// Copyright 2019 Yunion // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. package models import ( "context" "time" "yunion.io/x/cloudmux/pkg/cloudprovider" "yunion.io/x/jsonutils" "yunion.io/x/pkg/errors" "yunion.io/x/pkg/util/compare" "yunion.io/x/sqlchemy" "yunion.io/x/onecloud/pkg/apis" api "yunion.io/x/onecloud/pkg/apis/compute" "yunion.io/x/onecloud/pkg/cloudcommon/db" "yunion.io/x/onecloud/pkg/cloudcommon/db/lockman" "yunion.io/x/onecloud/pkg/cloudcommon/db/taskman" "yunion.io/x/onecloud/pkg/cloudcommon/notifyclient" "yunion.io/x/onecloud/pkg/cloudcommon/validators" "yunion.io/x/onecloud/pkg/httperrors" "yunion.io/x/onecloud/pkg/mcclient" "yunion.io/x/onecloud/pkg/util/stringutils2" ) // +onecloud:swagger-gen-model-singular=sslcertificate // +onecloud:swagger-gen-model-plural=sslcertificates type SSSLCertificateManager struct { db.SVirtualResourceBaseManager db.SExternalizedResourceBaseManager SDeletePreventableResourceBaseManager SManagedResourceBaseManager SDnsZoneResourceBaseManager } var SSLCertificateManager *SSSLCertificateManager func init() { SSLCertificateManager = &SSSLCertificateManager{ SVirtualResourceBaseManager: db.NewVirtualResourceBaseManager( SSSLCertificate{}, "sslcertificates_tbl", "sslcertificate", "sslcertificates", ), } SSLCertificateManager.SetVirtualObject(SSLCertificateManager) } type SSSLCertificate struct { db.SVirtualResourceBase db.SExternalizedResourceBase SManagedResourceBase SDnsZoneResourceBase SDeletePreventableResourceBase Sans string `width:"2048" charset:"utf8" nullable:"false" list:"user" create:"required"` StartDate time.Time `list:"user"` Province string `width:"64" charset:"utf8" nullable:"false" list:"user" create:"optional"` Common string `width:"128" charset:"utf8" nullable:"false" list:"user" create:"optional"` Country string `width:"32" charset:"utf8" nullable:"false" list:"user" create:"optional"` Issuer string `width:"128" charset:"utf8" nullable:"false" list:"user" create:"required"` IsUpload bool `list:"user" create:"optional"` EndDate time.Time `list:"user" create:"optional"` Fingerprint string `width:"128" charset:"utf8" nullable:"false" list:"user" create:"optional"` City string `width:"64" charset:"utf8" nullable:"false" list:"user" create:"optional"` OrgName string `width:"256" charset:"utf8" nullable:"false" list:"user" create:"optional"` Certificate string `charset:"utf8" nullable:"true" list:"user" create:"optional"` PrivateKey string `charset:"utf8" nullable:"true" list:"user" create:"optional"` } func (s SSSLCertificate) GetExternalId() string { return s.ExternalId } func (man *SSSLCertificateManager) FetchCustomizeColumns( ctx context.Context, userCred mcclient.TokenCredential, query jsonutils.JSONObject, objs []interface{}, fields stringutils2.SSortedStrings, isList bool, ) []api.SSLCertificateDetails { rows := make([]api.SSLCertificateDetails, len(objs)) virtRows := man.SVirtualResourceBaseManager.FetchCustomizeColumns(ctx, userCred, query, objs, fields, isList) manRows := man.SManagedResourceBaseManager.FetchCustomizeColumns(ctx, userCred, query, objs, fields, isList) for i := range rows { rows[i] = api.SSLCertificateDetails{ VirtualResourceDetails: virtRows[i], ManagedResourceInfo: manRows[i], } cert := objs[i].(*SSSLCertificate) rows[i].IsExpired = cert.EndDate.Before(time.Now()) } return rows } func (man *SSSLCertificateManager) GetContextManagers() [][]db.IModelManager { return [][]db.IModelManager{ {CloudproviderManager}, } } // SSLCertificate实例列表 func (man *SSSLCertificateManager) ListItemFilter( ctx context.Context, q *sqlchemy.SQuery, userCred mcclient.TokenCredential, query api.SSLCertificateListInput, ) (*sqlchemy.SQuery, error) { var err error q, err = man.SVirtualResourceBaseManager.ListItemFilter(ctx, q, userCred, query.VirtualResourceListInput) if err != nil { return nil, errors.Wrap(err, "SVirtualResourceBaseManager.ListItemFilter") } q, err = man.SExternalizedResourceBaseManager.ListItemFilter(ctx, q, userCred, query.ExternalizedResourceBaseListInput) if err != nil { return nil, errors.Wrap(err, "SExternalizedResourceBaseManager.ListItemFilter") } q, err = man.SDeletePreventableResourceBaseManager.ListItemFilter(ctx, q, userCred, query.DeletePreventableResourceBaseListInput) if err != nil { return nil, errors.Wrap(err, "SDeletePreventableResourceBaseManager.ListItemFilter") } q, err = man.SManagedResourceBaseManager.ListItemFilter(ctx, q, userCred, query.ManagedResourceListInput) if err != nil { return nil, errors.Wrap(err, "SManagedResourceBaseManager.ListItemFilter") } q, err = man.SDnsZoneResourceBaseManager.ListItemFilter(ctx, q, userCred, query.DnsZoneFilterListBase) if err != nil { return nil, errors.Wrap(err, "SDnsZoneResourceBaseManager.ListItemFilter") } if query.IsExpired != nil { if *query.IsExpired { q = q.LT("end_date", time.Now()) } else { q = q.GE("end_date", time.Now()) } } return q, nil } func (man *SSSLCertificateManager) OrderByExtraFields( ctx context.Context, q *sqlchemy.SQuery, userCred mcclient.TokenCredential, query api.SSLCertificateListInput, ) (*sqlchemy.SQuery, error) { q, err := man.SVirtualResourceBaseManager.OrderByExtraFields(ctx, q, userCred, query.VirtualResourceListInput) if err != nil { return nil, errors.Wrap(err, "SVirtualResourceBaseManager.OrderByExtraFields") } q, err = man.SManagedResourceBaseManager.OrderByExtraFields(ctx, q, userCred, query.ManagedResourceListInput) if err != nil { return nil, errors.Wrap(err, "SManagedResourceBaseManager.OrderByExtraFields") } return q, nil } func (man *SSSLCertificateManager) QueryDistinctExtraField(q *sqlchemy.SQuery, field string) (*sqlchemy.SQuery, error) { q, err := man.SVirtualResourceBaseManager.QueryDistinctExtraField(q, field) if err == nil { return q, nil } q, err = man.SManagedResourceBaseManager.QueryDistinctExtraField(q, field) if err == nil { return q, nil } q, err = man.SDnsZoneResourceBaseManager.QueryDistinctExtraField(q, field) if err == nil { return q, nil } return q, httperrors.ErrNotFound } func (manager *SSSLCertificateManager) QueryDistinctExtraFields(q *sqlchemy.SQuery, resource string, fields []string) (*sqlchemy.SQuery, error) { var err error q, err = manager.SManagedResourceBaseManager.QueryDistinctExtraFields(q, resource, fields) if err == nil { return q, nil } return q, httperrors.ErrNotFound } func (man *SSSLCertificateManager) ValidateCreateData( ctx context.Context, userCred mcclient.TokenCredential, ownerId mcclient.IIdentityProvider, query jsonutils.JSONObject, input *api.SSLCertificateCreateInput, ) (*api.SSLCertificateCreateInput, error) { if len(input.DnsZoneId) > 0 { obj, err := validators.ValidateModel(ctx, userCred, DnsZoneManager, &input.DnsZoneId) if err != nil { return nil, err } input.DnsZoneId = obj.GetId() } var err error input.VirtualResourceCreateInput, err = man.SVirtualResourceBaseManager.ValidateCreateData(ctx, userCred, ownerId, query, input.VirtualResourceCreateInput) if err != nil { return nil, err } return input, nil } func (self *SSSLCertificate) PostCreate(ctx context.Context, userCred mcclient.TokenCredential, ownerId mcclient.IIdentityProvider, query jsonutils.JSONObject, data jsonutils.JSONObject) { self.SVirtualResourceBase.PostCreate(ctx, userCred, ownerId, query, data) self.StartSSLCertificateCreateTask(ctx, userCred, "") } func (self *SSSLCertificate) StartSSLCertificateCreateTask(ctx context.Context, userCred mcclient.TokenCredential, parentTaskId string) error { params := jsonutils.NewDict() task, err := taskman.TaskManager.NewTask(ctx, "SSLCertificateCreateTask", self, userCred, params, parentTaskId, "", nil) if err != nil { return errors.Wrap(err, "NewTask") } self.SetStatus(ctx, userCred, apis.STATUS_CREATING, "") return task.ScheduleRun(nil) } func (self *SSSLCertificate) GetDnsZone() (*SDnsZone, error) { if len(self.DnsZoneId) == 0 { return nil, errors.Wrapf(cloudprovider.ErrNotFound, "DnsZoneId is empty") } zone, err := DnsZoneManager.FetchById(self.DnsZoneId) if err != nil { return nil, errors.Wrapf(err, "DnsZoneManager.FetchById") } return zone.(*SDnsZone), nil } func (r *SCloudprovider) GetSSLCertificates() ([]SSSLCertificate, error) { q := SSLCertificateManager.Query().Equals("manager_id", r.Id) ret := make([]SSSLCertificate, 0) err := db.FetchModelObjects(SSLCertificateManager, q, &ret) if err != nil { return nil, errors.Wrapf(err, "db.FetchModelObjects") } return ret, nil } func (r *SCloudprovider) SyncSSLCertificates( ctx context.Context, userCred mcclient.TokenCredential, exts []cloudprovider.ICloudSSLCertificate, ) compare.SyncResult { // 加锁防止重入 lockman.LockRawObject(ctx, SSLCertificateManager.KeywordPlural(), r.Id) defer lockman.ReleaseRawObject(ctx, SSLCertificateManager.KeywordPlural(), r.Id) result := compare.SyncResult{} dbEss, err := r.GetSSLCertificates() if err != nil { result.Error(err) return result } removed := make([]SSSLCertificate, 0) commondb := make([]SSSLCertificate, 0) commonext := make([]cloudprovider.ICloudSSLCertificate, 0) added := make([]cloudprovider.ICloudSSLCertificate, 0) // 本地和云上资源列表进行比对 err = compare.CompareSets(dbEss, exts, &removed, &commondb, &commonext, &added) if err != nil { result.Error(err) return result } // 删除云上没有的资源 for i := 0; i < len(removed); i++ { err := removed[i].syncRemoveCloudSSLCertificate(ctx, userCred) if err != nil { result.DeleteError(err) continue } result.Delete() } // 和云上资源属性进行同步 for i := 0; i < len(commondb); i++ { err := commondb[i].SyncWithCloudSSLCertificate(ctx, userCred, commonext[i]) if err != nil { result.UpdateError(err) continue } result.Update() } // 创建本地没有的云上资源 for i := 0; i < len(added); i++ { _, err := r.newFromCloudSSLCertificate(ctx, userCred, added[i]) if err != nil { result.AddError(err) continue } result.Add() } return result } func (s *SSSLCertificate) syncRemoveCloudSSLCertificate(ctx context.Context, userCred mcclient.TokenCredential) error { err := s.RealDelete(ctx, userCred) if err != nil { return err } notifyclient.EventNotify(ctx, userCred, notifyclient.SEventNotifyParam{ Obj: s, Action: notifyclient.ActionSyncDelete, }) return nil } // 删除证书 func (s *SSSLCertificate) CustomizeDelete(ctx context.Context, userCred mcclient.TokenCredential, query jsonutils.JSONObject, input jsonutils.JSONObject) error { err := s.StartSSLCertificateDeleteTask(ctx, userCred, nil) if err != nil { return errors.Wrapf(err, "StartSSLCertificateDeleteTask") } return nil } func (s *SSSLCertificate) StartSSLCertificateDeleteTask(ctx context.Context, userCred mcclient.TokenCredential, params *jsonutils.JSONDict) error { task, err := taskman.TaskManager.NewTask(ctx, "SSLCertificateDeleteTask", s, userCred, params, "", "", nil) if err != nil { return errors.Wrapf(err, "NewTask") } s.SetStatus(ctx, userCred, apis.STATUS_DELETING, "") return task.ScheduleRun(nil) } func (s *SSSLCertificate) Delete(ctx context.Context, userCred mcclient.TokenCredential) error { return nil } func (s *SSSLCertificate) RealDelete(ctx context.Context, userCred mcclient.TokenCredential) error { return s.SVirtualResourceBase.Delete(ctx, userCred) } // 同步资源属性 func (s *SSSLCertificate) SyncWithCloudSSLCertificate(ctx context.Context, userCred mcclient.TokenCredential, ext cloudprovider.ICloudSSLCertificate) error { diff, err := db.UpdateWithLock(ctx, s, func() error { s.ExternalId = ext.GetGlobalId() s.Status = ext.GetStatus() s.Name = ext.GetName() s.Sans = ext.GetSans() s.StartDate = ext.GetStartDate() s.Province = ext.GetProvince() s.Common = ext.GetCommon() s.Country = ext.GetCountry() s.Issuer = ext.GetIssuer() s.IsUpload = ext.GetIsUpload() s.EndDate = ext.GetEndDate() s.Fingerprint = ext.GetFingerprint() s.City = ext.GetCity() s.OrgName = ext.GetOrgName() s.Certificate = ext.GetCert() s.PrivateKey = ext.GetKey() if zoneId := ext.GetDnsZoneId(); len(zoneId) > 0 { zone, err := db.FetchByExternalIdAndManagerId(DnsZoneManager, zoneId, func(q *sqlchemy.SQuery) *sqlchemy.SQuery { return q.Equals("manager_id", s.ManagerId) }) if err == nil { s.DnsZoneId = zone.GetId() } } return nil }) if err != nil { return errors.Wrapf(err, "db.Update") } if len(diff) > 0 { notifyclient.EventNotify(ctx, userCred, notifyclient.SEventNotifyParam{ Obj: s, Action: notifyclient.ActionSyncUpdate, }) } if account := s.GetCloudaccount(); account != nil { syncVirtualResourceMetadata(ctx, userCred, s, ext, account.ReadOnly) } if provider := s.GetCloudprovider(); provider != nil { SyncCloudProject(ctx, userCred, s, provider.GetOwnerId(), ext, provider) } db.OpsLog.LogSyncUpdate(s, diff, userCred) return nil } func (r *SCloudprovider) newFromCloudSSLCertificate( ctx context.Context, userCred mcclient.TokenCredential, ext cloudprovider.ICloudSSLCertificate, ) (*SSSLCertificate, error) { s := SSSLCertificate{} s.SetModelManager(SSLCertificateManager, &s) s.ExternalId = ext.GetGlobalId() s.ManagerId = r.Id s.IsEmulated = ext.IsEmulated() s.Status = ext.GetStatus() s.Name = ext.GetName() s.Sans = ext.GetSans() s.StartDate = ext.GetStartDate() s.Province = ext.GetProvince() s.Common = ext.GetCommon() s.Country = ext.GetCountry() s.Issuer = ext.GetIssuer() //s.Expired = ext.GetExpired() s.IsUpload = ext.GetIsUpload() s.EndDate = ext.GetEndDate() s.Fingerprint = ext.GetFingerprint() s.City = ext.GetCity() s.OrgName = ext.GetOrgName() s.Certificate = ext.GetCert() s.PrivateKey = ext.GetKey() if zoneId := ext.GetDnsZoneId(); len(zoneId) > 0 { zone, err := db.FetchByExternalIdAndManagerId(DnsZoneManager, zoneId, func(q *sqlchemy.SQuery) *sqlchemy.SQuery { return q.Equals("manager_id", r.Id) }) if err == nil { s.DnsZoneId = zone.GetId() } } if createdAt := ext.GetCreatedAt(); !createdAt.IsZero() { s.CreatedAt = createdAt } var err error err = func() error { // 这里加锁是为了防止名称重复 lockman.LockRawObject(ctx, SSLCertificateManager.Keyword(), "name") defer lockman.ReleaseRawObject(ctx, SSLCertificateManager.Keyword(), "name") s.Name, err = db.GenerateName(ctx, SSLCertificateManager, r.GetOwnerId(), ext.GetName()) if err != nil { return errors.Wrapf(err, "db.GenerateName") } return SSLCertificateManager.TableSpec().Insert(ctx, &s) }() if err != nil { return nil, errors.Wrapf(err, "newFromCloudSSLCertificate.Insert") } notifyclient.EventNotify(ctx, userCred, notifyclient.SEventNotifyParam{ Obj: &s, Action: notifyclient.ActionSyncCreate, }) // 同步标签 _ = syncVirtualResourceMetadata(ctx, userCred, &s, ext, false) // 同步项目归属 SyncCloudProject(ctx, userCred, &s, r.GetOwnerId(), ext, r) db.OpsLog.LogEvent(&s, db.ACT_CREATE, s.GetShortDesc(ctx), userCred) return &s, nil } func (s *SSSLCertificate) GetICloudSSLCertificate(ctx context.Context) (cloudprovider.ICloudSSLCertificate, error) { if len(s.ExternalId) == 0 { return nil, errors.Wrapf(cloudprovider.ErrNotFound, "ExternalId is empty") } provider := s.GetCloudprovider() if provider == nil { return nil, errors.Wrapf(cloudprovider.ErrNotFound, "Cloudprovider is empty") } drv, err := provider.GetProvider(ctx) if err != nil { return nil, errors.Wrapf(err, "GetProvider") } certs, err := drv.GetISSLCertificates() if err != nil { return nil, errors.Wrapf(err, "GetICloudSSLCertificate") } for i := range certs { if certs[i].GetGlobalId() == s.ExternalId { return certs[i], nil } } return nil, errors.Wrapf(cloudprovider.ErrNotFound, "GetICloudSSLCertificate") } func (man *SSSLCertificateManager) ListItemExportKeys(ctx context.Context, q *sqlchemy.SQuery, userCred mcclient.TokenCredential, keys stringutils2.SSortedStrings, ) (*sqlchemy.SQuery, error) { var err error q, err = man.SVirtualResourceBaseManager.ListItemExportKeys(ctx, q, userCred, keys) if err != nil { return nil, errors.Wrap(err, "SVirtualResourceBaseManager.ListItemExportKeys") } if keys.ContainsAny(man.SManagedResourceBaseManager.GetExportKeys()...) { q, err = man.SManagedResourceBaseManager.ListItemExportKeys(ctx, q, userCred, keys) if err != nil { return nil, errors.Wrap(err, "SManagedResourceBaseManager.ListItemExportKeys") } } return q, nil }