[SSL] fix validate_writeable_directory

We have to exmand user if ~ was used in path and we have to use normpath in order not to traverse nonexisting directory and remove trailing /. Change-Id: Ic44917b6a1e01c9565cef1df60ed57d3da39cf33
2015-05-28 11:29:30 +02:00 · 2015-05-28 11:29:30 +02:00 · fb99b80db5
parent 185b932c42
commit fb99b80db5
6 changed files with 15 additions and 6 deletions
--- a/packstack/installer/validators.py
+++ b/packstack/installer/validators.py
@ -207,8 +207,10 @@ def validate_writeable_directory(param, options=None):
        return

    options = options or []
-    if not ((os.path.isdir(param) and os.access(param, os.W_OK)) or
-            os.access(os.path.join(param, os.pardir), os.W_OK)):
+    path = os.path.expanduser(param)
+    if not ((os.path.isdir(path) and os.access(path, os.W_OK)) or
+            os.access(
+            os.path.normpath(os.path.join(path, os.pardir)), os.W_OK)):
        logging.debug('validate_writeable_directory(%s, options=%s) failed.' %
                      (param, options))
        msg = 'Given directory does not exist or is not writeable: %s'
--- a/packstack/modules/ospluginutils.py
+++ b/packstack/modules/ospluginutils.py
@ -137,7 +137,7 @@ def generate_ssl_cert(config, host, service, ssl_key_file, ssl_cert_file):

        final_cert = crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
        final_key = crypto.dump_privatekey(crypto.FILETYPE_PEM, k)
-        deliver_ssl_file(ca_file, config['CONFIG_SSL_CACERT_FILE'], host)
+        deliver_ssl_file(ca_file, config['CONFIG_SSL_CACERT'], host)
        deliver_ssl_file(final_cert, ssl_cert_file, host)
        deliver_ssl_file(final_key, ssl_key_file, host)

--- a/packstack/plugins/amqp_002.py
+++ b/packstack/plugins/amqp_002.py
@ -174,7 +174,7 @@ def create_manifest(config, messages):
        ssl_key_file = '/etc/pki/tls/private/ssl_amqp.key'
        ssl_cert_file = '/etc/pki/tls/certs/ssl_amqp.crt'
        cacert = config['CONFIG_AMQP_SSL_CACERT_FILE'] = (
-            config['CONFIG_SSL_CACERT_FILE']
+            config['CONFIG_SSL_CACERT']
        )
        generate_ssl_cert(config, amqp_host, service, ssl_key_file,
                          ssl_cert_file)
--- a/packstack/plugins/dashboard_500.py
+++ b/packstack/plugins/dashboard_500.py
@ -172,7 +172,7 @@ def create_manifest(config, messages):
            ssl_key_file = config["CONFIG_HORIZON_SSL_KEY"] = (
                '/etc/pki/tls/private/ssl_dashboard.key'
            )
-            cacert = config['CONFIG_SSL_CACERT_FILE']
+            cacert = config['CONFIG_SSL_CACERT']
            config["CONFIG_HORIZON_SSL_CACERT"] = cacert
            ssl_host = config['CONFIG_CONTROLLER_HOST']
            service = 'dashboard'
--- a/packstack/plugins/ssl_001.py
+++ b/packstack/plugins/ssl_001.py
@ -212,10 +212,17 @@ def create_self_signed_cert(config, messages):
    OpenSSL wrapper to create selfsigned CA.
    """

+    # for now hardcoded place for landing CACert file on servers
+    config['CONFIG_SSL_CACERT'] = '/etc/pki/tls/certs/packstack_cacert.crt'
+
    if (config['CONFIG_AMQP_ENABLE_SSL'] != 'y' and
       config["CONFIG_HORIZON_SSL"] != 'y'):
        return

+    config['CONFIG_SSL_CERT_DIR'] = os.path.expanduser(
+        config['CONFIG_SSL_CERT_DIR']
+    )
+
    if not os.path.isdir(config['CONFIG_SSL_CERT_DIR']):
        os.mkdir(config['CONFIG_SSL_CERT_DIR'])
    certs = os.path.join(config['CONFIG_SSL_CERT_DIR'], 'certs')
--- a/tests/installer/test_validators.py
+++ b/tests/installer/test_validators.py
@ -74,7 +74,7 @@ class ValidatorsTestCase(PackstackTestCaseMixin, TestCase):
    def test_validate_file(self):
        """Test packstack.installer.validators.validate_file."""
        dname = os.path.join(self.tempdir, '.test_validate_file')
-        bad_name = os.path.join(self.tempdir, '.me_no_exists')
+        bad_name = os.path.join(self.tempdir, '.me_no/exists')
        os.mkdir(dname)
        validate_writeable_directory(dname)
        self.assertRaises(ParamValidationError, validate_writeable_directory, bad_name)