Changes in checking SSL certificate files.

diff --git a/lib/webhooks/base_app.py b/lib/webhooks/base_app.py
index 4f6b5f92d753c58f60d7873a69f4d653e1e0b930..1ca90cf015a34b06d3d158c52f4f8507d9b63e79 100644 (file)
--- a/lib/webhooks/base_app.py
+++ b/lib/webhooks/base_app.py
@@ -17,6 +17,7 @@ import datetime
 import json
 import smtplib
 import argparse
+import traceback
 from email.message import EmailMessage
 
 # Third party modules
@@ -441,13 +442,6 @@ class BaseHookApp(object):
         self.data = sys.stdin.read()
         try:
             self.json_data = json.loads(self.data)
-        except Exception as e:
-            msg = "Got a {n} reading input data as JSON: {e}".format(n=e.__class__.__name__, e=e)
-            msg += "\nInput data: {!r}".format(self.data)
-            LOG.error(msg)
-            self.error_data.append(msg)
-        else:
-
             if self.verbose > 1:
                 LOG.debug("Got JSON data:\n{}".format(pp(self.json_data)))
 
@@ -459,6 +453,11 @@ class BaseHookApp(object):
                 msg += "\n\nTraceback:\n{}".format(traceback.format_exc())
                 self.error_data.append(msg)
                 LOG.error(msg)
+        except Exception as e:
+            msg = "Got a {n} reading input data as JSON: {e}".format(n=e.__class__.__name__, e=e)
+            msg += "\nInput data: {!r}".format(self.data)
+            LOG.error(msg)
+            self.error_data.append(msg)
         finally:
             if self.full_name:
                 self.send_error_msgs(self.full_name)

diff --git a/lib/webhooks/r10k.py b/lib/webhooks/r10k.py
index 0f6f0a1d25b1e8d11c9f5bdf0165a18a47d184dd..976b707475c2f14d2632369c4d09399eaddf5704 100644 (file)
--- a/lib/webhooks/r10k.py
+++ b/lib/webhooks/r10k.py
@@ -18,6 +18,8 @@ import locale
 import ssl
 import pipes
 import subprocess
+import urllib.parse
+import traceback
 
 from http.client import HTTPSConnection
 
@@ -45,7 +47,6 @@ class R10kHookApp(BaseHookApp):
     def __init__(self, appname=None, verbose=0, version=__version__):
         """Constructor."""
 
-        self.ignore_projects = []
         self.r10k_bin = None
         self.description = textwrap.dedent('''\
             Receives push events as JSON-Data and synchronizes
@@ -54,6 +55,7 @@ class R10kHookApp(BaseHookApp):
 
         self.locale = 'de_DE.utf8'
         self.simulate = False
+        self.http_timeout = 30
 
         self.puppetmaster_host = 'puppetmaster01.pixelpark.com'
         self.puppetmaster_api_port = 8140
@@ -144,6 +146,18 @@ class R10kHookApp(BaseHookApp):
             LOG.error("Puppetmaster SSL directory {!r} is not an absolute path name.".format(
                 self.puppetmaster_ssl_dir))
             sys.exit(10)
+
+        pdir = os.path.dirname(self.puppetmaster_ssl_dir)
+        if not os.path.isdir(pdir):
+            LOG.error("Directory {!r} does not exists.".format(pdir))
+            sys.exit(10)
+
+        if not os.access(pdir, os.R_OK):
+            LOG.error((
+                "Directory {!r} is read protected, "
+                "cannot check existence of cert files.").format(pdir))
+            return
+
         if not os.path.isdir(self.puppetmaster_ssl_dir):
             LOG.error("Puppetmaster SSL directory {!r} does not exists.".format(
                 self.puppetmaster_ssl_dir))
@@ -172,21 +186,6 @@ class R10kHookApp(BaseHookApp):
         if 'simulate' in config:
             self.simulate = to_bool(config['simulate'])
 
-        if 'ignore_projects' in config:
-            if config['ignore_projects'] is None:
-                self.ignore_projects = []
-            elif isinstance(config['ignore_projects'], str):
-                if config['ignore_projects']:
-                    self.ignore_projects = [config['ignore_projects']]
-            elif isinstance(config['ignore_projects'], list):
-                self.ignore_projects = config['ignore_projects']
-
-        if 'add_ignore_projects' in config and config['add_ignore_projects']:
-            if isinstance(config['add_ignore_projects'], str):
-                self.ignore_projects.append(config['add_ignore_projects'])
-            elif isinstance(config['add_ignore_projects'], list):
-                self.ignore_projects += config['add_ignore_projects']
-
         if 'locale' in config and config['locale']:
             self.locale = config['locale']
 
@@ -212,10 +211,6 @@ class R10kHookApp(BaseHookApp):
         if not super(R10kHookApp, self).pre_run():
             return False
 
-        if self.full_name in self.ignore_projects or self.name in self.ignore_projects:
-            LOG.info("Ignoring project {!r}.".format(self.full_name))
-            return False
-
         cur_loc = locale.getlocale()
         cur_lang = os.environ.get('LANG', None)
         if self.verbose > 1:
@@ -232,13 +227,54 @@ class R10kHookApp(BaseHookApp):
     def run(self):
         """Main routine."""
 
-        LOG.info("Starting {} ...".format(self.appname))
-
         if not self.exec_r10k():
+            LOG.warn("Executing {!r} was not successful.".format(self.r10k_bin))
             return
 
-        ssl_context = ssl.SSLContext()
-        ssl_context.verify_mode = ssl.CERT_NONE
+        ssl_context = None
+        try:
+            ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
+        except Exception as e:
+            LOG.error("Got a {c}: {e}".format(c=e.__class__.__name__, e=e))
+        else:
+            ssl_context.verify_mode = ssl.CERT_NONE
+            ssl_context.check_hostname = False
+
+        key_file = os.path.join(
+            self.puppetmaster_ssl_dir, 'private_keys', self.puppetmaster_host + '.pem')
+        cert_file = os.path.join(
+            self.puppetmaster_ssl_dir, 'certs', self.puppetmaster_host + '.pem')
+
+        LOG.debug("Creating connection to https://{h}:{p} ...".format(
+            h=self.puppetmaster_host, p=self.puppetmaster_api_port))
+        conn = HTTPSConnection(
+            self.puppetmaster_host, self.puppetmaster_api_port,
+            key_file=key_file, cert_file=cert_file, timeout=self.http_timeout,
+            context=ssl_context)
+        if self.verbose > 1:
+            LOG.debug("HTTPS connection object: {!r}".format(conn))
+
+        path = (
+            self.puppetmaster_api_path + '/environment-cache?environment=' + 
+            urllib.parse.quote(self.ref))
+        url = 'https://{h}:{po}{pa}'.format(
+            h=self.puppetmaster_host, po=self.puppetmaster_api_port, pa=path)
+        LOG.info("Requesting DELETE from {} ...".format(url))
+
+        if self.simulate:
+            LOG.info("Simulation mode, don't requesting {}.".format(url))
+            return
+
+        conn.request('DELETE', path)
+        response = conn.getresponse()
+
+        LOG.info("Response: {s} {r}".format(s=response.status, r=response.reason))
+        if response.status != 200:
+            msg = 'Error on clearing Puppet cache:'
+            self.error_data.append(msg)
+            LOG.error(msg)
+
+        return
 
     # -------------------------------------------------------------------------
     def exec_r10k(self):

diff --git a/r10k-hook.yaml b/r10k-hook.yaml
index aecbeec8356ff24333629cc37d177ed5c5d68135..40ca9b79109127f425a07247ab3c52bc6cdc09e8 100644 (file)
--- a/r10k-hook.yaml
+++ b/r10k-hook.yaml
@@ -1,4 +1,2 @@
 ---
-#add_ignore_projects:
-#  - nova
-
+simulate: False