ADMIN: dump-certs: let dry-run compare certificates

Let the --dry-run mode connect to the socket and compare the
certificates. It would exits the process just before trying to move
the previous certificate and replace it.

This allow to have the "[NOTICE] (1234) XXX is already up to date" message
with dry-run.

diff --git a/admin/cli/haproxy-dump-certs b/admin/cli/haproxy-dump-certs
index 593ee6072f80e525dae6b4bc279b2786aeebf634..59a507711220ac23dcc60e23ae6fa052fe40bc4f 100755 (executable)
--- a/admin/cli/haproxy-dump-certs
+++ b/admin/cli/haproxy-dump-certs
@@ -103,6 +103,11 @@ dump_certificate() {
                return 0
        fi
 
+       # dry run will just return before trying to move the files
+       if [ "${DRY_RUN}" != "0" ]; then
+               return 0
+       fi
+
        # move the current certificates to ".old.timestamp"
        if [ -f "${prev_crt}" ] && [ -f "${prev_key}" ]; then
                mv "${prev_crt}" "${prev_crt}.${d}"
@@ -123,7 +128,7 @@ dump_all_certificates() {
                export KEY_FILENAME
 
                if read_certificate "$line"; then
-                       [ "${DRY_RUN}" = "0" ] && dump_certificate "$NAME" "$CRT_FILENAME" "$KEY_FILENAME"
+                       dump_certificate "$NAME" "$CRT_FILENAME" "$KEY_FILENAME"
                else
                        echo "[WARNING] ($$) : can't dump \"$name\", crt/key filename details not found in \"show ssl cert\"" >&2
                fi