diff --git a/poppy/manager/default/ssl_certificate.py b/poppy/manager/default/ssl_certificate.py index bbe29483..10cf55a0 100644 --- a/poppy/manager/default/ssl_certificate.py +++ b/poppy/manager/default/ssl_certificate.py @@ -267,7 +267,8 @@ class DefaultSSLCertificateController(base.SSLCertificateController): return res - def update_san_cert_configuration(self, san_cert_name, new_spsId): + def update_san_cert_configuration(self, san_cert_name, + new_cert_config): if 'akamai' in self._driver.providers: akamai_driver = self._driver.providers['akamai'].obj if san_cert_name not in akamai_driver.san_cert_cnames: @@ -276,7 +277,7 @@ class DefaultSSLCertificateController(base.SSLCertificateController): (san_cert_name, akamai_driver.san_cert_cnames)) akamai_driver = self._driver.providers['akamai'].obj res = akamai_driver.san_info_storage.update_cert_config( - san_cert_name, new_spsId) + san_cert_name, new_cert_config) else: # if not using akamai driver just return an empty list res = {} diff --git a/poppy/provider/akamai/san_info_storage/cassandra_storage.py b/poppy/provider/akamai/san_info_storage/cassandra_storage.py index 005df8ab..8776667e 100644 --- a/poppy/provider/akamai/san_info_storage/cassandra_storage.py +++ b/poppy/provider/akamai/san_info_storage/cassandra_storage.py @@ -247,6 +247,7 @@ class CassandraSanInfoStorage(base.BaseAkamaiSanInfoStorage): issuer = the_san_cert_info.get("issuer") ipVersion = the_san_cert_info.get("ipVersion") slot_deployment_klass = the_san_cert_info.get("slot_deployment_klass") + enabled = the_san_cert_info.get("enabled", True) res = { # This will always be the san cert name @@ -256,6 +257,7 @@ class CassandraSanInfoStorage(base.BaseAkamaiSanInfoStorage): 'createType': 'modSan', 'ipVersion': ipVersion, 'slot-deployment.class': slot_deployment_klass, + 'enabled': enabled, 'product': 'ion_premier' } @@ -270,10 +272,36 @@ class CassandraSanInfoStorage(base.BaseAkamaiSanInfoStorage): res['spsId'] = str(self.get_cert_last_spsid(san_cert_name)) return res - def update_cert_config(self, san_cert_name, new_spsId): - self.save_cert_last_spsid(san_cert_name, new_spsId) + def update_cert_config(self, san_cert_name, new_cert_config): + self.save_cert_config(san_cert_name, new_cert_config) return self.get_cert_config(san_cert_name) + def save_cert_config(self, san_cert_name, new_cert_config): + san_info = self._get_akamai_san_certs_info() + the_san_cert_info = san_info.get( + san_cert_name + ) + + if the_san_cert_info is None: + raise ValueError('No san cert info found for %s.' % san_cert_name) + + the_san_cert_info.update(new_cert_config) + san_info[san_cert_name] = the_san_cert_info + # Change the previous san info in the overall provider_info dictionary + provider_info = dict(self._get_akamai_provider_info()['info']) + provider_info['san_info'] = json.dumps(san_info) + + stmt = query.SimpleStatement( + UPDATE_PROVIDER_INFO, + consistency_level=self.consistency_level) + + args = { + 'provider_name': 'akamai', + 'info': provider_info + } + + self.session.execute(stmt, args) + def save_cert_last_spsid(self, san_cert_name, sps_id_value): san_info = self._get_akamai_san_certs_info() the_san_cert_info = san_info.get( @@ -311,6 +339,17 @@ class CassandraSanInfoStorage(base.BaseAkamaiSanInfoStorage): spsId = the_san_cert_info.get('spsId') return spsId + def get_enabled_status(self, san_cert_name): + the_san_cert_info = self._get_akamai_san_certs_info().get( + san_cert_name + ) + + if the_san_cert_info is None: + raise ValueError('No san cert info found for %s.' % san_cert_name) + + enabled = the_san_cert_info.get('enabled', True) + return enabled + def update_san_info(self, san_info_dict): provider_info = {} provider_info['san_info'] = json.dumps(san_info_dict) diff --git a/poppy/provider/akamai/services.py b/poppy/provider/akamai/services.py index 3fca7c96..b768d2cd 100644 --- a/poppy/provider/akamai/services.py +++ b/poppy/provider/akamai/services.py @@ -583,6 +583,13 @@ class ServiceController(base.ServiceBase): }) for san_cert_name in self.san_cert_cnames: + enabled = ( + self.san_info_storage.get_enabled_status( + san_cert_name + ) + ) + if not enabled: + continue lastSpsId = ( self.san_info_storage.get_cert_last_spsid( san_cert_name diff --git a/poppy/transport/pecan/controllers/v1/admin.py b/poppy/transport/pecan/controllers/v1/admin.py index e5e7d7a8..955983f1 100644 --- a/poppy/transport/pecan/controllers/v1/admin.py +++ b/poppy/transport/pecan/controllers/v1/admin.py @@ -197,12 +197,11 @@ class AkamaiSanCertConfigController(base.Controller, hooks.HookController): stoplight_helpers.pecan_getter)) def post(self, san_cert_name): config_json = json.loads(pecan.request.body.decode('utf-8')) - new_spsId = config_json['spsId'] try: res = ( self._driver.manager.ssl_certificate_controller. - update_san_cert_configuration(san_cert_name, new_spsId)) + update_san_cert_configuration(san_cert_name, config_json)) except