From a2246e0986185551b226af52e82f1ce9750f0d0b Mon Sep 17 00:00:00 2001 From: Isaac Mungai Date: Mon, 3 Oct 2016 11:10:36 -0400 Subject: [PATCH] Add admin endpoint enable/disable sni certificate Change-Id: I4bc5d1b88bc46202be9138509e91fb09a048f753 --- .../cert_info_storage/cassandra_storage.py | 17 ++++++++------ poppy/provider/akamai/certificates.py | 23 +++++++++++++++++++ .../validators/schemas/ssl_certificate.py | 5 +++- 3 files changed, 37 insertions(+), 8 deletions(-) diff --git a/poppy/provider/akamai/cert_info_storage/cassandra_storage.py b/poppy/provider/akamai/cert_info_storage/cassandra_storage.py index 9abe951e..319452da 100644 --- a/poppy/provider/akamai/cert_info_storage/cassandra_storage.py +++ b/poppy/provider/akamai/cert_info_storage/cassandra_storage.py @@ -221,10 +221,12 @@ class CassandraSanInfoStorage(base.BaseAkamaiSanInfoStorage): raise ValueError('No san cert info found for %s.' % cert_name) enrollment_id = cert_info.get("enrollmentId") + enabled = cert_info.get("enabled", True) res = { 'cnameHostname': cert_name, 'enrollmentId': enrollment_id, + 'enabled': enabled } if any([i for i in [enrollment_id] if i is None]): @@ -328,15 +330,16 @@ class CassandraSanInfoStorage(base.BaseAkamaiSanInfoStorage): enrollment_id = sni_cert_info.get('enrollmentId') return enrollment_id - def get_enabled_status(self, san_cert_name): - the_san_cert_info = self._get_akamai_san_certs_info().get( - san_cert_name - ) + def get_enabled_status(self, cert_name, info_type='san'): + if info_type == 'sni': + cert_info = self._get_akamai_sni_certs_info().get(cert_name) + else: + cert_info = self._get_akamai_san_certs_info().get(cert_name) - if the_san_cert_info is None: - raise ValueError('No san cert info found for %s.' % san_cert_name) + if cert_info is None: + raise ValueError('No cert info found for %s.' % cert_name) - enabled = the_san_cert_info.get('enabled', True) + enabled = cert_info.get('enabled', True) return enabled def update_san_info(self, info_dict, info_type=None): diff --git a/poppy/provider/akamai/certificates.py b/poppy/provider/akamai/certificates.py index d6d70bf8..a0bf6dcf 100644 --- a/poppy/provider/akamai/certificates.py +++ b/poppy/provider/akamai/certificates.py @@ -120,6 +120,8 @@ class CertificateController(base.CertificateBase): ) ) if not enabled: + LOG.info("SAN cert {0} is disabled.".format( + san_cert_name)) continue # if the limit provided as an arg to this function is None @@ -142,6 +144,12 @@ class CertificateController(base.CertificateBase): ) ) if san_hosts >= san_cert_hostname_limit: + LOG.info( + "SAN cert {0} has {1} hosts, " + "limit is {2}.".format( + san_cert_name, + san_hosts, + san_cert_hostname_limit)) continue last_sps_id = ( @@ -384,6 +392,15 @@ class CertificateController(base.CertificateBase): self.cert_info_storage.get_san_cert_hostname_limit() ) for cert_name in self.sni_cert_cnames: + enabled = ( + self.cert_info_storage.get_enabled_status( + cert_name, info_type='sni' + ) + ) + if not enabled: + LOG.info("SNI cert {0} is disabled.".format( + cert_name)) + continue cert_hostname_limit = ( cert_hostname_limit or self.driver.san_cert_hostname_limit @@ -393,6 +410,12 @@ class CertificateController(base.CertificateBase): cert_name ) if host_names_count >= cert_hostname_limit: + LOG.info( + "SNI cert {0} has {1} hosts, " + "limit is {2}.".format( + cert_name, + host_names_count, + cert_hostname_limit)) continue try: diff --git a/poppy/transport/validators/schemas/ssl_certificate.py b/poppy/transport/validators/schemas/ssl_certificate.py index 0fcb430c..533c7cfa 100644 --- a/poppy/transport/validators/schemas/ssl_certificate.py +++ b/poppy/transport/validators/schemas/ssl_certificate.py @@ -119,7 +119,10 @@ class SSLCertificateSchema(schema_base.SchemaBase): 'type': 'integer', # we cannot have 0 or negative enrollmentId 'minimum': 1 - } + }, + 'enabled': { + 'type': 'boolean' + }, } } },