Merge e6ee82c into 676312f

HewlettPackard · Sep 25, 2018 · 73c04d0 · 73c04d0
2 parents 676312f + e6ee82c
commit 73c04d0
Show file tree

Hide file tree

Showing 10 changed files with 110 additions and 63 deletions.
diff --git a/README.md b/README.md
@@ -116,6 +116,16 @@ In order to start up oneview-redfish-toolkit service, there is some mandatory co
 
   * **DeliveryRetryIntervalSeconds**: The value of this property shall be the interval in seconds between the retry attempts for any given event to the subscription destination.
 
+* `scmb` section
+
+  * **CAFile**: The CA certificate file for SCMB.
+
+  * **SCMBCertFile**: The SCMB cert file.
+
+  * **SCMBKeyFile**: The SCMB key file.
+
+  That files will be generated automatically by the application if do not exist.
+
 * `ssl` section
 
   * **SSLType**: select one of the options below. The default value used is **adhoc**.

diff --git a/certs/.gitignore b/certs/.gitignore
diff --git a/logging.conf b/logging.conf
diff --git a/oneview_redfish_toolkit/api/scmb.py b/oneview_redfish_toolkit/api/scmb.py
@@ -30,9 +30,10 @@
 from oneview_redfish_toolkit import util
 
 
-ONEVIEW_CA = "oneview_redfish_toolkit/certs/oneview_ca.pem"
-SCMB_CERT = "oneview_redfish_toolkit/certs/oneview_scmb.pem"
-SCMB_KEY = "oneview_redfish_toolkit/certs/oneview_scmb.key"
+SCMB_DIR_NAME = "scmb"
+ONEVIEW_CA_NAME = "oneview_ca.pem"
+SCMB_CERT_NAME = "oneview_scmb.pem"
+SCMB_KEY_NAME = "oneview_scmb.key"
 SCMB_PORT = 5671
 SCMB_SOCKET_TIMEOUT = 5  # seconds
 SCMB_RESOURCE_LIST = [
@@ -43,9 +44,34 @@
 SCMB_EXCHANGE_NAME = 'scmb'
 
 
+def _scmb_base_dir():
+    certs_dir = os.path.dirname(config.get_config()['ssl']['SSLCertFile'])
+    return os.path.join(certs_dir, SCMB_DIR_NAME)
+
+
+def _oneview_ca_path():
+    return os.path.join(_scmb_base_dir(), ONEVIEW_CA_NAME)
+
+
+def _scmb_cert_path():
+    return os.path.join(_scmb_base_dir(), SCMB_CERT_NAME)
+
+
+def _scmb_key_path():
+    return os.path.join(_scmb_base_dir(), SCMB_KEY_NAME)
+
+
 def check_cert_exist():
-    return os.path.isfile(ONEVIEW_CA) & os.path.isfile(SCMB_CERT) & \
-        os.path.isfile(SCMB_KEY)
+    try:
+        _scmb_base_dir()
+    except KeyError as error:
+        logging.error("Invalid configuration for ssl cert. "
+                      "Verify the [ssl] section in config file")
+        raise error
+
+    return os.path.isfile(_oneview_ca_path()) and \
+        os.path.isfile(_scmb_cert_path()) and \
+        os.path.isfile(_scmb_key_path())
 
 
 def get_oneview_client():
@@ -70,7 +96,10 @@ def get_cert():
 
     cert = ov_client.certificate_authority.get()
 
-    with open(ONEVIEW_CA, 'w+') as f:
+    # Create the dir to save the scmb files
+    os.makedirs(name=_scmb_base_dir(), exist_ok=True)
+
+    with open(_oneview_ca_path(), 'w+') as f:
         f.write(cert)
     # Generate scmb Cert:
     try:
@@ -91,10 +120,10 @@ def get_cert():
     certs = ov_client.certificate_rabbitmq.get_key_pair(
         'default')
     # Save cert
-    with open(SCMB_CERT, 'w+') as f:
+    with open(_scmb_cert_path(), 'w+') as f:
         f.write(certs['base64SSLCertData'])
     # Save key
-    with open(SCMB_KEY, 'w+') as f:
+    with open(_scmb_key_path(), 'w+') as f:
         f.write(certs['base64SSLKeyData'])
 
 
@@ -104,9 +133,9 @@ def scmb_connect():
     scmb_server = config.get_oneview_multiple_ips()[0]
 
     # Setup our ssl options
-    ssl_options = ({'ca_certs': ONEVIEW_CA,
-                    'certfile': SCMB_CERT,
-                    'keyfile': SCMB_KEY,
+    ssl_options = ({'ca_certs': _oneview_ca_path(),
+                    'certfile': _scmb_cert_path(),
+                    'keyfile': _scmb_key_path(),
                     'cert_reqs': ssl.CERT_REQUIRED,
                     'server_side': False})
 

diff --git a/oneview_redfish_toolkit/certs/.gitignore b/oneview_redfish_toolkit/certs/.gitignore
diff --git a/oneview_redfish_toolkit/certs/__init__.py b/oneview_redfish_toolkit/certs/__init__.py
diff --git a/oneview_redfish_toolkit/tests/api/test_scmb.py b/oneview_redfish_toolkit/tests/api/test_scmb.py
@@ -13,7 +13,8 @@
 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 # License for the specific language governing permissions and limitations
 # under the License.
-
+import os
+import shutil
 from unittest import mock
 
 from hpOneView.exceptions import HPOneViewException
@@ -26,17 +27,65 @@
 class TestSCMB(BaseTest):
     """Tests for SCMB module"""
 
