slapos_cloud: remove constraints on software instance certificate, revoke...

slapos_cloud: remove constraints on software instance certificate, revoke previous instance certificate when request a new one.

If a valid certificate exists and Node try to request a new certificate, the old certificate is revoked first.

master/bt5/slapos_cloud/DocumentTemplateItem/portal_components/document.erp5.CaucaseRESTClientInterface.py

@@ -30,13 +30,11 @@ from AccessControl import ClassSecurityInfo
 from Products.ERP5Type.Globals import InitializeClass
 from Products.ERP5Type import Permissions
 from Products.ERP5Type.XMLObject import XMLObject
-from DateTime import DateTime
 import functools
-from json import loads, dumps
+from json import loads
 import urllib2, urllib
 from httplib import HTTPSConnection
 import urlparse
-from zLOG import LOG, INFO
 
 class TolerateErrorHandler(urllib2.BaseHandler):
   handler_order = 100 # Get registered before default error hander (at 500)
@@ -168,7 +166,7 @@ class CaucaseRESTClientInterface(XMLObject):
 
   def deleteCertificateSigningRequest(self, csr_id):
     """
-      Return CSR from his id
+      Delete CSR from his id
     """
     response = self._request('/csr/%s' % csr_id, method='DELETE').read()
   

master/bt5/slapos_cloud/DocumentTemplateItem/portal_components/document.erp5.CaucaseRESTClientInterface.xml

@@ -45,12 +45,7 @@
         <item>
             <key> <string>text_content_warning_message</string> </key>
             <value>
-              <tuple>
-                <string>W: 33,  0: Unused DateTime imported from DateTime (unused-import)</string>
-                <string>W: 35,  0: Unused dumps imported from json (unused-import)</string>
-                <string>W: 39,  0: Unused INFO imported from zLOG (unused-import)</string>
-                <string>W: 39,  0: Unused LOG imported from zLOG (unused-import)</string>
-              </tuple>
+              <tuple/>
             </value>
         </item>
         <item>

master/bt5/slapos_cloud/DocumentTemplateItem/portal_components/document.erp5.SoftwareInstance.py

@@ -97,27 +97,31 @@ class SoftwareInstance(Item):
   def requestCertificate(self, certificate_request):
     """Request a new certificate for this instance"""
     certificate_id = self._getInstanceCertificate()
-    if certificate_id is None:
-      ca_service = self.getPortalObject().portal_web_services.caucase_adapter
-      csr_id = ca_service.putCertificateSigningRequest(certificate_request)
-  
-      # Sign the csr immediately
-      crt_id, url = ca_service.signCertificate(csr_id)
-
-      # link to the Instance
-      certificate_id = self.newContent(
-        portal_type="Certificate Access ID",
-        reference=crt_id,
-        url_string=url)
-
-      certificate_id.validate()
+    if certificate_id is not None:
+      # Get new Certificate will automatically revoke the previous
+      self.revokeCertificate(certificate_id)
+
+    ca_service = self.getPortalObject().portal_web_services.caucase_adapter
+    csr_id = ca_service.putCertificateSigningRequest(certificate_request)
+
+    # Sign the csr immediately
+    crt_id, url = ca_service.signCertificate(csr_id)
+
+    # link to the Instance
+    certificate_id = self.newContent(
+      portal_type="Certificate Access ID",
+      reference=crt_id,
+      url_string=url)
+
+    certificate_id.validate()
     return self._getCertificate(certificate_id.getReference())
 
   security.declareProtected(Permissions.AccessContentsInformation,
     'revokeCertificate')
-  def revokeCertificate(self):
-    """Returns existing certificate of this instance"""
-    certificate_id = self._getInstanceCertificate()
+  def revokeCertificate(self, certificate_id=None):
+    """Revoke existing certificate of this instance"""
+    if certificate_id is None:
+      certificate_id = self._getInstanceCertificate()
     if certificate_id:
       return self.getPortalObject().portal_web_services.caucase_adapter \
           .revokeCertificate(certificate_id.getReference())

master/bt5/slapos_cloud/PropertySheetTemplateItem/portal_property_sheets/SoftwareInstanceConstraint/not_destroy_requested_property_existence_constraint.xml

-<?xml version="1.0"?>
-<ZopeData>
-  <record id="1" aka="AAAAAAAAAAE=">
-    <pickle>
-      <global name="Property Existence Constraint" module="erp5.portal_type"/>
-    </pickle>
-    <pickle>
-      <dictionary>
-        <item>
-            <key> <string>_identity_criterion</string> </key>
-            <value>
-              <persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
-            </value>
-        </item>
-        <item>
-            <key> <string>_range_criterion</string> </key>
-            <value>
-              <persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent>
-            </value>
-        </item>
-        <item>
-            <key> <string>constraint_property</string> </key>
-            <value>
-              <tuple>
-                <string>ssl_certificate</string>
-                <string>ssl_key</string>
-              </tuple>
-            </value>
-        </item>
-        <item>
-            <key> <string>description</string> </key>
-            <value>
-              <none/>
-            </value>
-        </item>
-        <item>
-            <key> <string>id</string> </key>
-            <value> <string>not_destroy_requested_property_existence_constraint</string> </value>
-        </item>
-        <item>
-            <key> <string>int_index</string> </key>
-            <value>
-              <none/>
-            </value>
-        </item>
-        <item>
-            <key> <string>membership_criterion_category</string> </key>
-            <value>
-              <tuple/>
-            </value>
-        </item>
-        <item>
-            <key> <string>message_no_such_property</string> </key>
-            <value> <string>Property existence error for property ${property_id}, this document has no such property or the property has never been set</string> </value>
-        </item>
-        <item>
-            <key> <string>portal_type</string> </key>
-            <value> <string>Property Existence Constraint</string> </value>
-        </item>
-        <item>
-            <key> <string>string_index</string> </key>
-            <value>
-              <none/>
-            </value>
-        </item>
-        <item>
-            <key> <string>test_method_id</string> </key>
-            <value>
-              <tuple/>
-            </value>
-        </item>
-        <item>
-            <key> <string>test_tales_expression</string> </key>
-            <value> <string>python: context.getSlapState() != \'destroy_requested\'</string> </value>
-        </item>
-      </dictionary>
-    </pickle>
-  </record>
-  <record id="2" aka="AAAAAAAAAAI=">
-    <pickle>
-      <global name="PersistentMapping" module="Persistence.mapping"/>
-    </pickle>
-    <pickle>
-      <dictionary>
-        <item>
-            <key> <string>data</string> </key>
-            <value>
-              <dictionary/>
-            </value>
-        </item>
-      </dictionary>
-    </pickle>
-  </record>
-  <record id="3" aka="AAAAAAAAAAM=">
-    <pickle>
-      <global name="PersistentMapping" module="Persistence.mapping"/>
-    </pickle>
-    <pickle>
-      <dictionary>
-        <item>
-            <key> <string>data</string> </key>
-            <value>
-              <dictionary/>
-            </value>
-        </item>
-      </dictionary>
-    </pickle>
-  </record>
-</ZopeData>

master/bt5/slapos_cloud/PropertySheetTemplateItem/portal_property_sheets/SoftwareInstanceConstraint/property_existence_constraint.xml

@@ -22,7 +22,6 @@
             <key> <string>constraint_property</string> </key>
             <value>
               <tuple>
-                <string>destination_reference</string>
                 <string>reference</string>
               </tuple>
             </value>