slapos_cloud: Generate/Revoke only invalidate/create the Certificate Login

   This issues SSL Certificates and use Certificate Login, rather them require to revoke it.

master/bt5/slapos_cloud/TestTemplateItem/portal_components/test.erp5.testSlapOSCloudComputeNodeSlapInterfaceWorkflow.py

@@ -52,10 +52,15 @@ class TestSlapOSCoreComputeNodeSlapInterfaceWorkflow(SlapOSTestCaseMixin):
     compute_node_certificate = self.portal.REQUEST.get('compute_node_certificate')
     self.assertNotEqual(None, compute_node_key)
     self.assertNotEqual(None, compute_node_certificate)
-    self.assertNotEqual(None, self.compute_node.getDestinationReference())
-    serial = '0x%x' % int(self.compute_node.getDestinationReference(), 16)
+    certificate_login_list = self.compute_node.objectValues(portal_type="Certificate Login")
+    self.assertEqual(len(certificate_login_list), 1)
+    certificate_login = certificate_login_list[0]
+    self.assertEqual(certificate_login.getValidationState(), 'validated')
+    self.assertNotEqual(certificate_login.getReference(), None)
+    self.assertNotEqual(certificate_login.getDestinationReference(), None)
+    serial = '0x%x' % int(certificate_login.getDestinationReference(), 16)
     self.assertTrue(serial in compute_node_certificate)
-    self.assertTrue(self.compute_node.getReference() in compute_node_certificate.decode('string_escape'))
+    self.assertTrue(certificate_login.getReference() in compute_node_certificate.decode('string_escape'))
 
   def test_generateCertificate_twice(self):
     self.login(self.compute_node.getUserId())
@@ -64,10 +69,17 @@ class TestSlapOSCoreComputeNodeSlapInterfaceWorkflow(SlapOSTestCaseMixin):
     compute_node_certificate = self.portal.REQUEST.get('compute_node_certificate')
     self.assertNotEqual(None, compute_node_key)
     self.assertNotEqual(None, compute_node_certificate)
-    self.assertNotEqual(None, self.compute_node.getDestinationReference())
-    serial = '0x%x' % int(self.compute_node.getDestinationReference(), 16)
+    self.assertEqual(None, self.compute_node.getDestinationReference())
+
+    certificate_login_list = self.compute_node.objectValues(portal_type="Certificate Login")
+    self.assertEqual(len(certificate_login_list), 1)
+    certificate_login = certificate_login_list[0]
+    self.assertEqual(certificate_login.getValidationState(), 'validated')
+    self.assertNotEqual(certificate_login.getReference(), None)
+    self.assertNotEqual(certificate_login.getDestinationReference(), None)
+    serial = '0x%x' % int(certificate_login.getDestinationReference(), 16)
     self.assertTrue(serial in compute_node_certificate)
-    self.assertTrue(self.compute_node.getReference() in compute_node_certificate.decode('string_escape'))
+    self.assertTrue(certificate_login.getReference() in compute_node_certificate.decode('string_escape'))
 
     self.assertRaises(ValueError, self.compute_node.generateCertificate)
     self.assertEqual(None, self.portal.REQUEST.get('compute_node_key'))
@@ -252,16 +264,23 @@ class TestSlapOSCoreComputeNodeSlapInterfaceWorkflow(SlapOSTestCaseMixin):
     compute_node_certificate = self.portal.REQUEST.get('compute_node_certificate')
     self.assertNotEqual(None, compute_node_key)
     self.assertNotEqual(None, compute_node_certificate)
-    self.assertNotEqual(None, self.compute_node.getDestinationReference())
-    serial = '0x%x' % int(self.compute_node.getDestinationReference(), 16)
+    certificate_login_list = self.compute_node.objectValues(portal_type="Certificate Login")
+    self.assertEqual(len(certificate_login_list), 1)
+    certificate_login = certificate_login_list[0]
+    self.assertEqual(certificate_login.getValidationState(), 'validated')
+    self.assertNotEqual(certificate_login.getReference(), None)
+    self.assertNotEqual(certificate_login.getDestinationReference(), None)
+    serial = '0x%x' % int(certificate_login.getDestinationReference(), 16)
     self.assertTrue(serial in compute_node_certificate)
-    self.assertTrue(self.compute_node.getReference() in compute_node_certificate.decode('string_escape'))
+    self.assertTrue(certificate_login.getReference() in compute_node_certificate.decode('string_escape'))
+    self.assertNotEqual(certificate_login.getReference(),
+                        self.compute_node.getReference())
 
     self.compute_node.revokeCertificate()
     self.assertEqual(None, self.portal.REQUEST.get('compute_node_key'))
     self.assertEqual(None, self.portal.REQUEST.get('compute_node_certificate'))
 
-    self.assertEqual(None, self.compute_node.getDestinationReference())
+    self.assertEqual(certificate_login.getValidationState(), 'invalidated')
 
   def test_revokeCertificateNoCertificate(self):
     self.login(self.compute_node.getUserId())
@@ -269,6 +288,8 @@ class TestSlapOSCoreComputeNodeSlapInterfaceWorkflow(SlapOSTestCaseMixin):
     self.assertEqual(None, self.portal.REQUEST.get('compute_node_key'))
     self.assertEqual(None, self.portal.REQUEST.get('compute_node_certificate'))
     self.assertEqual(None, self.compute_node.getDestinationReference())
+    certificate_login_list = self.compute_node.objectValues(portal_type="Certificate Login")
+    self.assertEqual(len(certificate_login_list), 0)
 
   def test_revokeCertificate_twice(self):
     self.login(self.compute_node.getUserId())
@@ -277,84 +298,188 @@ class TestSlapOSCoreComputeNodeSlapInterfaceWorkflow(SlapOSTestCaseMixin):
     compute_node_certificate = self.portal.REQUEST.get('compute_node_certificate')
     self.assertNotEqual(None, compute_node_key)
     self.assertNotEqual(None, compute_node_certificate)
-    self.assertNotEqual(None, self.compute_node.getDestinationReference())
-    serial = '0x%x' % int(self.compute_node.getDestinationReference(), 16)
+    certificate_login_list = self.compute_node.objectValues(portal_type="Certificate Login")
+    self.assertEqual(len(certificate_login_list), 1)
+    certificate_login = certificate_login_list[0]
+    self.assertEqual(certificate_login.getValidationState(), 'validated')
+    self.assertNotEqual(certificate_login.getReference(), None)
+    self.assertNotEqual(certificate_login.getDestinationReference(), None)
+    serial = '0x%x' % int(certificate_login.getDestinationReference(), 16)
     self.assertTrue(serial in compute_node_certificate)
-    self.assertTrue(self.compute_node.getReference() in compute_node_certificate.decode('string_escape'))
+    self.assertTrue(certificate_login.getReference() in compute_node_certificate.decode('string_escape'))
+    self.assertNotEqual(certificate_login.getReference(),
+                        self.compute_node.getReference())
 
     self.compute_node.revokeCertificate()
     self.assertEqual(None, self.portal.REQUEST.get('compute_node_key'))
     self.assertEqual(None, self.portal.REQUEST.get('compute_node_certificate'))
 
-    self.assertEqual(None, self.compute_node.getDestinationReference())
+    self.assertEqual(certificate_login.getValidationState(), 'invalidated')
 
     self.assertRaises(ValueError, self.compute_node.revokeCertificate)
     self.assertEqual(None, self.portal.REQUEST.get('compute_node_key'))
     self.assertEqual(None, self.portal.REQUEST.get('compute_node_certificate'))
-    self.assertEqual(None, self.compute_node.getDestinationReference())
+    certificate_login_list = self.compute_node.objectValues(portal_type="Certificate Login")
+    self.assertEqual(len(certificate_login_list), 1)
+    self.assertEqual(certificate_login.getValidationState(), 'invalidated')
 
   def test_renewCertificate(self):
     self.login(self.compute_node.getUserId())
     self.compute_node.generateCertificate()
     compute_node_key = self.portal.REQUEST.get('compute_node_key')
     compute_node_certificate = self.portal.REQUEST.get('compute_node_certificate')
-    destination_reference = self.compute_node.getDestinationReference()
-
     self.assertNotEqual(None, compute_node_key)
     self.assertNotEqual(None, compute_node_certificate)
-    self.assertNotEqual(None, destination_reference)
-    serial = '0x%x' % int(self.compute_node.getDestinationReference(), 16)
+
+    certificate_login_list = self.compute_node.objectValues(portal_type="Certificate Login")
+    self.assertEqual(len(certificate_login_list), 1)
+    certificate_login = certificate_login_list[0]
+    destination_reference = certificate_login.getDestinationReference()
+
+    self.assertEqual(certificate_login.getValidationState(), 'validated')
+    self.assertNotEqual(certificate_login.getReference(), None)
+    self.assertNotEqual(certificate_login.getDestinationReference(), None)
+    serial = '0x%x' % int(certificate_login.getDestinationReference(), 16)
     self.assertTrue(serial in compute_node_certificate)
-    self.assertTrue(self.compute_node.getReference() in compute_node_certificate.decode('string_escape'))
+    self.assertTrue(certificate_login.getReference() in compute_node_certificate.decode('string_escape'))
+    self.assertNotEqual(certificate_login.getReference(),
+                        self.compute_node.getReference())
+    self.assertNotEqual(None, destination_reference)
 
     self.compute_node.revokeCertificate()
     self.compute_node.generateCertificate()
     
     self.assertNotEqual(None, self.portal.REQUEST.get('compute_node_key'))
     self.assertNotEqual(None, self.portal.REQUEST.get('compute_node_certificate'))
-    self.assertNotEqual(None, self.compute_node.getDestinationReference())
-
     self.assertNotEqual(compute_node_key, self.portal.REQUEST.get('compute_node_key'))
     self.assertNotEqual(compute_node_certificate, self.portal.REQUEST.get('compute_node_certificate'))
-    self.assertNotEqual(destination_reference, self.compute_node.getDestinationReference())
+
+    self.assertEqual(certificate_login.getValidationState(), 'invalidated')
+    self.assertEqual(certificate_login.getDestinationReference(), destination_reference)
+    self.assertNotEqual(certificate_login.getReference(), None)
+
+    certificate_login_list = self.compute_node.objectValues(portal_type="Certificate Login")
+    self.assertEqual(len(certificate_login_list), 2)
+    new_certificate_login = [i for i in certificate_login_list \
+      if i.getId() != certificate_login.getId()][0]
+    
+    destination_reference = certificate_login.getDestinationReference()
+    self.assertEqual(new_certificate_login.getValidationState(), 'validated')
+    self.assertNotEqual(new_certificate_login.getReference(), None)
+    self.assertNotEqual(new_certificate_login.getReference(),
+      certificate_login.getReference())
+  
+    self.assertNotEqual(new_certificate_login.getDestinationReference(), None)
+    self.assertNotEqual(new_certificate_login.getDestinationReference(),
+      certificate_login.getDestinationReference())
+    serial = '0x%x' % int(new_certificate_login.getDestinationReference(), 16)
+
+    compute_node_certificate = self.portal.REQUEST.get('compute_node_certificate')
+    self.assertTrue(serial in compute_node_certificate)
+    self.assertTrue(new_certificate_login.getReference() in compute_node_certificate.decode('string_escape'))
+    self.assertFalse(certificate_login.getReference() in compute_node_certificate.decode('string_escape'))
+    
+    self.assertNotEqual(certificate_login.getReference(),
+                        self.compute_node.getReference())
 
   def test_renewCertificate_twice(self):
     self.login(self.compute_node.getUserId())
     self.compute_node.generateCertificate()
     compute_node_key = self.portal.REQUEST.get('compute_node_key')
     compute_node_certificate = self.portal.REQUEST.get('compute_node_certificate')
-    destination_reference = self.compute_node.getDestinationReference()
-
     self.assertNotEqual(None, compute_node_key)
     self.assertNotEqual(None, compute_node_certificate)
-    self.assertNotEqual(None, self.compute_node.getDestinationReference())
-    serial = '0x%x' % int(self.compute_node.getDestinationReference(), 16)
+
+    certificate_login_list = self.compute_node.objectValues(portal_type="Certificate Login")
+    self.assertEqual(len(certificate_login_list), 1)
+    certificate_login = certificate_login_list[0]
+    destination_reference = certificate_login.getDestinationReference()
+
+    self.assertEqual(certificate_login.getValidationState(), 'validated')
+    self.assertNotEqual(certificate_login.getReference(), None)
+    self.assertNotEqual(certificate_login.getDestinationReference(), None)
+    serial = '0x%x' % int(certificate_login.getDestinationReference(), 16)
     self.assertTrue(serial in compute_node_certificate)
-    self.assertTrue(self.compute_node.getReference() in compute_node_certificate.decode('string_escape'))
+    self.assertTrue(certificate_login.getReference() in compute_node_certificate.decode('string_escape'))
+    self.assertNotEqual(certificate_login.getReference(),
+                        self.compute_node.getReference())
+    self.assertNotEqual(None, destination_reference)
 
     self.compute_node.revokeCertificate()
     self.compute_node.generateCertificate()
+
     self.assertNotEqual(None, self.portal.REQUEST.get('compute_node_key'))
     self.assertNotEqual(None, self.portal.REQUEST.get('compute_node_certificate'))
-    self.assertNotEqual(None, self.compute_node.getDestinationReference())
-
     self.assertNotEqual(compute_node_key, self.portal.REQUEST.get('compute_node_key'))
     self.assertNotEqual(compute_node_certificate, self.portal.REQUEST.get('compute_node_certificate'))
-    self.assertNotEqual(destination_reference, self.compute_node.getDestinationReference())
 
-    compute_node_key = self.portal.REQUEST.get('compute_node_key')
+    self.assertEqual(certificate_login.getValidationState(), 'invalidated')
+    self.assertEqual(certificate_login.getDestinationReference(), destination_reference)
+    self.assertNotEqual(certificate_login.getReference(), None)
+
+    certificate_login_list = self.compute_node.objectValues(portal_type="Certificate Login")
+    self.assertEqual(len(certificate_login_list), 2)
+    new_certificate_login = [i for i in certificate_login_list \
+      if i.getId() != certificate_login.getId()][0]
+    
+    destination_reference = certificate_login.getDestinationReference()
+    self.assertEqual(new_certificate_login.getValidationState(), 'validated')
+    self.assertNotEqual(new_certificate_login.getReference(), None)
+    self.assertNotEqual(new_certificate_login.getReference(),
+      certificate_login.getReference())
+  
+    self.assertNotEqual(new_certificate_login.getDestinationReference(), None)
+    self.assertNotEqual(new_certificate_login.getDestinationReference(),
+      certificate_login.getDestinationReference())
+    serial = '0x%x' % int(new_certificate_login.getDestinationReference(), 16)
+
     compute_node_certificate = self.portal.REQUEST.get('compute_node_certificate')
-    destination_reference = self.compute_node.getDestinationReference()
+    self.assertTrue(serial in compute_node_certificate)
+    self.assertTrue(new_certificate_login.getReference() in compute_node_certificate.decode('string_escape'))
+    self.assertFalse(certificate_login.getReference() in compute_node_certificate.decode('string_escape'))
+    
+    self.assertNotEqual(certificate_login.getReference(),
+                        self.compute_node.getReference())
 
     self.compute_node.revokeCertificate()
     self.compute_node.generateCertificate()
+
     self.assertNotEqual(None, self.portal.REQUEST.get('compute_node_key'))
     self.assertNotEqual(None, self.portal.REQUEST.get('compute_node_certificate'))
-    self.assertNotEqual(None, self.compute_node.getDestinationReference())
-
     self.assertNotEqual(compute_node_key, self.portal.REQUEST.get('compute_node_key'))
     self.assertNotEqual(compute_node_certificate, self.portal.REQUEST.get('compute_node_certificate'))
-    self.assertNotEqual(destination_reference, self.compute_node.getDestinationReference())
+
+    self.assertEqual(new_certificate_login.getValidationState(), 'invalidated')
+    self.assertNotEqual(new_certificate_login.getDestinationReference(), destination_reference)
+    self.assertNotEqual(new_certificate_login.getReference(), None)
+
+    certificate_login_list = self.compute_node.objectValues(portal_type="Certificate Login")
+    self.assertEqual(len(certificate_login_list), 3)
+
+    third_certificate_login = [i for i in certificate_login_list \
+      if i.getId() not in [certificate_login.getId(), new_certificate_login.getId()]][0]
+    
+    destination_reference = new_certificate_login.getDestinationReference()
+    self.assertEqual(third_certificate_login.getValidationState(), 'validated')
+    self.assertNotEqual(third_certificate_login.getReference(), None)
+    self.assertNotEqual(third_certificate_login.getReference(),
+      certificate_login.getReference())
+  
+    self.assertNotEqual(third_certificate_login.getDestinationReference(), None)
+    self.assertNotEqual(third_certificate_login.getDestinationReference(),
+      new_certificate_login.getDestinationReference())
+    serial = '0x%x' % int(third_certificate_login.getDestinationReference(), 16)
+
+    compute_node_certificate = self.portal.REQUEST.get('compute_node_certificate')
+    self.assertTrue(serial in compute_node_certificate)
+    self.assertTrue(third_certificate_login.getReference() in compute_node_certificate.decode('string_escape'))
+    self.assertFalse(new_certificate_login.getReference() in compute_node_certificate.decode('string_escape'))
+    
+    self.assertNotEqual(third_certificate_login.getReference(),
+                        self.compute_node.getReference())
+
+    self.assertNotEqual(new_certificate_login.getReference(),
+                        self.compute_node.getReference())
 
 class TestSlapOSCoreComputeNodeSlapInterfaceWorkflowSupply(SlapOSTestCaseMixin):
 

master/bt5/slapos_cloud/TestTemplateItem/portal_components/test.erp5.testSlapOSCloudComputeNodeSlapInterfaceWorkflow.xml

@@ -6,12 +6,6 @@
     </pickle>
     <pickle>
       <dictionary>
-        <item>
-            <key> <string>_recorded_property_dict</string> </key>
-            <value>
-              <persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
-            </value>
-        </item>
         <item>
             <key> <string>default_reference</string> </key>
             <value> <string>testSlapOSCloudComputeNodeSlapInterfaceWorkflow</string> </value>
@@ -61,28 +55,13 @@
         <item>
             <key> <string>workflow_history</string> </key>
             <value>
-              <persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent>
+              <persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
             </value>
         </item>
       </dictionary>
     </pickle>
   </record>
   <record id="2" aka="AAAAAAAAAAI=">
-    <pickle>
-      <global name="PersistentMapping" module="Persistence.mapping"/>
-    </pickle>
-    <pickle>
-      <dictionary>
-        <item>
-            <key> <string>data</string> </key>
-            <value>
-              <dictionary/>
-            </value>
-        </item>
-      </dictionary>
-    </pickle>
-  </record>
-  <record id="3" aka="AAAAAAAAAAM=">
     <pickle>
       <global name="PersistentMapping" module="Persistence.mapping"/>
     </pickle>
@@ -95,7 +74,7 @@
                 <item>
                     <key> <string>component_validation_workflow</string> </key>
                     <value>
-                      <persistent> <string encoding="base64">AAAAAAAAAAQ=</string> </persistent>
+                      <persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent>
                     </value>
                 </item>
               </dictionary>
@@ -104,7 +83,7 @@
       </dictionary>
     </pickle>
   </record>
-  <record id="4" aka="AAAAAAAAAAQ=">
+  <record id="3" aka="AAAAAAAAAAM=">
     <pickle>
       <global name="WorkflowHistoryList" module="Products.ERP5Type.Workflow"/>
     </pickle>

master/bt5/slapos_cloud/TestTemplateItem/portal_components/test.erp5.testSlapOSCloudInstanceSlapInterfaceWorkflow.py

@@ -1140,68 +1140,88 @@ class TestSlapOSCoreInstanceSlapInterfaceWorkflowTransfer(SlapOSTestCaseMixin):
 
   def test_generateCertificate(self):
     self.login()
+    self.software_instance.setSslKey(None)
+    self.software_instance.setSslCertificate(None)
     self.software_instance.setDestinationReference(None)
-    self.software_instance.getSslKey(None)
-    self.software_instance.getSslCertificate(None)
 
     self.software_instance.generateCertificate()
-    self.assertNotEqual(self.software_instance.getDestinationReference(), None)
     self.assertNotEqual(self.software_instance.getSslKey(), None)
     self.assertNotEqual(self.software_instance.getSslCertificate(), None)
+    self.assertEqual(self.software_instance.getDestinationReference(), None)
+
+    certificate_login_list = self.software_instance.objectValues(portal_type="Certificate Login")
+    self.assertEqual(len(certificate_login_list), 1)
+    certificate_login = certificate_login_list[0]
+
+    self.assertEqual(certificate_login.getValidationState(), 'validated')
+    self.assertNotEqual(certificate_login.getReference(), None)
+    self.assertNotEqual(certificate_login.getDestinationReference(), None)
+    serial = '0x%x' % int(certificate_login.getDestinationReference(), 16)
+    self.assertTrue(serial in self.software_instance.getSslCertificate())
+    self.assertTrue(certificate_login.getReference() in \
+       self.software_instance.getSslCertificate().decode('string_escape'))
 
     self.assertRaises(ValueError, self.software_instance.generateCertificate)
 
   def test_revokeCertificate(self):
     self.login()
-    self.assertNotEqual(self.software_instance.getDestinationReference(), None)
-    self.assertNotEqual(self.software_instance.getSslKey(), None)
-    self.assertNotEqual(self.software_instance.getSslCertificate(), None)
-
-    self.software_instance.revokeCertificate()
-    self.assertEqual(self.software_instance.getDestinationReference(), None)
-    self.assertEqual(self.software_instance.getSslKey(), None)
-    self.assertEqual(self.software_instance.getSslCertificate(), None)
-
     self.assertRaises(ValueError, self.software_instance.revokeCertificate)
+    certificate_login_list = self.software_instance.objectValues(portal_type="Certificate Login")
+    self.assertEqual(len(certificate_login_list), 0)
 
   def test_revokeAndGenerateCertificate(self):
     self.login()
 
-    destination_reference = self.software_instance.getDestinationReference()
     ssl_key = self.software_instance.getSslKey()
     ssl_certificate = self.software_instance.getSslCertificate()
 
-    self.assertNotEqual(self.software_instance.getDestinationReference(), None)
     self.assertNotEqual(self.software_instance.getSslKey(), None)
     self.assertNotEqual(self.software_instance.getSslCertificate(), None)
 
-    self.software_instance.revokeCertificate()
+    self.assertRaises(ValueError, self.software_instance.revokeCertificate)
+
     self.software_instance.generateCertificate()
-    self.assertNotEqual(self.software_instance.getDestinationReference(), None)
     self.assertNotEqual(self.software_instance.getSslKey(), None)
     self.assertNotEqual(self.software_instance.getSslCertificate(), None)
 
-    self.assertNotEqual(self.software_instance.getDestinationReference(),
-      destination_reference)
+    certificate_login_list = self.software_instance.objectValues(portal_type="Certificate Login")
+    self.assertEqual(len(certificate_login_list), 1)
+    certificate_login = certificate_login_list[0]
+    self.assertEqual(certificate_login.getValidationState(), 'validated')
+    self.assertNotEqual(certificate_login.getReference(), None)
+    self.assertNotEqual(certificate_login.getDestinationReference(), None)
+
     self.assertNotEqual(self.software_instance.getSslKey(),
       ssl_key)
     self.assertNotEqual(self.software_instance.getSslCertificate(),
       ssl_certificate)
 
-    destination_reference = self.software_instance.getDestinationReference()
     ssl_key = self.software_instance.getSslKey()
     ssl_certificate = self.software_instance.getSslCertificate()
 
     self.software_instance.revokeCertificate()
     self.software_instance.generateCertificate()
-    self.assertNotEqual(self.software_instance.getDestinationReference(), None)
     self.assertNotEqual(self.software_instance.getSslKey(), None)
     self.assertNotEqual(self.software_instance.getSslCertificate(), None)
 
-    self.assertNotEqual(self.software_instance.getDestinationReference(),
-      destination_reference)
     self.assertNotEqual(self.software_instance.getSslKey(),
       ssl_key)
     self.assertNotEqual(self.software_instance.getSslCertificate(),
       ssl_certificate)
 
+    certificate_login_list = self.software_instance.objectValues(portal_type="Certificate Login")
+    self.assertEqual(len(certificate_login_list), 2)
+    another_certificate_login = [ i for i in certificate_login_list
+                                   if i.getId() != certificate_login.getId()][0]
+
+    self.assertEqual(another_certificate_login.getValidationState(), 'validated')
+    self.assertNotEqual(another_certificate_login.getReference(), None)
+    self.assertNotEqual(another_certificate_login.getDestinationReference(), None)
+
+    self.assertEqual(certificate_login.getValidationState(), 'invalidated')
+    self.assertNotEqual(certificate_login.getReference(),
+      another_certificate_login.getReference())
+    self.assertNotEqual(certificate_login.getDestinationReference(),
+      another_certificate_login.getDestinationReference())
+
+

master/bt5/slapos_cloud/TestTemplateItem/portal_components/test.erp5.testSlapOSCloudInstanceSlapInterfaceWorkflow.xml

