Merge "Add admin endpoint enable/disable sni certificate"
This commit is contained in:
commit
60c0efdc57
|
@ -221,10 +221,12 @@ class CassandraSanInfoStorage(base.BaseAkamaiSanInfoStorage):
|
||||||
raise ValueError('No san cert info found for %s.' % cert_name)
|
raise ValueError('No san cert info found for %s.' % cert_name)
|
||||||
|
|
||||||
enrollment_id = cert_info.get("enrollmentId")
|
enrollment_id = cert_info.get("enrollmentId")
|
||||||
|
enabled = cert_info.get("enabled", True)
|
||||||
|
|
||||||
res = {
|
res = {
|
||||||
'cnameHostname': cert_name,
|
'cnameHostname': cert_name,
|
||||||
'enrollmentId': enrollment_id,
|
'enrollmentId': enrollment_id,
|
||||||
|
'enabled': enabled
|
||||||
}
|
}
|
||||||
|
|
||||||
if any([i for i in [enrollment_id] if i is None]):
|
if any([i for i in [enrollment_id] if i is None]):
|
||||||
|
@ -328,15 +330,16 @@ class CassandraSanInfoStorage(base.BaseAkamaiSanInfoStorage):
|
||||||
enrollment_id = sni_cert_info.get('enrollmentId')
|
enrollment_id = sni_cert_info.get('enrollmentId')
|
||||||
return enrollment_id
|
return enrollment_id
|
||||||
|
|
||||||
def get_enabled_status(self, san_cert_name):
|
def get_enabled_status(self, cert_name, info_type='san'):
|
||||||
the_san_cert_info = self._get_akamai_san_certs_info().get(
|
if info_type == 'sni':
|
||||||
san_cert_name
|
cert_info = self._get_akamai_sni_certs_info().get(cert_name)
|
||||||
)
|
else:
|
||||||
|
cert_info = self._get_akamai_san_certs_info().get(cert_name)
|
||||||
|
|
||||||
if the_san_cert_info is None:
|
if cert_info is None:
|
||||||
raise ValueError('No san cert info found for %s.' % san_cert_name)
|
raise ValueError('No cert info found for %s.' % cert_name)
|
||||||
|
|
||||||
enabled = the_san_cert_info.get('enabled', True)
|
enabled = cert_info.get('enabled', True)
|
||||||
return enabled
|
return enabled
|
||||||
|
|
||||||
def update_san_info(self, info_dict, info_type=None):
|
def update_san_info(self, info_dict, info_type=None):
|
||||||
|
|
|
@ -120,6 +120,8 @@ class CertificateController(base.CertificateBase):
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
if not enabled:
|
if not enabled:
|
||||||
|
LOG.info("SAN cert {0} is disabled.".format(
|
||||||
|
san_cert_name))
|
||||||
continue
|
continue
|
||||||
|
|
||||||
# if the limit provided as an arg to this function is None
|
# if the limit provided as an arg to this function is None
|
||||||
|
@ -142,6 +144,12 @@ class CertificateController(base.CertificateBase):
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
if san_hosts >= san_cert_hostname_limit:
|
if san_hosts >= san_cert_hostname_limit:
|
||||||
|
LOG.info(
|
||||||
|
"SAN cert {0} has {1} hosts, "
|
||||||
|
"limit is {2}.".format(
|
||||||
|
san_cert_name,
|
||||||
|
san_hosts,
|
||||||
|
san_cert_hostname_limit))
|
||||||
continue
|
continue
|
||||||
|
|
||||||
last_sps_id = (
|
last_sps_id = (
|
||||||
|
@ -384,6 +392,15 @@ class CertificateController(base.CertificateBase):
|
||||||
self.cert_info_storage.get_san_cert_hostname_limit()
|
self.cert_info_storage.get_san_cert_hostname_limit()
|
||||||
)
|
)
|
||||||
for cert_name in self.sni_cert_cnames:
|
for cert_name in self.sni_cert_cnames:
|
||||||
|
enabled = (
|
||||||
|
self.cert_info_storage.get_enabled_status(
|
||||||
|
cert_name, info_type='sni'
|
||||||
|
)
|
||||||
|
)
|
||||||
|
if not enabled:
|
||||||
|
LOG.info("SNI cert {0} is disabled.".format(
|
||||||
|
cert_name))
|
||||||
|
continue
|
||||||
cert_hostname_limit = (
|
cert_hostname_limit = (
|
||||||
cert_hostname_limit or
|
cert_hostname_limit or
|
||||||
self.driver.san_cert_hostname_limit
|
self.driver.san_cert_hostname_limit
|
||||||
|
@ -393,6 +410,12 @@ class CertificateController(base.CertificateBase):
|
||||||
cert_name
|
cert_name
|
||||||
)
|
)
|
||||||
if host_names_count >= cert_hostname_limit:
|
if host_names_count >= cert_hostname_limit:
|
||||||
|
LOG.info(
|
||||||
|
"SNI cert {0} has {1} hosts, "
|
||||||
|
"limit is {2}.".format(
|
||||||
|
cert_name,
|
||||||
|
host_names_count,
|
||||||
|
cert_hostname_limit))
|
||||||
continue
|
continue
|
||||||
|
|
||||||
try:
|
try:
|
||||||
|
|
|
@ -119,7 +119,10 @@ class SSLCertificateSchema(schema_base.SchemaBase):
|
||||||
'type': 'integer',
|
'type': 'integer',
|
||||||
# we cannot have 0 or negative enrollmentId
|
# we cannot have 0 or negative enrollmentId
|
||||||
'minimum': 1
|
'minimum': 1
|
||||||
}
|
},
|
||||||
|
'enabled': {
|
||||||
|
'type': 'boolean'
|
||||||
|
},
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
|
Loading…
Reference in New Issue