Unit test covering subcloud audit plus minor bug fix

Provide some mocked tests covering the basic functionality of the subcloud audit. This commit also includes two fixes in the mainline code (both are very minor and so are included directly in this commit): - The subcloud next audit timestamp comparison should match on equals since it it ready to be audited by this timestamp. This is a very minor issue and would only result in a small extra delay for the given subcloud. - When enqueueing a subcloud for audit, if a timestamp is provided the delay parameter is ignored. This would result in unexpected timing if if both parameters are supplied. Note: this combination is not used in the current code. Story: 2008960 Task: 43350 Change-Id: If5882c321a128daa7de5eda1806b250509b4ca3e Signed-off-by: Kyle MacLeod <kyle.macleod@windriver.com>
2021-09-16 11:58:34 -04:00 · 2021-09-16 11:58:34 -04:00 · 7608025ed3
parent 96dfc370b5
commit 7608025ed3
7 changed files with 299 additions and 13 deletions
--- a/sysinv/sysinv/sysinv/sysinv/cert_mon/certificate_mon_manager.py
+++ b/sysinv/sysinv/sysinv/sysinv/cert_mon/certificate_mon_manager.py
@ -82,8 +82,11 @@ class CertificateMonManager(periodic_task.PeriodicTasks):
        self.registrycert_monitor = None
        self.reattempt_monitor_tasks = []
        self.sc_audit_queue = subcloud_audit_queue.SubcloudAuditPriorityQueue()
-        self.sc_audit_pool = eventlet.greenpool.GreenPool(
-            size=CONF.certmon.audit_greenpool_size)
+        if CONF.certmon.audit_greenpool_size > 0:
+            self.sc_audit_pool = eventlet.greenpool.GreenPool(
+                size=CONF.certmon.audit_greenpool_size)
+        else:
+            self.sc_audit_pool = None

    def periodic_tasks(self, context, raise_on_error=False):
        """Tasks to be run at a periodic interval."""
@ -162,7 +165,7 @@ class CertificateMonManager(periodic_task.PeriodicTasks):
            # Only continue if the next in queue is ready to be audited
            # Peek into the timestamp of the next item in our priority queue
            next_audit_timestamp = self.sc_audit_queue.queue[0][0]
-            if next_audit_timestamp >= int(time.time()):
+            if next_audit_timestamp > int(time.time()):
                LOG.debug("audit_sc_cert_task: no audits ready for "
                          "processing, qsize=%s"
                          % self.sc_audit_queue.qsize())
@ -170,12 +173,12 @@ class CertificateMonManager(periodic_task.PeriodicTasks):

            _, sc_audit_item = self.sc_audit_queue.get()
            LOG.debug(
-                ("audit_sc_cert_task: enqueue subcloud audit %s, "
-                 "qsize:%s, batch:%s") %
+                "audit_sc_cert_task: enqueue subcloud audit %s, "
+                "qsize:%s, batch:%s" %
                (sc_audit_item, self.sc_audit_queue.qsize(), batch_count))

            # This item is ready for audit
-            if CONF.certmon.audit_greenpool_size > 0:
+            if self.sc_audit_pool is not None:
                self.sc_audit_pool.spawn_n(self.do_subcloud_audit,
                                           sc_audit_item)
            else:
--- a/sysinv/sysinv/sysinv/sysinv/cert_mon/subcloud_audit_queue.py
+++ b/sysinv/sysinv/sysinv/sysinv/cert_mon/subcloud_audit_queue.py
@ -40,8 +40,8 @@ class SubcloudAuditData(object):
        return hash(self.name)

    def __str__(self):
-        return "SubcloudAuditData: %s, audit_count: %s" % (self.name,
-                                                           self.audit_count)
+        return "SubcloudAuditData: {name: %s, audit_count: %s}" % (
+            self.name, self.audit_count)


 class SubcloudAuditException(Exception):
@ -78,6 +78,8 @@ class SubcloudAuditPriorityQueue(PriorityQueue):
                                         % sc_audit_item.name)
        if timestamp is None:
            timestamp = self.__get_next_audit_timestamp(delay_secs)
+        else:
+            timestamp += delay_secs

        # this PriorityQueue is ordered by the next timestamp:
        sc_audit_item.audit_count += 1
--- a/sysinv/sysinv/sysinv/sysinv/tests/cert_mon/data/audit/ca-chain-bundle.cert.pem
+++ b/sysinv/sysinv/sysinv/sysinv/tests/cert_mon/data/audit/ca-chain-bundle.cert.pem
@ -0,0 +1,64 @@
+-----BEGIN CERTIFICATE-----
+MIIFmDCCA4CgAwIBAgIBATANBgkqhkiG9w0BAQsFADBcMQswCQYDVQQGEwJDQTEL
+MAkGA1UECAwCT04xDzANBgNVBAcMBk90dGF3YTENMAsGA1UECgwEV1JDUDEMMAoG
+A1UECwwDT3JnMRIwEAYDVQQDDAlsb2NhbGhvc3QwHhcNMjEwNjI4MTkwOTM5WhcN
+MjgwOTI5MTkwOTM5WjBbMQswCQYDVQQGEwJDQTELMAkGA1UECAwCT04xDTALBgNV
+BAoMBFdSQ1AxDDAKBgNVBAsMA09yZzEiMCAGA1UEAwwZbG9jYWxob3N0IEludGVy
+bWVkaWF0ZSBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKp9wfxx
+Ei6farnJEKvYqvrRCKxfJPXsxkl6L5VzPmhNcE1ZVKS0kJwKGOFj11u9oVjZW0mg
+FvKkO9wyQi51qH7oP+wapcY4D3eWsxwnmb22T4rN9y4pR8p7oZDBdDQnTYWOskiD
+y/zZktmiJ2q7CqT50a8ZULK35TSoyZGL3f5QFambgmEtmicYmKsytkWWnmyj0sJG
+Rs8sgnKO6LxG6M0k4Kyl2uesSVvoITPXveZclDLTaT0xLZfLA/CppaFWaoLJfyDB
+F4xT62ExXzVKO+uEoJugBM7GBTqrdnQHKwMz+5MG6PrRPpgMuu5nlzXyKpT/RStJ
+rOAuoIUNF+f1vJKzp2S6nXe+VgKJ8IkxONAu6GZTxkf3KNG3WN3JsTA7a1WVB1Lj
+0e+ZJv7JeomwRZP6Qi+V+FI/rzRMlk0fRSLKh0NzAvJMsLrjxicpUQyhdctgqz7s
+Rop0d1W9ZEwG2JyjoNC5T9cu++M3sSkyr4AZU/OZjIx7Fsv5IJKY/d39Mpb5ohzA
+6e5ytt/f0vihvvZ5iDQo863KVz6EHii+Y43/V/ZU1XgJfffooQpIbadbNSgGD5Ja
+B40gWq2NxtVzdA0BW+zq3o5wocuxON0esJqjBJV0g+D+iY/P+mceQgJE3nloSG4h
+i8Vgs44+evcdi/Theyywwja9fx/rNdHDRhudAgMBAAGjZjBkMB0GA1UdDgQWBBQO
+85wRSbaj2r7tboYBpRzcaWiP9zAfBgNVHSMEGDAWgBQLijSZJvvFXfbD8I2BdwMc
+NhdAlDASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG
+9w0BAQsFAAOCAgEAnJtwZeMfgZcDjJviPS5dxv9RxDMebRidBcFhUNr2uZRLhz/x
+HSZ+/u8kYM2DkylAvVRypoIvFwzef2tX1OIJnn5P8ww//uAYh6Z8fPuT/++8M7da
+76u1DfsUgOnwTAGd99m4SFlh19hjpkn8+cQ/JOLhjldQw5LnWmqlTc/dPnO7fRLF
+af8kqHNTHaz1yJJMvYd3IhZYW+sB7uQk/+bdutBycBpVNeTXV7bT1e+zVllYuAY2
+Sw0CxQENb4h/QKNu0wpTVvk0wJaEVB5Zg69/gFzJPVZmjJ8RAUuGkPlSZ+rgi1Xk
+tZ3CvJEuOqvGj3q30Zh6hGqvT6pL+kI+MAn0tiPT5+xGXKGOCpsmOSYx+O8ncynS
+ZHP3NkRMPaj6x/zx2OkCmsK22WLa5Yv3x4eIRmPWScyj+Rw9pPlmMiSgdDAUAmXL
+XN6EuveNUnjmPPnSE8R7UO3dUlrV12Mc6yCu+M8fljInpA5oanXfFf095U79RKYS
+P88Ov1NooqzAUtvScfOp1CEZRpWCktkXz0GdiphZjiIqWWlod7nS9L96Xy83Sm+L
+/kDmTF8Rswrd5fedBbf+ZKzdZYl5lC/6RYsWc4tK5B64qZYmYD2YGcM8i8xMn45V
+O8QS40gegrVJamKMwEhhcaXjgZTymaXAG0ypkAU1PorSWS3DxgKBaP4I3fA=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFmTCCA4GgAwIBAgIUHzDAj50gsWu1ur+dW7z/6Zkx3t0wDQYJKoZIhvcNAQEL
+BQAwXDELMAkGA1UEBhMCQ0ExCzAJBgNVBAgMAk9OMQ8wDQYDVQQHDAZPdHRhd2Ex
+DTALBgNVBAoMBFdSQ1AxDDAKBgNVBAsMA09yZzESMBAGA1UEAwwJbG9jYWxob3N0
+MB4XDTIxMDYyODE4MDMyN1oXDTMxMDYyNjE4MDMyN1owXDELMAkGA1UEBhMCQ0Ex
+CzAJBgNVBAgMAk9OMQ8wDQYDVQQHDAZPdHRhd2ExDTALBgNVBAoMBFdSQ1AxDDAK
+BgNVBAsMA09yZzESMBAGA1UEAwwJbG9jYWxob3N0MIICIjANBgkqhkiG9w0BAQEF
+AAOCAg8AMIICCgKCAgEAtQj+/6gE5gSKFys6QoUUEFQRjdPWFJ+upjJtNdZhNOEf
+rrJUj79NL6OK00E6QvhloMPtRwFUujaiVz6mHsv+NFRy+2hyPepTMZWU+g1JlPdY
+nU/VAf2yiCVQ8V6npu/sexK+H9Uqwg14LJ8pZDfVpxpja6RvW/dXm3MSvf1Yw6Jk
+MCfetOCakcqwxI4BA0y95dfJdxhHjd3RkpjGUehlVyGILBNXNFJ3Re1FPl3ZjwHT
+9DhtI4LB14+A0n2iAfz9oQpA0Y2uJaXLjmNHTBGvXqHlxZUGIORKy2H/R0D/1e93
+SOAQ9MBSOkzV0Bf9JOgUOKvwD3HfbS5gXo9AX3oPkpGqdQDGqU4O+KjlzMlUJrNm
+GBspYQfjGouimXFO7XaNgC3TX5w+p0HNL4JPxP49QuBiEpp6wRHmlUa2vAcLR+Ok
+jcFz5KRFAd9dOlkD2ZIRHPHBQw5GToHH2gxQ9SScIYqLeUCy3LO0QbclsV5b/JLq
+YJOKNwqdfhdU19s1uFbYmKGa1KWaAbsrZwDWEYs3ZR5vGGF0R62Y1w48BgxasNK4
+lZL5dmtg1pHvhwCmBuWrs5HTAiWwnC+CqMexSmh5Bp7dFjljN0jifnDOI8K+nfeJ
+BELCfQC3rVP4Ce+Tqd93fmFYWXeirtk1V2svqFsa2CfycEbQSY7U43FwLjrVE0C
+AwEAAaNTMFEwHQYDVR0OBBYEFAuKNJkm+8Vd9sPwjYF3Axw2F0CUMB8GA1UdIwQY
+MBaAFAuKNJkm+8Vd9sPwjYF3Axw2F0CUMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
+hvcNAQELBQADggIBACzBZlCt7rHjHM9VdK+Bhu+WUeLV76jdq4NRCUaz4peizHxY
+3+Cyon43LxGTxuUKVb+OibkkJiOBr5M8aIXXBD+d4UEfjccEpDGHEppMiYx2uo8O
+Jj04rP1Nm1ZrZ/qe5CDPAPCLIDFYhsf1SJ01ypmrsL633IpGxqcLm0mYqk4ypgf6
+sa+cxlWv44cAvrvUjL+oUqqFdwMFRu2SRSe0Q/zJo8ZTxM0CQI+vq7rMWwBLgZcF
+OLHMhdNRUXWhlpQvnNHN2j35WpY+c+udHpeOcgD03PYIjtf69H8FXclXTYXIrdM9
+H39BH1oZd0NwtVaAzzQZl07wmlUW7pwFEhrpq4PwrOLgjIW3qr/6snIODkoManhg
+fhwExaLr/GDS0tIxt7CNd349vWDGstFIoP1otfKqApsC24kY/icOyZ+IpoZTf2lf
+ipy2R32FEMu/u0Y/DEYKxlaqFyZvOYdgUDMQ7IP7aveykw1iRAtCW5zJRjpaYb1n
+juqBou6WqzpcLsBPABn0ELSc7IDr8V1PQNx4mEtXOhb6cyZ2+V59rhq+Jf8Fn196
+p/TxP8+5GwgGhXTQJpoSC/PV6Hclqm9FGfomVqZLfEiHVC2xsfBf4GNi/DIqo0VL
+ee9mqghQGDQ6agMfIEw8dsX19uEKvsfCx5O0VvCzZmre4U1ZzqtuLY2OMhjU
+-----END CERTIFICATE-----
--- a/sysinv/sysinv/sysinv/sysinv/tests/cert_mon/data/audit/cacert.pem
+++ b/sysinv/sysinv/sysinv/sysinv/tests/cert_mon/data/audit/cacert.pem
@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIIFmTCCA4GgAwIBAgIUHzDAj50gsWu1ur+dW7z/6Zkx3t0wDQYJKoZIhvcNAQEL
+BQAwXDELMAkGA1UEBhMCQ0ExCzAJBgNVBAgMAk9OMQ8wDQYDVQQHDAZPdHRhd2Ex
+DTALBgNVBAoMBFdSQ1AxDDAKBgNVBAsMA09yZzESMBAGA1UEAwwJbG9jYWxob3N0
+MB4XDTIxMDYyODE4MDMyN1oXDTMxMDYyNjE4MDMyN1owXDELMAkGA1UEBhMCQ0Ex
+CzAJBgNVBAgMAk9OMQ8wDQYDVQQHDAZPdHRhd2ExDTALBgNVBAoMBFdSQ1AxDDAK
+BgNVBAsMA09yZzESMBAGA1UEAwwJbG9jYWxob3N0MIICIjANBgkqhkiG9w0BAQEF
+AAOCAg8AMIICCgKCAgEAtQj+/6gE5gSKFys6QoUUEFQRjdPWFJ+upjJtNdZhNOEf
+rrJUj79NL6OK00E6QvhloMPtRwFUujaiVz6mHsv+NFRy+2hyPepTMZWU+g1JlPdY
+nU/VAf2yiCVQ8V6npu/sexK+H9Uqwg14LJ8pZDfVpxpja6RvW/dXm3MSvf1Yw6Jk
+MCfetOCakcqwxI4BA0y95dfJdxhHjd3RkpjGUehlVyGILBNXNFJ3Re1FPl3ZjwHT
+9DhtI4LB14+A0n2iAfz9oQpA0Y2uJaXLjmNHTBGvXqHlxZUGIORKy2H/R0D/1e93
+SOAQ9MBSOkzV0Bf9JOgUOKvwD3HfbS5gXo9AX3oPkpGqdQDGqU4O+KjlzMlUJrNm
+GBspYQfjGouimXFO7XaNgC3TX5w+p0HNL4JPxP49QuBiEpp6wRHmlUa2vAcLR+Ok
+jcFz5KRFAd9dOlkD2ZIRHPHBQw5GToHH2gxQ9SScIYqLeUCy3LO0QbclsV5b/JLq
+YJOKNwqdfhdU19s1uFbYmKGa1KWaAbsrZwDWEYs3ZR5vGGF0R62Y1w48BgxasNK4
+lZL5dmtg1pHvhwCmBuWrs5HTAiWwnC+CqMexSmh5Bp7dFjljN0jifnDOI8K+nfeJ
+BELCfQC3rVP4Ce+Tqd93fmFYWXeirtk1V2svqFsa2CfycEbQSY7U43FwLjrVE0C
+AwEAAaNTMFEwHQYDVR0OBBYEFAuKNJkm+8Vd9sPwjYF3Axw2F0CUMB8GA1UdIwQY
+MBaAFAuKNJkm+8Vd9sPwjYF3Axw2F0CUMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
+hvcNAQELBQADggIBACzBZlCt7rHjHM9VdK+Bhu+WUeLV76jdq4NRCUaz4peizHxY
+3+Cyon43LxGTxuUKVb+OibkkJiOBr5M8aIXXBD+d4UEfjccEpDGHEppMiYx2uo8O
+Jj04rP1Nm1ZrZ/qe5CDPAPCLIDFYhsf1SJ01ypmrsL633IpGxqcLm0mYqk4ypgf6
+sa+cxlWv44cAvrvUjL+oUqqFdwMFRu2SRSe0Q/zJo8ZTxM0CQI+vq7rMWwBLgZcF
+OLHMhdNRUXWhlpQvnNHN2j35WpY+c+udHpeOcgD03PYIjtf69H8FXclXTYXIrdM9
+H39BH1oZd0NwtVaAzzQZl07wmlUW7pwFEhrpq4PwrOLgjIW3qr/6snIODkoManhg
+fhwExaLr/GDS0tIxt7CNd349vWDGstFIoP1otfKqApsC24kY/icOyZ+IpoZTf2lf
+ipy2R32FEMu/u0Y/DEYKxlaqFyZvOYdgUDMQ7IP7aveykw1iRAtCW5zJRjpaYb1n
+juqBou6WqzpcLsBPABn0ELSc7IDr8V1PQNx4mEtXOhb6cyZ2+V59rhq+Jf8Fn196
+p/TxP8+5GwgGhXTQJpoSC/PV6Hclqm9FGfomVqZLfEiHVC2xsfBf4GNi/DIqo0VL
+ee9mqghQGDQ6agMfIEw8dsX19uEKvsfCx5O0VvCzZmre4U1ZzqtuLY2OMhjU
+-----END CERTIFICATE-----
--- a/sysinv/sysinv/sysinv/sysinv/tests/cert_mon/data/audit/cakey.pem
+++ b/sysinv/sysinv/sysinv/sysinv/tests/cert_mon/data/audit/cakey.pem
@ -0,0 +1,54 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,C9DF03D7F1873B44
+
+4Gahkr3qJw6kHsiny7rUICwR4YqWl64oTU4rf9aJaP1RJoNIbldRW65xo5PMLP1t
+KTqVhvE+Pt/kRufP1R/PKc5B3tUbMPQOI8+fhuh5UMgmT/AxiqADhDe7IKFgGfaw
+5dJurlan2bxu/qYv56Oshd44hvvicHhUcYGRxCD+EFCGp1BzaVRIhsx4NgL0+6mJ
+BGZfNl0RO4aW8TkRSaBS0YEISf6XBvMq7JzuaG0vb+cLWFF08jVBNUta/9nZfsy+
