From fb99b80db5685be1338e1e6e2198ca23f4b3dd4b Mon Sep 17 00:00:00 2001
From: Lukas Bezdicka <lbezdick@redhat.com>
Date: Thu, 28 May 2015 11:29:30 +0200
Subject: [PATCH] [SSL] fix validate_writeable_directory

We have to exmand user if ~ was used in path and we have to use
normpath in order not to traverse nonexisting directory and remove
trailing /.

Change-Id: Ic44917b6a1e01c9565cef1df60ed57d3da39cf33
---
 packstack/installer/validators.py  | 6 ++++--
 packstack/modules/ospluginutils.py | 2 +-
 packstack/plugins/amqp_002.py      | 2 +-
 packstack/plugins/dashboard_500.py | 2 +-
 packstack/plugins/ssl_001.py       | 7 +++++++
 tests/installer/test_validators.py | 2 +-
 6 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/packstack/installer/validators.py b/packstack/installer/validators.py
index 03d214d10..b6ae06c12 100644
--- a/packstack/installer/validators.py
+++ b/packstack/installer/validators.py
@@ -207,8 +207,10 @@ def validate_writeable_directory(param, options=None):
         return
 
     options = options or []
-    if not ((os.path.isdir(param) and os.access(param, os.W_OK)) or
-            os.access(os.path.join(param, os.pardir), os.W_OK)):
+    path = os.path.expanduser(param)
+    if not ((os.path.isdir(path) and os.access(path, os.W_OK)) or
+            os.access(
+            os.path.normpath(os.path.join(path, os.pardir)), os.W_OK)):
         logging.debug('validate_writeable_directory(%s, options=%s) failed.' %
                       (param, options))
         msg = 'Given directory does not exist or is not writeable: %s'
diff --git a/packstack/modules/ospluginutils.py b/packstack/modules/ospluginutils.py
index c27fe1752..8c16b0d32 100644
--- a/packstack/modules/ospluginutils.py
+++ b/packstack/modules/ospluginutils.py
@@ -137,7 +137,7 @@ def generate_ssl_cert(config, host, service, ssl_key_file, ssl_cert_file):
 
         final_cert = crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
         final_key = crypto.dump_privatekey(crypto.FILETYPE_PEM, k)
-        deliver_ssl_file(ca_file, config['CONFIG_SSL_CACERT_FILE'], host)
+        deliver_ssl_file(ca_file, config['CONFIG_SSL_CACERT'], host)
         deliver_ssl_file(final_cert, ssl_cert_file, host)
         deliver_ssl_file(final_key, ssl_key_file, host)
 
diff --git a/packstack/plugins/amqp_002.py b/packstack/plugins/amqp_002.py
index 177cb0efd..d73a2f7a5 100644
--- a/packstack/plugins/amqp_002.py
+++ b/packstack/plugins/amqp_002.py
@@ -174,7 +174,7 @@ def create_manifest(config, messages):
         ssl_key_file = '/etc/pki/tls/private/ssl_amqp.key'
         ssl_cert_file = '/etc/pki/tls/certs/ssl_amqp.crt'
         cacert = config['CONFIG_AMQP_SSL_CACERT_FILE'] = (
-            config['CONFIG_SSL_CACERT_FILE']
+            config['CONFIG_SSL_CACERT']
         )
         generate_ssl_cert(config, amqp_host, service, ssl_key_file,
                           ssl_cert_file)
diff --git a/packstack/plugins/dashboard_500.py b/packstack/plugins/dashboard_500.py
index 2b4e790c3..808565bfe 100644
--- a/packstack/plugins/dashboard_500.py
+++ b/packstack/plugins/dashboard_500.py
@@ -172,7 +172,7 @@ def create_manifest(config, messages):
             ssl_key_file = config["CONFIG_HORIZON_SSL_KEY"] = (
                 '/etc/pki/tls/private/ssl_dashboard.key'
             )
-            cacert = config['CONFIG_SSL_CACERT_FILE']
+            cacert = config['CONFIG_SSL_CACERT']
             config["CONFIG_HORIZON_SSL_CACERT"] = cacert
             ssl_host = config['CONFIG_CONTROLLER_HOST']
             service = 'dashboard'
diff --git a/packstack/plugins/ssl_001.py b/packstack/plugins/ssl_001.py
index 8a8779c01..b79766617 100644
--- a/packstack/plugins/ssl_001.py
+++ b/packstack/plugins/ssl_001.py
@@ -212,10 +212,17 @@ def create_self_signed_cert(config, messages):
     OpenSSL wrapper to create selfsigned CA.
     """
 
+    # for now hardcoded place for landing CACert file on servers
+    config['CONFIG_SSL_CACERT'] = '/etc/pki/tls/certs/packstack_cacert.crt'
+
     if (config['CONFIG_AMQP_ENABLE_SSL'] != 'y' and
        config["CONFIG_HORIZON_SSL"] != 'y'):
         return
 
+    config['CONFIG_SSL_CERT_DIR'] = os.path.expanduser(
+        config['CONFIG_SSL_CERT_DIR']
+    )
+
     if not os.path.isdir(config['CONFIG_SSL_CERT_DIR']):
         os.mkdir(config['CONFIG_SSL_CERT_DIR'])
     certs = os.path.join(config['CONFIG_SSL_CERT_DIR'], 'certs')
diff --git a/tests/installer/test_validators.py b/tests/installer/test_validators.py
index 64a8c655e..4e8d6ac2b 100644
--- a/tests/installer/test_validators.py
+++ b/tests/installer/test_validators.py
@@ -74,7 +74,7 @@ class ValidatorsTestCase(PackstackTestCaseMixin, TestCase):
     def test_validate_file(self):
         """Test packstack.installer.validators.validate_file."""
         dname = os.path.join(self.tempdir, '.test_validate_file')
-        bad_name = os.path.join(self.tempdir, '.me_no_exists')
+        bad_name = os.path.join(self.tempdir, '.me_no/exists')
         os.mkdir(dname)
         validate_writeable_directory(dname)
         self.assertRaises(ParamValidationError, validate_writeable_directory, bad_name)