diff --git a/poppy/manager/default/ssl_certificate.py b/poppy/manager/default/ssl_certificate.py index 5bfdae5b..76f883c3 100644 --- a/poppy/manager/default/ssl_certificate.py +++ b/poppy/manager/default/ssl_certificate.py @@ -18,6 +18,8 @@ import json from poppy.distributed_task.taskflow.flow import create_ssl_certificate from poppy.distributed_task.taskflow.flow import delete_ssl_certificate from poppy.manager import base +from poppy.model.helpers import domain +from poppy.transport.validators import helpers as validators class DefaultSSLCertificateController(base.SSLCertificateController): @@ -31,6 +33,15 @@ class DefaultSSLCertificateController(base.SSLCertificateController): self.flavor_controller = self._driver.storage.flavors_controller def create_ssl_certificate(self, project_id, cert_obj): + + if (not validators.is_valid_domain_name(cert_obj.domain_name)) or \ + (validators.is_root_domain( + domain.Domain(cert_obj.domain_name).to_dict())): + # here created a http domain object but it does not matter http or + # https + raise ValueError('%s must be a valid non-root domain' % + cert_obj.domain_name) + try: flavor = self.flavor_controller.get(cert_obj.flavor_id) # raise a lookup error if the flavor is not found diff --git a/poppy/provider/akamai/services.py b/poppy/provider/akamai/services.py index 9e50d5c4..01946f9a 100644 --- a/poppy/provider/akamai/services.py +++ b/poppy/provider/akamai/services.py @@ -551,10 +551,12 @@ class ServiceController(base.ServiceBase): self.mod_san_queue.enqueue_mod_san_request( json.dumps(cert_obj.to_dict())) return self.responder.ssl_certificate_provisioned(None, { - 'status': 'failed', + 'status': 'create_in_progress', 'san cert': None, 'action': 'No available san cert for %s right now,' - ' or no san cert info available.' + ' or no san cert info available. Support:' + 'Please write down the domain and keep an' + ' eye on next availabe freed-up SAN certs.' ' More provisioning might be needed' % (cert_obj.domain_name) }) diff --git a/tests/api/ssl_certificate/data_create_ssl_certificate.json b/tests/api/ssl_certificate/data_create_ssl_certificate.json index 772b9f40..d1653b09 100644 --- a/tests/api/ssl_certificate/data_create_ssl_certificate.json +++ b/tests/api/ssl_certificate/data_create_ssl_certificate.json @@ -2,9 +2,5 @@ "create_san_test_1": { "cert_type": "san", "domain_name": "www.abc.com" - }, - "root_domain": { - "cert_type": "san", - "domain_name": "abc.com" } } \ No newline at end of file diff --git a/tests/api/ssl_certificate/data_create_ssl_certificate_negative.json b/tests/api/ssl_certificate/data_create_ssl_certificate_negative.json index 32137c47..d703c462 100644 --- a/tests/api/ssl_certificate/data_create_ssl_certificate_negative.json +++ b/tests/api/ssl_certificate/data_create_ssl_certificate_negative.json @@ -34,5 +34,9 @@ "empty_cert": { "cert_type": "", "domain_name": "meowmeow.com" + }, + "root_domain": { + "cert_type": "san", + "domain_name": "abc.com" } } \ No newline at end of file diff --git a/tests/functional/transport/pecan/controllers/data_create_ssl_certificate_bad_input_json.json b/tests/functional/transport/pecan/controllers/data_create_ssl_certificate_bad_input_json.json index f52fd1f5..5b7788df 100644 --- a/tests/functional/transport/pecan/controllers/data_create_ssl_certificate_bad_input_json.json +++ b/tests/functional/transport/pecan/controllers/data_create_ssl_certificate_bad_input_json.json @@ -24,5 +24,10 @@ "cert_type": "san", "domain_name": "www.abc.com", "flavor_id": "mock" + }, + "with_root_domain": { + "cert_type": "san", + "domain_name": "abc.com", + "flavor_id": "mock" } } \ No newline at end of file