+    @mock.patch.object(scmb, 'config')
     @mock.patch('os.path.isfile')
-    def test_check_cert_exist(self, isfile):
+    def test_check_cert_exist(self, isfile, config_mock):
+        config_mock.get_config.return_value = {
+            'ssl': {
+                'SSLCertFile': ''
+            }
+        }
+
         # Files exist
         isfile.return_value = True
         self.assertTrue(scmb.check_cert_exist())
+
         # Certs files don't exist
         isfile.return_value = False
         self.assertFalse(scmb.check_cert_exist())
 
+    @mock.patch.object(scmb, 'config')
+    def test_paths_generated_for_scmb_files(self, config_mock):
+        config_mock.get_config.return_value = {
+            'ssl': {
+                'SSLCertFile': '/dir/cert_file.crt'
+            }
+        }
+
+        self.assertEqual('/dir/scmb/oneview_ca.pem', scmb._oneview_ca_path())
+        self.assertEqual('/dir/scmb/oneview_scmb.pem', scmb._scmb_cert_path())
+        self.assertEqual('/dir/scmb/oneview_scmb.key', scmb._scmb_key_path())
+
+    @mock.patch.object(scmb, 'config')
+    @mock.patch.object(scmb, 'logging')
+    def test_check_cert_exist_when_config_key_is_missing(self,
+                                                         logging_mock,
+                                                         config_mock):
+        config_mock.get_config.return_value = {
+            'ssl': {}
+        }
+
+        with self.assertRaises(KeyError) as error:
+            scmb.check_cert_exist()
+
+        logging_mock.error.assert_called_with(
+            'Invalid configuration for ssl cert. '
+            'Verify the [ssl] section in config file')
+
+        self.assertEqual("'SSLCertFile'", str(error.exception))
+
+    @mock.patch.object(scmb, 'config')
     @mock.patch.object(scmb, 'get_oneview_client')
-    def test_get_cert(self, get_oneview_client):
+    def test_get_cert(self, get_oneview_client, config_mock):
+        config_mock.get_config.return_value = {
+            'ssl': {
+                'SSLCertFile': 'cert_file.crt'
+            }
+        }
+
+        os.makedirs(name='scmb', exist_ok=True)
+        self.addCleanup(shutil.rmtree, 'scmb')
+
         # Certs Generated with success
         oneview_client = mock.MagicMock()
         oneview_client.certificate_authority.get.return_value = "CA CERT"

diff --git a/oneview_redfish_toolkit/tests/test_util.py b/oneview_redfish_toolkit/tests/test_util.py
@@ -66,13 +66,13 @@ def test_create_certs(
 
         config.load_config(self.config_file)
 
-        util.generate_certificate("oneview_redfish_toolkit/certs",
+        util.generate_certificate("oneview_redfish_toolkit/",
                                   "test", 2048)
 
         self.assertTrue(os.path.exists(os.path.join("oneview_redfish_toolkit",
-                        "certs", "test" + ".crt")))
+                        "test" + ".crt")))
         self.assertTrue(os.path.exists(os.path.join("oneview_redfish_toolkit",
-                        "certs", "test" + ".key")))
+                        "test" + ".key")))
 
     @mock.patch.object(connection, 'check_oneview_availability')
     def test_load_event_service_invalid_info(

diff --git a/scripts/oneview-redfish-toolkit b/scripts/oneview-redfish-toolkit
@@ -24,7 +24,7 @@ import configparser
 import shutil
 import oneview_redfish_toolkit.app
 
-ENCODING='utf-8'
+ENCODING = 'utf-8'
 CFG_DIR_NAME = 'oneview-redfish-toolkit'
 REDFISH_CFG_FILE_NAME = 'redfish.conf'
 LOGGING_CFG_FILE_NAME = 'logging.conf'
@@ -73,19 +73,11 @@ def get_config_dir_path(dir_name):
     cgf_dir_path = os.path.join(cfg_dir, dir_name)
 
     if not os.path.isdir(cgf_dir_path):
-        create_config_dir(cfg_dir, dir_name)
+        os.makedirs(name=cgf_dir_path, exist_ok=True)
 
     return cgf_dir_path
 
 
-def create_config_dir(path_dir, dir_name):
-    """Create config directory copying from application lib
-    """
-    source = pkg_resources.resource_filename(oneview_redfish_toolkit.__name__, dir_name)
-    os.makedirs(name=path_dir, exist_ok=True)
-    shutil.copytree(source, os.path.join(path_dir, dir_name))
-
-
 def get_path_redfish_conf():
     """Get path for redfish.conf """
     config_path = get_config_file_path(REDFISH_CFG_FILE_NAME)
@@ -98,12 +90,12 @@ def get_path_redfish_conf():
 
     if not ov_ip:
         ov_ip = str(input('Set Oneview IP: '))
-        config['oneview_config']['ip'] =  ov_ip
+        config['oneview_config']['ip'] = ov_ip
 
     if not certs_dir:
         certs_dir = get_config_dir_path(CERTS_DIR_NAME)
-        config['ssl']['SSLCertFile'] =  os.path.join(certs_dir, CERTS_CRT_FILE_NAME)
-        config['ssl']['SSLKeyFile'] =  os.path.join(certs_dir, CERTS_KEY_FILE_NAME)
+        config['ssl']['SSLCertFile'] = os.path.join(certs_dir, CERTS_CRT_FILE_NAME)
+        config['ssl']['SSLKeyFile'] = os.path.join(certs_dir, CERTS_KEY_FILE_NAME)
 
     if save_file:
         with open(config_path, 'w') as configfile:

diff --git a/setup.cfg b/setup.cfg
@@ -28,7 +28,6 @@ package-data =
     oneview_redfish_toolkit = conf/*.conf
     oneview_redfish_toolkit = registry/*.json
     oneview_redfish_toolkit = schemas/*.json
-    oneview_redfish_toolkit = certs/*
 
 
 [build_sphinx]