Skip to content

KVM: Enhancements for direct download feature #3374

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
nvazquez merged 5 commits into from
Jul 18, 2019
Merged

KVM: Enhancements for direct download feature #3374

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
9ca0661
Add revoke certificates API
nvazquez Jun 4, 2019
de3923e
Add background task to sync certificates
nvazquez Jun 5, 2019
126ed86
Fix marvin test and revoke certificate
nvazquez Jun 11, 2019
cd5f473
Fix certificate sent to hypervisor was missing headers
nvazquez Jul 12, 2019
7cf06ed
Fix background task for uploading certificates to hosts
nvazquez Jul 12, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Fix marvin test and revoke certificate
  • Loading branch information
@nvazquez
nvazquez committed Jul 18, 2019
commit 126ed86d7efe2742122336901d1e8e545ad9c7e2
3 changes: 1 addition & 2 deletions ...ema/src/main/java/org/apache/cloudstack/direct/download/DirectDownloadCertificateDao.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,6 @@
import java.util.List;

public interface DirectDownloadCertificateDao extends GenericDao<DirectDownloadCertificateVO, Long> {
DirectDownloadCertificateVO findByAlias(String alias);
List<DirectDownloadCertificateVO> listByHypervisorType(Hypervisor.HypervisorType hypervisorType);
DirectDownloadCertificateVO findByAlias(String alias, Hypervisor.HypervisorType hypervisorType, long zoneId);
List<DirectDownloadCertificateVO> listByZone(long zoneId);
}
11 changes: 3 additions & 8 deletions ...src/main/java/org/apache/cloudstack/direct/download/DirectDownloadCertificateDaoImpl.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,17 +36,12 @@ public DirectDownloadCertificateDaoImpl() {
}

@Override
public DirectDownloadCertificateVO findByAlias(String alias) {
public DirectDownloadCertificateVO findByAlias(String alias, Hypervisor.HypervisorType hypervisorType, long zoneId) {
SearchCriteria<DirectDownloadCertificateVO> sc = certificateSearchBuilder.create();
sc.setParameters("alias", alias);
return findOneBy(sc);
}

@Override
public List<DirectDownloadCertificateVO> listByHypervisorType(Hypervisor.HypervisorType hypervisorType) {
SearchCriteria<DirectDownloadCertificateVO> sc = certificateSearchBuilder.create();
sc.setParameters("hypervisor_type", hypervisorType);
return listBy(sc);
sc.setParameters("zone_id", zoneId);
return findOneBy(sc);
}

@Override
Expand Down
3 changes: 3 additions & 0 deletions .../main/java/org/apache/cloudstack/direct/download/DirectDownloadCertificateHostMapDao.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,9 @@

import com.cloud.utils.db.GenericDao;

import java.util.List;

public interface DirectDownloadCertificateHostMapDao extends GenericDao<DirectDownloadCertificateHostMapVO, Long> {
DirectDownloadCertificateHostMapVO findByCertificateAndHost(long certificateId, long hostId);
List<DirectDownloadCertificateHostMapVO> listByCertificateId(long certificateId);
}
9 changes: 9 additions & 0 deletions ...n/java/org/apache/cloudstack/direct/download/DirectDownloadCertificateHostMapDaoImpl.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,8 @@
import com.cloud.utils.db.SearchBuilder;
import com.cloud.utils.db.SearchCriteria;

import java.util.List;

public class DirectDownloadCertificateHostMapDaoImpl extends GenericDaoBase<DirectDownloadCertificateHostMapVO, Long> implements DirectDownloadCertificateHostMapDao {
private final SearchBuilder<DirectDownloadCertificateHostMapVO> mapSearchBuilder;

Expand All @@ -36,4 +38,11 @@ public DirectDownloadCertificateHostMapVO findByCertificateAndHost(long certific
sc.setParameters("host_id", hostId);
return findOneBy(sc);
}