+YUkA72ZDSiy3BDYGJbUfKFRinwMSGjf0YGz8zTTjCwdwbHa8pZ6zznmjMU1i/pXz
+LkNpjivB572tPw+97jF+ltvvkNgJb9bUjJgsePgv+nUrdmSkqmhTiKASQTzoaRim
+H7BPor80B6DJXW+KNOOozWAD4t4JkV6fro1neGRZFHbmIWr58zjQSlapryHHIijE
+l1Q1HXnOGrcuijqVPWHVWX4LR/oYWHYeyDE2VQy0Ab19FucCKl61Fj0Of6hqzGXj
+D1bJCL/DWWvwq79ICqDKEzFBCMeGHl50hLRG2+qCRHv5tbso4qETeyHmiforiMt7
+MUdVsTf9xAssipQ0MRhdWKL/2mw2D7M+GUaHkiQFMe21ajXOdGWk8YOSoVJAbsQ5
+xncz5JdbDkcYDWBoFGo6FAYODkpchmjiWf2hpH32WSaI6m4ZK3vEkbiYNQNOUFiP
+/17K5dxoU/idvg9sZq9L7X6HvN5axuBFjvJXSB0sOiLCwQqWxysnBlbvEiqvHHlx
+LMV7LLXZcqQPOxJ1zhCDFng2O/fBWoGRYGdDAE4DKjVQSBaF8z4DPDjzQrqptEYY
+0gxMd1sYDHU7AiVybeRP2LXCgPk2kWlo3zVEZox/a8ddZehpwsvXCihu8b9RtsXU
+Z7CxejHryGEbIuBOl8MUxQyY6dSeERvgz13UGpD6AQ+6PrN2/s2zEZlwkch2VQFj
+VMua7OCrNgT7WotZ1XxQY3VSF8XfW7CQKMdPnvSka39bQ91Fg8k+1HGhlnevmxxS
+DIHA6knlFV9Lo7aPOo3PqHIPAgCNZxMRA5Kt+jIR7E+FIOFiQSZ++kHoyoUQBed8
+JT7qQCgO8/NungowM6UG/SmbJuC1Bb7IFRfu5aekKVqXx54LkfpBD7swV/F0j1sp
+aqL/Ry4cmUGDPckTn+4fTsq2oz0OfMB2/dYL40acZDq1wuh2XmJali7Txejz1knf
+CE9eRlEsPuIBbJKg690Ktbm5H2qlMFu5gak1b0qUmokfDUEtF7RhU1VxCYaVjL0C
+EceqWmf7L0GTs1oPzwb7gEKknaEUczWgcMCPycaP6FQ6cay7Be8ksd17X0q+xZgh
+tKqWYv6CyfzG8ZWiMYdft/0R5L5vfY+cbAI/ROQfik9WetV5m3mSyWe9csel8MjA
+2PdaU3Oi4y9s5buUX76KDaro2s8PvRbGaRpktt1Hv0Zhn6fyko+mZovEpEnpBJqe
+QzNDbj8IGj++fF5G8oLygndPMZ2tr3K1HKU/gq2XhwE24Z4KVjOXtqD9yb3aSkDr
+k7oDYnMbcwfQKpR8lJPfs7WOfgO318J9q5HSINxmgAOiA9DqU3H0eVEvFXCCmwWY
+pMgitSITRpnGO8Xq/sD1DtKKKb2P05f2rgLVXO/SvTbI4OgeKz6UJx1TxKCfHU0n
+c6U28cpICw5YX+r2vl6OhJTpODAbZExljEUWg16f2z9+XLkQ2sLA8mjEh2vwBaI9
+j6S+T6DER7XjIhxMxvm3LDmHJxpGLhUlul83i2pEdj6CgVJE0M7ZaLk959nig4N7
+WvI6syq+uV9enSIuDZz8hxBISG+LYvUwvWZCP6um0CAgwyVUy7zKwj+dgN6xZN3N
+b4LJNKXIsoW2Eg4717liPpu090+8MMcSN54fgE+YJT0e8JlHnrbq1P92DaKrpFcO
+E1R4xugQr303Kl5vOG+ZhgK8ZZhKC/rzk2ZPTg3tPI+vB+ZSwd2gB3jC5V4vHceN
+QIjX4F2e/ebsQ5+S9oppTkX15Z4YnQmMc+1Zf5HJlReoQ2xyx7VbbH1lCjWLBCw8
+W5/N1ucUMVABUSuCsdsTajFKMmWZynWYPAaYKQJBUUepuqBCf3rHghiqt/5quyRf
+djF96GvpA9whsU5GxqZ/vnJJvQcUuJE3KLx1MvM9mXDQEki3h2ypgDzJ/VDdZYM9
+a1ciUbfGPuA9FnvCz/Rfnpj5xtDPh45Ci5jnSZTo9OYULfgpPWk72qEgVYd14dCs
+jcK7M3zGXUtJ98gxb+3KMqfR0QOMn3/lB15R7KHvkK9xgLVNNtB7lAsGbbDI4Nb+
+3zx/gtWq1N9/2WTJPEsncWTKrA/AmqBwnQbjqk6kc9DMZ09FuHxfdATM07YcUxQf
+EAgAgTiqJIBgMItAhavnTQkOAXHSpcx6/3yB5duPVO+KyQ9y9yPTtVDCysbr2Jcy
+h6UKkty5cEVCY5oT529B7CzUYc+yRHeJjk19aJqyXmawSS/vyxIYRPaXnFeSiyFn
+gEU0b+N31k+S7pvZQHsJwnuKCVvkSC5X04tM67aqhDpSroO7V0FwAxzqbr5Omwax
+eDUPEIEOYzQ5lsJNSja9UcnWBWqcpJrNh+hPoXSsltJTsm8aNebHQqTvBn02zITK
+aoL5wccXXToPy2d+7p0zYyWbTz34zntmN/3+HyGf6vOsEcHtOwTvRuVDz1c9+Sx
+N+Dq8T7gSLJRFNbYeIVIYpA/Yuzabaik7jbUlmVDw7+BUfJ66RP1/jw3AEUtYY4u
+a0FCZ4fDiJMxQrOS8Wwx1nVKQUY/tNmruSlMhdtJJTqISZa8vrT3u5civvVntl2y
+3BmwVlEMY7Rq6VCf25Q7ws4MPeCWshsJMkcSFONt3LOXNVrKquYS5CmDPFYv+sMB
+fzX0CWgaq25HjwV7wFBb04oVYZq1DPRp7MVWDmUbTtGM3PwR0ln6n8eyvmHQNzkx
