Commit 5d05c34b authored by Thomas Gambier's avatar Thomas Gambier 🚴🏼

registry: make grace_period a command line option

parent aff69950
...@@ -113,6 +113,9 @@ def main(): ...@@ -113,6 +113,9 @@ def main():
_('--community', _('--community',
help="File containing community configuration. This file cannot be" help="File containing community configuration. This file cannot be"
" empty and must contain the default location ('*').") " empty and must contain the default location ('*').")
_('--grace-period', default=8640000, type=int,
help="Period in seconds during which a client can renew its"
" certificate even if expired (default 100 days)")
_ = parser.add_argument_group('routing').add_argument _ = parser.add_argument_group('routing').add_argument
_('--hello', type=int, default=15, _('--hello', type=int, default=15,
......
...@@ -32,7 +32,6 @@ from . import ctl, tunnel, utils, version, x509 ...@@ -32,7 +32,6 @@ from . import ctl, tunnel, utils, version, x509
HMAC_HEADER = "Re6stHMAC" HMAC_HEADER = "Re6stHMAC"
RENEW_PERIOD = 30 * 86400 RENEW_PERIOD = 30 * 86400
GRACE_PERIOD = 100 * 86400
BABEL_HMAC = 'babel_hmac0', 'babel_hmac1', 'babel_hmac2' BABEL_HMAC = 'babel_hmac0', 'babel_hmac1', 'babel_hmac2'
def rpc(f): def rpc(f):
...@@ -251,7 +250,7 @@ class RegistryServer(object): ...@@ -251,7 +250,7 @@ class RegistryServer(object):
# 'select' call does not return. Ideally, we should interrupt it. # 'select' call does not return. Ideally, we should interrupt it.
logging.info("Checking if there's any old entry in the database ...") logging.info("Checking if there's any old entry in the database ...")
not_after = None not_after = None
old = time.time() - GRACE_PERIOD old = time.time() - self.config.grace_period
q = self.db.execute q = self.db.execute
with self.lock, self.db: with self.lock, self.db:
q("BEGIN") q("BEGIN")
...@@ -278,7 +277,7 @@ class RegistryServer(object): ...@@ -278,7 +277,7 @@ class RegistryServer(object):
elif not_after is None or x < not_after: elif not_after is None or x < not_after:
not_after = x not_after = x
self.mergePrefixes() self.mergePrefixes()
self.timeout = not_after and not_after + GRACE_PERIOD self.timeout = not_after and not_after + self.config.grace_period
def handle_request(self, request, method, kw): def handle_request(self, request, method, kw):
m = getattr(self, method) m = getattr(self, method)
......
...@@ -24,5 +24,6 @@ ...@@ -24,5 +24,6 @@
"same_country": null, "same_country": null,
"tunnel_refresh": 300, "tunnel_refresh": 300,
"hello": 15, "hello": 15,
"community": null "community": null,
} "grace_period": 8640000
\ No newline at end of file }
...@@ -112,7 +112,7 @@ class TestRegistryServer(unittest.TestCase): ...@@ -112,7 +112,7 @@ class TestRegistryServer(unittest.TestCase):
token_old, token = "bbbbdddd", "ddddbbbb" token_old, token = "bbbbdddd", "ddddbbbb"
prefix_old, prefix = "1110", "1111" prefix_old, prefix = "1110", "1111"
# 20 magic number, make sure we create old enough new cert/token # 20 magic number, make sure we create old enough new cert/token
now = int(time.time()) - registry.GRACE_PERIOD + 20 now = int(time.time()) - self.config.grace_period + 20
# makeup data # makeup data
insert_cert(cur, self.server.cert, prefix_old, 1) insert_cert(cur, self.server.cert, prefix_old, 1)
insert_cert(cur, self.server.cert, prefix, now -1) insert_cert(cur, self.server.cert, prefix, now -1)
...@@ -130,7 +130,7 @@ class TestRegistryServer(unittest.TestCase): ...@@ -130,7 +130,7 @@ class TestRegistryServer(unittest.TestCase):
self.assertIsNone(get_cert(cur, prefix_old), "old cert not deleted") self.assertIsNone(get_cert(cur, prefix_old), "old cert not deleted")
self.assertIsNotNone(get_cert(cur, prefix)) self.assertIsNotNone(get_cert(cur, prefix))
self.assertEqual(self.server.timeout, self.assertEqual(self.server.timeout,
now - 1 + registry.GRACE_PERIOD, now - 1 + self.config.grace_period,
"time_out set wrongly") "time_out set wrongly")
delete_cert(cur, prefix) delete_cert(cur, prefix)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment