Refactor code to update entity_id in cert-alarm
During the active-alarm-audit cycle, the internal data structure of CERT_SNAPSHOT was being overwritten to remove the corresponding entity_id. Refactored the code to make it intrinsically update when add_cert_snapshot() is called to avoid such scenarios. Also fixing the case of an alarm transitioning from expired state to expiring-soon state (which results in both alarms active). Test Plan: PASS: Active-alarm-audit thread will not clobber existing entity_id in internal data structure PASS: When alarm transitions from expired to expiring-soon, the expired alarm gets cleared as expected and no duplicates are present against one entity. Story: 2008946 Task: 42852 Signed-off-by: Sabeel Ansari <Sabeel.Ansari@windriver.com> Change-Id: I6025ca45f7b39426aad6ae7678655945d8d0fcfd
This commit is contained in:
parent
7129206990
commit
9fe3cb3e65
|
@ -36,16 +36,7 @@ class CertAlarmAudit(object):
|
|||
self.collect_cert_snapshot()
|
||||
self.fm_obj.collect_all_cert_alarms()
|
||||
|
||||
# Update snapshots
|
||||
"""
|
||||
In order to correlate alarms with CERT_SNAPSHOT,
|
||||
we need references to entity_instance_id and
|
||||
alarm_uuids (if any alarms present). This is needed
|
||||
to audit for deleted certificates
|
||||
"""
|
||||
# Needs entity_id present before auditing deleted certificates
|
||||
# Do not change order
|
||||
self.update_entity_ids_in_cert_snapshot()
|
||||
# Auditing deleted certificates
|
||||
self.audit_for_deleted_certificates()
|
||||
|
||||
utils.print_cert_snapshot()
|
||||
|
@ -107,17 +98,10 @@ class CertAlarmAudit(object):
|
|||
if entry[1] is not None:
|
||||
utils.add_cert_snapshot(entry[0], entry[1], entry[2], entry[3])
|
||||
|
||||
def update_entity_ids_in_cert_snapshot(self):
|
||||
for cert_name in utils.CERT_SNAPSHOT:
|
||||
entity_id = self.fm_obj.get_entity_instance_id(cert_name)
|
||||
utils.update_cert_snapshot_field(cert_name,
|
||||
utils.ENTITY_ID,
|
||||
entity_id)
|
||||
|
||||
def apply_action_full_audit(self):
|
||||
for cert_name in utils.CERT_SNAPSHOT:
|
||||
entity_id = utils.CERT_SNAPSHOT[cert_name].get(utils.ENTITY_ID,
|
||||
self.fm_obj.get_entity_instance_id(cert_name))
|
||||
utils.get_entity_instance_id(cert_name))
|
||||
self.apply_action(cert_name, entity_id)
|
||||
|
||||
# ============== Active Alarm audit ===================
|
||||
|
@ -233,6 +217,7 @@ class CertAlarmAudit(object):
|
|||
self.raise_expired(cert_name, entity_id)
|
||||
else:
|
||||
self.raise_expiring_soon(cert_name, entity_id)
|
||||
self.clear_expired(cert_name, entity_id)
|
||||
|
||||
def raise_expiring_soon(self, cert_name, entity_id):
|
||||
if self.alarm_override_check_passed(cert_name):
|
||||
|
@ -276,12 +261,12 @@ class CertAlarmAudit(object):
|
|||
def audit_for_deleted_certificates(self):
|
||||
LOG.info('Auditing for deleted certificates')
|
||||
for alarm_instance in self.fm_obj.ALARMS_SNAPSHOT:
|
||||
entity_id = self.fm_obj.ALARMS_SNAPSHOT[alarm_instance]['ENTITY_ID']
|
||||
entity_id = self.fm_obj.ALARMS_SNAPSHOT[alarm_instance][fm_mgr.ENTITY_ID]
|
||||
cert_name = utils.get_cert_name_with_entity_id(entity_id)
|
||||
if cert_name is None:
|
||||
LOG.info('Found alarm for entity %s, but no related \
|
||||
certificate resource' % entity_id)
|
||||
alarm_id = self.fm_obj.ALARMS_SNAPSHOT[alarm_instance]['ALARM_ID']
|
||||
alarm_id = self.fm_obj.ALARMS_SNAPSHOT[alarm_instance][fm_mgr.ALARM_ID]
|
||||
self.fm_obj.set_fault(entity_id,
|
||||
alarm_id,
|
||||
fm_constants.FM_ALARM_STATE_CLEAR)
|
||||
|
|
|
@ -39,39 +39,6 @@ class FaultApiMgr(object):
|
|||
"""
|
||||
self.ALARMS_SNAPSHOT = {}
|
||||
|
||||
def get_entity_instance_id(self, cert_name):
|
||||
"""
|
||||
Returns entity_instance_ids in format:
|
||||
system.certificate.mode=<mode>.uuid=<uuid>
|
||||
OR
|
||||
namespace=<namespace-name>.certificate=<certificate-name>
|
||||
OR
|
||||
namespace=<namespace-name>.secret=<secret-name>
|
||||
OR
|
||||
system.certificate.k8sRootCA
|
||||
"""
|
||||
tmp_id = []
|
||||
if cert_name in utils.CERT_SNAPSHOT:
|
||||
snapshot = utils.CERT_SNAPSHOT[cert_name]
|
||||
if snapshot[utils.SNAPSHOT_KEY_MODE] is utils.UUID:
|
||||
tmp_id.append("system.certificate.mode=%s.uuid=%s" %
|
||||
(self.get_mode(cert_name), snapshot[utils.UUID]))
|
||||
elif snapshot[utils.SNAPSHOT_KEY_MODE] is utils.MODE_CERT_MGR:
|
||||
tmp_id.append("namespace=%s.certificate=%s" %
|
||||
(snapshot[utils.SNAPSHOT_KEY_k8s_ns], snapshot[utils.SNAPSHOT_KEY_k8s_cert]))
|
||||
elif snapshot[utils.SNAPSHOT_KEY_MODE] is utils.MODE_SECRET:
|
||||
tmp_id.append("namespace=%s.secret=%s" %
|
||||
(snapshot[utils.SNAPSHOT_KEY_k8s_ns], snapshot[utils.SNAPSHOT_KEY_k8s_secret]))
|
||||
elif snapshot[utils.SNAPSHOT_KEY_MODE] is utils.MODE_OTHER:
|
||||
tmp_id.append("system.certificate.%s" % cert_name)
|
||||
|
||||
entity_id = ''.join(tmp_id)
|
||||
return entity_id
|
||||
|
||||
@staticmethod
|
||||
def get_mode(cert_name):
|
||||
return 'ssl_ca' if 'ssl_ca' in cert_name else cert_name
|
||||
|
||||
def get_reason_text(self, entity_id, alrm_id):
|
||||
txt = []
|
||||
cert_name = utils.get_cert_name_with_entity_id(entity_id)
|
||||
|
@ -94,7 +61,7 @@ class FaultApiMgr(object):
|
|||
txt.append("Certificate ")
|
||||
if snapshot[utils.SNAPSHOT_KEY_MODE] is utils.UUID:
|
||||
txt.append("\'system certificate-show %s\' (mode=%s) " %
|
||||
(snapshot[utils.UUID], self.get_mode(cert_name)))
|
||||
(snapshot[utils.UUID], utils.get_mode(cert_name)))
|
||||
elif snapshot[utils.SNAPSHOT_KEY_MODE] is utils.MODE_CERT_MGR:
|
||||
txt.append("namespace=%s, certificate=%s " %
|
||||
(snapshot[utils.SNAPSHOT_KEY_k8s_ns], snapshot[utils.SNAPSHOT_KEY_k8s_cert]))
|
||||
|
|
|
@ -299,6 +299,8 @@ def add_cert_snapshot(certname, expirydate, annotation_data, mode_metadata):
|
|||
internaldict.update(annotation_data)
|
||||
internaldict.update(mode_metadata)
|
||||
CERT_SNAPSHOT[certname] = internaldict
|
||||
# After entry added in CERT_SNAPSHOT, update entity_id
|
||||
internaldict[ENTITY_ID] = get_entity_instance_id(certname)
|
||||
|
||||
|
||||
def update_cert_snapshot_field(cert_name, key, value):
|
||||
|
@ -395,3 +397,38 @@ def get_cert_uuid(certname):
|
|||
LOG.exception(e)
|
||||
|
||||
return ret
|
||||
|
||||
|
||||
def get_mode(cert_name):
|
||||
return 'ssl_ca' if 'ssl_ca' in cert_name else cert_name
|
||||
|
||||
|
||||
def get_entity_instance_id(cert_name):
|
||||
"""
|
||||
Returns entity_instance_ids in format:
|
||||
system.certificate.mode=<mode>.uuid=<uuid>
|
||||
OR
|
||||
namespace=<namespace-name>.certificate=<certificate-name>
|
||||
OR
|
||||
namespace=<namespace-name>.secret=<secret-name>
|
||||
OR
|
||||
system.certificate.k8sRootCA
|
||||
"""
|
||||
global CERT_SNAPSHOT
|
||||
tmp_id = []
|
||||
if cert_name in CERT_SNAPSHOT:
|
||||
snapshot = CERT_SNAPSHOT[cert_name]
|
||||
if snapshot[SNAPSHOT_KEY_MODE] is UUID:
|
||||
tmp_id.append("system.certificate.mode=%s.uuid=%s" %
|
||||
(get_mode(cert_name), snapshot[UUID]))
|
||||
elif snapshot[SNAPSHOT_KEY_MODE] is MODE_CERT_MGR:
|
||||
tmp_id.append("namespace=%s.certificate=%s" %
|
||||
(snapshot[SNAPSHOT_KEY_k8s_ns], snapshot[SNAPSHOT_KEY_k8s_cert]))
|
||||
elif snapshot[SNAPSHOT_KEY_MODE] is MODE_SECRET:
|
||||
tmp_id.append("namespace=%s.secret=%s" %
|
||||
(snapshot[SNAPSHOT_KEY_k8s_ns], snapshot[SNAPSHOT_KEY_k8s_secret]))
|
||||
elif snapshot[SNAPSHOT_KEY_MODE] is MODE_OTHER:
|
||||
tmp_id.append("system.certificate.%s" % cert_name)
|
||||
|
||||
entity_id = ''.join(tmp_id)
|
||||
return entity_id
|
||||
|
|
Loading…
Reference in New Issue