CFY-5334 add SSL support

Author: adamlavie

components/manager/scripts/creation_validation.py

@@ -10,7 +10,6 @@
 import utils  # NOQA
 
 IMMUTABLE_PROPERTIES = [
-    'security',
     'ssh_user'
 ]
 

components/manager/scripts/sanity/sanity.py

@@ -44,7 +44,7 @@ def _upload_app_blueprint(app_tar):
         app_data = f.read()
     length = os.path.getsize(app_tar)
 
-    headers = utils.create_maintenance_headers()
+    headers = {}
     headers['Content-Length'] = length
     headers['Content-Type'] = 'application/octet-stream'
     params = urllib.urlencode(
@@ -53,7 +53,7 @@ def _upload_app_blueprint(app_tar):
 
     endpoint = '{0}/blueprints/{1}'.format(_get_url_prefix(), BLUEPRINT_ID)
     url = endpoint + '?' + params
-    utils.http_request(url,
+    utils.rest_request(url,
                        data=app_data,
                        headers=headers)
 
@@ -69,10 +69,9 @@ def _deploy_app():
         'blueprint_id': BLUEPRINT_ID,
         'inputs': dep_inputs
     }
-    headers = utils.create_maintenance_headers()
-    headers.update({'content-type': 'application/json'})
+    headers = {'content-type': 'application/json'}
 
-    utils.http_request(
+    utils.rest_request(
             '{0}/deployments/{1}'.format(_get_url_prefix(), DEPLOYMENT_ID),
             data=json.dumps(data),
             headers=headers)
@@ -92,10 +91,9 @@ def _install_sanity_app():
         'deployment_id': DEPLOYMENT_ID,
         'workflow_id': 'install'
     }
-    headers = utils.create_maintenance_headers()
-    headers.update({'content-type': 'application/json'})
+    headers = {'content-type': 'application/json'}
 
-    resp = utils.http_request(
+    resp = utils.rest_request(
             '{0}/executions'.format(_get_url_prefix()),
             method='POST',
             data=json.dumps(data),
@@ -112,27 +110,26 @@ def _install_sanity_app():
         timeout_msg='Timed out while waiting for '
                     'deployment {0} to install'.format(DEPLOYMENT_ID))
 
-    resp_content = resp.readlines()
-    json_resp = json.loads(resp_content[0])
+    json_resp = json.loads(resp.content)
     return json_resp['id']
 
 
 def _assert_logs_and_events(execution_id):
-    headers = utils.create_maintenance_headers()
     params = urllib.urlencode(
             dict(execution_id=execution_id,
                  type='cloudify_log'))
 
     endpoint = '{0}/events'.format(_get_url_prefix())
     url = endpoint + '?' + params
-    resp = utils.http_request(url, method='GET', headers=headers, timeout=30)
+    resp = utils.rest_request(url,
+                              method='GET',
+                              timeout=30)
     if not resp:
         ctx.abort_operation("Can't connect to elasticsearch")
     if resp.code != 200:
         ctx.abort_operation('Failed to retrieve logs/events')
 
-    resp_content = resp.readlines()
-    json_resp = json.loads(resp_content[0])
+    json_resp = json.loads(resp.content)
 
     if 'items' not in json_resp or not json_resp['items']:
         ctx.abort_operation('No logs/events received')
@@ -165,10 +162,9 @@ def _uninstall_sanity_app():
         'deployment_id': DEPLOYMENT_ID,
         'workflow_id': 'uninstall'
     }
-    headers = utils.create_maintenance_headers()
-    headers.update({'content-type': 'application/json'})
+    headers = {'content-type': 'application/json'}
 
-    utils.http_request(
+    utils.rest_request(
         '{0}/executions'.format(_get_url_prefix()),
         method='POST',
         data=json.dumps(data),
@@ -189,12 +185,10 @@ def _uninstall_sanity_app():
 def _delete_sanity_deployment():
     if not _is_sanity_dep_exist():
         return
-    headers = utils.create_maintenance_headers()
 
-    resp = utils.http_request(
+    resp = utils.rest_request(
         '{0}/deployments/{1}'.format(_get_url_prefix(), DEPLOYMENT_ID),
-        method='DELETE',
-        headers=headers)
+        method='DELETE')
 
     if resp.code != 200:
         ctx.abort_operation('Failed deleting '
@@ -205,11 +199,9 @@ def _delete_sanity_deployment():
 def _delete_sanity_blueprint():
     if not _is_sanity_blueprint_exist():
         return
-    headers = utils.create_maintenance_headers()
-    resp = utils.http_request(
+    resp = utils.rest_request(
         '{0}/blueprints/{1}'.format(_get_url_prefix(), BLUEPRINT_ID),
-        method='DELETE',
-        headers=headers)
+        method='DELETE')
 
     if resp.code != 200:
         ctx.abort_operation('Failed deleting '
@@ -223,23 +215,19 @@ def _delete_key_file():
 
 
 def _is_sanity_dep_exist(should_fail=False):
-    headers = utils.create_maintenance_headers()
-    res = utils.http_request(
+    res = utils.rest_request(
         '{0}/deployments/{1}'.format(_get_url_prefix(), DEPLOYMENT_ID),
         method='GET',
-        headers=headers,
         should_fail=should_fail)
     if not res:
         return False
     return res.code == 200
 
 
 def _is_sanity_blueprint_exist(should_fail=False):
-    headers = utils.create_maintenance_headers()
-    res = utils.http_request(
+    res = utils.rest_request(
             '{0}/blueprints/{1}'.format(_get_url_prefix(), BLUEPRINT_ID),
             method='GET',
-            headers=headers,
             should_fail=should_fail)
     if not res:
         return False
@@ -276,7 +264,15 @@ def perform_sanity():
     perform_sanity()
 
 if utils.is_upgrade or utils.is_rollback:
+    # Restore the snapshot at the end of the workflow.
     utils.restore_upgrade_snapshot()
 
 if utils.is_upgrade:
+    # To keep the upgrade workflow idempotent, this flag is used to figure
+    # out if the next upgrade should dispose of old rollback data.
     utils.set_upgrade_success_in_upgrade_meta()
+
+if utils.is_rollback:
+    # remove data created by the upgrade process.
+    utils.remove(utils.UPGRADE_METADATA_FILE)
+    utils.remove(utils.ES_UPGRADE_DUMP_PATH)

components/nginx/scripts/start.py

@@ -25,12 +25,6 @@ def check_response(response):
 utils.start_service(NGINX_SERVICE_NAME, append_prefix=False)
 utils.systemd.verify_alive(NGINX_SERVICE_NAME, append_prefix=False)
 
-nginx_url = 'http://127.0.0.1/api/v2.1/blueprints'
+nginx_url = '127.0.0.1/api/v2.1/blueprints'
 
-if utils.is_upgrade or utils.is_rollback:
-    headers = utils.create_maintenance_headers()
-else:
-    headers = utils.get_auth_headers(True)
-
-utils.verify_service_http(NGINX_SERVICE_NAME, nginx_url, check_response,
-                          headers=headers)
+utils.verify_service_http(NGINX_SERVICE_NAME, nginx_url, check_response)

components/restservice/scripts/start.py

@@ -1,8 +1,8 @@
 #!/usr/bin/env python
 
 import json
+import httplib
 import urllib2
-import urlparse
 from os.path import join, dirname
 
 from cloudify import ctx
@@ -23,22 +23,10 @@ def verify_restservice(url):
     that also requires the storage backend to be up, so if it works, there's
     a good chance everything is configured correctly.
     """
-    blueprints_url = urlparse.urljoin(url, 'api/v2.1/blueprints')
-
-    headers = utils.get_auth_headers(True)
-
-    if utils.is_upgrade or utils.is_rollback:
-        # if we're doing an upgrade, we're in maintenance mode - this request
-        # is safe to perform in maintenance mode, so let's bypass the check
-        headers = utils.create_maintenance_headers()
-    else:
-        headers = utils.get_auth_headers(True)
-
-    req = urllib2.Request(blueprints_url, headers=headers)
-
+    blueprints_url = '{0}/{1}'.format(url, 'api/v2.1/blueprints')
     try:
-        response = urllib2.urlopen(req)
-    except urllib2.URLError as e:
+        response = utils.rest_request(blueprints_url)
+    except (urllib2.URLError, httplib.HTTPException) as e:
         ctx.abort_operation('REST service returned an invalid response: {0}'
                             .format(e))
     if response.code == 401:
@@ -50,7 +38,7 @@ def verify_restservice(url):
                             .format(response.code))
 
     try:
-        json.load(response)
+        json.loads(response.content)
     except ValueError as e:
         ctx.abort_operation('REST service returned malformed JSON: {0}'
                             .format(e))
@@ -61,6 +49,6 @@ def verify_restservice(url):
 
 utils.systemd.verify_alive(REST_SERVICE_NAME)
 
-restservice_url = 'http://{0}:{1}'.format('127.0.0.1', 8100)
+restservice_url = '127.0.0.1'
 utils.verify_service_http(REST_SERVICE_NAME, restservice_url)
 verify_restservice(restservice_url)