Cert-Alarm token caching + other
Cert-alarm used to request new token for each file. This used to result in token requests of 3-5 calls per execution. Incorporating token caching from cert-mon service to reduce the number of requests. Other changes include: - Log level change in case of exceptions thrown from FM API. A condition where exception is thrown should not just log it at a warning level (so that it's not missed), but should have a more detailed/traceable log. - Logic fix for raising alarm at right level. It was noticed that alarm was tagged as expired on the day before expiry. This changes to wait until the date has actually passed before the certificate is marked as expired. - Safer call to use dict.get() in case of missing annotations of cert-manager Certificate resources. Test Plan: PASS: Verify that token caching reduces the number of calls PASS: Verify that an exception thrown from FM API gets a more detailed log PASS: Verify to make sure certificate expiry alarm waits until expiry date is passed before 'Expired' alarm is raised. PASS: Verify that if Certificate CRD does not contain metadata.annotations, cert-alarm will handle the condition and create the annotations without error. Story: 2008946 Task: 42852 Signed-off-by: Sabeel Ansari <Sabeel.Ansari@windriver.com> Change-Id: Icfedfdadd43757c1375459e7ee4b4d3d97e8d02f
This commit is contained in:
parent
f74f0bb495
commit
5c42dde784
|
@ -201,12 +201,12 @@ class CertAlarmAudit(object):
|
|||
self.clear_expiring_soon(cert_name)
|
||||
self.clear_expired(cert_name)
|
||||
else:
|
||||
if days_to_expiry > 0:
|
||||
self.raise_expiring_soon(cert_name)
|
||||
else:
|
||||
if days_to_expiry < 0:
|
||||
# Expired. Clear expiring-soon & raise expired
|
||||
self.clear_expiring_soon(cert_name)
|
||||
self.raise_expired(cert_name)
|
||||
else:
|
||||
self.raise_expiring_soon(cert_name)
|
||||
|
||||
def raise_expiring_soon(self, cert_name):
|
||||
self.fm_obj.set_fault(cert_name,
|
||||
|
|
|
@ -185,7 +185,7 @@ class FaultApiMgr(object):
|
|||
(cert_name, expired_flag, state))
|
||||
self.fm_api.clear_fault(alrm_id, entity_inst_id)
|
||||
except Exception as e:
|
||||
LOG.warn(e)
|
||||
LOG.exception(e)
|
||||
|
||||
def get_faults(self, expired_flag):
|
||||
alrm_id = fm_constants.FM_ALARM_ID_CERT_EXPIRED if expired_flag \
|
||||
|
@ -194,7 +194,7 @@ class FaultApiMgr(object):
|
|||
try:
|
||||
alarms = self.fm_api.get_faults_by_id(alrm_id)
|
||||
except Exception as e:
|
||||
LOG.warn(e)
|
||||
LOG.exception(e)
|
||||
return alarms
|
||||
|
||||
def collect_all_cert_alarms(self):
|
||||
|
|
|
@ -65,6 +65,8 @@ CERT_SNAPSHOT is a dict of dict. Each entry is per certificate.
|
|||
}
|
||||
"""
|
||||
|
||||
TOKEN_CACHE = certmon_utils.TokenCache('internal')
|
||||
|
||||
|
||||
def get_cert_expiration_date(cert):
|
||||
"""
|
||||
|
@ -217,7 +219,7 @@ def get_annotation_data(secretobj):
|
|||
if SNAPSHOT_KEY_RENEW_BEFORE in certobj[SPEC]:
|
||||
mode_metadata[SNAPSHOT_KEY_RENEW_BEFORE] = certobj[SPEC][SNAPSHOT_KEY_RENEW_BEFORE]
|
||||
|
||||
certobj_annotation = certobj[METADATA][ANNOTATIONS]
|
||||
certobj_annotation = certobj[METADATA].get(ANNOTATIONS)
|
||||
annotation_dict, patch_needed = process_annotation_data(certobj_annotation)
|
||||
if patch_needed is True:
|
||||
# Update the annotation
|
||||
|
@ -336,16 +338,12 @@ def get_file_mode_metadata(certname, file_loc):
|
|||
|
||||
def get_cert_uuid(certname):
|
||||
ret = 'unknown'
|
||||
token = certmon_utils._get_token(
|
||||
CONF.keystone_authtoken.auth_url + '/v3/auth/tokens',
|
||||
CONF.keystone_authtoken.project_name,
|
||||
CONF.keystone_authtoken.username,
|
||||
CONF.keystone_authtoken.password,
|
||||
CONF.keystone_authtoken.user_domain_name,
|
||||
CONF.keystone_authtoken.project_domain_name,
|
||||
CONF.keystone_authtoken.region_name)
|
||||
|
||||
global TOKEN_CACHE
|
||||
token = TOKEN_CACHE.get_token()
|
||||
|
||||
if token is None:
|
||||
LOG.error('Error in retrieving token. Cannot process cert %s' % certname)
|
||||
return ret
|
||||
|
||||
service_type = 'platform'
|
||||
|
|
Loading…
Reference in New Issue