slapos_slap_tool: No need revoke, only invalidate login is enough

Since login is invalidated the user wont be able to login into master anymore. Revoke certificate too often may cause an excessive amount which dont scale.

slapos_slap_tool: No need revoke, only invalidate login is enough
Since login is invalidated the user wont be able to login into master anymore. Revoke certificate too often may cause an excessive amount which dont scale.
f8cebc62 · Rafael Monnerat · b67509f5 · f8cebc62 · f8cebc62
Commit f8cebc62 authored Jun 27, 2023 by Rafael Monnerat
2 changed files
--- a/master/bt5/slapos_slap_tool/TestTemplateItem/portal_components/test.erp5.testSlapOSSlapTool.py
+++ b/master/bt5/slapos_slap_tool/TestTemplateItem/portal_components/test.erp5.testSlapOSSlapTool.py
@@ -1954,14 +1954,22 @@ class TestSlapOSSlapToolInstanceAccess(TestSlapOSSlapToolMixin):
    self._makeComplexComputeNode()
    partition_id = self.destroy_requested_software_instance.getAggregateValue(
        portal_type='Compute Partition').getReference()
+    ssl_key = self.destroy_requested_software_instance.getSslKey()
+    ssl_cert = self.destroy_requested_software_instance.getSslCertificate()
    self.login(self.destroy_requested_software_instance.getUserId())
    response = self.portal_slap.destroyedComputerPartition(self.compute_node_id,
      partition_id)
    self.assertEqual('None', response)
    self.assertEqual('invalidated',
        self.destroy_requested_software_instance.getValidationState())
-    self.assertEqual(None, self.destroy_requested_software_instance.getSslKey())
-    self.assertEqual(None, self.destroy_requested_software_instance.getSslCertificate())
+    certificate_login_list = self.destroy_requested_software_instance.objectValues(
+      portal_type="Certificate Login")
+    self.assertEqual(1, len(certificate_login_list))
+    self.assertEqual("invalidated", certificate_login_list[0].getValidationState())
+    self.assertEqual(ssl_key, self.destroy_requested_software_instance.getSslKey())
+    self.assertEqual(ssl_cert, self.destroy_requested_software_instance.getSslCertificate())
  def assertInstanceRequestSimulator(self, args, kwargs):
    stored = eval(open(self.instance_request_simulator).read()) #pylint: disable=eval-used

--- a/master/bt5/slapos_slap_tool/ToolComponentTemplateItem/portal_components/tool.erp5.SlapTool.py
+++ b/master/bt5/slapos_slap_tool/ToolComponentTemplateItem/portal_components/tool.erp5.SlapTool.py
@@ -890,10 +890,11 @@ class SlapTool(BaseTool):
        compute_partition_id)
    if instance.getSlapState() == 'destroy_requested':
-      # remove certificate from SI
-      instance.revokeCertificate()
      if instance.getValidationState() == 'validated':
        instance.invalidate()
+      for login in instance.objectValues(portal_type="Certificate Login"):
+        if login.getValidationState() == 'validated':
+          login.invalidate()
  @convertToREST
  def _setComputePartitionConnectionXml(self, compute_node_id,