@@ -6,12 +6,6 @@
     </pickle>
     <pickle>
       <dictionary>
-        <item>
-            <key> <string>_recorded_property_dict</string> </key>
-            <value>
-              <persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
-            </value>
-        </item>
         <item>
             <key> <string>default_reference</string> </key>
             <value> <string>testSlapOSCloudInstanceSlapInterfaceWorkflow</string> </value>
@@ -61,28 +55,13 @@
         <item>
             <key> <string>workflow_history</string> </key>
             <value>
-              <persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent>
+              <persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
             </value>
         </item>
       </dictionary>
     </pickle>
   </record>
   <record id="2" aka="AAAAAAAAAAI=">
-    <pickle>
-      <global name="PersistentMapping" module="Persistence.mapping"/>
-    </pickle>
-    <pickle>
-      <dictionary>
-        <item>
-            <key> <string>data</string> </key>
-            <value>
-              <dictionary/>
-            </value>
-        </item>
-      </dictionary>
-    </pickle>
-  </record>
-  <record id="3" aka="AAAAAAAAAAM=">
     <pickle>
       <global name="PersistentMapping" module="Persistence.mapping"/>
     </pickle>
@@ -95,7 +74,7 @@
                 <item>
                     <key> <string>component_validation_workflow</string> </key>
                     <value>
-                      <persistent> <string encoding="base64">AAAAAAAAAAQ=</string> </persistent>
+                      <persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent>
                     </value>
                 </item>
               </dictionary>
@@ -104,7 +83,7 @@
       </dictionary>
     </pickle>
   </record>
-  <record id="4" aka="AAAAAAAAAAQ=">
+  <record id="3" aka="AAAAAAAAAAM=">
     <pickle>
       <global name="WorkflowHistoryList" module="Products.ERP5Type.Workflow"/>
     </pickle>

master/bt5/slapos_cloud/WorkflowTemplateItem/portal_workflow/compute_node_slap_interface_workflow/script_ComputeNode_approveRegistration.py

@@ -8,10 +8,4 @@ compute_node.edit(
   capacity_scope='open'
 )
 
-erp5_login = compute_node.newContent(
-  portal_type="Certificate Login",
-  reference=compute_node.getReference()
-)
-erp5_login.validate()
-
 portal.portal_workflow.doActionFor(compute_node, 'validate_action')

master/bt5/slapos_cloud/WorkflowTemplateItem/portal_workflow/compute_node_slap_interface_workflow/script_ComputeNode_generateCertificate.py

 compute_node = state_change['object']
 
-if compute_node.getDestinationReference() is not None:
+for certificate_login in compute_node.objectValues(
+  portal_type=["Certificate Login"]):
+  if certificate_login.getValidationState() == "validated":
     context.REQUEST.set("compute_node_certificate", None)
     context.REQUEST.set("compute_node_key", None)
     raise ValueError('Certificate still active.')
     
-ca = context.getPortalObject().portal_certificate_authority
-certificate_dict = ca.getNewCertificate(compute_node.getReference())
-
-compute_node.setDestinationReference(certificate_dict["id"])
+certificate_login = compute_node.newContent(
+  portal_type="Certificate Login")
+certificate_dict = certificate_login.getCertificate()
+certificate_login.validate()
 
 context.REQUEST.set("compute_node_certificate", certificate_dict["certificate"])
 context.REQUEST.set("compute_node_key", certificate_dict["key"])

master/bt5/slapos_cloud/WorkflowTemplateItem/portal_workflow/compute_node_slap_interface_workflow/script_ComputeNode_generateCertificate.xml

@@ -52,6 +52,12 @@
             <key> <string>_params</string> </key>
             <value> <string>state_change</string> </value>
         </item>
+        <item>
+            <key> <string>description</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
         <item>
             <key> <string>id</string> </key>
             <value> <string>script_ComputeNode_generateCertificate</string> </value>

master/bt5/slapos_cloud/WorkflowTemplateItem/portal_workflow/compute_node_slap_interface_workflow/script_ComputeNode_revokeCertificate.py

 compute_node = state_change['object']
+
 context.REQUEST.set('compute_node_certificate', None)
 context.REQUEST.set('compute_node_key', None)
-destination_reference = compute_node.getDestinationReference()
-if destination_reference is None:
+
+no_certificate = True
+for certificate_login in compute_node.objectValues(
+  portal_type=["Certificate Login"]):
+  if certificate_login.getValidationState() == "validated":
+    certificate_login.invalidate()
+    no_certificate = False
+
+if no_certificate:
   raise ValueError('No certificate')
-context.getPortalObject().portal_certificate_authority.revokeCertificate(destination_reference)
-compute_node.setDestinationReference(None)

master/bt5/slapos_cloud/WorkflowTemplateItem/portal_workflow/compute_node_slap_interface_workflow/script_ComputeNode_revokeCertificate.xml

