feat: Allow disabling/enabling san cert
Change-Id: Ia48622ce4d45f47949f67a0305039e16059978ef
This commit is contained in:
parent
7a02b99bb9
commit
a01d0923b9
|
@ -267,7 +267,8 @@ class DefaultSSLCertificateController(base.SSLCertificateController):
|
|||
|
||||
return res
|
||||
|
||||
def update_san_cert_configuration(self, san_cert_name, new_spsId):
|
||||
def update_san_cert_configuration(self, san_cert_name,
|
||||
new_cert_config):
|
||||
if 'akamai' in self._driver.providers:
|
||||
akamai_driver = self._driver.providers['akamai'].obj
|
||||
if san_cert_name not in akamai_driver.san_cert_cnames:
|
||||
|
@ -276,7 +277,7 @@ class DefaultSSLCertificateController(base.SSLCertificateController):
|
|||
(san_cert_name, akamai_driver.san_cert_cnames))
|
||||
akamai_driver = self._driver.providers['akamai'].obj
|
||||
res = akamai_driver.san_info_storage.update_cert_config(
|
||||
san_cert_name, new_spsId)
|
||||
san_cert_name, new_cert_config)
|
||||
else:
|
||||
# if not using akamai driver just return an empty list
|
||||
res = {}
|
||||
|
|
|
@ -247,6 +247,7 @@ class CassandraSanInfoStorage(base.BaseAkamaiSanInfoStorage):
|
|||
issuer = the_san_cert_info.get("issuer")
|
||||
ipVersion = the_san_cert_info.get("ipVersion")
|
||||
slot_deployment_klass = the_san_cert_info.get("slot_deployment_klass")
|
||||
enabled = the_san_cert_info.get("enabled", True)
|
||||
|
||||
res = {
|
||||
# This will always be the san cert name
|
||||
|
@ -256,6 +257,7 @@ class CassandraSanInfoStorage(base.BaseAkamaiSanInfoStorage):
|
|||
'createType': 'modSan',
|
||||
'ipVersion': ipVersion,
|
||||
'slot-deployment.class': slot_deployment_klass,
|
||||
'enabled': enabled,
|
||||
'product': 'ion_premier'
|
||||
}
|
||||
|
||||
|
@ -270,10 +272,36 @@ class CassandraSanInfoStorage(base.BaseAkamaiSanInfoStorage):
|
|||
res['spsId'] = str(self.get_cert_last_spsid(san_cert_name))
|
||||
return res
|
||||
|
||||
def update_cert_config(self, san_cert_name, new_spsId):
|
||||
self.save_cert_last_spsid(san_cert_name, new_spsId)
|
||||
def update_cert_config(self, san_cert_name, new_cert_config):
|
||||
self.save_cert_config(san_cert_name, new_cert_config)
|
||||
return self.get_cert_config(san_cert_name)
|
||||
|
||||
def save_cert_config(self, san_cert_name, new_cert_config):
|
||||
san_info = self._get_akamai_san_certs_info()
|
||||
the_san_cert_info = san_info.get(
|
||||
san_cert_name
|
||||
)
|
||||
|
||||
if the_san_cert_info is None:
|
||||
raise ValueError('No san cert info found for %s.' % san_cert_name)
|
||||
|
||||
the_san_cert_info.update(new_cert_config)
|
||||
san_info[san_cert_name] = the_san_cert_info
|
||||
# Change the previous san info in the overall provider_info dictionary
|
||||
provider_info = dict(self._get_akamai_provider_info()['info'])
|
||||
provider_info['san_info'] = json.dumps(san_info)
|
||||
|
||||
stmt = query.SimpleStatement(
|
||||
UPDATE_PROVIDER_INFO,
|
||||
consistency_level=self.consistency_level)
|
||||
|
||||
args = {
|
||||
'provider_name': 'akamai',
|
||||
'info': provider_info
|
||||
}
|
||||
|
||||
self.session.execute(stmt, args)
|
||||
|
||||
def save_cert_last_spsid(self, san_cert_name, sps_id_value):
|
||||
san_info = self._get_akamai_san_certs_info()
|
||||
the_san_cert_info = san_info.get(
|
||||
|
@ -311,6 +339,17 @@ class CassandraSanInfoStorage(base.BaseAkamaiSanInfoStorage):
|
|||
spsId = the_san_cert_info.get('spsId')
|
||||
return spsId
|
||||
|
||||
def get_enabled_status(self, san_cert_name):
|
||||
the_san_cert_info = self._get_akamai_san_certs_info().get(
|
||||
san_cert_name
|
||||
)
|
||||
|
||||
if the_san_cert_info is None:
|
||||
raise ValueError('No san cert info found for %s.' % san_cert_name)
|
||||
|
||||
enabled = the_san_cert_info.get('enabled', True)
|
||||
return enabled
|
||||
|
||||
def update_san_info(self, san_info_dict):
|
||||
provider_info = {}
|
||||
provider_info['san_info'] = json.dumps(san_info_dict)
|
||||
|
|
|
@ -583,6 +583,13 @@ class ServiceController(base.ServiceBase):
|
|||
})
|
||||
|
||||
for san_cert_name in self.san_cert_cnames:
|
||||
enabled = (
|
||||
self.san_info_storage.get_enabled_status(
|
||||
san_cert_name
|
||||
)
|
||||
)
|
||||
if not enabled:
|
||||
continue
|
||||
lastSpsId = (
|
||||
self.san_info_storage.get_cert_last_spsid(
|
||||
san_cert_name
|
||||
|
|
|
@ -197,12 +197,11 @@ class AkamaiSanCertConfigController(base.Controller, hooks.HookController):
|
|||
stoplight_helpers.pecan_getter))
|
||||
def post(self, san_cert_name):
|
||||
config_json = json.loads(pecan.request.body.decode('utf-8'))
|
||||
new_spsId = config_json['spsId']
|
||||
|
||||
try:
|
||||
res = (
|
||||
self._driver.manager.ssl_certificate_controller.
|
||||
update_san_cert_configuration(san_cert_name, new_spsId))
|
||||
update_san_cert_configuration(san_cert_name, config_json))
|
||||
except Exception as e:
|
||||
pecan.abort(400, str(e))
|
||||
|
||||
|
|
|
@ -96,8 +96,10 @@ class SSLCertificateSchema(schema_base.SchemaBase):
|
|||
'spsId': {
|
||||
'type': 'integer',
|
||||
# we cannot have 0 or negative spsId
|
||||
'minimum': 1,
|
||||
'required': True
|
||||
'minimum': 1
|
||||
},
|
||||
'enabled': {
|
||||
'type': 'boolean'
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -24,7 +24,7 @@ class TestGetSetSanCertInfo(base.TestBase):
|
|||
|
||||
def setUp(self):
|
||||
super(TestGetSetSanCertInfo, self).setUp()
|
||||
self.san_cert_name_poisitve = (
|
||||
self.san_cert_name_positive = (
|
||||
self.akamai_config.san_certs_name_positive
|
||||
)
|
||||
|
||||
|
@ -41,7 +41,7 @@ class TestGetSetSanCertInfo(base.TestBase):
|
|||
|
||||
def test_get_san_cert_positive(self):
|
||||
resp = self.client.view_certificate_info(
|
||||
self.san_cert_name_poisitve
|
||||
self.san_cert_name_positive
|
||||
)
|
||||
|
||||
self.assertTrue('spsId' in resp.json())
|
||||
|
@ -53,9 +53,11 @@ class TestGetSetSanCertInfo(base.TestBase):
|
|||
' be run when commanded')
|
||||
|
||||
resp = self.client.update_certificate_info(
|
||||
self.san_cert_name_poisitve,
|
||||
spsId=random.randint(1000, 2000)
|
||||
self.san_cert_name_positive,
|
||||
spsId=random.randint(1000, 2000),
|
||||
enabled=True
|
||||
)
|
||||
|
||||
self.assertTrue('spsId' in resp.json())
|
||||
self.assertTrue('enabled' in resp.json())
|
||||
self.assertEqual(resp.status_code, 200)
|
||||
|
|
|
@ -538,6 +538,7 @@ class PoppyClient(client.AutoMarshallingHTTPClient):
|
|||
def update_certificate_info(self,
|
||||
san_cert_name,
|
||||
spsId=None,
|
||||
enabled=True,
|
||||
requestslib_kwargs=None):
|
||||
"""Update SSL Certificate Info
|
||||
|
||||
|
@ -552,7 +553,8 @@ class PoppyClient(client.AutoMarshallingHTTPClient):
|
|||
self.url, san_cert_name)
|
||||
|
||||
request_object = requests.PutSanCertConfigInfo(
|
||||
spsId=spsId)
|
||||
spsId=spsId,
|
||||
enabled=enabled)
|
||||
|
||||
return self.request('POST', url,
|
||||
request_entity=request_object,
|
||||
|
|
|
@ -176,13 +176,15 @@ class CreateSSLCertificate(base.AutoMarshallingModel):
|
|||
class PutSanCertConfigInfo(base.AutoMarshallingModel):
|
||||
"""Marshalling for Create SSL Certificate requests."""
|
||||
|
||||
def __init__(self, spsId=None):
|
||||
def __init__(self, spsId=None, enabled=True):
|
||||
super(PutSanCertConfigInfo, self).__init__()
|
||||
|
||||
self.spsId = spsId
|
||||
self.enabled = enabled
|
||||
|
||||
def _obj_to_json(self):
|
||||
put_san_cert_info_request = {
|
||||
"spsId": self.spsId
|
||||
"spsId": self.spsId,
|
||||
"enabled": self.enabled
|
||||
}
|
||||
return json.dumps(put_san_cert_info_request)
|
||||
|
|
|
@ -1,5 +1,8 @@
|
|||
{
|
||||
"missing_spsId": {
|
||||
"extra_parameter": {
|
||||
"spsId": 1234,
|
||||
"enabled": false,
|
||||
"unsupported_config": "some value"
|
||||
},
|
||||
"invalid_spsId": {
|
||||
"spsId": "1abc"
|
||||
|
|
|
@ -53,7 +53,8 @@ class TestSanCertConfigController(base.FunctionalTest):
|
|||
|
||||
def test_update_san_cert_config_positive(self):
|
||||
config_data = {
|
||||
'spsId': 1345
|
||||
'spsId': 1345,
|
||||
'enabled': False
|
||||
}
|
||||
response = self.app.post('/v1.0/admin/provider/akamai/'
|
||||
'ssl_certificate/config/'
|
||||
|
|
|
@ -136,6 +136,6 @@ class TestCassandraSANInfoStorage(base.TestCase):
|
|||
new_spsId = 3456
|
||||
|
||||
self.cassa_storage.update_cert_config(
|
||||
cert_name, new_spsId
|
||||
cert_name, {'spsId': new_spsId}
|
||||
)
|
||||
mock_execute.assert_called()
|
||||
|
|
Loading…
Reference in New Issue