+fBoW1o7ACuYjTAVZuqVyu6LL7OxV+GcDPYxXAcnUfGAPj/3/LDkaDPID5/AeynC9
+PjPQQl7aOw8ZY/fYyfWrrW5n82JsbaJ0b5ZehkxGzxeVzmIsbpkDbNGkgIVYoLGh
+LA3ywiCgkYHjrTw1i1nW66Dw54IWkvej/woR2GD4jxMv2aKWC7cmx05YUjWLMGNB
+-----END RSA PRIVATE KEY-----
--- a/sysinv/sysinv/sysinv/sysinv/tests/cert_mon/data/audit/intermediate.cacert.pem
+++ b/sysinv/sysinv/sysinv/sysinv/tests/cert_mon/data/audit/intermediate.cacert.pem
@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIIFmDCCA4CgAwIBAgIBATANBgkqhkiG9w0BAQsFADBcMQswCQYDVQQGEwJDQTEL
+MAkGA1UECAwCT04xDzANBgNVBAcMBk90dGF3YTENMAsGA1UECgwEV1JDUDEMMAoG
+A1UECwwDT3JnMRIwEAYDVQQDDAlsb2NhbGhvc3QwHhcNMjEwNjI4MTkwOTM5WhcN
+MjgwOTI5MTkwOTM5WjBbMQswCQYDVQQGEwJDQTELMAkGA1UECAwCT04xDTALBgNV
+BAoMBFdSQ1AxDDAKBgNVBAsMA09yZzEiMCAGA1UEAwwZbG9jYWxob3N0IEludGVy
+bWVkaWF0ZSBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKp9wfxx
+Ei6farnJEKvYqvrRCKxfJPXsxkl6L5VzPmhNcE1ZVKS0kJwKGOFj11u9oVjZW0mg
+FvKkO9wyQi51qH7oP+wapcY4D3eWsxwnmb22T4rN9y4pR8p7oZDBdDQnTYWOskiD
+y/zZktmiJ2q7CqT50a8ZULK35TSoyZGL3f5QFambgmEtmicYmKsytkWWnmyj0sJG
+Rs8sgnKO6LxG6M0k4Kyl2uesSVvoITPXveZclDLTaT0xLZfLA/CppaFWaoLJfyDB
+F4xT62ExXzVKO+uEoJugBM7GBTqrdnQHKwMz+5MG6PrRPpgMuu5nlzXyKpT/RStJ
+rOAuoIUNF+f1vJKzp2S6nXe+VgKJ8IkxONAu6GZTxkf3KNG3WN3JsTA7a1WVB1Lj
+0e+ZJv7JeomwRZP6Qi+V+FI/rzRMlk0fRSLKh0NzAvJMsLrjxicpUQyhdctgqz7s
+Rop0d1W9ZEwG2JyjoNC5T9cu++M3sSkyr4AZU/OZjIx7Fsv5IJKY/d39Mpb5ohzA
+6e5ytt/f0vihvvZ5iDQo863KVz6EHii+Y43/V/ZU1XgJfffooQpIbadbNSgGD5Ja
+B40gWq2NxtVzdA0BW+zq3o5wocuxON0esJqjBJV0g+D+iY/P+mceQgJE3nloSG4h
+i8Vgs44+evcdi/Theyywwja9fx/rNdHDRhudAgMBAAGjZjBkMB0GA1UdDgQWBBQO
+85wRSbaj2r7tboYBpRzcaWiP9zAfBgNVHSMEGDAWgBQLijSZJvvFXfbD8I2BdwMc
+NhdAlDASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG
+9w0BAQsFAAOCAgEAnJtwZeMfgZcDjJviPS5dxv9RxDMebRidBcFhUNr2uZRLhz/x
+HSZ+/u8kYM2DkylAvVRypoIvFwzef2tX1OIJnn5P8ww//uAYh6Z8fPuT/++8M7da
+76u1DfsUgOnwTAGd99m4SFlh19hjpkn8+cQ/JOLhjldQw5LnWmqlTc/dPnO7fRLF
+af8kqHNTHaz1yJJMvYd3IhZYW+sB7uQk/+bdutBycBpVNeTXV7bT1e+zVllYuAY2
+Sw0CxQENb4h/QKNu0wpTVvk0wJaEVB5Zg69/gFzJPVZmjJ8RAUuGkPlSZ+rgi1Xk
+tZ3CvJEuOqvGj3q30Zh6hGqvT6pL+kI+MAn0tiPT5+xGXKGOCpsmOSYx+O8ncynS
+ZHP3NkRMPaj6x/zx2OkCmsK22WLa5Yv3x4eIRmPWScyj+Rw9pPlmMiSgdDAUAmXL
+XN6EuveNUnjmPPnSE8R7UO3dUlrV12Mc6yCu+M8fljInpA5oanXfFf095U79RKYS
+P88Ov1NooqzAUtvScfOp1CEZRpWCktkXz0GdiphZjiIqWWlod7nS9L96Xy83Sm+L
+/kDmTF8Rswrd5fedBbf+ZKzdZYl5lC/6RYsWc4tK5B64qZYmYD2YGcM8i8xMn45V
+O8QS40gegrVJamKMwEhhcaXjgZTymaXAG0ypkAU1PorSWS3DxgKBaP4I3fA=
+-----END CERTIFICATE-----
--- a/sysinv/sysinv/sysinv/sysinv/tests/cert_mon/test_cert_mon.py
+++ b/sysinv/sysinv/sysinv/sysinv/tests/cert_mon/test_cert_mon.py
@ -10,9 +10,12 @@ import filecmp
 import json
 import mock
 import os.path
+import time

 from sysinv.common import constants
 from sysinv.cert_mon import service as cert_mon
+from sysinv.cert_mon import certificate_mon_manager as cert_mon_manager
+from sysinv.cert_mon import subcloud_audit_queue
 from sysinv.cert_mon import utils as cert_mon_utils
 from sysinv.cert_mon import watcher as cert_mon_watcher
 from sysinv.openstack.common.keystone_objects import Token
@ -32,8 +35,9 @@ class CertMonTestCase(base.DbTestCase):
        self.rest_api_request_result = None

        def mock_rest_api_request(token, method, api_cmd,
-                                    api_cmd_payload=None, timeout=10):
+                                  api_cmd_payload=None, timeout=10):
            return self.rest_api_request_result
+
        self.mocked_rest_api_request = mock.patch(
            'sysinv.cert_mon.utils.rest_api_request',
            mock_rest_api_request)
@ -45,11 +49,10 @@ class CertMonTestCase(base.DbTestCase):

    def test_platform_certs_secret_and_ns_check(self):
        self.assertEqual("system-restapi-gui-certificate",
-                            constants.RESTAPI_CERT_SECRET_NAME)
+                         constants.RESTAPI_CERT_SECRET_NAME)
        self.assertEqual("system-registry-local-certificate",
-                            constants.REGISTRY_CERT_SECRET_NAME)
-        self.assertEqual("deployment",
-                            constants.CERT_NAMESPACE_PLATFORM_CERTS)
+                         constants.REGISTRY_CERT_SECRET_NAME)
+        self.assertEqual("deployment", constants.CERT_NAMESPACE_PLATFORM_CERTS)

    def test_update_pemfile(self):
        reference_file = self.get_data_file_path("cert-with-key.pem")
@ -170,3 +173,99 @@ class CertMonTestCase(base.DbTestCase):

        mock_watch_instance.stream.assert_called_once()
        mock_watch_instance.stop.assert_called_once()
+
+    def _get_valid_certificate_pem(self):
+        cert_filename = self.get_data_file_path("audit/cacert.pem")
+        with open(cert_filename, 'r') as cfile:
+            cert_file = cfile.read()
+        return cert_file
+
+    def _get_sc_intermediate_ca_secret(self):
+        cert_filename = self.get_data_file_path("audit/ca-chain-bundle.cert.pem")
+        key_filename = self.get_data_file_path("audit/cakey.pem")
+        cacert_filename = self.get_data_file_path("audit/cacert.pem")
+        with open(cert_filename, 'r') as cfile:
+            tls_cert = cfile.read()
+        with open(key_filename, 'r') as kfile:
+            tls_key = kfile.read()
+        with open(cacert_filename, 'r') as kfile:
+            ca_cert = kfile.read()
+        return {
+            'data': {
+                'tls.crt': tls_cert,
+                'tls.key': tls_key,
+                'ca.crt': ca_cert
+            }
+        }
+
+    def test_audit_sc_cert_task_shallow(self):
+        """Test the audit_sc_cert_task basic queuing functionality.
+        Mocks beginning at do_subcloud_audit"""
+        with mock.patch.object(cert_mon_manager.CertificateMonManager,
+                               "do_subcloud_audit") as mock_do_subcloud_audit:
+            mock_do_subcloud_audit.return_value = None
+
+            cmgr = cert_mon_manager.CertificateMonManager()
+            cmgr.use_sc_audit_pool = False  # easier for testing in serial
+
+            cmgr.sc_audit_queue.enqueue(
+                subcloud_audit_queue.SubcloudAuditData("test1"), delay_secs=1)
+            cmgr.sc_audit_queue.enqueue(
+                subcloud_audit_queue.SubcloudAuditData("test2"), delay_secs=2)
+
+            self.assertEqual(cmgr.sc_audit_queue.qsize(), 2)
+            # Run audit immediately, it should not have picked up anything
+            cmgr.audit_sc_cert_task(None)
+            mock_do_subcloud_audit.assert_not_called()
+            self.assertEqual(cmgr.sc_audit_queue.qsize(), 2)
+
+            time.sleep(3)
+            cmgr.audit_sc_cert_task(None)
+            # It should now be drained:
+            mock_do_subcloud_audit.assert_called()
+            self.assertEqual(cmgr.sc_audit_queue.qsize(), 0)
+
+            mock_do_subcloud_audit.reset_mock()
+            cmgr.audit_sc_cert_task(None)
+            mock_do_subcloud_audit.assert_not_called()
+
+    def test_audit_sc_cert_task_deep(self):
+
+        """Test the audit_sc_cert_task basic queuing functionality"""
+        with mock.patch.multiple("sysinv.cert_mon.utils",
+                                 dc_get_subcloud_sysinv_url=mock.DEFAULT,
+                                 get_endpoint_certificate=mock.DEFAULT,
+                                 get_sc_intermediate_ca_secret=mock.DEFAULT,
+                                 is_subcloud_online=mock.DEFAULT,
+                                 get_dc_token=mock.DEFAULT,
+                                 update_subcloud_status=mock.DEFAULT,
+                                 update_subcloud_ca_cert=mock.DEFAULT) as mocks:
+            # returns an SSL cert in PEM-encoded string
+            mocks["dc_get_subcloud_sysinv_url"].return_value \
+                = "https://example.com"
+            mocks["get_endpoint_certificate"].return_value \
+                = self._get_valid_certificate_pem()
+            mocks["get_sc_intermediate_ca_secret"].return_value \
+                = self._get_sc_intermediate_ca_secret()
+            mocks["is_subcloud_online"].return_value = True
+            mocks["get_dc_token"].return_value = None  # don"t care
+            mocks["update_subcloud_status"].return_value = None
+            mocks["update_subcloud_ca_cert"].return_value = None
+
+            cmgr = cert_mon_manager.CertificateMonManager()
+            cmgr.use_sc_audit_pool = False  # easier for testing in serial
+
+            cmgr.sc_audit_queue.enqueue(
+                subcloud_audit_queue.SubcloudAuditData("test1"), delay_secs=1)
+            cmgr.sc_audit_queue.enqueue(
+                subcloud_audit_queue.SubcloudAuditData("test2"), delay_secs=2)
+            self.assertEqual(cmgr.sc_audit_queue.qsize(), 2)
+
+            # Run audit immediately, it should not have picked up anything
+            cmgr.audit_sc_cert_task(None)
+            self.assertEqual(cmgr.sc_audit_queue.qsize(), 2)
+
+            time.sleep(3)
+            cmgr.audit_sc_cert_task(None)
+            # It should now be drained:
+            self.assertEqual(cmgr.sc_audit_queue.qsize(), 0)