Merge "Add admin endpoint enable/disable sni certificate"
This commit is contained in:
commit
60c0efdc57
|
@ -221,10 +221,12 @@ class CassandraSanInfoStorage(base.BaseAkamaiSanInfoStorage):
|
|||
raise ValueError('No san cert info found for %s.' % cert_name)
|
||||
|
||||
enrollment_id = cert_info.get("enrollmentId")
|
||||
enabled = cert_info.get("enabled", True)
|
||||
|
||||
res = {
|
||||
'cnameHostname': cert_name,
|
||||
'enrollmentId': enrollment_id,
|
||||
'enabled': enabled
|
||||
}
|
||||
|
||||
if any([i for i in [enrollment_id] if i is None]):
|
||||
|
@ -328,15 +330,16 @@ class CassandraSanInfoStorage(base.BaseAkamaiSanInfoStorage):
|
|||
enrollment_id = sni_cert_info.get('enrollmentId')
|
||||
return enrollment_id
|
||||
|
||||
def get_enabled_status(self, san_cert_name):
|
||||
the_san_cert_info = self._get_akamai_san_certs_info().get(
|
||||
san_cert_name
|
||||
)
|
||||
def get_enabled_status(self, cert_name, info_type='san'):
|
||||
if info_type == 'sni':
|
||||
cert_info = self._get_akamai_sni_certs_info().get(cert_name)
|
||||
else:
|
||||
cert_info = self._get_akamai_san_certs_info().get(cert_name)
|
||||
|
||||
if the_san_cert_info is None:
|
||||
raise ValueError('No san cert info found for %s.' % san_cert_name)
|
||||
if cert_info is None:
|
||||
raise ValueError('No cert info found for %s.' % cert_name)
|
||||
|
||||
enabled = the_san_cert_info.get('enabled', True)
|
||||
enabled = cert_info.get('enabled', True)
|
||||
return enabled
|
||||
|
||||
def update_san_info(self, info_dict, info_type=None):
|
||||
|
|
|
@ -120,6 +120,8 @@ class CertificateController(base.CertificateBase):
|
|||
)
|
||||
)
|
||||
if not enabled:
|
||||
LOG.info("SAN cert {0} is disabled.".format(
|
||||
san_cert_name))
|
||||
continue
|
||||
|
||||
# if the limit provided as an arg to this function is None
|
||||
|
@ -142,6 +144,12 @@ class CertificateController(base.CertificateBase):
|
|||
)
|
||||
)
|
||||
if san_hosts >= san_cert_hostname_limit:
|
||||
LOG.info(
|
||||
"SAN cert {0} has {1} hosts, "
|
||||
"limit is {2}.".format(
|
||||
san_cert_name,
|
||||
san_hosts,
|
||||
san_cert_hostname_limit))
|
||||
continue
|
||||
|
||||
last_sps_id = (
|
||||
|
@ -384,6 +392,15 @@ class CertificateController(base.CertificateBase):
|
|||
self.cert_info_storage.get_san_cert_hostname_limit()
|
||||
)
|
||||
for cert_name in self.sni_cert_cnames:
|
||||
enabled = (
|
||||
self.cert_info_storage.get_enabled_status(
|
||||
cert_name, info_type='sni'
|
||||
)
|
||||
)
|
||||
if not enabled:
|
||||
LOG.info("SNI cert {0} is disabled.".format(
|
||||
cert_name))
|
||||
continue
|
||||
cert_hostname_limit = (
|
||||
cert_hostname_limit or
|
||||
self.driver.san_cert_hostname_limit
|
||||
|
@ -393,6 +410,12 @@ class CertificateController(base.CertificateBase):
|
|||
cert_name
|
||||
)
|
||||
if host_names_count >= cert_hostname_limit:
|
||||
LOG.info(
|
||||
"SNI cert {0} has {1} hosts, "
|
||||
"limit is {2}.".format(
|
||||
cert_name,
|
||||
host_names_count,
|
||||
cert_hostname_limit))
|
||||
continue
|
||||
|
||||
try:
|
||||
|
|
|
@ -119,7 +119,10 @@ class SSLCertificateSchema(schema_base.SchemaBase):
|
|||
'type': 'integer',
|
||||
# we cannot have 0 or negative enrollmentId
|
||||
'minimum': 1
|
||||
}
|
||||
},
|
||||
'enabled': {
|
||||
'type': 'boolean'
|
||||
},
|
||||
}
|
||||
}
|
||||
},
|
||||
|
|
Loading…
Reference in New Issue