x
/
poppy
Code Issues Proposed changes

Merge "Add admin endpoint enable/disable sni certificate"

This commit is contained in:
Jenkins 2016-10-03 20:26:12 +00:00 committed by Gerrit Code Review
parent 368c2d435a a2246e0986
commit 60c0efdc57
3 changed files with 37 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
poppy/provider/akamai/cert_info_storage/cassandra_storage.py
View File

@ -221,10 +221,12 @@ class CassandraSanInfoStorage(base.BaseAkamaiSanInfoStorage):
raise ValueError('No san cert info found for %s.' % cert_name) raise ValueError('No san cert info found for %s.' % cert_name)
enrollment_id = cert_info.get("enrollmentId") enrollment_id = cert_info.get("enrollmentId")
enabled = cert_info.get("enabled", True)
res = { res = {
'cnameHostname': cert_name, 'cnameHostname': cert_name,
'enrollmentId': enrollment_id, 'enrollmentId': enrollment_id,
'enabled': enabled
} }
if any([i for i in [enrollment_id] if i is None]): if any([i for i in [enrollment_id] if i is None]):
@ -328,15 +330,16 @@ class CassandraSanInfoStorage(base.BaseAkamaiSanInfoStorage):
enrollment_id = sni_cert_info.get('enrollmentId') enrollment_id = sni_cert_info.get('enrollmentId')
return enrollment_id return enrollment_id
def get_enabled_status(self, san_cert_name): def get_enabled_status(self, cert_name, info_type='san'):
the_san_cert_info = self._get_akamai_san_certs_info().get( if info_type == 'sni':
san_cert_name cert_info = self._get_akamai_sni_certs_info().get(cert_name)
) else:
cert_info = self._get_akamai_san_certs_info().get(cert_name)
if the_san_cert_info is None: if cert_info is None:
raise ValueError('No san cert info found for %s.' % san_cert_name) raise ValueError('No cert info found for %s.' % cert_name)
enabled = the_san_cert_info.get('enabled', True) enabled = cert_info.get('enabled', True)
return enabled return enabled
def update_san_info(self, info_dict, info_type=None): def update_san_info(self, info_dict, info_type=None):

23
poppy/provider/akamai/certificates.py
View File

@ -120,6 +120,8 @@ class CertificateController(base.CertificateBase):
) )
) )
if not enabled: if not enabled:
LOG.info("SAN cert {0} is disabled.".format(
san_cert_name))
continue continue
# if the limit provided as an arg to this function is None # if the limit provided as an arg to this function is None
@ -142,6 +144,12 @@ class CertificateController(base.CertificateBase):
) )
) )
if san_hosts >= san_cert_hostname_limit: if san_hosts >= san_cert_hostname_limit:
LOG.info(
"SAN cert {0} has {1} hosts, "
"limit is {2}.".format(
san_cert_name,
san_hosts,
san_cert_hostname_limit))
continue continue
last_sps_id = ( last_sps_id = (
@ -384,6 +392,15 @@ class CertificateController(base.CertificateBase):
self.cert_info_storage.get_san_cert_hostname_limit() self.cert_info_storage.get_san_cert_hostname_limit()
) )
for cert_name in self.sni_cert_cnames: for cert_name in self.sni_cert_cnames:
enabled = (
self.cert_info_storage.get_enabled_status(
cert_name, info_type='sni'
)
)
if not enabled:
LOG.info("SNI cert {0} is disabled.".format(
cert_name))
continue
cert_hostname_limit = ( cert_hostname_limit = (
cert_hostname_limit or cert_hostname_limit or
self.driver.san_cert_hostname_limit self.driver.san_cert_hostname_limit
@ -393,6 +410,12 @@ class CertificateController(base.CertificateBase):
cert_name cert_name
) )
if host_names_count >= cert_hostname_limit: if host_names_count >= cert_hostname_limit:
LOG.info(
"SNI cert {0} has {1} hosts, "
"limit is {2}.".format(
cert_name,
host_names_count,
cert_hostname_limit))
continue continue
try: try:

5
poppy/transport/validators/schemas/ssl_certificate.py
View File

@ -119,7 +119,10 @@ class SSLCertificateSchema(schema_base.SchemaBase):
'type': 'integer', 'type': 'integer',
# we cannot have 0 or negative enrollmentId # we cannot have 0 or negative enrollmentId
'minimum': 1 'minimum': 1
} },
'enabled': {
'type': 'boolean'
},
} }
} }
}, },