slapos_cloud: Include API to renew the certificates

See merge request nexedi/slapos.core!377

master/bt5/slapos_cloud/TestTemplateItem/portal_components/test.erp5.testSlapOSCloudComputeNodeSlapInterfaceWorkflow.py

@@ -293,6 +293,73 @@ class TestSlapOSCoreComputeNodeSlapInterfaceWorkflow(SlapOSTestCaseMixin):
     self.assertEqual(None, self.portal.REQUEST.get('compute_node_certificate'))
     self.assertEqual(None, self.compute_node.getDestinationReference())
 
+  def test_renewCertificate(self):
+    self.login(self.compute_node.getUserId())
+    self.compute_node.generateCertificate()
+    compute_node_key = self.portal.REQUEST.get('compute_node_key')
+    compute_node_certificate = self.portal.REQUEST.get('compute_node_certificate')
+    destination_reference = self.compute_node.getDestinationReference()
+
+    self.assertNotEqual(None, compute_node_key)
+    self.assertNotEqual(None, compute_node_certificate)
+    self.assertNotEqual(None, destination_reference)
+    serial = '0x%x' % int(self.compute_node.getDestinationReference(), 16)
+    self.assertTrue(serial in compute_node_certificate)
+    self.assertTrue(self.compute_node.getReference() in compute_node_certificate.decode('string_escape'))
+
+    self.compute_node.renewCertificate()
+    self.assertNotEqual(None, self.portal.REQUEST.get('compute_node_key'))
+    self.assertNotEqual(None, self.portal.REQUEST.get('compute_node_certificate'))
+    self.assertNotEqual(None, self.compute_node.getDestinationReference())
+
+    self.assertNotEqual(compute_node_key, self.portal.REQUEST.get('compute_node_key'))
+    self.assertNotEqual(compute_node_certificate, self.portal.REQUEST.get('compute_node_certificate'))
+    self.assertNotEqual(destination_reference, self.compute_node.getDestinationReference())
+
+  
+  def test_renewCertificateNoCertificate(self):
+    self.login(self.compute_node.getUserId())
+    self.assertRaises(ValueError, self.compute_node.renewCertificate)
+    self.assertEqual(None, self.portal.REQUEST.get('compute_node_key'))
+    self.assertEqual(None, self.portal.REQUEST.get('compute_node_certificate'))
+    self.assertEqual(None, self.compute_node.getDestinationReference())
+
+  def test_renewCertificate_twice(self):
+    self.login(self.compute_node.getUserId())
+    self.compute_node.generateCertificate()
+    compute_node_key = self.portal.REQUEST.get('compute_node_key')
+    compute_node_certificate = self.portal.REQUEST.get('compute_node_certificate')
+    destination_reference = self.compute_node.getDestinationReference()
+
+    self.assertNotEqual(None, compute_node_key)
+    self.assertNotEqual(None, compute_node_certificate)
+    self.assertNotEqual(None, self.compute_node.getDestinationReference())
+    serial = '0x%x' % int(self.compute_node.getDestinationReference(), 16)
+    self.assertTrue(serial in compute_node_certificate)
+    self.assertTrue(self.compute_node.getReference() in compute_node_certificate.decode('string_escape'))
+
+    self.compute_node.renewCertificate()
+    self.assertNotEqual(None, self.portal.REQUEST.get('compute_node_key'))
+    self.assertNotEqual(None, self.portal.REQUEST.get('compute_node_certificate'))
+    self.assertNotEqual(None, self.compute_node.getDestinationReference())
+
+    self.assertNotEqual(compute_node_key, self.portal.REQUEST.get('compute_node_key'))
+    self.assertNotEqual(compute_node_certificate, self.portal.REQUEST.get('compute_node_certificate'))
+    self.assertNotEqual(destination_reference, self.compute_node.getDestinationReference())
+
+    compute_node_key = self.portal.REQUEST.get('compute_node_key')
+    compute_node_certificate = self.portal.REQUEST.get('compute_node_certificate')
+    destination_reference = self.compute_node.getDestinationReference()
+
+    self.compute_node.renewCertificate()
+    self.assertNotEqual(None, self.portal.REQUEST.get('compute_node_key'))
+    self.assertNotEqual(None, self.portal.REQUEST.get('compute_node_certificate'))
+    self.assertNotEqual(None, self.compute_node.getDestinationReference())
+
+    self.assertNotEqual(compute_node_key, self.portal.REQUEST.get('compute_node_key'))
+    self.assertNotEqual(compute_node_certificate, self.portal.REQUEST.get('compute_node_certificate'))
+    self.assertNotEqual(destination_reference, self.compute_node.getDestinationReference())
+
 class TestSlapOSCoreComputeNodeSlapInterfaceWorkflowSupply(SlapOSTestCaseMixin):
 
   def afterSetUp(self):

master/bt5/slapos_cloud/TestTemplateItem/portal_components/test.erp5.testSlapOSCloudInstanceSlapInterfaceWorkflow.py

@@ -1138,3 +1138,70 @@ class TestSlapOSCoreInstanceSlapInterfaceWorkflowTransfer(SlapOSTestCaseMixin):
       len(self.instance_tree.getAggregateRelatedList(portal_type="Internal Packing List Line"))
     )
 
+  def test_generateCertificate(self):
+    self.login()
+    self.software_instance.setDestinationReference(None)
+    self.software_instance.getSslKey(None)
+    self.software_instance.getSslCertificate(None)
+
+    self.software_instance.generateCertificate()
+    self.assertNotEqual(self.software_instance.getDestinationReference(), None)
+    self.assertNotEqual(self.software_instance.getSslKey(), None)
+    self.assertNotEqual(self.software_instance.getSslCertificate(), None)
+
+    self.assertRaises(ValueError, self.software_instance.generateCertificate)
+
+  def test_revokeCertificate(self):
+    self.login()
+    self.assertNotEqual(self.software_instance.getDestinationReference(), None)
+    self.assertNotEqual(self.software_instance.getSslKey(), None)
+    self.assertNotEqual(self.software_instance.getSslCertificate(), None)
+
+    self.software_instance.revokeCertificate()
+    self.assertEqual(self.software_instance.getDestinationReference(), None)
+    self.assertEqual(self.software_instance.getSslKey(), None)
+    self.assertEqual(self.software_instance.getSslCertificate(), None)
+
+    self.assertRaises(ValueError, self.software_instance.revokeCertificate)
+
+  def test_revokeAndGenerateCertificate(self):
+    self.login()
+
+    destination_reference = self.software_instance.getDestinationReference()
+    ssl_key = self.software_instance.getSslKey()
+    ssl_certificate = self.software_instance.getSslCertificate()
+
+    self.assertNotEqual(self.software_instance.getDestinationReference(), None)
+    self.assertNotEqual(self.software_instance.getSslKey(), None)
+    self.assertNotEqual(self.software_instance.getSslCertificate(), None)
+
+    self.software_instance.revokeCertificate()
+    self.software_instance.generateCertificate()
+    self.assertNotEqual(self.software_instance.getDestinationReference(), None)
+    self.assertNotEqual(self.software_instance.getSslKey(), None)
+    self.assertNotEqual(self.software_instance.getSslCertificate(), None)
+
+    self.assertNotEqual(self.software_instance.getDestinationReference(),
+      destination_reference)
+    self.assertNotEqual(self.software_instance.getSslKey(),
+      ssl_key)
+    self.assertNotEqual(self.software_instance.getSslCertificate(),
+      ssl_certificate)
+
+    destination_reference = self.software_instance.getDestinationReference()
+    ssl_key = self.software_instance.getSslKey()
+    ssl_certificate = self.software_instance.getSslCertificate()
+
+    self.software_instance.revokeCertificate()
+    self.software_instance.generateCertificate()
+    self.assertNotEqual(self.software_instance.getDestinationReference(), None)
+    self.assertNotEqual(self.software_instance.getSslKey(), None)
+    self.assertNotEqual(self.software_instance.getSslCertificate(), None)
+
+    self.assertNotEqual(self.software_instance.getDestinationReference(),
+      destination_reference)
+    self.assertNotEqual(self.software_instance.getSslKey(),
+      ssl_key)
+    self.assertNotEqual(self.software_instance.getSslCertificate(),
+      ssl_certificate)
+

master/bt5/slapos_erp5/PathTemplateItem/portal_alarms/slapos_renew_software_instance_certificate.xml

+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="Alarm" module="erp5.portal_type"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>active_sense_method_id</string> </key>
+            <value> <string>Alarm_renewSoftwareInstanceCertificate</string> </value>
+        </item>
+        <item>
+            <key> <string>automatic_solve</string> </key>
+            <value> <int>0</int> </value>
+        </item>
+        <item>
+            <key> <string>description</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
+            <key> <string>enabled</string> </key>
+            <value> <int>0</int> </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>slapos_renew_software_instance_certificate</string> </value>
+        </item>
+        <item>
+            <key> <string>periodicity_hour</string> </key>
+            <value>
+              <tuple>
+                <int>3</int>
+              </tuple>
+            </value>
+        </item>
+        <item>
+            <key> <string>periodicity_minute</string> </key>
+            <value>
+              <tuple>
+                <int>0</int>
+              </tuple>
+            </value>
+        </item>
+        <item>
+            <key> <string>periodicity_minute_frequency</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
+            <key> <string>periodicity_month</string> </key>
+            <value>
+              <tuple/>
+            </value>
+        </item>
+        <item>
+            <key> <string>periodicity_month_day</string> </key>
+            <value>
+              <tuple>
+                <int>3</int>
+              </tuple>
+            </value>
+        </item>
+        <item>
+            <key> <string>periodicity_month_frequency</string> </key>
+            <value> <int>3</int> </value>
+        </item>
+        <item>
+            <key> <string>periodicity_start_date</string> </key>
+            <value>
+              <object>
+                <klass>
+                  <global name="DateTime" module="DateTime.DateTime"/>
+                </klass>
+                <tuple>
+                  <none/>
+                </tuple>
+                <state>
+                  <tuple>
+                    <float>433814400.0</float>
+                    <string>GMT</string>
+                  </tuple>
+                </state>
+              </object>
+            </value>
+        </item>
+        <item>
+            <key> <string>periodicity_week</string> </key>
+            <value>
+              <tuple/>
+            </value>
+        </item>
+        <item>
+            <key> <string>portal_type</string> </key>
+            <value> <string>Alarm</string> </value>
+        </item>
+        <item>
+            <key> <string>sense_method_id</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
+            <key> <string>title</string> </key>
+            <value> <string>SlapOS Renew Certificate for Software Instances</string> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>

master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_administration/Alarm_renewSoftwareInstanceCertificate.py

+# Example code:
+
+# Import a standard function, and get the HTML request and response objects.
+from Products.PythonScripts.standard import html_quote
+request = container.REQUEST
+response =  request.response
+
+# Return a string identifying this script.
+print "This is the", script.meta_type, '"%s"' % script.getId(),
+if script.title:
+    print "(%s)" % html_quote(script.title),
+print "in", container.absolute_url()
+return printed

master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_administration/Alarm_renewSoftwareInstanceCertificate.xml

+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="PythonScript" module="Products.PythonScripts.PythonScript"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>Script_magic</string> </key>
+            <value> <int>3</int> </value>
+        </item>
+        <item>
+            <key> <string>_bind_names</string> </key>
+            <value>
+              <object>
+                <klass>
+                  <global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
+                </klass>
+                <tuple/>
+                <state>
+                  <dictionary>
+                    <item>
+                        <key> <string>_asgns</string> </key>
+                        <value>
+                          <dictionary>
+                            <item>
+                                <key> <string>name_container</string> </key>
+                                <value> <string>container</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_context</string> </key>
+                                <value> <string>context</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_m_self</string> </key>
+                                <value> <string>script</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_subpath</string> </key>
+                                <value> <string>traverse_subpath</string> </value>
+                            </item>
+                          </dictionary>
+                        </value>
+                    </item>
+                  </dictionary>
+                </state>
+              </object>
+            </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>Alarm_renewSoftwareInstanceCertificate</string> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>

master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_administration/SoftwareInstance_renewCertificate.py

+if (context.getPortalType() == "Software Instance" and \
+    context.getValiationState() == "validated" and \
+    context.getSlapState() in ["start_requested", "stop_requested"]):
+  context.revokeCertificate()
+  context.generateCertificate()

master/bt5/slapos_erp5/SkinTemplateItem/portal_skins/slapos_administration/SoftwareInstance_renewCertificate.xml

+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="PythonScript" module="Products.PythonScripts.PythonScript"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>Script_magic</string> </key>
+            <value> <int>3</int> </value>
+        </item>
+        <item>
+            <key> <string>_bind_names</string> </key>
+            <value>
+              <object>
+                <klass>
+                  <global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
+                </klass>
+                <tuple/>
+                <state>
+                  <dictionary>
+                    <item>
+                        <key> <string>_asgns</string> </key>
+                        <value>
+                          <dictionary>
+                            <item>
+                                <key> <string>name_container</string> </key>
+                                <value> <string>container</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_context</string> </key>
+                                <value> <string>context</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_m_self</string> </key>
+                                <value> <string>script</string> </value>
+                            </item>
+                            <item>
+                                <key> <string>name_subpath</string> </key>
+                                <value> <string>traverse_subpath</string> </value>
+                            </item>
+                          </dictionary>
+                        </value>
+                    </item>
+                  </dictionary>
+                </state>
+              </object>
+            </value>
+        </item>
+        <item>
+            <key> <string>_params</string> </key>
+            <value> <string>**kw</string> </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>SoftwareInstance_renewCertificate</string> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>

master/bt5/slapos_erp5/bt/template_path_list

@@ -6,6 +6,7 @@ portal_alarms/slapos_check_security_uid
 portal_alarms/slapos_check_stored_broken_state
 portal_alarms/slapos_erp5_cleanup_active_process
 portal_alarms/slapos_erp5_cleanup_business_template
+portal_alarms/slapos_renew_software_instance_certificate
 portal_caches/erp5_session_cache/distributed_ram_cache
 portal_categories/local_role_group/**
 software_product_module/frontend