def delete_config_secret( cfg_element: BtpApplicationCertificate, cfg_queue_entry: cmm.CfgQueueEntry, cfg_factory: model.ConfigFactory, ): logger.info('Deleting old certificates') gbaas_auth = cfg_factory.btp_application_certificate( cfg_element.auth_application_certificate()) gbaas_client = GBaasAppClient(gbaas_auth) cn = cfg_queue_entry.secretId['common_name'] serial_no, base = BtpApplicationCertificate.parse_serial_no_from_common_name( cn) for info in gbaas_client.list_certificates_by_base(base): if info.serial_no < serial_no: gbaas_client.delete_certificate(info.cn, info.id)
def rotate_cfg_element( cfg_element: BtpApplicationCertificate, cfg_factory: model.ConfigFactory, ) -> typing.Tuple[cfg_mgmt.revert_function, dict, model.NamedModelElement]: gbaas_auth = cfg_factory.btp_application_certificate( cfg_element.auth_application_certificate()) gbaas_client = GBaasAppClient(gbaas_auth) # calc next serial no cn = cfg_element.common_name() serial_no, base = BtpApplicationCertificate.parse_serial_no_from_common_name( cn) next_sn = serial_no + 1 for info in gbaas_client.list_certificates_by_base(base): if info.serial_no >= next_sn: next_sn = info.serial_no + 1 next_cn = f'{next_sn}.{base}' # create certificate csr_pem, key_pem = _create_csr(cfg_element.subject(next_cn)) sb_auth = cfg_factory.btp_service_binding( cfg_element.cert_service_binding()) cs_client = CertServiceClient(sb_auth.credentials()) response = cs_client.create_client_certificate_chain( csr_pem, cfg_element.validity_in_days()) cert_pem = _extract_client_certificate(response) # add certificate to GBaas application id = gbaas_client.put_certificate( cert_pem=cert_pem, desc=f'CN={next_cn}', scopes=cfg_element.scopes(), ) secret_id = {'common_name': cn} raw_cfg = copy.deepcopy(cfg_element.raw) raw_cfg['certificate_pem'] = cert_pem raw_cfg['private_key_pem'] = key_pem raw_cfg['common_name'] = next_cn updated_elem = BtpApplicationCertificate(name=cfg_element.name(), raw_dict=raw_cfg, type_name=cfg_element._type_name) def revert(): gbaas_client.delete_certificate(next_cn, id) return revert, secret_id, updated_elem