Refactor code to update entity_id in cert-alarm

During the active-alarm-audit cycle, the internal data structure
of CERT_SNAPSHOT was being overwritten to remove the corresponding
entity_id. Refactored the code to make it intrinsically update
when add_cert_snapshot() is called to avoid such scenarios.

Also fixing the case of an alarm transitioning from expired state
to expiring-soon state (which results in both alarms active).

Test Plan:
PASS: Active-alarm-audit thread will not clobber existing
      entity_id in internal data structure
PASS: When alarm transitions from expired to expiring-soon,
      the expired alarm gets cleared as expected and no duplicates
      are present against one entity.

Story: 2008946
Task: 42852

Signed-off-by: Sabeel Ansari <Sabeel.Ansari@windriver.com>
Change-Id: I6025ca45f7b39426aad6ae7678655945d8d0fcfd

sysinv/sysinv/sysinv/sysinv/cert_alarm/audit.py

@@ -36,16 +36,7 @@ class CertAlarmAudit(object):
         self.collect_cert_snapshot()
         self.fm_obj.collect_all_cert_alarms()
 
-        # Update snapshots
-        """
-        In order to correlate alarms with CERT_SNAPSHOT,
-        we need references to entity_instance_id and
-        alarm_uuids (if any alarms present). This is needed
-        to audit for deleted certificates
-        """
-        # Needs entity_id present before auditing deleted certificates
-        # Do not change order
-        self.update_entity_ids_in_cert_snapshot()
+        # Auditing deleted certificates
         self.audit_for_deleted_certificates()
 
         utils.print_cert_snapshot()
@@ -107,17 +98,10 @@ class CertAlarmAudit(object):
             if entry[1] is not None:
                 utils.add_cert_snapshot(entry[0], entry[1], entry[2], entry[3])
 
-    def update_entity_ids_in_cert_snapshot(self):
-        for cert_name in utils.CERT_SNAPSHOT:
-            entity_id = self.fm_obj.get_entity_instance_id(cert_name)
-            utils.update_cert_snapshot_field(cert_name,
-                                             utils.ENTITY_ID,
-                                             entity_id)
-
     def apply_action_full_audit(self):
         for cert_name in utils.CERT_SNAPSHOT:
             entity_id = utils.CERT_SNAPSHOT[cert_name].get(utils.ENTITY_ID,
-                                self.fm_obj.get_entity_instance_id(cert_name))
+                                utils.get_entity_instance_id(cert_name))
             self.apply_action(cert_name, entity_id)
 
     # ============== Active Alarm audit ===================
@@ -233,6 +217,7 @@ class CertAlarmAudit(object):
                 self.raise_expired(cert_name, entity_id)
             else:
                 self.raise_expiring_soon(cert_name, entity_id)
+                self.clear_expired(cert_name, entity_id)
 
     def raise_expiring_soon(self, cert_name, entity_id):
         if self.alarm_override_check_passed(cert_name):
@@ -276,12 +261,12 @@ class CertAlarmAudit(object):
     def audit_for_deleted_certificates(self):
         LOG.info('Auditing for deleted certificates')
         for alarm_instance in self.fm_obj.ALARMS_SNAPSHOT:
-            entity_id = self.fm_obj.ALARMS_SNAPSHOT[alarm_instance]['ENTITY_ID']
+            entity_id = self.fm_obj.ALARMS_SNAPSHOT[alarm_instance][fm_mgr.ENTITY_ID]
             cert_name = utils.get_cert_name_with_entity_id(entity_id)
             if cert_name is None:
                 LOG.info('Found alarm for entity %s, but no related \
                          certificate resource' % entity_id)
-                alarm_id = self.fm_obj.ALARMS_SNAPSHOT[alarm_instance]['ALARM_ID']
+                alarm_id = self.fm_obj.ALARMS_SNAPSHOT[alarm_instance][fm_mgr.ALARM_ID]
                 self.fm_obj.set_fault(entity_id,
                                       alarm_id,
                                       fm_constants.FM_ALARM_STATE_CLEAR)

sysinv/sysinv/sysinv/sysinv/cert_alarm/fm.py

@@ -39,39 +39,6 @@ class FaultApiMgr(object):
         """
         self.ALARMS_SNAPSHOT = {}
 
