Refactor environment variable handling in certbot jobs to use cmd_env for improved flexibility

2026-05-24 09:28:37 +00:00 · 2025-01-07 16:12:13 +01:00 · 2025-01-07 16:12:13 +01:00 · 6fe460d8c2
commit 6fe460d8c2
parent 4846000ad4
2 changed files with 15 additions and 5 deletions
--- a/src/common/core/letsencrypt/jobs/certbot-new.py
+++ b/src/common/core/letsencrypt/jobs/certbot-new.py
@ -66,6 +66,7 @@ def certbot_new(
    propagation: str = "default",
    staging: bool = False,
    force: bool = False,
+    cmd_env: Dict[str, str] = None,
 ) -> int:
    if isinstance(credentials_path, str):
        credentials_path = Path(credentials_path)
@ -89,7 +90,8 @@ def certbot_new(
        "--expand",
    ]

-    env = environ | {"PYTHONPATH": DEPS_PATH}
+    if not cmd_env:
+        cmd_env = {}

    if challenge_type == "dns":
        # * Adding DNS challenge hooks
@ -108,7 +110,7 @@ def certbot_new(
            with credentials_path.open("r") as file:
                for line in file:
                    key, value = line.strip().split("=", 1)
-                    env[key] = value
+                    cmd_env[key] = value
        else:
            command.extend([f"--dns-{provider}-credentials", credentials_path.as_posix()])

@ -138,7 +140,7 @@ def certbot_new(
        command.append("--force-renewal")

    current_date = datetime.now()
-    process = Popen(command, stdin=DEVNULL, stderr=PIPE, universal_newlines=True, env=env)
+    process = Popen(command, stdin=DEVNULL, stderr=PIPE, universal_newlines=True, env=cmd_env)

    while process.poll() is None:
        if process.stderr:
@ -235,6 +237,9 @@ try:
    # ? Restore data from db cache of certbot-renew job
    JOB.restore_cache(job_name="certbot-renew")

+    env = environ.copy()
+    env["PYTHONPATH"] = env.get("PYTHONPATH", "") + (f":{DEPS_PATH}" if DEPS_PATH not in env.get("PYTHONPATH", "") else "")
+
    proc = run(
        [
            CERTBOT_BIN,
@ -250,7 +255,7 @@ try:
        stdout=PIPE,
        stderr=STDOUT,
        text=True,
-        env=environ | {"PYTHONPATH": DEPS_PATH},
+        env=env,
        check=False,
    )
    stdout = proc.stdout
@ -465,6 +470,7 @@ try:
                data["propagation"],
                data["staging"],
                domains_to_ask[first_server],
+                cmd_env=env.copy(),
            )
            != 0
        ):
@ -503,6 +509,7 @@ try:
                        provider,
                        credentials_file,
                        staging=staging,
+                        cmd_env=env.copy(),
                    )
                    != 0
                ):
--- a/src/common/core/letsencrypt/jobs/certbot-renew.py
+++ b/src/common/core/letsencrypt/jobs/certbot-renew.py
@ -44,6 +44,9 @@ try:

    JOB = Job(LOGGER, __file__)

+    env = environ.copy()
+    env["PYTHONPATH"] = env.get("PYTHONPATH", "") + (f":{DEPS_PATH}" if DEPS_PATH not in env.get("PYTHONPATH", "") else "")
+
    process = Popen(
        [
            CERTBOT_BIN,
@ -59,7 +62,7 @@ try:
        stdin=DEVNULL,
        stderr=PIPE,
        universal_newlines=True,
-        env=environ | {"PYTHONPATH": DEPS_PATH},
+        env=env,
    )
    while process.poll() is None:
        if process.stderr: