Commit a30ef074 authored by Alain Takoudjou's avatar Alain Takoudjou

slapos_cloud: remove constraints on software instance certificate, revoke...

slapos_cloud: remove constraints on software instance certificate, revoke previous instance certificate when request a new one.

If a valid certificate exists and Node try to request a new certificate, the old certificate is revoked first.
parent 691529b3
......@@ -30,13 +30,11 @@ from AccessControl import ClassSecurityInfo
from Products.ERP5Type.Globals import InitializeClass
from Products.ERP5Type import Permissions
from Products.ERP5Type.XMLObject import XMLObject
from DateTime import DateTime
import functools
from json import loads, dumps
from json import loads
import urllib2, urllib
from httplib import HTTPSConnection
import urlparse
from zLOG import LOG, INFO
class TolerateErrorHandler(urllib2.BaseHandler):
handler_order = 100 # Get registered before default error hander (at 500)
......@@ -168,7 +166,7 @@ class CaucaseRESTClientInterface(XMLObject):
def deleteCertificateSigningRequest(self, csr_id):
"""
Return CSR from his id
Delete CSR from his id
"""
response = self._request('/csr/%s' % csr_id, method='DELETE').read()
......
......@@ -45,12 +45,7 @@
<item>
<key> <string>text_content_warning_message</string> </key>
<value>
<tuple>
<string>W: 33, 0: Unused DateTime imported from DateTime (unused-import)</string>
<string>W: 35, 0: Unused dumps imported from json (unused-import)</string>
<string>W: 39, 0: Unused INFO imported from zLOG (unused-import)</string>
<string>W: 39, 0: Unused LOG imported from zLOG (unused-import)</string>
</tuple>
<tuple/>
</value>
</item>
<item>
......
......@@ -97,7 +97,10 @@ class SoftwareInstance(Item):
def requestCertificate(self, certificate_request):
"""Request a new certificate for this instance"""
certificate_id = self._getInstanceCertificate()
if certificate_id is None:
if certificate_id is not None:
# Get new Certificate will automatically revoke the previous
self.revokeCertificate(certificate_id)
ca_service = self.getPortalObject().portal_web_services.caucase_adapter
csr_id = ca_service.putCertificateSigningRequest(certificate_request)
......@@ -115,8 +118,9 @@ class SoftwareInstance(Item):
security.declareProtected(Permissions.AccessContentsInformation,
'revokeCertificate')
def revokeCertificate(self):
"""Returns existing certificate of this instance"""
def revokeCertificate(self, certificate_id=None):
"""Revoke existing certificate of this instance"""
if certificate_id is None:
certificate_id = self._getInstanceCertificate()
if certificate_id:
return self.getPortalObject().portal_web_services.caucase_adapter \
......
<?xml version="1.0"?>
<ZopeData>
<record id="1" aka="AAAAAAAAAAE=">
<pickle>
<global name="Property Existence Constraint" module="erp5.portal_type"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>_identity_criterion</string> </key>
<value>
<persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
</value>
</item>
<item>
<key> <string>_range_criterion</string> </key>
<value>
<persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent>
</value>
</item>
<item>
<key> <string>constraint_property</string> </key>
<value>
<tuple>
<string>ssl_certificate</string>
<string>ssl_key</string>
</tuple>
</value>
</item>
<item>
<key> <string>description</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>id</string> </key>
<value> <string>not_destroy_requested_property_existence_constraint</string> </value>
</item>
<item>
<key> <string>int_index</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>membership_criterion_category</string> </key>
<value>
<tuple/>
</value>
</item>
<item>
<key> <string>message_no_such_property</string> </key>
<value> <string>Property existence error for property ${property_id}, this document has no such property or the property has never been set</string> </value>
</item>
<item>
<key> <string>portal_type</string> </key>
<value> <string>Property Existence Constraint</string> </value>
</item>
<item>
<key> <string>string_index</string> </key>
<value>
<none/>
</value>
</item>
<item>
<key> <string>test_method_id</string> </key>
<value>
<tuple/>
</value>
</item>
<item>
<key> <string>test_tales_expression</string> </key>
<value> <string>python: context.getSlapState() != \'destroy_requested\'</string> </value>
</item>
</dictionary>
</pickle>
</record>
<record id="2" aka="AAAAAAAAAAI=">
<pickle>
<global name="PersistentMapping" module="Persistence.mapping"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>data</string> </key>
<value>
<dictionary/>
</value>
</item>
</dictionary>
</pickle>
</record>
<record id="3" aka="AAAAAAAAAAM=">
<pickle>
<global name="PersistentMapping" module="Persistence.mapping"/>
</pickle>
<pickle>
<dictionary>
<item>
<key> <string>data</string> </key>
<value>
<dictionary/>
</value>
</item>
</dictionary>
</pickle>
</record>
</ZopeData>
......@@ -22,7 +22,6 @@
<key> <string>constraint_property</string> </key>
<value>
<tuple>
<string>destination_reference</string>
<string>reference</string>
</tuple>
</value>
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment