diff options
author | Joanna Jeremicz <joanna.jeremicz@nokia.com> | 2020-07-29 12:20:10 +0200 |
---|---|---|
committer | Vijay Venkatesh Kumar <vv770d@att.com> | 2020-08-10 21:39:45 +0000 |
commit | 75758e6b5202c3a913c7a3509c3596a11c6270ad (patch) | |
tree | 86260a0e3546e0574670564861c0efa27488c0fd /k8s/k8splugin/tasks.py | |
parent | 8632fae6fbed323aa6e4f7dea1f16dab5612b373 (diff) |
Certificates from CMPv2 server - handle incorrect blueprint
K8splugin will stop without deployment creation when external_cert does not contain all the required parameters
Bugfix: K8splugin will not create cert-service-client init container by default
Issue-ID: DCAEGEN2-2252 DCAEGEN2-2380
Signed-off-by: Joanna Jeremicz <joanna.jeremicz@nokia.com>
Change-Id: Ibb6ada925ad8c7f1609e01ba9021a7dbcf0fe644
Diffstat (limited to 'k8s/k8splugin/tasks.py')
-rw-r--r-- | k8s/k8splugin/tasks.py | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/k8s/k8splugin/tasks.py b/k8s/k8splugin/tasks.py index 57fb8fb..e03e4d2 100644 --- a/k8s/k8splugin/tasks.py +++ b/k8s/k8splugin/tasks.py @@ -59,6 +59,14 @@ K8S_DEPLOYMENT = "k8s_deployment" RESOURCE_KW = "resource_config" LOCATION_ID = "location_id" +# External cert parameters +EXT_CERT_DIR = "external_cert_directory" +EXT_CA_NAME = "ca_name" +EXT_CERT_PARAMS = "external_certificate_parameters" +EXT_COMMON_NAME = "common_name" +EXT_CERT_ERROR_MESSAGE = "Provided blueprint is incorrect. It specifies external_cert without all the required parameters. " \ + "Required parameters are: {0}, {1}, {2}.{3}".format(EXT_CERT_DIR, EXT_CA_NAME, EXT_CERT_PARAMS, EXT_COMMON_NAME) + # Utility methods # Lifecycle interface calls for dcae.nodes.DockerContainer @@ -227,6 +235,14 @@ def _verify_k8s_deployment(location, service_component_name, max_wait): return True +def _fail_if_external_cert_incorrect(external_cert): + if not (external_cert.get(EXT_CERT_DIR) + and external_cert.get(EXT_CA_NAME) + and external_cert.get(EXT_CERT_PARAMS) + and external_cert.get(EXT_CERT_PARAMS).get(EXT_COMMON_NAME)): + ctx.logger.error(EXT_CERT_ERROR_MESSAGE) + raise NonRecoverableError(EXT_CERT_ERROR_MESSAGE) + def _create_and_start_container(container_name, image, **kwargs): ''' This will create a k8s Deployment and, if needed, a k8s Service or two. @@ -262,6 +278,9 @@ def _create_and_start_container(container_name, image, **kwargs): - k8s_location: name of the Kubernetes location (cluster) where the component is to be deployed ''' tls_info = kwargs.get("tls_info") or {} + external_cert = kwargs.get("external_cert") + if external_cert and external_cert.get("use_external_tls"): + _fail_if_external_cert_incorrect(external_cert) cert_dir = tls_info.get("cert_directory") or COMPONENT_CERT_DIR env = { "CONSUL_HOST": CONSUL_INTERNAL_NAME, "CONFIG_BINDING_SERVICE": "config-binding-service", |