Fix bay-create failure without "name"

Currently magnum allow to create bay without name. But it's failed
because `cert_manager.generate_certificates_to_bay` requires bay
"name".
This fixes it to use bay "uuid" instead of bay "name".

Change-Id: I5da8910fcf8b71f9521abb48e72dc178c3785104
Closes-Bug: #1506314

magnum/common/x509/operations.py

@@ -97,6 +97,10 @@ def _generate_self_signed_certificate(subject_name, extensions,
 
 def _generate_certificate(issuer_name, subject_name, extensions, ca_key=None,
                           encryption_password=None, ca_key_password=None):
+
+    if not isinstance(subject_name, six.text_type):
+        subject_name = six.u(subject_name)
+
     private_key = rsa.generate_private_key(
         public_exponent=65537,
         key_size=cfg.CONF.x509.rsa_key_size,
@@ -159,6 +163,10 @@ def sign(csr, issuer_name, ca_key, ca_key_password=None,
         ca_key = serialization.load_pem_private_key(ca_key,
                                                     password=ca_key_password,
                                                     backend=default_backend())
+
+    if not isinstance(issuer_name, six.text_type):
+        issuer_name = six.u(issuer_name)
+
     if isinstance(csr, six.text_type):
         csr = six.b(str(csr))
     if not isinstance(csr, x509.CertificateSigningRequest):

magnum/conductor/handlers/bay_conductor.py

@@ -124,8 +124,8 @@ class Handler(object):
 
         try:
             # Generate certificate and set the cert reference to bay
-            cert_manager.generate_certificates_to_bay(bay)
             bay.uuid = uuid.uuid4()
+            cert_manager.generate_certificates_to_bay(bay)
             created_stack = _create_stack(context, osc, bay,
                                           bay_create_timeout)
         except exc.HTTPBadRequest as e:

magnum/conductor/handlers/common/cert_manager.py

@@ -79,6 +79,9 @@ def generate_certificates_to_bay(bay):
     :returns: CA cert uuid and magnum client cert uuid
     """
     issuer_name = bay.name
+    if issuer_name is None:
+        issuer_name = bay.uuid
+
     LOG.debug('Start to generate certificates: %s' % issuer_name)
 
     ca_cert_ref, ca_cert, ca_password = _generate_ca_cert(issuer_name)

magnum/tests/unit/common/x509/test_sign.py

@@ -123,6 +123,14 @@ class TestX509(base.BaseTestCase):
         self.assertIn(extended_key_usage, cert.extensions)
         self.assertIn(basic_constraints, cert.extensions)
 
+    def test_generate_ca_certificate_with_bytes_issuer_name(self):
+        issuer_name = six.b("bytes-issuer-name")
+        cert, _ = self._generate_ca_certificate(issuer_name)
+
+        issuer_name = six.u(issuer_name)
+        self.assertHasSubjectName(cert, issuer_name)
+        self.assertHasIssuerName(cert, issuer_name)
+
     def test_generate_ca_certificate_has_publickey(self):
         keypairs = self._generate_ca_certificate(self.issuer_name)
 

magnum/tests/unit/conductor/handlers/common/test_cert_manager.py

@@ -97,20 +97,16 @@ class CertManagerTestCase(base.BaseTestCase):
             name=expected_name,
         )
 
-    @mock.patch('magnum.conductor.handlers.common.cert_manager.'
-                '_generate_client_cert')
-    @mock.patch('magnum.conductor.handlers.common.cert_manager.'
-                '_generate_ca_cert')
-    def test_generate_certificates(self, mock_generate_ca_cert,
-                                   mock_generate_client_cert):
-        expected_ca_name = 'ca-name'
+    def _test_generate_certificates(self,
+                                    expected_ca_name,
+                                    mock_bay,
+                                    mock_generate_ca_cert,
+                                    mock_generate_client_cert):
         expected_ca_password = 'ca-password'
         expected_ca_cert = {
             'private_key': 'ca_private_key', 'certificate': 'ca_certificate'}
         expected_cert_ref = 'cert_ref'
         expected_ca_cert_ref = 'ca-cert-ref'
-        mock_bay = mock.MagicMock()
-        mock_bay.name = expected_ca_name
 
         mock_generate_ca_cert.return_value = (expected_ca_cert_ref,
                                               expected_ca_cert,
@@ -125,6 +121,37 @@ class CertManagerTestCase(base.BaseTestCase):
         mock_generate_client_cert.assert_called_once_with(
             expected_ca_name, expected_ca_cert, expected_ca_password)
 
+    @mock.patch('magnum.conductor.handlers.common.cert_manager.'
+                '_generate_client_cert')
+    @mock.patch('magnum.conductor.handlers.common.cert_manager.'
+                '_generate_ca_cert')
+    def test_generate_certificates(self, mock_generate_ca_cert,
+                                   mock_generate_client_cert):
+        expected_ca_name = 'ca-name'
+        mock_bay = mock.MagicMock()
+        mock_bay.name = expected_ca_name
+
+        self._test_generate_certificates(expected_ca_name,
+                                         mock_bay,
+                                         mock_generate_ca_cert,
+                                         mock_generate_client_cert)
+
+    @mock.patch('magnum.conductor.handlers.common.cert_manager.'
+                '_generate_client_cert')
+    @mock.patch('magnum.conductor.handlers.common.cert_manager.'
+                '_generate_ca_cert')
+    def test_generate_certificates_without_name(self, mock_generate_ca_cert,
+                                                mock_generate_client_cert):
+        expected_ca_name = 'ca-uuid'
+        mock_bay = mock.MagicMock()
+        mock_bay.name = None
+        mock_bay.uuid = expected_ca_name
+
+        self._test_generate_certificates(expected_ca_name,
+                                         mock_bay,
+                                         mock_generate_ca_cert,
+                                         mock_generate_client_cert)
+
     @mock.patch('magnum.common.x509.operations.sign')
     def test_sign_node_certificate(self, mock_x509_sign):
         mock_bay = mock.MagicMock()