Merge "Delete certs when deleting bay"

magnum/common/cert_manager/barbican_cert_manager.py

@@ -190,34 +190,7 @@ class CertManager(cert_manager.CertManager):
     @staticmethod
     def delete_cert(cert_ref, service_name='Magnum', resource_ref=None,
                     **kwargs):
-        """Deregister as a consumer for the specified cert.
-
-        :param cert_ref: the UUID of the cert to retrieve
-        :param service_name: Friendly name for the consuming service
-        :param resource_ref: Full HATEOAS reference to the consuming resource
-
-        :raises Exception: if deregistration fails
-        """
-        connection = get_admin_clients().barbican()
-
-        LOG.info(_LI(
-            "Deregistering as a consumer of {0} in Barbican."
-        ).format(cert_ref))
-        try:
-            connection.containers.remove_consumer(
-                container_ref=cert_ref,
-                name=service_name,
-                url=resource_ref
-            )
-        except Exception:
-            with excutils.save_and_reraise_exception():
-                LOG.exception(_LE(
-                    "Error deregistering as a consumer of {0}"
-                ).format(cert_ref))
-
-    @staticmethod
-    def _actually_delete_cert(cert_ref):
-        """Deletes the specified cert. Very dangerous. Do not recommend.
+        """Deletes the specified cert.
 
         :param cert_ref: the UUID of the cert to delete
         :raises Exception: if certificate deletion fails

magnum/conductor/handlers/bay_conductor.py

@@ -229,7 +229,7 @@ class Handler(object):
                 context, taxonomy.ACTION_DELETE, taxonomy.OUTCOME_PENDING)
             osc.heat().stacks.delete(stack_id)
         except exc.HTTPNotFound:
-            LOG.info(_LI('The stack %s was not be found during bay'
+            LOG.info(_LI('The stack %s was not found during bay'
                          ' deletion.'), stack_id)
             try:
                 trust_manager.delete_trustee_and_trust(osc, context, bay)

magnum/tests/functional/api/v1/test_bay.py

@@ -114,6 +114,9 @@ class BayTest(base.BaseMagnumTest):
         resp, model = self.bay_client.delete_bay(bay_id)
         self.assertEqual(204, resp.status)
         self.bay_client.wait_for_bay_to_delete(bay_id)
+        self.assertRaises(
+            exceptions.NotFound,
+            self.cert_client.get_cert, bay_id)
         return resp, model
 
     def _get_bay_by_id(self, bay_id):

magnum/tests/unit/common/cert_manager/test_barbican.py

@@ -274,33 +274,13 @@ class TestBarbicanManager(base.BaseTestCase):
 
     @patch('magnum.common.clients.OpenStackClients.barbican')
     def test_delete_cert(self, mock_barbican):
-        # Mock out the client
-        bc = mock.MagicMock()
-        mock_barbican.return_value = bc
-
-        # Attempt to deregister as a consumer
-        bcm.CertManager.delete_cert(
-            cert_ref=self.container_ref,
-            resource_ref=self.container_ref,
-            service_name='Magnum'
-        )
-
-        # remove_consumer should be called once with the container_ref
-        bc.containers.remove_consumer.assert_called_once_with(
-            container_ref=self.container_ref,
-            url=self.container_ref,
-            name='Magnum'
-        )
-
-    @patch('magnum.common.clients.OpenStackClients.barbican')
-    def test_actually_delete_cert(self, mock_barbican):
         # Mock out the client
         bc = mock.MagicMock()
         bc.containers.get.return_value = self.container
         mock_barbican.return_value = bc
 
-        # Attempt to store a cert
-        bcm.CertManager._actually_delete_cert(
+        # Attempt to delete a cert
+        bcm.CertManager.delete_cert(
             cert_ref=self.container_ref
         )
 

magnum/tests/unit/conductor/handlers/test_bay_conductor.py

@@ -448,8 +448,9 @@ class TestHandler(db_base.DbTestCase):
             template='some template yaml',
             timeout_mins=timeout)
 
+    @patch('magnum.conductor.handlers.bay_conductor.cert_manager')
     @patch('magnum.common.clients.OpenStackClients')
-    def test_bay_delete(self, mock_openstack_client_class):
+    def test_bay_delete(self, mock_openstack_client_class, cert_manager):
         osc = mock.MagicMock()
         mock_openstack_client_class.return_value = osc
         osc.heat.side_effect = exc.HTTPNotFound
@@ -465,12 +466,16 @@ class TestHandler(db_base.DbTestCase):
             'magnum.bay.delete', notifications[1].event_type)
         self.assertEqual(
             taxonomy.OUTCOME_SUCCESS, notifications[1].payload['outcome'])
+        self.assertEqual(1,
+                         cert_manager.delete_certificates_from_bay.call_count)
         # The bay has been destroyed
         self.assertRaises(exception.BayNotFound,
                           objects.Bay.get, self.context, self.bay.uuid)
 
+    @patch('magnum.conductor.handlers.bay_conductor.cert_manager')
     @patch('magnum.common.clients.OpenStackClients')
-    def test_bay_delete_conflict(self, mock_openstack_client_class):
+    def test_bay_delete_conflict(self, mock_openstack_client_class,
+                                 cert_manager):
         osc = mock.MagicMock()
         mock_openstack_client_class.return_value = osc
         osc.heat.side_effect = exc.HTTPConflict
@@ -489,6 +494,8 @@ class TestHandler(db_base.DbTestCase):
             'magnum.bay.delete', notifications[1].event_type)
         self.assertEqual(
             taxonomy.OUTCOME_FAILURE, notifications[1].payload['outcome'])
+        self.assertEqual(0,
+                         cert_manager.delete_certificates_from_bay.call_count)
 
 
 class TestHeatPoller(base.TestCase):