@Override
public List<DirectDownloadCertificateHostMapVO> listByCertificateId(long certificateId) {
SearchCriteria<DirectDownloadCertificateHostMapVO> sc = mapSearchBuilder.create();
sc.setParameters("certificate_id", certificateId);
return listBy(sc);
}
}
21 changes: 14 additions & 7 deletions server/src/main/java/org/apache/cloudstack/direct/download/DirectDownloadManagerImpl.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -391,7 +391,7 @@ public boolean uploadCertificateToHosts(String certificateCer, String alias, Str
String certificatePem = getPretifiedCertificate(certificateCer);
certificateSanity(certificatePem);

DirectDownloadCertificateVO certificateVO = directDownloadCertificateDao.findByAlias(alias);
DirectDownloadCertificateVO certificateVO = directDownloadCertificateDao.findByAlias(alias, hypervisorType, zoneId);
if (certificateVO != null) {
throw new CloudRuntimeException("Certificate alias " + alias + " has been already created");
}
Expand Down Expand Up @@ -453,15 +453,22 @@ public boolean uploadCertificate(long certificateId, long hostId) {
@Override
public boolean revokeCertificateAlias(String certificateAlias, String hypervisor, Long zoneId) {
HypervisorType hypervisorType = HypervisorType.getType(hypervisor);
List<HostVO> hosts = getRunningHostsToUploadCertificate(zoneId, hypervisorType);
s_logger.info("Attempting to revoke certificate alias: " + certificateAlias + " from " + hosts.size() + " hosts");
if (CollectionUtils.isNotEmpty(hosts)) {
for (HostVO host : hosts) {
if (!revokeCertificateAliasFromHost(certificateAlias, host.getId())) {
String msg = "Could not revoke certificate from host: " + host.getName() + " (" + host.getUuid() + ")";
DirectDownloadCertificateVO certificateVO = directDownloadCertificateDao.findByAlias(certificateAlias, hypervisorType, zoneId);
if (certificateVO == null) {
throw new CloudRuntimeException("Certificate alias " + certificateAlias + " does not exist");
}

List<DirectDownloadCertificateHostMapVO> maps = directDownloadCertificateHostMapDao.listByCertificateId(certificateVO.getId());
s_logger.info("Attempting to revoke certificate alias: " + certificateAlias + " from " + maps.size() + " hosts");
if (CollectionUtils.isNotEmpty(maps)) {
for (DirectDownloadCertificateHostMapVO map : maps) {
Long hostId = map.getHostId();
if (!revokeCertificateAliasFromHost(certificateAlias, hostId)) {
String msg = "Could not revoke certificate from host: " + hostId;
s_logger.error(msg);
throw new CloudRuntimeException(msg);
}
directDownloadCertificateHostMapDao.remove(map.getId());
}
}
return true;
Expand Down
5 changes: 4 additions & 1 deletion test/integration/smoke/test_direct_download.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,7 @@ def test_01_sanity_check_on_certificates(self):
cmd.hypervisor = self.hypervisor
cmd.name = "marvin-test-verify-certs"
cmd.certificate = self.certificates["invalid"]
cmd.zoneid = self.zone.id

invalid_cert_uploadFails = False
expired_cert_upload_fails = False
Expand Down Expand Up @@ -126,6 +127,7 @@ def test_02_upload_direct_download_certificates(self):
cmd.hypervisor = self.hypervisor
cmd.name = "marvin-test-verify-certs"
cmd.certificate = self.certificates["valid"]
cmd.zoneid = self.zone.id

try:
self.apiclient.uploadTemplateDirectDownloadCertificate(cmd)
Expand All @@ -135,9 +137,10 @@ def test_02_upload_direct_download_certificates(self):
revokecmd = revokeTemplateDirectDownloadCertificate.revokeTemplateDirectDownloadCertificateCmd()
revokecmd.hypervisor = self.hypervisor
revokecmd.name = cmd.name
revokecmd.zoneid = self.zone.id

try:
self.apiclient.revokeTemplateDirectDownloadCertificate(cmd)
self.apiclient.revokeTemplateDirectDownloadCertificate(revokecmd)
except Exception as e:
self.fail("Uploaded certificates should be revoked when needed")

Expand Down