slapos: use Software Instance certificate/key pair for request

slapos/grid/slapgrid.py

@@ -1629,7 +1629,16 @@ stderr_logfile_backups=1
       # even if something is terribly wrong while processing an instance, it
       # won't prevent processing other ones.
       if not self.api_backward_compatibility:
-        computer_partition = self.slap.jio_api_connector.get(computer_partition["get_parameters"])
+        # Try to use partition certificate
+        # TODO: find a clean way to request the certificate
+        partition_certificate_file = os.path.join(self.certificate_repository_path, computer_partition["compute_partition_id"] + ".crt")
+        partition_key_file = os.path.join(self.certificate_repository_path, computer_partition["compute_partition_id"] + ".key")
+
+        if os.path.exists(partition_certificate_file) and os.path.exists(partition_key_file):
+          computer_partition = self.slap.jio_api_connector.get(computer_partition["get_parameters"],
+            cert_key=(partition_certificate_file, partition_key_file))
+        else:
+          computer_partition = self.slap.jio_api_connector.get(computer_partition["get_parameters"])
       try:
         # Process the partition itself
         self.processComputerPartition(computer_partition)

slapos/slap/hateoas.py

@@ -87,7 +87,7 @@ class ConnectionHelper:
       cache=FileCache(os.path.expanduser("~/.slapos_cached_get")))
 
   def do_request(self, method, path, params=None, data=None, headers=None,
-                 expect_json_error=False):
+                 expect_json_error=False, cert_key=None):
     url = parse.urljoin(self.slapgrid_uri, path)
     if headers is None:
       headers = {}
@@ -97,10 +97,8 @@ class ConnectionHelper:
 #      raise ValueError('method path should be relative: %s' % path)
 
     try:
-      if url.startswith('https'):
-        cert = (self.cert_file, self.key_file)
-      else:
-        cert = None
+      if url.startswith('https') and cert_key is None:
+        cert_key = (self.cert_file, self.key_file)
 
       # XXX TODO: handle host cert verify
 
@@ -114,7 +112,7 @@ class ConnectionHelper:
 
       req = method(url=url,
                    params=params,
-                   cert=cert,
+                   cert=cert_key,
                    verify=False,
                    data=data,
                    headers=headers,

slapos/slap/slap.py

@@ -796,30 +796,34 @@ def json_loads_byteified(json_text):
   )
 
 class JioAPIConnectionHelper(ConnectionHelper):
-
-  def apiCall(self, path, data):
+  def apiCall(self, path, data, cert_key=None):
     req = self.do_request(requests.post,
                           path=path,
                           data=json.dumps(data),
                           headers={'Content-type': 'application/json'},
-                          expect_json_error=True)
+                          expect_json_error=True,
+                          cert_key=cert_key)
     return json_loads_byteified(req.text)
 
-  def get(self, data):
+  def get(self, data, cert_key=None):
     return self.apiCall(path="get/",
-                        data=data)
+                        data=data,
+                        cert_key=cert_key)
 
-  def post(self, data):
+  def post(self, data, cert_key=None):
     return self.apiCall(path="post/",
-                        data=data)
+                        data=data,
+                        cert_key=cert_key)
 
-  def put(self, data):
+  def put(self, data, cert_key=None):
     return self.apiCall(path="put/",
-                        data=data)
+                        data=data,
+                        cert_key=cert_key)
 
-  def allDocs(self, data):
+  def allDocs(self, data, cert_key=None):
     return self.apiCall(path="allDocs/",
-                        data=data)
+                        data=data,
+                        cert_key=cert_key)
 
 getHateoasUrl_cache = {}
 getjIOAPI_cache = {}