Commit 10a77861 authored by Rafael Monnerat's avatar Rafael Monnerat

slapos_cloud: Include API to renew the certificates

See merge request nexedi/slapos.core!377
parents c113c5ef b0a1e55b
...@@ -293,6 +293,73 @@ class TestSlapOSCoreComputeNodeSlapInterfaceWorkflow(SlapOSTestCaseMixin): ...@@ -293,6 +293,73 @@ class TestSlapOSCoreComputeNodeSlapInterfaceWorkflow(SlapOSTestCaseMixin):
self.assertEqual(None, self.portal.REQUEST.get('compute_node_certificate')) self.assertEqual(None, self.portal.REQUEST.get('compute_node_certificate'))
self.assertEqual(None, self.compute_node.getDestinationReference()) self.assertEqual(None, self.compute_node.getDestinationReference())
def test_renewCertificate(self):
self.login(self.compute_node.getUserId())
self.compute_node.generateCertificate()
compute_node_key = self.portal.REQUEST.get('compute_node_key')
compute_node_certificate = self.portal.REQUEST.get('compute_node_certificate')
destination_reference = self.compute_node.getDestinationReference()
self.assertNotEqual(None, compute_node_key)
self.assertNotEqual(None, compute_node_certificate)
self.assertNotEqual(None, destination_reference)
serial = '0x%x' % int(self.compute_node.getDestinationReference(), 16)
self.assertTrue(serial in compute_node_certificate)
self.assertTrue(self.compute_node.getReference() in compute_node_certificate.decode('string_escape'))
self.compute_node.renewCertificate()
self.assertNotEqual(None, self.portal.REQUEST.get('compute_node_key'))
self.assertNotEqual(None, self.portal.REQUEST.get('compute_node_certificate'))
self.assertNotEqual(None, self.compute_node.getDestinationReference())
self.assertNotEqual(compute_node_key, self.portal.REQUEST.get('compute_node_key'))
self.assertNotEqual(compute_node_certificate, self.portal.REQUEST.get('compute_node_certificate'))
self.assertNotEqual(destination_reference, self.compute_node.getDestinationReference())
def test_renewCertificateNoCertificate(self):
self.login(self.compute_node.getUserId())
self.assertRaises(ValueError, self.compute_node.renewCertificate)
self.assertEqual(None, self.portal.REQUEST.get('compute_node_key'))
self.assertEqual(None, self.portal.REQUEST.get('compute_node_certificate'))
self.assertEqual(None, self.compute_node.getDestinationReference())
def test_renewCertificate_twice(self):
self.login(self.compute_node.getUserId())
self.compute_node.generateCertificate()
compute_node_key = self.portal.REQUEST.get('compute_node_key')
compute_node_certificate = self.portal.REQUEST.get('compute_node_certificate')
destination_reference = self.compute_node.getDestinationReference()
self.assertNotEqual(None, compute_node_key)
self.assertNotEqual(None, compute_node_certificate)
self.assertNotEqual(None, self.compute_node.getDestinationReference())
serial = '0x%x' % int(self.compute_node.getDestinationReference(), 16)
self.assertTrue(serial in compute_node_certificate)
self.assertTrue(self.compute_node.getReference() in compute_node_certificate.decode('string_escape'))
self.compute_node.renewCertificate()
self.assertNotEqual(None, self.portal.REQUEST.get('compute_node_key'))
self.assertNotEqual(None, self.portal.REQUEST.get('compute_node_certificate'))
self.assertNotEqual(None, self.compute_node.getDestinationReference())
self.assertNotEqual(compute_node_key, self.portal.REQUEST.get('compute_node_key'))
self.assertNotEqual(compute_node_certificate, self.portal.REQUEST.get('compute_node_certificate'))
self.assertNotEqual(destination_reference, self.compute_node.getDestinationReference())
compute_node_key = self.portal.REQUEST.get('compute_node_key')
compute_node_certificate = self.portal.REQUEST.get('compute_node_certificate')
destination_reference = self.compute_node.getDestinationReference()
self.compute_node.renewCertificate()
self.assertNotEqual(None, self.portal.REQUEST.get('compute_node_key'))
self.assertNotEqual(None, self.portal.REQUEST.get('compute_node_certificate'))
self.assertNotEqual(None, self.compute_node.getDestinationReference())
self.assertNotEqual(compute_node_key, self.portal.REQUEST.get('compute_node_key'))
self.assertNotEqual(compute_node_certificate, self.portal.REQUEST.get('compute_node_certificate'))
self.assertNotEqual(destination_reference, self.compute_node.getDestinationReference())
class TestSlapOSCoreComputeNodeSlapInterfaceWorkflowSupply(SlapOSTestCaseMixin): class TestSlapOSCoreComputeNodeSlapInterfaceWorkflowSupply(SlapOSTestCaseMixin):
def afterSetUp(self): def afterSetUp(self):
......
...@@ -1138,3 +1138,70 @@ class TestSlapOSCoreInstanceSlapInterfaceWorkflowTransfer(SlapOSTestCaseMixin): ...@@ -1138,3 +1138,70 @@ class TestSlapOSCoreInstanceSlapInterfaceWorkflowTransfer(SlapOSTestCaseMixin):
len(self.instance_tree.getAggregateRelatedList(portal_type="Internal Packing List Line")) len(self.instance_tree.getAggregateRelatedList(portal_type="Internal Packing List Line"))
) )
def test_generateCertificate(self):
self.login()
self.software_instance.setDestinationReference(None)
self.software_instance.getSslKey(None)
self.software_instance.getSslCertificate(None)
self.software_instance.generateCertificate()
self.assertNotEqual(self.software_instance.getDestinationReference(), None)
self.assertNotEqual(self.software_instance.getSslKey(), None)
self.assertNotEqual(self.software_instance.getSslCertificate(), None)
self.assertRaises(ValueError, self.software_instance.generateCertificate)
def test_revokeCertificate(self):
self.login()
self.assertNotEqual(self.software_instance.getDestinationReference(), None)
self.assertNotEqual(self.software_instance.getSslKey(), None)
self.assertNotEqual(self.software_instance.getSslCertificate(), None)
self.software_instance.revokeCertificate()
self.assertEqual(self.software_instance.getDestinationReference(), None)
self.assertEqual(self.software_instance.getSslKey(), None)
self.assertEqual(self.software_instance.getSslCertificate(), None)
self.assertRaises(ValueError, self.software_instance.revokeCertificate)
def test_revokeAndGenerateCertificate(self):
self.login()
destination_reference = self.software_instance.getDestinationReference()
ssl_key = self.software_instance.getSslKey()
ssl_certificate = self.software_instance.getSslCertificate()
self.assertNotEqual(self.software_instance.getDestinationReference(), None)
self.assertNotEqual(self.software_instance.getSslKey(), None)
self.assertNotEqual(self.software_instance.getSslCertificate(), None)
self.software_instance.revokeCertificate()
self.software_instance.generateCertificate()
self.assertNotEqual(self.software_instance.getDestinationReference(), None)
self.assertNotEqual(self.software_instance.getSslKey(), None)
self.assertNotEqual(self.software_instance.getSslCertificate(), None)
self.assertNotEqual(self.software_instance.getDestinationReference(),
destination_reference)
self.assertNotEqual(self.software_instance.getSslKey(),
ssl_key)
self.assertNotEqual(self.software_instance.getSslCertificate(),
ssl_certificate)
destination_reference = self.software_instance.getDestinationReference()
ssl_key = self.software_instance.getSslKey()
ssl_certificate = self.software_instance.getSslCertificate()
self.software_instance.revokeCertificate()
self.software_instance.generateCertificate()
self.assertNotEqual(self.software_instance.getDestinationReference(), None)
self.assertNotEqual(self.software_instance.getSslKey(), None)
self.assertNotEqual(self.software_instance.getSslCertificate(), None)
self.assertNotEqual(self.software_instance.getDestinationReference(),
destination_reference)
self.assertNotEqual(self.software_instance.getSslKey(),
ssl_key)
self.assertNotEqual(self.software_instance.getSslCertificate(),
ssl_certificate)
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<global name="Alarm" module="erp5.portal_type"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>active_sense_method_id</string> </key>
<value> <string>Alarm_renewSoftwareInstanceCertificate</string> </value>
</item>
<item>
<key> <string>automatic_solve</string> </key>
<value> <int>0</int> </value>
</item>
<item>
<key> <string>description</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>enabled</string> </key>
<value> <int>0</int> </value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>slapos_renew_software_instance_certificate</string> </value>
</item>
<item>
<key> <string>periodicity_hour</string> </key>
<value>
<tuple>
<int>3</int>
</tuple>
</value>
</item>
<item>
<key> <string>periodicity_minute</string> </key>
<value>
<tuple>
<int>0</int>
</tuple>
</value>
</item>
<item>
<key> <string>periodicity_minute_frequency</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>periodicity_month</string> </key>
<value>
<tuple/>
</value>
</item>
<item>
<key> <string>periodicity_month_day</string> </key>
<value>
<tuple>
<int>3</int>
</tuple>
</value>
</item>
<item>
<key> <string>periodicity_month_frequency</string> </key>
<value> <int>3</int> </value>
</item>
<item>
<key> <string>periodicity_start_date</string> </key>
<value>
<object>
<klass>
<global name="DateTime" module="DateTime.DateTime"/>
</klass>
<tuple>
<none/>
</tuple>
<state>
<tuple>
<float>433814400.0</float>
<string>GMT</string>
</tuple>
</state>
</object>
</value>
</item>
<item>
<key> <string>periodicity_week</string> </key>
<value>
<tuple/>
</value>
</item>
<item>
<key> <string>portal_type</string> </key>
<value> <string>Alarm</string> </value>
</item>
<item>
<key> <string>sense_method_id</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>title</string> </key>
<value> <string>SlapOS Renew Certificate for Software Instances</string> </value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
# Example code:
# Import a standard function, and get the HTML request and response objects.
from Products.PythonScripts.standard import html_quote
request = container.REQUEST
response = request.response
# Return a string identifying this script.
print "This is the", script.meta_type, '"%s"' % script.getId(),
if script.title:
print "(%s)" % html_quote(script.title),
print "in", container.absolute_url()
return printed
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<global name="PythonScript" module="Products.PythonScripts.PythonScript"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>Script_magic</string> </key>
<value> <int>3</int> </value>
</item>
<item>
<key> <string>_bind_names</string> </key>
<value>
<object>
<klass>
<global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
</klass>
<tuple/>
<state>
<dictionary>
<item>
<key> <string>_asgns</string> </key>
<value>
<dictionary>
<item>
<key> <string>name_container</string> </key>
<value> <string>container</string> </value>
</item>
<item>
<key> <string>name_context</string> </key>
<value> <string>context</string> </value>
</item>
<item>
<key> <string>name_m_self</string> </key>
<value> <string>script</string> </value>
</item>
<item>
<key> <string>name_subpath</string> </key>
<value> <string>traverse_subpath</string> </value>
</item>
</dictionary>
</value>
</item>
</dictionary>
</state>
</object>
</value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>Alarm_renewSoftwareInstanceCertificate</string> </value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
if (context.getPortalType() == "Software Instance" and \
context.getValiationState() == "validated" and \
context.getSlapState() in ["start_requested", "stop_requested"]):
context.revokeCertificate()
context.generateCertificate()
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<global name="PythonScript" module="Products.PythonScripts.PythonScript"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>Script_magic</string> </key>
<value> <int>3</int> </value>
</item>
<item>
<key> <string>_bind_names</string> </key>
<value>
<object>
<klass>
<global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
</klass>
<tuple/>
<state>
<dictionary>
<item>
<key> <string>_asgns</string> </key>
<value>
<dictionary>
<item>
<key> <string>name_container</string> </key>
<value> <string>container</string> </value>
</item>
<item>
<key> <string>name_context</string> </key>
<value> <string>context</string> </value>
</item>
<item>
<key> <string>name_m_self</string> </key>
<value> <string>script</string> </value>
</item>
<item>
<key> <string>name_subpath</string> </key>
<value> <string>traverse_subpath</string> </value>
</item>
</dictionary>
</value>
</item>
</dictionary>
</state>
</object>
</value>
</item>
<item>
<key> <string>_params</string> </key>
<value> <string>**kw</string> </value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>SoftwareInstance_renewCertificate</string> </value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
...@@ -6,6 +6,7 @@ portal_alarms/slapos_check_security_uid ...@@ -6,6 +6,7 @@ portal_alarms/slapos_check_security_uid
portal_alarms/slapos_check_stored_broken_state portal_alarms/slapos_check_stored_broken_state
portal_alarms/slapos_erp5_cleanup_active_process portal_alarms/slapos_erp5_cleanup_active_process
portal_alarms/slapos_erp5_cleanup_business_template portal_alarms/slapos_erp5_cleanup_business_template
portal_alarms/slapos_renew_software_instance_certificate
portal_caches/erp5_session_cache/distributed_ram_cache portal_caches/erp5_session_cache/distributed_ram_cache
portal_categories/local_role_group/** portal_categories/local_role_group/**
software_product_module/frontend software_product_module/frontend
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment