Store Certificate ID into a new portal type, update getcertificate and...

Store Certificate ID into a new portal type, update getcertificate and revokeCertificate for person, computer, software instance

master/bt5/slapos_cloud/ActionTemplateItem/portal_types/Certificate%20Access%20ID/view.xml

+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="ActionInformation" module="Products.CMFCore.ActionInformation"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>action</string> </key>
+            <value>
+              <persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
+            </value>
+        </item>
+        <item>
+            <key> <string>categories</string> </key>
+            <value>
+              <tuple>
+                <string>action_type/object_view</string>
+              </tuple>
+            </value>
+        </item>
+        <item>
+            <key> <string>category</string> </key>
+            <value> <string>object_view</string> </value>
+        </item>
+        <item>
+            <key> <string>condition</string> </key>
+            <value> <string></string> </value>
+        </item>
+        <item>
+            <key> <string>description</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
+            <key> <string>icon</string> </key>
+            <value> <string></string> </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>view</string> </value>
+        </item>
+        <item>
+            <key> <string>permissions</string> </key>
+            <value>
+              <tuple>
+                <string>View</string>
+              </tuple>
+            </value>
+        </item>
+        <item>
+            <key> <string>portal_type</string> </key>
+            <value> <string>Action Information</string> </value>
+        </item>
+        <item>
+            <key> <string>priority</string> </key>
+            <value> <float>1.0</float> </value>
+        </item>
+        <item>
+            <key> <string>title</string> </key>
+            <value> <string>View</string> </value>
+        </item>
+        <item>
+            <key> <string>visible</string> </key>
+            <value> <int>1</int> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+  <record id="2" aka="AAAAAAAAAAI=">
+    <pickle>
+      <global name="Expression" module="Products.CMFCore.Expression"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>text</string> </key>
+            <value> <string>string:${object_url}/CertificateAccessID_view</string> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>

master/bt5/slapos_cloud/DocumentTemplateItem/portal_components/document.erp5.Person.py

@@ -2,14 +2,6 @@ from AccessControl import ClassSecurityInfo, Unauthorized, getSecurityManager
 from Products.ERP5.Document.Person import Person as ERP5Person
 from Products.ERP5Type import Permissions
 
-class UserCertificateNotFound(Exception):
-  """Exception raised when certificate is not found"""
-  pass
-
-class UserCertificateFound(Exception):
-  """Exception raised when certificate is found"""
-  pass
-
 class Person(ERP5Person):
   security = ClassSecurityInfo()
 
@@ -26,29 +18,42 @@ class Person(ERP5Person):
       if getSecurityManager().getUser().getId() != reference:
         raise
 
+  def getPersonCertificateList(self):
+    return [x for x in
+      self.contentValues(portal_type="Certificate Access ID")
+      if x.getValidationState() == 'validated']
+
   security.declarePublic('signCertificate')
   def signCertificate(self, csr):
     """Send csr for certificate signature"""
     self._checkCertificateRequest()
-    if self.getDestinationReference():
-      raise UserCertificateFound("A Certificate already exists, please revoke it first!")
+    if len(self.getPersonCertificateList()):
+      raise ValueError("A Certificate already exists, please revoke it first!")
     ca_service = self.getPortalObject().portal_web_services.caucase_adapter
     csr_id = ca_service.putCertificateSigningRequest(csr)
 
     # Sign the csr immediately
     crt_id, url = ca_service.signCertificate(csr_id)
-    self.setDestinationReference(crt_id)
+
+    # link to the user
+    certificate_id = self.newContent(
+      portal_type="Certificate Access ID",
+      reference=crt_id,
+      url_string=url)
+
+    certificate_id.validate()
     return crt_id, url
 
   security.declarePublic('getCertificate')
   def getCertificate(self):
     """Returns existing SSL certificate"""
     self._checkCertificateRequest()
-    crt_id = self.getDestinationReference()
-    if crt_id:
+    crt_id_list = self.getPersonCertificateList()
+    if crt_id_list:
+      # XXX - considering there is only one certificate per user
       return self.getPortalObject().portal_web_services.caucase_adapter\
-        .getCertificate(crt_id)
-    raise UserCertificateNotFound(
+        .getCertificate(crt_id_list[0].getReference())
+    raise ValueError(
       "No certificate set for the user %s" % self.getReference()
     )
 
@@ -56,14 +61,16 @@ class Person(ERP5Person):
   def revokeCertificate(self):
     """Revokes existing certificate"""
     self._checkCertificateRequest()
-    crt_id = self.getDestinationReference()
-    if crt_id:
+    crt_id_list = self.getPersonCertificateList()
+    if crt_id_list:
+      # XXX - considering there is only one certificate per user
+      certificate_id = crt_id_list[0]
       response = self.getPortalObject().portal_web_services.caucase_adapter\
-        .revokeCertificate(crt_id)
-      # Remove Destination Reference
-      self.setDestinationReference("")
-      return response.read()
-    raise UserCertificateNotFound(
+        .revokeCertificate(certificate_id.getReference())
+      # Invalidate certificate id of the user
+      certificate_id.invalidate()
+      return response
+    raise ValueError(
       "No certificate set for the user %s" % self.getReference()
     )
 

master/bt5/slapos_cloud/DocumentTemplateItem/portal_components/document.erp5.SoftwareInstance.py

@@ -69,6 +69,62 @@ class SoftwareInstance(Item):
       result_dict[key] = value
     return result_dict
 
+  def _getInstanceCertificate(self):
+    certificate_id_list = [x for x in
+      self.contentValues(portal_type="Certificate Access ID")
+      if x.getValidationState() == 'validated']
+
+    if certificate_id_list:
+      return certificate_id_list[0]
+
+  def _getCertificate(self, cert_id):
+    return self.getPortalObject().portal_web_services.caucase_adapter\
+        .getCertificate(cert_id)
+
+  security.declareProtected(Permissions.AccessContentsInformation,
+    'getCertificate')
+  def getCertificate(self):
+    """Returns existing certificate of this instance"""
+    certificate_id = self._getInstanceCertificate()
+    if certificate_id:
+      return self._getCertificate(certificate_id.getReference())
+    raise ValueError(
+      "No certificate set for Software Instance %s" % self.getReference()
+    )
+
+  security.declareProtected(Permissions.AccessContentsInformation,
+    'requestCertificate')
+  def requestCertificate(self, certificate_request):
+    """Request a new certificate for this instance"""
+    certificate_id = self._getInstanceCertificate()
+    if certificate_id is None:
+      ca_service = self.getPortalObject().portal_web_services.caucase_adapter
+      csr_id = ca_service.putCertificateSigningRequest(certificate_request)
+  
+      # Sign the csr immediately
+      crt_id, url = ca_service.signCertificate(csr_id)
+
+      # link to the Instance
+      certificate_id = self.newContent(
+        portal_type="Certificate Access ID",
+        reference=crt_id,
+        url_string=url)
+
+      certificate_id.validate()
+    return self._getCertificate(certificate_id.getReference())
+
+  security.declareProtected(Permissions.AccessContentsInformation,
+    'revokeCertificate')
+  def revokeCertificate(self):
+    """Returns existing certificate of this instance"""
+    certificate_id = self._getInstanceCertificate()
+    if certificate_id:
+      return self.getPortalObject().portal_web_services.caucase_adapter \
+          .revokeCertificate(certificate_id.getReference())
+    raise ValueError(
+      "No certificate found for Software Instance %s" % self.getReference()
+    )
+
   security.declareProtected(Permissions.AccessContentsInformation,
     'getSlaXmlAsDict')
   def getSlaXmlAsDict(self):

master/bt5/slapos_cloud/DocumentTemplateItem/portal_components/document.erp5.SoftwareInstance.xml

@@ -6,10 +6,22 @@
     </pickle>
     <pickle>
       <dictionary>
+        <item>
+            <key> <string>_recorded_property_dict</string> </key>
+            <value>
+              <persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
+            </value>
+        </item>
         <item>
             <key> <string>default_reference</string> </key>
             <value> <string>SoftwareInstance</string> </value>
         </item>
+        <item>
+            <key> <string>description</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
         <item>
             <key> <string>id</string> </key>
             <value> <string>document.erp5.SoftwareInstance</string> </value>
@@ -43,13 +55,28 @@
         <item>
             <key> <string>workflow_history</string> </key>
             <value>
-              <persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
+              <persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent>
             </value>
         </item>
       </dictionary>
     </pickle>
   </record>
   <record id="2" aka="AAAAAAAAAAI=">
+    <pickle>
+      <global name="PersistentMapping" module="Persistence.mapping"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>data</string> </key>
+            <value>
+              <dictionary/>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+  <record id="3" aka="AAAAAAAAAAM=">
     <pickle>
       <global name="PersistentMapping" module="Persistence.mapping"/>
     </pickle>
@@ -62,7 +89,7 @@
                 <item>
                     <key> <string>component_validation_workflow</string> </key>
                     <value>
-                      <persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent>
+                      <persistent> <string encoding="base64">AAAAAAAAAAQ=</string> </persistent>
                     </value>
                 </item>
               </dictionary>
@@ -71,7 +98,7 @@
       </dictionary>
     </pickle>
   </record>
-  <record id="3" aka="AAAAAAAAAAM=">
+  <record id="4" aka="AAAAAAAAAAQ=">
     <pickle>
       <global name="WorkflowHistoryList" module="Products.ERP5Type.patches.WorkflowTool"/>
     </pickle>

master/bt5/slapos_cloud/PortalTypeAllowedContentTypeTemplateItem/allowed_content_types.xml

 <allowed_content_type_list>
+ <portal_type id="Computer">
+  <item>Certificate Access ID</item>
+ </portal_type>
  <portal_type id="Hosting Subscription Module">
   <item>Hosting Subscription</item>
  </portal_type>
+ <portal_type id="Person">
+  <item>Certificate Access ID</item>
+ </portal_type>
  <portal_type id="Software Installation Module">
   <item>Software Installation</item>
  </portal_type>
+ <portal_type id="Software Instance">
+  <item>Certificate Access ID</item>
+ </portal_type>
  <portal_type id="Software Instance Module">
   <item>Slave Instance</item>
   <item>Software Instance</item>

master/bt5/slapos_cloud/PortalTypePropertySheetTemplateItem/property_sheet_list.xml

@@ -7,6 +7,10 @@
   <item>RESTClientInterface</item>
   <item>Url</item>
  </portal_type>
+ <portal_type id="Certificate Access ID">
+  <item>Reference</item>
+  <item>Url</item>
+ </portal_type>
  <portal_type id="Computer">
   <item>SlaposCapacity</item>
   <item>SlaposComputerConstraint</item>

master/bt5/slapos_cloud/PortalTypeTemplateItem/portal_types/Certificate%20Access%20ID.xml

+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="Base Type" module="erp5.portal_type"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>_property_domain_dict</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>short_title</string> </key>
+                    <value>
+                      <persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
+                    </value>
+                </item>
+                <item>
+                    <key> <string>title</string> </key>
+                    <value>
+                      <persistent> <string encoding="base64">AAAAAAAAAAM=</string> </persistent>
+                    </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+        <item>
+            <key> <string>acquire_local_roles</string> </key>
+            <value> <int>1</int> </value>
+        </item>
+        <item>
+            <key> <string>content_icon</string> </key>
+            <value> <string>folder_icon.gif</string> </value>
+        </item>
+        <item>
+            <key> <string>content_meta_type</string> </key>
+            <value> <string>ERP5 Folder</string> </value>
+        </item>
+        <item>
+            <key> <string>description</string> </key>
+            <value> <string>Certificate used to authenticate Object in erp5</string> </value>
+        </item>
+        <item>
+            <key> <string>factory</string> </key>
+            <value> <string>addFolder</string> </value>
+        </item>
+        <item>
+            <key> <string>filter_content_types</string> </key>
+            <value> <int>1</int> </value>
+        </item>
+        <item>
+            <key> <string>group_list</string> </key>
+            <value>
+              <tuple/>
+            </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>Certificate Access ID</string> </value>
+        </item>
+        <item>
+            <key> <string>init_script</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
+            <key> <string>permission</string> </key>
+            <value>
+              <none/>
+            </value>
+        </item>
+        <item>
+            <key> <string>searchable_text_property_id</string> </key>
+            <value>
+              <tuple>
+                <string>title</string>
+                <string>description</string>
+                <string>reference</string>
+                <string>short_title</string>
+              </tuple>
+            </value>
+        </item>
+        <item>
+            <key> <string>title</string> </key>
+            <value> <string></string> </value>
+        </item>
+        <item>
+            <key> <string>type_class</string> </key>
+            <value> <string>XMLObject</string> </value>
+        </item>
+        <item>
+            <key> <string>type_interface</string> </key>
+            <value>
+              <tuple/>
+            </value>
+        </item>
+        <item>
+            <key> <string>type_mixin</string> </key>
+            <value>
+              <tuple/>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+  <record id="2" aka="AAAAAAAAAAI=">
+    <pickle>
+      <global name="TranslationInformation" module="Products.ERP5Type.TranslationProviderBase"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>domain_name</string> </key>
+            <value> <string>erp5_ui</string> </value>
+        </item>
+        <item>
+            <key> <string>property_name</string> </key>
+            <value> <string>short_title</string> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+  <record id="3" aka="AAAAAAAAAAM=">
+    <pickle>
+      <global name="TranslationInformation" module="Products.ERP5Type.TranslationProviderBase"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>domain_name</string> </key>
+            <value> <string>erp5_ui</string> </value>
+        </item>
+        <item>
+            <key> <string>property_name</string> </key>
+            <value> <string>title</string> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>

master/bt5/slapos_cloud/PortalTypeWorkflowChainTemplateItem/workflow_chain_type.xml

@@ -3,6 +3,10 @@
   <type>Caucase REST Client Interface</type>
   <workflow>edit_workflow, validation_workflow</workflow>
  </chain>
+ <chain>
+  <type>Certificate Access ID</type>
+  <workflow>edit_workflow, validation_workflow</workflow>
+ </chain>
  <chain>
   <type>Computer</type>
   <workflow>computer_slap_interface_workflow, slapos_cloud_interaction_workflow</workflow>

master/bt5/slapos_cloud/SkinTemplateItem/portal_skins/slapos_cloud/CertificateAccessID_view.xml

+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="ERP5 Form" module="erp5.portal_type"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>_bind_names</string> </key>
+            <value>
+              <object>
+                <klass>
+                  <global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
+                </klass>
+                <tuple/>
+                <state>
+                  <dictionary>
+                    <item>
+                        <key> <string>_asgns</string> </key>
+                        <value>
+                          <dictionary/>
+                        </value>
+                    </item>
+                  </dictionary>
+                </state>
+              </object>
+            </value>
+        </item>
+        <item>
+            <key> <string>_objects</string> </key>
+            <value>
+              <tuple/>
+            </value>
+        </item>
+        <item>
+            <key> <string>action</string> </key>
+            <value> <string>Base_edit</string> </value>
+        </item>
+        <item>
+            <key> <string>description</string> </key>
+            <value> <string></string> </value>
+        </item>
+        <item>
+            <key> <string>edit_order</string> </key>
+            <value>
+              <list/>
+            </value>
+        </item>
+        <item>
+            <key> <string>encoding</string> </key>
+            <value> <string>UTF-8</string> </value>
+        </item>
+        <item>
+            <key> <string>enctype</string> </key>
+            <value> <string></string> </value>
+        </item>
+        <item>
+            <key> <string>group_list</string> </key>
+            <value>
+              <list>
+                <string>left</string>
+                <string>right</string>
+                <string>center</string>
+                <string>bottom</string>
+                <string>hidden</string>
+              </list>
+            </value>
+        </item>
+        <item>
+            <key> <string>groups</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>bottom</string> </key>
+                    <value>
+                      <list/>
+                    </value>
+                </item>
+                <item>
+                    <key> <string>center</string> </key>
+                    <value>
+                      <list/>
+                    </value>
+                </item>
+                <item>
+                    <key> <string>hidden</string> </key>
+                    <value>
+                      <list/>
+                    </value>
+                </item>
+                <item>
+                    <key> <string>left</string> </key>
+                    <value>
+                      <list>
+                        <string>my_reference</string>
+                      </list>
+                    </value>
+                </item>
+                <item>
+                    <key> <string>right</string> </key>
+                    <value>
+                      <list>
+                        <string>my_url_string</string>
+                        <string>my_translated_validation_state_title</string>
+                      </list>
+                    </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>CertificateAccessID_view</string> </value>
+        </item>
+        <item>
+            <key> <string>method</string> </key>
+            <value> <string>POST</string> </value>
+        </item>
+        <item>
+            <key> <string>name</string> </key>
+            <value> <string>CertificateAccessID_view</string> </value>
+        </item>
+        <item>
+            <key> <string>pt</string> </key>
+            <value> <string>form_view</string> </value>
+        </item>
+        <item>
+            <key> <string>row_length</string> </key>
+            <value> <int>4</int> </value>
+        </item>
+        <item>
+            <key> <string>stored_encoding</string> </key>
+            <value> <string>UTF-8</string> </value>
+        </item>
+        <item>
+            <key> <string>title</string> </key>
+            <value> <string>Certificate Access ID</string> </value>
+        </item>
+        <item>
+            <key> <string>unicode_mode</string> </key>
+            <value> <int>0</int> </value>
+        </item>
+        <item>
+            <key> <string>update_action</string> </key>
+            <value> <string></string> </value>
+        </item>
+        <item>
+            <key> <string>update_action_title</string> </key>
+            <value> <string></string> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>

master/bt5/slapos_cloud/SkinTemplateItem/portal_skins/slapos_cloud/CertificateAccessID_view/my_reference.xml

+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="ProxyField" module="Products.ERP5Form.ProxyField"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>delegated_list</string> </key>
+            <value>
+              <list>
+                <string>title</string>
+              </list>
+            </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>my_reference</string> </value>
+        </item>
+        <item>
+            <key> <string>message_values</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>external_validator_failed</string> </key>
+                    <value> <string>The input failed the external validator.</string> </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+        <item>
+            <key> <string>overrides</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>field_id</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>form_id</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>target</string> </key>
+                    <value> <string></string> </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+        <item>
+            <key> <string>tales</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>field_id</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>form_id</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>target</string> </key>
+                    <value> <string></string> </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+        <item>
+            <key> <string>values</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>field_id</string> </key>
+                    <value> <string>my_string_field</string> </value>
+                </item>
+                <item>
+                    <key> <string>form_id</string> </key>
+                    <value> <string>Base_viewFieldLibrary</string> </value>
+                </item>
+                <item>
+                    <key> <string>target</string> </key>
+                    <value> <string>Click to edit the target</string> </value>
+                </item>
+                <item>
+                    <key> <string>title</string> </key>
+                    <value> <string>Certificate Reference or ID</string> </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>

master/bt5/slapos_cloud/SkinTemplateItem/portal_skins/slapos_cloud/CertificateAccessID_view/my_translated_validation_state_title.xml

+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="ProxyField" module="Products.ERP5Form.ProxyField"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>delegated_list</string> </key>
+            <value>
+              <list/>
+            </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>my_translated_validation_state_title</string> </value>
+        </item>
+        <item>
+            <key> <string>message_values</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>external_validator_failed</string> </key>
+                    <value> <string>The input failed the external validator.</string> </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+        <item>
+            <key> <string>overrides</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>field_id</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>form_id</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>target</string> </key>
+                    <value> <string></string> </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+        <item>
+            <key> <string>tales</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>field_id</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>form_id</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>target</string> </key>
+                    <value> <string></string> </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+        <item>
+            <key> <string>values</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>field_id</string> </key>
+                    <value> <string>my_view_mode_translated_workflow_state_title</string> </value>
+                </item>
+                <item>
+                    <key> <string>form_id</string> </key>
+                    <value> <string>Base_viewFieldLibrary</string> </value>
+                </item>
+                <item>
+                    <key> <string>target</string> </key>
+                    <value> <string>Click to edit the target</string> </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>

master/bt5/slapos_cloud/SkinTemplateItem/portal_skins/slapos_cloud/CertificateAccessID_view/my_url_string.xml

+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="ProxyField" module="Products.ERP5Form.ProxyField"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>delegated_list</string> </key>
+            <value>
+              <list>
+                <string>title</string>
+              </list>
+            </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>my_url_string</string> </value>
+        </item>
+        <item>
+            <key> <string>message_values</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>external_validator_failed</string> </key>
+                    <value> <string>The input failed the external validator.</string> </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+        <item>
+            <key> <string>overrides</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>field_id</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>form_id</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>target</string> </key>
+                    <value> <string></string> </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+        <item>
+            <key> <string>tales</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>field_id</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>form_id</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>target</string> </key>
+                    <value> <string></string> </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+        <item>
+            <key> <string>values</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>field_id</string> </key>
+                    <value> <string>my_string_field</string> </value>
+                </item>
+                <item>
+                    <key> <string>form_id</string> </key>
+                    <value> <string>Base_viewFieldLibrary</string> </value>
+                </item>
+                <item>
+                    <key> <string>target</string> </key>
+                    <value> <string>Click to edit the target</string> </value>
+                </item>
+                <item>
+                    <key> <string>title</string> </key>
+                    <value> <string>URL</string> </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>

master/bt5/slapos_cloud/SkinTemplateItem/portal_skins/slapos_cloud/CertificateAccessID_viewAsList.xml

+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="ERP5 Form" module="erp5.portal_type"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>_bind_names</string> </key>
+            <value>
+              <object>
+                <klass>
+                  <global name="NameAssignments" module="Shared.DC.Scripts.Bindings"/>
+                </klass>
+                <tuple/>
+                <state>
+                  <dictionary>
+                    <item>
+                        <key> <string>_asgns</string> </key>
+                        <value>
+                          <dictionary/>
+                        </value>
+                    </item>
+                  </dictionary>
+                </state>
+              </object>
+            </value>
+        </item>
+        <item>
+            <key> <string>_objects</string> </key>
+            <value>
+              <tuple/>
+            </value>
+        </item>
+        <item>
+            <key> <string>action</string> </key>
+            <value> <string>Base_edit</string> </value>
+        </item>
+        <item>
+            <key> <string>description</string> </key>
+            <value> <string></string> </value>
+        </item>
+        <item>
+            <key> <string>edit_order</string> </key>
+            <value>
+              <list/>
+            </value>
+        </item>
+        <item>
+            <key> <string>encoding</string> </key>
+            <value> <string>UTF-8</string> </value>
+        </item>
+        <item>
+            <key> <string>enctype</string> </key>
+            <value> <string></string> </value>
+        </item>
+        <item>
+            <key> <string>group_list</string> </key>
+            <value>
+              <list>
+                <string>left</string>
+                <string>right</string>
+                <string>center</string>
+                <string>bottom</string>
+                <string>hidden</string>
+              </list>
+            </value>
+        </item>
+        <item>
+            <key> <string>groups</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>bottom</string> </key>
+                    <value>
+                      <list>
+                        <string>listbox</string>
+                      </list>
+                    </value>
+                </item>
+                <item>
+                    <key> <string>center</string> </key>
+                    <value>
+                      <list/>
+                    </value>
+                </item>
+                <item>
+                    <key> <string>hidden</string> </key>
+                    <value>
+                      <list/>
+                    </value>
+                </item>
+                <item>
+                    <key> <string>left</string> </key>
+                    <value>
+                      <list/>
+                    </value>
+                </item>
+                <item>
+                    <key> <string>right</string> </key>
+                    <value>
+                      <list/>
+                    </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>CertificateAccessID_viewAsList</string> </value>
+        </item>
+        <item>
+            <key> <string>method</string> </key>
+            <value> <string>POST</string> </value>
+        </item>
+        <item>
+            <key> <string>name</string> </key>
+            <value> <string>Computer_viewCertificateAccessList</string> </value>
+        </item>
+        <item>
+            <key> <string>pt</string> </key>
+            <value> <string>form_view</string> </value>
+        </item>
+        <item>
+            <key> <string>row_length</string> </key>
+            <value> <int>4</int> </value>
+        </item>
+        <item>
+            <key> <string>stored_encoding</string> </key>
+            <value> <string>UTF-8</string> </value>
+        </item>
+        <item>
+            <key> <string>title</string> </key>
+            <value> <string>Certificate Access IDs</string> </value>
+        </item>
+        <item>
+            <key> <string>unicode_mode</string> </key>
+            <value> <int>0</int> </value>
+        </item>
+        <item>
+            <key> <string>update_action</string> </key>
+            <value> <string></string> </value>
+        </item>
+        <item>
+            <key> <string>update_action_title</string> </key>
+            <value> <string></string> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>

master/bt5/slapos_cloud/SkinTemplateItem/portal_skins/slapos_cloud/CertificateAccessID_viewAsList/listbox.xml

+<?xml version="1.0"?>
+<ZopeData>
+  <record id="1" aka="AAAAAAAAAAE=">
+    <pickle>
+      <global name="ProxyField" module="Products.ERP5Form.ProxyField"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>delegated_list</string> </key>
+            <value>
+              <list>
+                <string>anchor</string>
+                <string>columns</string>
+                <string>default_params</string>
+                <string>list_method</string>
+                <string>portal_types</string>
+                <string>search</string>
+                <string>search_columns</string>
+                <string>selection_name</string>
+                <string>sort</string>
+                <string>sort_columns</string>
+                <string>title</string>
+              </list>
+            </value>
+        </item>
+        <item>
+            <key> <string>id</string> </key>
+            <value> <string>listbox</string> </value>
+        </item>
+        <item>
+            <key> <string>message_values</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>external_validator_failed</string> </key>
+                    <value> <string>The input failed the external validator.</string> </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+        <item>
+            <key> <string>overrides</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>field_id</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>form_id</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>target</string> </key>
+                    <value> <string></string> </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+        <item>
+            <key> <string>tales</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>field_id</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>form_id</string> </key>
+                    <value> <string></string> </value>
+                </item>
+                <item>
+                    <key> <string>target</string> </key>
+                    <value> <string></string> </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+        <item>
+            <key> <string>values</string> </key>
+            <value>
+              <dictionary>
+                <item>
+                    <key> <string>anchor</string> </key>
+                    <value> <int>0</int> </value>
+                </item>
+                <item>
+                    <key> <string>columns</string> </key>
+                    <value>
+                      <list>
+                        <tuple>
+                          <string>reference</string>
+                          <string>Certificate ID</string>
+                        </tuple>
+                        <tuple>
+                          <string>url_string</string>
+                          <string>URL</string>
+                        </tuple>
+                        <tuple>
+                          <string>translated_validation_state_title</string>
+                          <string>State</string>
+                        </tuple>
+                      </list>
+                    </value>
+                </item>
+                <item>
+                    <key> <string>default_params</string> </key>
+                    <value>
+                      <list/>
+                    </value>
+                </item>
+                <item>
+                    <key> <string>field_id</string> </key>
+                    <value> <string>my_view_mode_listbox</string> </value>
+                </item>
+                <item>
+                    <key> <string>form_id</string> </key>
+                    <value> <string>Base_viewFieldLibrary</string> </value>
+                </item>
+                <item>
+                    <key> <string>list_method</string> </key>
+                    <value>
+                      <persistent> <string encoding="base64">AAAAAAAAAAI=</string> </persistent>
+                    </value>
+                </item>
+                <item>
+                    <key> <string>portal_types</string> </key>
+                    <value>
+                      <list>
+                        <tuple>
+                          <string>Certificate Access ID</string>
+                          <string>Certificate Access ID</string>
+                        </tuple>
+                      </list>
+                    </value>
+                </item>
+                <item>
+                    <key> <string>search</string> </key>
+                    <value> <int>1</int> </value>
+                </item>
+                <item>
+                    <key> <string>search_columns</string> </key>
+                    <value>
+                      <list>
+                        <tuple>
+                          <string>reference</string>
+                          <string>Certificate ID</string>
+                        </tuple>
+                        <tuple>
+                          <string>translated_validation_state_title</string>
+                          <string>State</string>
+                        </tuple>
+                      </list>
+                    </value>
+                </item>
+                <item>
+                    <key> <string>selection_name</string> </key>
+                    <value> <string>computer_certificate_access_id_list_selection</string> </value>
+                </item>
+                <item>
+                    <key> <string>sort</string> </key>
+                    <value>
+                      <list/>
+                    </value>
+                </item>
+                <item>
+                    <key> <string>sort_columns</string> </key>
+                    <value>
+                      <list>
+                        <tuple>
+                          <string>reference</string>
+                          <string>Certificate ID</string>
+                        </tuple>
+                        <tuple>
+                          <string>translated_validation_state_title</string>
+                          <string>State</string>
+                        </tuple>
+                      </list>
+                    </value>
+                </item>
+                <item>
+                    <key> <string>target</string> </key>
+                    <value> <string>Click to edit the target</string> </value>
+                </item>
+                <item>
+                    <key> <string>title</string> </key>
+                    <value> <string>Certificates</string> </value>
+                </item>
+              </dictionary>
+            </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+  <record id="2" aka="AAAAAAAAAAI=">
+    <pickle>
+      <global name="Method" module="Products.Formulator.MethodField"/>
+    </pickle>
+    <pickle>
+      <dictionary>
+        <item>
+            <key> <string>method_name</string> </key>
+            <value> <string>searchFolder</string> </value>
+        </item>
+      </dictionary>
+    </pickle>
+  </record>
+</ZopeData>

master/bt5/slapos_cloud/WorkflowTemplateItem/portal_workflow/computer_slap_interface_workflow/scripts/Computer_generateCertificate.py

@@ -3,11 +3,16 @@ computer = state_change['object']
 kwargs = state_change.kwargs
 
 try:
-  certificate_signature_request = kwargs["csr"]
+  certificate_signature_request = kwargs["certificate_request"]
 except KeyError, e:
   raise TypeError("Computer_generateCertificate takes exactly 1 argument: %s" % str(e))
 
-if computer.getDestinationReference() is not None:
+certificate_portal_type = "Certificate Access ID"
+certificate_id_list = [x for x in
+  computer.contentValues(portal_type=certificate_portal_type)
+  if x.getValidationState() == 'validated']
+
+if len(certificate_id_list):
   context.REQUEST.set("computer_certificate", None)
   context.REQUEST.set("computer_certificate_url", None)
   raise ValueError('Certificate still active.')
@@ -18,7 +23,12 @@ csr_id = ca_service.putCertificateSigningRequest(certificate_signature_request)
 crt_id, url = ca_service.signCertificate(csr_id)
 certificate = ca_service.getCertificate(crt_id)
 
-computer.setDestinationReference(crt_id)
+certificate_id = computer.newContent(
+  portal_type=certificate_portal_type,
+  reference=crt_id,
+  url_string=url)
+
+certificate_id.validate()
 
 context.REQUEST.set("computer_certificate", certificate)
 context.REQUEST.set("computer_certificate_url", url)

master/bt5/slapos_cloud/WorkflowTemplateItem/portal_workflow/computer_slap_interface_workflow/scripts/Computer_revokeCertificate.py

 computer = state_change['object']
 context.REQUEST.set('computer_certificate', None)
 context.REQUEST.set('computer_certificate_url', None)
-destination_reference = computer.getDestinationReference()
-if destination_reference is None:
+certificate_id_list = [x for x in
+  computer.contentValues(portal_type="Certificate Access ID")
+  if x.getValidationState() == 'validated']
+
+if not len(certificate_id_list):
   raise ValueError('No certificate')
+
+# XXX - considering that there is always one objects
+certificate_id = certificate_id_list[0]
 context.getPortalObject().portal_web_services.caucase_adapter\
-  .revokeCertificate(destination_reference)
-computer.setDestinationReference(None)
+  .revokeCertificate(certificate_id.getReference())
+
+# Invalidate certificate
+certificate_id.invalidate()

master/bt5/slapos_cloud/WorkflowTemplateItem/portal_workflow/computer_slap_interface_workflow/scripts/Computer_revokeCertificate.xml

@@ -52,6 +52,14 @@
             <key> <string>_params</string> </key>
             <value> <string>state_change</string> </value>
         </item>
+        <item>
+            <key> <string>_proxy_roles</string> </key>
+            <value>
+              <tuple>
+                <string>Manager</string>
+              </tuple>
+            </value>
+        </item>
         <item>
             <key> <string>id</string> </key>
             <value> <string>Computer_revokeCertificate</string> </value>

master/bt5/slapos_cloud/WorkflowTemplateItem/portal_workflow/instance_slap_interface_workflow/scripts/RequesterInstance_request.py

@@ -79,15 +79,10 @@ if (request_software_instance is None):
       id_group='slap_software_instance_reference',
       id_generator='uid')
 
-    new_content_kw = {}
     if is_slave == True:
       software_instance_portal_type = "Slave Instance"
     else:
       software_instance_portal_type = "Software Instance"
-      certificate_dict = portal.portal_certificate_authority.getNewCertificate(reference)
-      new_content_kw['destination_reference'] = certificate_dict['id']
-      new_content_kw['ssl_key'] = certificate_dict['key']
-      new_content_kw['ssl_certificate'] = certificate_dict['certificate']
 
     module = portal.getDefaultModule(portal_type="Software Instance")
     request_software_instance = module.newContent(
@@ -95,8 +90,7 @@ if (request_software_instance is None):
       title=software_title,
       specialise_value=hosting_subscription,
       reference=reference,
-      activate_kw={'tag': tag},
-      **new_content_kw
+      activate_kw={'tag': tag}
     )
     # request_software_instance.portal_workflow.doActionFor(request_software_instance, 'validate_action')
     request_software_instance.validate()

master/bt5/slapos_cloud/bt/template_action_path_list

+Caucase REST Client Interface | view
+Certificate Access ID | view
 Computer Model | view_capacity
 Computer Network | view_computer_list
 Computer Network | view_software_release

master/bt5/slapos_cloud/bt/template_document_id_list

 document.erp5.Person
-document.erp5.SoftwareInstance
\ No newline at end of file
+document.erp5.SoftwareInstance
+document.erp5.CaucaseRESTClientInterface
\ No newline at end of file

master/bt5/slapos_cloud/bt/template_portal_type_allowed_content_type_list

+Computer | Certificate Access ID
 Hosting Subscription Module | Hosting Subscription
+Person | Certificate Access ID
 Software Installation Module | Software Installation
 Software Instance Module | Slave Instance
-Software Instance Module | Software Instance
\ No newline at end of file
+Software Instance Module | Software Instance
+Software Instance | Certificate Access ID
\ No newline at end of file

master/bt5/slapos_cloud/bt/template_portal_type_id_list

 Caucase REST Client Interface
+Certificate Access ID
 Hosting Subscription
 Hosting Subscription Module
 Slave Instance

master/bt5/slapos_cloud/bt/template_portal_type_property_sheet_list

@@ -2,6 +2,8 @@ Assignment | SlaposAssignmentConstraint
 Caucase REST Client Interface | Login
 Caucase REST Client Interface | RESTClientInterface
 Caucase REST Client Interface | Url
+Certificate Access ID | Reference
+Certificate Access ID | Url
 Computer Model | SlaposCapacity
 Computer Partition | ComputerPartition
 Computer Partition | SlaposComputerPartitionConstraint

master/bt5/slapos_cloud/bt/template_portal_type_workflow_chain_list

 Caucase REST Client Interface | edit_workflow
 Caucase REST Client Interface | validation_workflow
+Certificate Access ID | edit_workflow
+Certificate Access ID | validation_workflow
 Computer Partition | computer_partition_slap_interface_workflow
 Computer | computer_slap_interface_workflow
 Computer | slapos_cloud_interaction_workflow