-    def get_entity_instance_id(self, cert_name):
-        """
-        Returns entity_instance_ids in format:
-            system.certificate.mode=<mode>.uuid=<uuid>
-            OR
-            namespace=<namespace-name>.certificate=<certificate-name>
-            OR
-            namespace=<namespace-name>.secret=<secret-name>
-            OR
-            system.certificate.k8sRootCA
-        """
-        tmp_id = []
-        if cert_name in utils.CERT_SNAPSHOT:
-            snapshot = utils.CERT_SNAPSHOT[cert_name]
-            if snapshot[utils.SNAPSHOT_KEY_MODE] is utils.UUID:
-                tmp_id.append("system.certificate.mode=%s.uuid=%s" %
-                    (self.get_mode(cert_name), snapshot[utils.UUID]))
-            elif snapshot[utils.SNAPSHOT_KEY_MODE] is utils.MODE_CERT_MGR:
-                tmp_id.append("namespace=%s.certificate=%s" %
-                    (snapshot[utils.SNAPSHOT_KEY_k8s_ns], snapshot[utils.SNAPSHOT_KEY_k8s_cert]))
-            elif snapshot[utils.SNAPSHOT_KEY_MODE] is utils.MODE_SECRET:
-                tmp_id.append("namespace=%s.secret=%s" %
-                    (snapshot[utils.SNAPSHOT_KEY_k8s_ns], snapshot[utils.SNAPSHOT_KEY_k8s_secret]))
-            elif snapshot[utils.SNAPSHOT_KEY_MODE] is utils.MODE_OTHER:
-                tmp_id.append("system.certificate.%s" % cert_name)
-
-        entity_id = ''.join(tmp_id)
-        return entity_id
-
-    @staticmethod
-    def get_mode(cert_name):
-        return 'ssl_ca' if 'ssl_ca' in cert_name else cert_name
-
     def get_reason_text(self, entity_id, alrm_id):
         txt = []
         cert_name = utils.get_cert_name_with_entity_id(entity_id)
@@ -94,7 +61,7 @@ class FaultApiMgr(object):
             txt.append("Certificate ")
             if snapshot[utils.SNAPSHOT_KEY_MODE] is utils.UUID:
                 txt.append("\'system certificate-show %s\' (mode=%s) " %
-                    (snapshot[utils.UUID], self.get_mode(cert_name)))
+                    (snapshot[utils.UUID], utils.get_mode(cert_name)))
             elif snapshot[utils.SNAPSHOT_KEY_MODE] is utils.MODE_CERT_MGR:
                 txt.append("namespace=%s, certificate=%s " %
                     (snapshot[utils.SNAPSHOT_KEY_k8s_ns], snapshot[utils.SNAPSHOT_KEY_k8s_cert]))

sysinv/sysinv/sysinv/sysinv/cert_alarm/utils.py

@@ -299,6 +299,8 @@ def add_cert_snapshot(certname, expirydate, annotation_data, mode_metadata):
     internaldict.update(annotation_data)
     internaldict.update(mode_metadata)
     CERT_SNAPSHOT[certname] = internaldict
+    # After entry added in CERT_SNAPSHOT, update entity_id
+    internaldict[ENTITY_ID] = get_entity_instance_id(certname)
 
 
 def update_cert_snapshot_field(cert_name, key, value):
@@ -395,3 +397,38 @@ def get_cert_uuid(certname):
         LOG.exception(e)
 
     return ret
+
+
+def get_mode(cert_name):
+    return 'ssl_ca' if 'ssl_ca' in cert_name else cert_name
+
+
+def get_entity_instance_id(cert_name):
+    """
+    Returns entity_instance_ids in format:
+        system.certificate.mode=<mode>.uuid=<uuid>
+        OR
+        namespace=<namespace-name>.certificate=<certificate-name>
+        OR
+        namespace=<namespace-name>.secret=<secret-name>
+        OR
+        system.certificate.k8sRootCA
+    """
+    global CERT_SNAPSHOT
+    tmp_id = []
+    if cert_name in CERT_SNAPSHOT:
+        snapshot = CERT_SNAPSHOT[cert_name]
+        if snapshot[SNAPSHOT_KEY_MODE] is UUID:
+            tmp_id.append("system.certificate.mode=%s.uuid=%s" %
+                (get_mode(cert_name), snapshot[UUID]))
+        elif snapshot[SNAPSHOT_KEY_MODE] is MODE_CERT_MGR:
+            tmp_id.append("namespace=%s.certificate=%s" %
+                (snapshot[SNAPSHOT_KEY_k8s_ns], snapshot[SNAPSHOT_KEY_k8s_cert]))
+        elif snapshot[SNAPSHOT_KEY_MODE] is MODE_SECRET:
+            tmp_id.append("namespace=%s.secret=%s" %
+                (snapshot[SNAPSHOT_KEY_k8s_ns], snapshot[SNAPSHOT_KEY_k8s_secret]))
+        elif snapshot[SNAPSHOT_KEY_MODE] is MODE_OTHER:
+            tmp_id.append("system.certificate.%s" % cert_name)
+
+    entity_id = ''.join(tmp_id)
+    return entity_id