deployment token,\n' '# when a node has deployment API armed\n') - read_authnets(cfgpath) - if libc.inotify_add_watch(watcher, cfgpath, 0xcc2) <= -1: + try: + read_authnets(cfgpath) + except Exceptien: + eventlet.sleep(15) + continue + if libc.inotify_add_watch(watcher, bcfgpath, 0xcc2) <= -1: eventlet.sleep(15) continue select.select((watcher,), (), (), 86400)