ADMIN: dump-certs: let dry-run compare certificates

Let the --dry-run mode connect to the socket and compare the certificates. It would exits the process just before trying to move the previous certificate and replace it. This allow to have the "[NOTICE] (1234) XXX is already up to date" message with dry-run.
2025-11-28 14:21:00 +01:00 · 2025-11-20 16:42:41 +01:00 · 2025-11-20 16:42:41 +01:00 · 6aa236e964
commit 6aa236e964
parent b2664d4450
1 changed files with 6 additions and 1 deletions
--- a/admin/cli/haproxy-dump-certs
+++ b/admin/cli/haproxy-dump-certs
@ -103,6 +103,11 @@ dump_certificate() {
 		return 0
 	fi

+	# dry run will just return before trying to move the files
+	if [ "${DRY_RUN}" != "0" ]; then
+		return 0
+	fi
+
 	# move the current certificates to ".old.timestamp"
 	if [ -f "${prev_crt}" ] && [ -f "${prev_key}" ]; then
 		mv "${prev_crt}" "${prev_crt}.${d}"
@ -123,7 +128,7 @@ dump_all_certificates() {
 		export KEY_FILENAME

 		if read_certificate "$line"; then
-			[ "${DRY_RUN}" = "0" ] && dump_certificate "$NAME" "$CRT_FILENAME" "$KEY_FILENAME"
+			dump_certificate "$NAME" "$CRT_FILENAME" "$KEY_FILENAME"
 		else
 			echo "[WARNING] ($$) : can't dump \"$name\", crt/key filename details not found in \"show ssl cert\"" >&2
 		fi