@@ -52,6 +52,12 @@
             <key> <string>_params</string> </key>
             <value> <string>state_change</string> </value>
         </item>
+        <item>
+            <key> <string>description</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
         <item>
             <key> <string>id</string> </key>
             <value> <string>script_ComputeNode_revokeCertificate</string> </value>

master/bt5/slapos_cloud/WorkflowTemplateItem/portal_workflow/instance_slap_interface_workflow/script_RequestedInstance_generateCertificate.py

 instance = state_change['object']
-
-if instance.getDestinationReference() is not None:
-  raise ValueError("Certificate still active.")
-
 if instance.getPortalType() != "Software Instance":
   # Skip if the instance isn't a Software Instance, 
   # since Shared Instances cannot find the object.
   return
 
-ca = context.getPortalObject().portal_certificate_authority
-certificate_dict = ca.getNewCertificate(instance.getReference())
+for certificate_login in instance.objectValues(
+  portal_type=["Certificate Login"]):
+  if certificate_login.getValidationState() == "validated":
+    raise ValueError('Certificate still active.')
     
-edit_kw = {'destination_reference' : certificate_dict['id'],
-           'ssl_key' : certificate_dict['key'],
-           'ssl_certificate': certificate_dict['certificate']
-          }
+# Include Certificate Login so Instance become a User
+certificate_login = instance.newContent(
+  portal_type="Certificate Login")
+certificate_dict = certificate_login.getCertificate()
+certificate_login.validate()
 
+# Keep this here?
+edit_kw = {'ssl_key' : certificate_dict['key'],
+           'ssl_certificate': certificate_dict['certificate']}
 instance.edit(**edit_kw)

master/bt5/slapos_cloud/WorkflowTemplateItem/portal_workflow/instance_slap_interface_workflow/script_RequestedInstance_revokeCertificate.py

 instance = state_change['object']
-portal = instance.getPortalObject()
 
 if instance.getSslKey() is not None or instance.getSslCertificate() is not None:
   instance.edit(ssl_key=None, ssl_certificate=None)
 
-destination_reference = instance.getDestinationReference()
-if destination_reference is None:
-  raise ValueError('No certificate')
+no_certificate = True
+for certificate_login in instance.objectValues(
+  portal_type=["Certificate Login"]):
+  if certificate_login.getValidationState() == "validated":
+    certificate_login.invalidate()
+    no_certificate = False
 
-try:
-  portal.portal_certificate_authority\
-          .revokeCertificate(instance.getDestinationReference())
-except ValueError:
-  # Ignore already revoked certificates, as OpenSSL backend is
-  # non transactional, so it is ok to allow multiple tries to destruction
-  # even if certificate was already revoked
-  pass
-instance.setDestinationReference(None)
+if no_certificate:
+  raise ValueError('No certificate')

master/bt5/slapos_cloud/WorkflowTemplateItem/portal_workflow/instance_slap_interface_workflow/script_RequestedInstance_revokeCertificate.xml

@@ -68,9 +68,7 @@
         </item>
         <item>
             <key> <string>title</string> </key>
-            <value>
-              <none/>
-            </value>
+            <value> <string>None</string> </value>
         </item>
       </dictionary>
     </pickle>

master/bt5/slapos_cloud/WorkflowTemplateItem/portal_workflow/instance_slap_interface_workflow/script_RequesterInstance_request.py

@@ -93,14 +93,9 @@ if (request_software_instance is None):
       reference=reference,
       activate_kw={'tag': tag}
     )
+    if software_instance_portal_type == "Software Instance":
       request_software_instance.generateCertificate()
     request_software_instance.validate()
-    if software_instance_portal_type == "Software Instance":
-      # Include Certificate Login so Instance become a User
-      certificate_login = request_software_instance.newContent(
-        portal_type="Certificate Login",
-        reference=request_software_instance.getReference())
-      certificate_login.validate()
 
     graph[request_software_instance.getUid()] = []