x
/
poppy
Code Issues Proposed changes
poppy/poppy/manager/default/background_job.py

348 lines
15 KiB
Python
Raw Blame History

# Copyright (c) 2014 Rackspace, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import json
from oslo_log import log
from poppy.common import util
from poppy.manager import base
from poppy.model import ssl_certificate
from poppy.notification.mailgun import driver as n_driver
from poppy.provider.akamai.background_jobs.check_cert_status_and_update \
import check_cert_status_and_update_flow
from poppy.provider.akamai.background_jobs.delete_policy \
import delete_obsolete_http_policy_flow
from poppy.provider.akamai.background_jobs.update_property import \
update_property_flow
from poppy.provider.akamai import driver as a_driver
LOG = log.getLogger(__name__)
class BackgroundJobController(base.BackgroundJobController):
def __init__(self, manager):
super(BackgroundJobController, self).__init__(manager)
self.distributed_task_controller = (
self._driver.distributed_task.services_controller)
self.akamai_san_cert_suffix = self.driver.conf[
a_driver.AKAMAI_GROUP].akamai_https_access_url_suffix
self.akamai_san_cert_cname_list = self.driver.conf[
a_driver.AKAMAI_GROUP].san_cert_cnames
self.notify_email_list = self.driver.conf[
n_driver.MAIL_NOTIFICATION_GROUP].recipients
self.cert_storage = self._driver.storage.certificates_controller
self.service_storage = self._driver.storage.services_controller
def post_job(self, job_type, kwargs):
queue_data = []
run_list = []
ignore_list = []
if job_type == "akamai_check_and_update_cert_status":
# this task consumes the san mapping queue
# items marked as having an updated property are processed
# for the this job type, all other items are returned to the
# queue until they are ready for processing
if 'akamai' in self._driver.providers:
akamai_driver = self._driver.providers['akamai'].obj
queue_data += akamai_driver.san_mapping_queue.traverse_queue(
consume=True
)
for cert in queue_data:
cert_dict = dict()
try:
cert_dict = json.loads(cert)
LOG.info(
'Starting to check status on domain: {0},'
'for project_id: {1}'
'flavor_id: {2}, cert_type: {3}'.format(
cert_dict.get("domain_name"),
cert_dict.get("project_id"),
cert_dict.get("flavor_id"),
cert_dict.get("cert_type")
)
)
t_kwargs = {
"cert_obj_json": json.dumps(cert_dict),
"project_id": cert_dict.get("project_id")
}
if cert_dict.get('property_activated', False) is True:
self.distributed_task_controller.submit_task(
check_cert_status_and_update_flow.
check_cert_status_and_update_flow,
**t_kwargs
)
run_list.append(cert_dict)
else:
akamai_driver.san_mapping_queue.\
enqueue_san_mapping(json.dumps(cert_dict))
ignore_list.append(cert_dict)
LOG.info(
"Queue item for {0} was sent back to the "
"queue because it wasn't marked as "
"activated.".format(
cert_dict.get("domain_name")
)
)
except Exception as exc:
try:
akamai_driver.san_mapping_queue.\
enqueue_san_mapping(json.dumps(cert_dict))
except Exception as e:
LOG.exception(e)
akamai_driver.san_mapping_queue.\
enqueue_san_mapping(cert_dict)
cert_dict['error_message'] = str(exc)
ignore_list.append(cert_dict)
LOG.exception(exc)
return run_list, ignore_list
elif job_type == "akamai_update_papi_property_for_mod_san":
# this task leaves the san mapping queue intact,
# once items are successfully processed they are marked
# ready for the next job type execution
if 'akamai' in self._driver.providers:
akamai_driver = self._driver.providers['akamai'].obj
queue_data += akamai_driver.san_mapping_queue.traverse_queue()
cname_host_info_list = []
for cert in queue_data:
cert_dict = dict()
try:
cert_dict = json.loads(cert)
# add validation that the domain still exists on a
# service and that it has a type of SAN
cert_obj = ssl_certificate.SSLCertificate(
cert_dict['flavor_id'],
cert_dict['domain_name'],
'san',
project_id=cert_dict['project_id']
)
cert_for_domain = self.cert_storage.get_certs_by_domain(
cert_obj.domain_name,
project_id=cert_obj.project_id,
flavor_id=cert_obj.flavor_id,
cert_type=cert_obj.cert_type
)
if cert_for_domain == []:
ignore_list.append(cert_dict)
LOG.info(
"Ignored property update because "
"certificate for {0} does not exist.".format(
cert_obj.domain_name
)
)
continue
service_obj = self.service_storage.\
get_service_details_by_domain_name(
cert_obj.domain_name,
cert_obj.project_id
)
found = False
for domain in service_obj.domains:
if (
domain.domain == cert_obj.domain_name and
domain.protocol == 'https' and
domain.certificate == 'san'
):
found = True
if found is False:
# skip the task for current cert obj is the
# domain doesn't exist on a service with the
# same protocol and certificate.
ignore_list.append(cert_dict)
LOG.info(
"Ignored update property for a "
"domain '{0}' that no longer exists on a service "
"with the same protocol 'https' and certificate "
"type 'san'".format(
cert_obj.domain_name,
)
)
continue
domain_name = cert_dict["domain_name"]
san_cert = (
cert_dict["cert_details"]
["Akamai"]["extra_info"]["san cert"]
)
LOG.info(
"{0}: {1} to {2}, on property: {3}".format(
kwargs.get("action", 'add'),
domain_name,
san_cert,
kwargs.get(
"property_spec",
'akamai_https_san_config_numbers'
)
)
)
# Note(tonytan4ever): Put this check here so erroneous san
# cert params will not pass. Support occasionally put in
# the ending "edgekey.net"
# (e.g: securexxx.san1.abc.com.edgekey.net), this check
# will effectively error that out
if san_cert not in self.akamai_san_cert_cname_list:
raise ValueError(
"Not A valid san cert cname: {0}, "
"valid san cert cnames are: {1}".format(
san_cert,
self.akamai_san_cert_cname_list
)
)
cname_host_info_list.append({
"cnameFrom": domain_name,
"cnameTo": '.'.join(
[san_cert, self.akamai_san_cert_suffix]
),
"cnameType": "EDGE_HOSTNAME"
})
run_list.append(cert_dict)
except Exception as e:
cert_dict['error_message'] = str(e)
ignore_list.append(cert_dict)
LOG.exception(e)
update_info_list = json.dumps([
(
kwargs.get("action", 'add'),
cname_host_info_list
)
])
t_kwargs = {
"property_spec": kwargs.get(
"property_spec",
'akamai_https_san_config_numbers'
),
"update_type": kwargs.get("update_type", 'hostnames'),
"update_info_list": update_info_list,
"notify_email_list": self.notify_email_list
}
# check to see if there are changes to be made before submitting
# the task, avoids creating a new property version when there are
# no changes to be made.
if len(cname_host_info_list) > 0:
self.distributed_task_controller.submit_task(
update_property_flow.update_property_flow,
**t_kwargs)
else:
LOG.info(
"No tasks submitted to update_property_flow"
"update_info_list was empty: {0}".format(
update_info_list
)
)
return run_list, ignore_list
else:
raise NotImplementedError(
'job type: {0} has not been implemented'.format(
job_type
)
)
def get_san_mapping_list(self):
res = []
if 'akamai' in self._driver.providers:
akamai_driver = self._driver.providers['akamai'].obj
res = akamai_driver.san_mapping_queue.traverse_queue()
# other provider's san_mapping_list implementation goes here
res = [json.loads(r) for r in res]
return res
def put_san_mapping_list(self, san_mapping_list):
new_queue_data = [json.dumps(r) for r in san_mapping_list]
res, deleted = [], []
if 'akamai' in self._driver.providers:
akamai_driver = self._driver.providers['akamai'].obj
orig = [
json.loads(r) for r in
akamai_driver.san_mapping_queue.traverse_queue()
]
res = [
json.loads(r) for r in
akamai_driver.san_mapping_queue.put_queue_data(new_queue_data)
]
deleted = tuple(x for x in orig if x not in res)
# other provider's san_mapping_list implementation goes here
return res, deleted
def delete_http_policy(self):
http_policies = []
run_list = []
ignore_list = []
if 'akamai' in self._driver.providers:
akamai_driver = self._driver.providers['akamai'].obj
http_policies += akamai_driver.http_policy_queue.traverse_queue(
consume=True
)
http_policies = [json.loads(x) for x in http_policies]
http_policies = util.remove_duplicates(http_policies)
for policy_dict in http_policies:
cert_for_domain = self.cert_storage.get_certs_by_domain(
policy_dict['policy_name'],
project_id=policy_dict['project_id'],
cert_type='san'
)
if cert_for_domain == []:
ignore_list.append(policy_dict)
LOG.info(
"No cert found for policy name. "
"Policy {0} won't persist on the queue. ".format(
policy_dict
)
)
continue
if cert_for_domain.get_cert_status() != 'deployed':
ignore_list.append(policy_dict)
LOG.info(
"Policy {0} is not ready for deletion. "
"Certificate exists but hasn't deployed yet. "
"Sending back to queue for later retry.".format(
policy_dict
)
)
akamai_driver.http_policy_queue.enqueue_http_policy(
json.dumps(policy_dict)
)
continue
kwargs = {
'configuration_number': policy_dict[
'configuration_number'],
'policy_name': policy_dict['policy_name']
}
self.distributed_task_controller.submit_task(
delete_obsolete_http_policy_flow.
delete_obsolete_http_policy,
**kwargs
)
run_list.append(policy_dict)
return run_list, ignore_list
View Git Blame Copy Permalink