Commit a30ef074 authored by Alain Takoudjou's avatar Alain Takoudjou

slapos_cloud: remove constraints on software instance certificate, revoke...

slapos_cloud: remove constraints on software instance certificate, revoke previous instance certificate when request a new one.

If a valid certificate exists and Node try to request a new certificate, the old certificate is revoked first.
parent 691529b3
...@@ -30,13 +30,11 @@ from AccessControl import ClassSecurityInfo ...@@ -30,13 +30,11 @@ from AccessControl import ClassSecurityInfo
from Products.ERP5Type.Globals import InitializeClass from Products.ERP5Type.Globals import InitializeClass
from Products.ERP5Type import Permissions from Products.ERP5Type import Permissions
from Products.ERP5Type.XMLObject import XMLObject from Products.ERP5Type.XMLObject import XMLObject
from DateTime import DateTime
import functools import functools
from json import loads, dumps from json import loads
import urllib2, urllib import urllib2, urllib
from httplib import HTTPSConnection from httplib import HTTPSConnection
import urlparse import urlparse
from zLOG import LOG, INFO
class TolerateErrorHandler(urllib2.BaseHandler): class TolerateErrorHandler(urllib2.BaseHandler):
handler_order = 100 # Get registered before default error hander (at 500) handler_order = 100 # Get registered before default error hander (at 500)
...@@ -168,7 +166,7 @@ class CaucaseRESTClientInterface(XMLObject): ...@@ -168,7 +166,7 @@ class CaucaseRESTClientInterface(XMLObject):
def deleteCertificateSigningRequest(self, csr_id): def deleteCertificateSigningRequest(self, csr_id):
""" """
Return CSR from his id Delete CSR from his id
""" """
response = self._request('/csr/%s' % csr_id, method='DELETE').read() response = self._request('/csr/%s' % csr_id, method='DELETE').read()
......
...@@ -45,12 +45,7 @@ ...@@ -45,12 +45,7 @@
<item> <item>
<key> <string>text_content_warning_message</string> </key> <key> <string>text_content_warning_message</string> </key>
<value> <value>
<tuple> <tuple/>
<string>W: 33, 0: Unused DateTime imported from DateTime (unused-import)</string>
<string>W: 35, 0: Unused dumps imported from json (unused-import)</string>
<string>W: 39, 0: Unused INFO imported from zLOG (unused-import)</string>
<string>W: 39, 0: Unused LOG imported from zLOG (unused-import)</string>
</tuple>
</value> </value>
</item> </item>
<item> <item>
......
...@@ -97,27 +97,31 @@ class SoftwareInstance(Item): ...@@ -97,27 +97,31 @@ class SoftwareInstance(Item):
def requestCertificate(self, certificate_request): def requestCertificate(self, certificate_request):
"""Request a new certificate for this instance""" """Request a new certificate for this instance"""
certificate_id = self._getInstanceCertificate() certificate_id = self._getInstanceCertificate()
if certificate_id is None: if certificate_id is not None:
ca_service = self.getPortalObject().portal_web_services.caucase_adapter # Get new Certificate will automatically revoke the previous
csr_id = ca_service.putCertificateSigningRequest(certificate_request) self.revokeCertificate(certificate_id)
# Sign the csr immediately ca_service = self.getPortalObject().portal_web_services.caucase_adapter
crt_id, url = ca_service.signCertificate(csr_id) csr_id = ca_service.putCertificateSigningRequest(certificate_request)
# link to the Instance # Sign the csr immediately
certificate_id = self.newContent( crt_id, url = ca_service.signCertificate(csr_id)
portal_type="Certificate Access ID",
reference=crt_id, # link to the Instance
url_string=url) certificate_id = self.newContent(
portal_type="Certificate Access ID",
certificate_id.validate() reference=crt_id,
url_string=url)
certificate_id.validate()
return self._getCertificate(certificate_id.getReference()) return self._getCertificate(certificate_id.getReference())
security.declareProtected(Permissions.AccessContentsInformation, security.declareProtected(Permissions.AccessContentsInformation,
'revokeCertificate') 'revokeCertificate')
def revokeCertificate(self): def revokeCertificate(self, certificate_id=None):
"""Returns existing certificate of this instance""" """Revoke existing certificate of this instance"""
certificate_id = self._getInstanceCertificate() if certificate_id is None:
certificate_id = self._getInstanceCertificate()
if certificate_id: if certificate_id:
return self.getPortalObject().portal_web_services.caucase_adapter \ return self.getPortalObject().portal_web_services.caucase_adapter \
.revokeCertificate(certificate_id.getReference()) .revokeCertificate(certificate_id.getReference())
......
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<global name="Property Existence Constraint" module="erp5.portal_type"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>_identity_criterion</string> </key>
<value>
<persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
</value>
</item>
<item>
<key> <string>_range_criterion</string> </key>
<value>
<persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent>
</value>
</item>
<item>
<key> <string>constraint_property</string> </key>
<value>
<tuple>
<string>ssl_certificate</string>
<string>ssl_key</string>
</tuple>
</value>
</item>
<item>
<key> <string>description</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>not_destroy_requested_property_existence_constraint</string> </value>
</item>
<item>
<key> <string>int_index</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>membership_criterion_category</string> </key>
<value>
<tuple/>
</value>
</item>
<item>
<key> <string>message_no_such_property</string> </key>
<value> <string>Property existence error for property ${property_id}, this document has no such property or the property has never been set</string> </value>
</item>
<item>
<key> <string>portal_type</string> </key>
<value> <string>Property Existence Constraint</string> </value>
</item>
<item>
<key> <string>string_index</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>test_method_id</string> </key>
<value>
<tuple/>
</value>
</item>
<item>
<key> <string>test_tales_expression</string> </key>
<value> <string>python: context.getSlapState() != \'destroy_requested\'</string> </value>
</item>
</dictionary>
</pickle>
</record>
<record id="2" aka="AAAAAAAAAAI=">
<pickle>
<global name="PersistentMapping" module="Persistence.mapping"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>data</string> </key>
<value>
<dictionary/>
</value>
</item>
</dictionary>
</pickle>
</record>
<record id="3" aka="AAAAAAAAAAM=">
<pickle>
<global name="PersistentMapping" module="Persistence.mapping"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>data</string> </key>
<value>
<dictionary/>
</value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
...@@ -22,7 +22,6 @@ ...@@ -22,7 +22,6 @@
<key> <string>constraint_property</string> </key> <key> <string>constraint_property</string> </key>
<value> <value>
<tuple> <tuple>
<string>destination_reference</string>
<string>reference</string> <string>reference</string>
</tuple> </tuple>
</value> </value>
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment