diff --git a/poppy/distributed_task/taskflow/task/delete_service_tasks.py b/poppy/distributed_task/taskflow/task/delete_service_tasks.py index ab5a4053..f0315caf 100644 --- a/poppy/distributed_task/taskflow/task/delete_service_tasks.py +++ b/poppy/distributed_task/taskflow/task/delete_service_tasks.py @@ -230,6 +230,8 @@ def execute(self, project_id, service_id): service_id ) + storage_cert_obj = service_controller.ssl_certificate_storage + kwargs = { 'project_id': project_id, 'context_dict': context_utils.get_current().to_dict(), @@ -242,8 +244,16 @@ def execute(self, project_id, service_id): domain.protocol == 'https' and domain.certificate in ['san', 'sni'] ): + cert_obj = storage_cert_obj.get_certs_by_domain( + domain.domain, + cert_type=domain.certificate + ) kwargs["domain_name"] = domain.domain kwargs["cert_type"] = domain.certificate + if cert_obj: + kwargs["cert_obj_json"] = json.dumps(cert_obj.to_dict()) + else: + kwargs["cert_obj_json"] = json.dumps({}) LOG.info( "Delete service submit task {0} cert delete " "domain {1}.".format( diff --git a/poppy/distributed_task/taskflow/task/delete_ssl_certificate_tasks.py b/poppy/distributed_task/taskflow/task/delete_ssl_certificate_tasks.py index d0cab884..0b519c74 100644 --- a/poppy/distributed_task/taskflow/task/delete_ssl_certificate_tasks.py +++ b/poppy/distributed_task/taskflow/task/delete_ssl_certificate_tasks.py @@ -12,6 +12,7 @@ # implied. # See the License for the specific language governing permissions and # limitations under the License. +import json from oslo_config import cfg from oslo_log import log @@ -30,11 +31,17 @@ class DeleteProviderSSLCertificateTask(task.Task): default_provides = "responders" def execute(self, providers_list, domain_name, cert_type, - project_id, flavor_id): + project_id, cert_obj_json): service_controller = memoized_controllers.task_controllers('poppy') + cert_obj_json = json.loads(cert_obj_json) + + flavor_id = cert_obj_json.get('flavor_id') + cert_details = cert_obj_json.get('cert_details') + cert_obj = ssl_certificate.SSLCertificate(flavor_id, domain_name, - cert_type, project_id) + cert_type, project_id, + cert_details) responders = [] # try to delete all certificates from each provider @@ -90,11 +97,15 @@ def execute(self, project_id, domain_name, cert_type): self.storage_controller = self.ssl_certificate_manager.storage try: - self.storage_controller.delete_certificate( - project_id, - domain_name, - cert_type + cert = self.storage_controller.get_certs_by_domain( + domain_name, project_id=project_id ) + if cert: + self.storage_controller.delete_certificate( + project_id, + domain_name, + cert_type + ) except ValueError as e: LOG.exception(e) diff --git a/poppy/manager/default/ssl_certificate.py b/poppy/manager/default/ssl_certificate.py index 9820ac87..6f3e16bc 100644 --- a/poppy/manager/default/ssl_certificate.py +++ b/poppy/manager/default/ssl_certificate.py @@ -101,7 +101,7 @@ def delete_ssl_certificate(self, project_id, domain_name, cert_type): 'domain_name': domain_name, 'cert_type': cert_type, 'cert_obj_json': json.dumps(cert_obj.to_dict()), - 'providers_list_json': json.dumps(providers), + 'providers_list': providers, 'context_dict': context_utils.get_current().to_dict() } self.distributed_task_controller.submit_task( diff --git a/poppy/provider/akamai/certificates.py b/poppy/provider/akamai/certificates.py index 3e45b6ea..58228ff2 100644 --- a/poppy/provider/akamai/certificates.py +++ b/poppy/provider/akamai/certificates.py @@ -565,6 +565,21 @@ def delete_certificate(self, cert_obj): ) if found is False: + # Checking for pending changes while deleting + if (cert_obj.cert_details["Akamai"] + ["extra_info"]["change_url"]): + LOG.info("{0} has pending changes, skipping...".format( + cert_obj.domain_name) + ) + return self.responder.ssl_certificate_deleted( + cert_obj.domain_name, + { + 'status': 'failed due to pending changes', + 'reason': 'Delete request for {0} failed' + .format(cert_obj.domain_name) + } + ) + return self.responder.ssl_certificate_deleted( cert_obj.domain_name, { @@ -596,18 +611,6 @@ def delete_certificate(self, cert_obj): enrollment_id, resp.text)) resp_json = json.loads(resp.text) - # check enrollment does not have any pending changes - if len(resp_json['pendingChanges']) > 0: - LOG.info("{0} has pending changes, skipping...".format( - found_cert)) - return self.responder.ssl_certificate_deleted( - cert_obj.domain_name, - { - 'status': 'failed due to pending changes', - 'reason': 'Delete request for {0} failed' - .format(cert_obj.domain_name) - } - ) # remove domain name from sans resp_json['csr']['sans'].remove(cert_obj.domain_name) diff --git a/poppy/transport/pecan/controllers/v1/ssl_certificates.py b/poppy/transport/pecan/controllers/v1/ssl_certificates.py index d45d05d0..806bcf84 100644 --- a/poppy/transport/pecan/controllers/v1/ssl_certificates.py +++ b/poppy/transport/pecan/controllers/v1/ssl_certificates.py @@ -72,14 +72,17 @@ def post(self): helpers.abort_with_message) ) def delete(self, domain_name): - # For now we only support 'san' cert type - cert_type = pecan.request.GET.get('cert_type', 'san') - certificate_controller = \ self._driver.manager.ssl_certificate_controller + + certificate_info_dict = json.loads(pecan.request.body.decode('utf-8')) + try: + project_id = certificate_info_dict.get('project_id') + cert_type = certificate_info_dict.get('cert_type') + certificate_controller.delete_ssl_certificate( - self.project_id, domain_name, cert_type + project_id, domain_name, cert_type ) except ValueError as e: pecan.abort(400, detail='Delete ssl certificate failed. ' diff --git a/tests/unit/distributed_task/taskflow/test_flows.py b/tests/unit/distributed_task/taskflow/test_flows.py index ebb53c5e..ee05fcae 100644 --- a/tests/unit/distributed_task/taskflow/test_flows.py +++ b/tests/unit/distributed_task/taskflow/test_flows.py @@ -1063,8 +1063,8 @@ def test_delete_ssl_certificate_normal(self): 'cert_type': "san", 'project_id': json.dumps(str(uuid.uuid4())), 'domain_name': "mytestsite.com", - 'cert_obj': json.dumps(cert_obj.to_dict()), - 'providers_list': json.dumps(providers), + 'cert_obj_json': json.dumps(cert_obj.to_dict()), + 'providers_list': providers, 'flavor_id': "premium", 'context_dict': context_utils.RequestContext().to_dict() } diff --git a/tests/unit/provider/akamai/test_certificates.py b/tests/unit/provider/akamai/test_certificates.py index d7ca6599..e5cdae49 100644 --- a/tests/unit/provider/akamai/test_certificates.py +++ b/tests/unit/provider/akamai/test_certificates.py @@ -922,13 +922,25 @@ def test_cert_create_sni_cert_pending_changes(self): responder['Akamai']['extra_info']['action'] ) - def test_cert_delete_domain_exists_on_sni_certs(self): + def test_cert_delete_sni_cert_pending_changes(self): cert_obj = ssl_certificate.load_from_json({ "flavor_id": "flavor_id", "domain_name": "www.abc.com", "cert_type": "sni", - "project_id": "project_id" + "project_id": "project_id", + "cert_details": { + "Akamai": { + "cert_domain": "secured1.sni1.altcdn.com", + "extra_info": { + "status": "create_in_progress", + "change_url": "/cps/v2/enrollments/12345/changes/3418", + "created_at": "2018-06-27 06:52:46.427044", + "sni_cert": "secured1.sni1.altcdn.com", + "action": "Waiting for customer domain validation " + } + } + } }) self.mock_sans_alternate.return_value = [] @@ -937,57 +949,6 @@ def test_cert_delete_domain_exists_on_sni_certs(self): responder = controller.delete_certificate(cert_obj) - self.assertEqual( - 'failed', - responder['Akamai']['extra_info']['status'] - ) - self.assertEqual( - 'Domain does not exist on any certificate ', - responder['Akamai']['extra_info']['reason'] - ) - - def test_cert_delete_sni_cert_pending_changes(self): - - cert_obj = ssl_certificate.load_from_json({ - "flavor_id": "flavor_id", - "domain_name": "www.abc.com", - "cert_type": "sni", - "project_id": "project_id" - }) - - self.mock_sans_alternate.return_value = cert_obj.domain_name - - controller = certificates.CertificateController(self.driver) - controller.cert_info_storage.get_enrollment_id.return_value = 1234 - - controller.cps_api_client.get.return_value = mock.Mock( - status_code=200, - text=json.dumps({ - "csr": { - "cn": "www.example.com", - "c": "US", - "st": "MA", - "l": "Cambridge", - "o": "Akamai", - "ou": "WebEx", - "sans": [ - "example.com", - "test.example.com" - ] - }, - "pendingChanges": [ - "/cps/v2/enrollments/234/changes/10000" - ] - }) - ) - controller.cps_api_client.put.return_value = mock.Mock( - status_code=500, - text='INTERNAL SERVER ERROR' - ) - - responder = controller.delete_certificate(cert_obj) - - self.assertEqual('www.abc.com', responder['Akamai']['cert_domain']) self.assertEqual( 'failed due to pending changes', responder['Akamai']['extra_info']['status']