[SSL] fix validate_writeable_directory

We have to exmand user if ~ was used in path and we have to use
normpath in order not to traverse nonexisting directory and remove
trailing /.

Change-Id: Ic44917b6a1e01c9565cef1df60ed57d3da39cf33

packstack/installer/validators.py

@@ -207,8 +207,10 @@ def validate_writeable_directory(param, options=None):
         return
 
     options = options or []
-    if not ((os.path.isdir(param) and os.access(param, os.W_OK)) or
+    path = os.path.expanduser(param)
-            os.access(os.path.join(param, os.pardir), os.W_OK)):
+    if not ((os.path.isdir(path) and os.access(path, os.W_OK)) or
+            os.access(
+            os.path.normpath(os.path.join(path, os.pardir)), os.W_OK)):
         logging.debug('validate_writeable_directory(%s, options=%s) failed.' %
                       (param, options))
         msg = 'Given directory does not exist or is not writeable: %s'

packstack/modules/ospluginutils.py

@@ -137,7 +137,7 @@ def generate_ssl_cert(config, host, service, ssl_key_file, ssl_cert_file):
 
         final_cert = crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
         final_key = crypto.dump_privatekey(crypto.FILETYPE_PEM, k)
-        deliver_ssl_file(ca_file, config['CONFIG_SSL_CACERT_FILE'], host)
+        deliver_ssl_file(ca_file, config['CONFIG_SSL_CACERT'], host)
         deliver_ssl_file(final_cert, ssl_cert_file, host)
         deliver_ssl_file(final_key, ssl_key_file, host)
 

packstack/plugins/amqp_002.py

@@ -174,7 +174,7 @@ def create_manifest(config, messages):
         ssl_key_file = '/etc/pki/tls/private/ssl_amqp.key'
         ssl_cert_file = '/etc/pki/tls/certs/ssl_amqp.crt'
         cacert = config['CONFIG_AMQP_SSL_CACERT_FILE'] = (
-            config['CONFIG_SSL_CACERT_FILE']
+            config['CONFIG_SSL_CACERT']
         )
         generate_ssl_cert(config, amqp_host, service, ssl_key_file,
                           ssl_cert_file)

packstack/plugins/dashboard_500.py

@@ -172,7 +172,7 @@ def create_manifest(config, messages):
             ssl_key_file = config["CONFIG_HORIZON_SSL_KEY"] = (
                 '/etc/pki/tls/private/ssl_dashboard.key'
             )
-            cacert = config['CONFIG_SSL_CACERT_FILE']
+            cacert = config['CONFIG_SSL_CACERT']
             config["CONFIG_HORIZON_SSL_CACERT"] = cacert
             ssl_host = config['CONFIG_CONTROLLER_HOST']
             service = 'dashboard'

packstack/plugins/ssl_001.py

@@ -212,10 +212,17 @@ def create_self_signed_cert(config, messages):
     OpenSSL wrapper to create selfsigned CA.
     """
 
+    # for now hardcoded place for landing CACert file on servers
+    config['CONFIG_SSL_CACERT'] = '/etc/pki/tls/certs/packstack_cacert.crt'
+
     if (config['CONFIG_AMQP_ENABLE_SSL'] != 'y' and
        config["CONFIG_HORIZON_SSL"] != 'y'):
         return
 
+    config['CONFIG_SSL_CERT_DIR'] = os.path.expanduser(
+        config['CONFIG_SSL_CERT_DIR']
+    )
+
     if not os.path.isdir(config['CONFIG_SSL_CERT_DIR']):
         os.mkdir(config['CONFIG_SSL_CERT_DIR'])
     certs = os.path.join(config['CONFIG_SSL_CERT_DIR'], 'certs')

tests/installer/test_validators.py

@@ -74,7 +74,7 @@ class ValidatorsTestCase(PackstackTestCaseMixin, TestCase):
     def test_validate_file(self):
         """Test packstack.installer.validators.validate_file."""
         dname = os.path.join(self.tempdir, '.test_validate_file')
-        bad_name = os.path.join(self.tempdir, '.me_no_exists')
+        bad_name = os.path.join(self.tempdir, '.me_no/exists')
         os.mkdir(dname)
         validate_writeable_directory(dname)
         self.assertRaises(ParamValidationError, validate_writeable_directory, bad_name)