Exception as e: pecan.abort(400, str(e)) diff --git a/poppy/transport/validators/schemas/ssl_certificate.py b/poppy/transport/validators/schemas/ssl_certificate.py index 166cf1b9..86999c61 100644 --- a/poppy/transport/validators/schemas/ssl_certificate.py +++ b/poppy/transport/validators/schemas/ssl_certificate.py @@ -96,8 +96,10 @@ class SSLCertificateSchema(schema_base.SchemaBase): 'spsId': { 'type': 'integer', # we cannot have 0 or negative spsId - 'minimum': 1, - 'required': True + 'minimum': 1 + }, + 'enabled': { + 'type': 'boolean' } } } diff --git a/tests/api/ssl_certificate/test_get_set_cert_info.py b/tests/api/ssl_certificate/test_get_set_cert_info.py index 4c0d9d6b..d351d3aa 100644 --- a/tests/api/ssl_certificate/test_get_set_cert_info.py +++ b/tests/api/ssl_certificate/test_get_set_cert_info.py @@ -24,7 +24,7 @@ class TestGetSetSanCertInfo(base.TestBase): def setUp(self): super(TestGetSetSanCertInfo, self).setUp() - self.san_cert_name_poisitve = ( + self.san_cert_name_positive = ( self.akamai_config.san_certs_name_positive ) @@ -41,7 +41,7 @@ class TestGetSetSanCertInfo(base.TestBase): def test_get_san_cert_positive(self): resp = self.client.view_certificate_info( - self.san_cert_name_poisitve + self.san_cert_name_positive ) self.assertTrue('spsId' in resp.json()) @@ -53,9 +53,11 @@ class TestGetSetSanCertInfo(base.TestBase): ' be run when commanded') resp = self.client.update_certificate_info( - self.san_cert_name_poisitve, - spsId=random.randint(1000, 2000) + self.san_cert_name_positive, + spsId=random.randint(1000, 2000), + enabled=True ) self.assertTrue('spsId' in resp.json()) + self.assertTrue('enabled' in resp.json()) self.assertEqual(resp.status_code, 200) diff --git a/tests/api/utils/client.py b/tests/api/utils/client.py index 81788edc..9aad9322 100644 --- a/tests/api/utils/client.py +++ b/tests/api/utils/client.py @@ -538,6 +538,7 @@ class PoppyClient(client.AutoMarshallingHTTPClient): def update_certificate_info(self, san_cert_name, spsId=None, + enabled=True, requestslib_kwargs=None): """Update SSL Certificate Info @@ -552,7 +553,8 @@ class PoppyClient(client.AutoMarshallingHTTPClient): self.url, san_cert_name) request_object = requests.PutSanCertConfigInfo( - spsId=spsId) + spsId=spsId, + enabled=enabled) return self.request('POST', url, request_entity=request_object, diff --git a/tests/api/utils/models/requests.py b/tests/api/utils/models/requests.py index 14bdcb7a..587712af 100644 --- a/tests/api/utils/models/requests.py +++ b/tests/api/utils/models/requests.py @@ -176,13 +176,15 @@ class CreateSSLCertificate(base.AutoMarshallingModel): class PutSanCertConfigInfo(base.AutoMarshallingModel): """Marshalling for Create SSL Certificate requests.""" - def __init__(self, spsId=None): + def __init__(self, spsId=None, enabled=True): super(PutSanCertConfigInfo, self).__init__() self.spsId = spsId + self.enabled = enabled def _obj_to_json(self): put_san_cert_info_request = { - "spsId": self.spsId + "spsId": self.spsId, + "enabled": self.enabled } return json.dumps(put_san_cert_info_request) diff --git a/tests/functional/transport/pecan/controllers/data_update_san_cert_config_bad.json b/tests/functional/transport/pecan/controllers/data_update_san_cert_config_bad.json index 8c001d55..ebdd7b1b 100644 --- a/tests/functional/transport/pecan/controllers/data_update_san_cert_config_bad.json +++ b/tests/functional/transport/pecan/controllers/data_update_san_cert_config_bad.json @@ -1,5 +1,8 @@ { - "missing_spsId": { + "extra_parameter": { + "spsId": 1234, + "enabled": false, + "unsupported_config": "some value" }, "invalid_spsId": { "spsId": "1abc" diff --git a/tests/functional/transport/pecan/controllers/test_san_cert_config.py b/tests/functional/transport/pecan/controllers/test_san_cert_config.py index 2d2c963b..3a572bd1 100644 --- a/tests/functional/transport/pecan/controllers/test_san_cert_config.py +++ b/tests/functional/transport/pecan/controllers/test_san_cert_config.py @@ -53,7 +53,8 @@ class TestSanCertConfigController(base.FunctionalTest): def test_update_san_cert_config_positive(self): config_data = { - 'spsId': 1345 + 'spsId': 1345, + 'enabled': False } response = self.app.post('/v1.0/admin/provider/akamai/' 'ssl_certificate/config/' diff --git a/tests/unit/provider/akamai/san_info_storage/test_cassandra_san_info_storage.py b/tests/unit/provider/akamai/san_info_storage/test_cassandra_san_info_storage.py index 04834b24..704b0e47 100644 --- a/tests/unit/provider/akamai/san_info_storage/test_cassandra_san_info_storage.py +++ b/tests/unit/provider/akamai/san_info_storage/test_cassandra_san_info_storage.py @@ -136,6 +136,6 @@ class TestCassandraSANInfoStorage(base.TestCase): new_spsId = 3456 self.cassa_storage.update_cert_config( - cert_name, new_spsId + cert_name, {'spsId': new_spsId} ) mock_execute.assert_called()