Skip to content

Commit 093eff7

Browse files
leefine02leefine02
authored
Add check between steps during a bound certificate renewal (#10)
1 parent 47bbe05 commit 093eff7

File tree

2 files changed

+65
-2
lines changed

2 files changed

+65
-2
lines changed

CHANGELOG.md

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,2 +1,5 @@
1-
v2.0
1+
v2.1.0
2+
- Added status checking between steps when renewing a bound certificate
3+
4+
v2.0.0
25
- Initial Version

GCPLoadBalancer/GCPStore.cs

Lines changed: 61 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,7 @@
3232
using Google.Apis.Services;
3333

3434
using Data = Google.Apis.Compute.v1.Data;
35+
using static Google.Apis.Requests.BatchRequest;
3536

3637
namespace Keyfactor.Extensions.Orchestrator.GCPLoadBalancer
3738
{
@@ -43,6 +44,10 @@ public class GCPStore
4344
private ComputeService service;
4445
ILogger logger;
4546

47+
private const int OPERATION_MAX_WAIT_MILLISECONDS = 300000;
48+
private const int OPERATION_INTERVAL_WAIT_MILLISECONDS = 5000;
49+
private const string OPERATION_DONE = "DONE";
50+
4651
public GCPStore(string storePath, Dictionary<string, string> storeProperties)
4752
{
4853
logger = LogHandler.GetClassLogger<Management>();
@@ -133,20 +138,33 @@ public void insert(SslCertificate sslCertificate, bool overwrite)
133138

134139
//SCENARIO => renew certificate process - bind to temporary alias, delete previous version of cert with desired alias, add renewed certificate, update bindings to renewed cert and remove temp bindings,
135140
// delete cert with temp alias
136-
logger.LogDebug("Bind cert with temp alias, delete cert to be renewed, add renewed cert, update bindings to new renewed cert, delete temp cert");
141+
logger.LogDebug("Replace bindings with renewed certificate added with temporary alias");
137142
processBindings(targetCertificateSelfLink, tempCertificateSelfLink);
143+
144+
logger.LogDebug("Delete previous certificate");
138145
delete(alias);
146+
147+
logger.LogDebug("Add renewed certificate with desired alias");
139148
insert(sslCertificate);
149+
150+
logger.LogDebug("Replace bindings with renewed certificate added with desired alias");
140151
processBindings(tempCertificateSelfLink, targetCertificateSelfLink);
152+
153+
logger.LogDebug("Remove certificate previously added with temporary alias");
141154
delete(tempAlias);
142155
}
143156
//SCENARIO => certificate does NOT exist for passed in alias. certificate MUST exist for temporary alias since we already know one or both MUST exist from previous check.
144157
// Add renewed certificate with passed in alias, bind it while removing temporary alias from binding (if exists), delete temporary alias cert
145158
else
146159
{
147160
logger.LogDebug("Certificate is not in GCP, but temporary one is - Cleanup of prior error state. insert renewed certificate, bind renewed certificate and remove temp binding, delete temporary certificate.");
161+
logger.LogDebug("Insert renewed certificate with desired alias");
148162
insert(sslCertificate);
163+
164+
logger.LogDebug("Replace bindings with renewed certificate added with desired alias");
149165
processBindings(tempCertificateSelfLink, targetCertificateSelfLink);
166+
167+
logger.LogDebug("Remove certificate previously added with temporary alias");
150168
delete(tempAlias);
151169
return;
152170
}
@@ -256,6 +274,9 @@ public void insert(SslCertificate sslCertificate)
256274
logger.LogDebug(response.Error.ToString());
257275
throw new Exception(response.Error.ToString());
258276
}
277+
278+
if (response.Status.ToUpper() != OPERATION_DONE)
279+
WaitForOperation(response.Name, $"Inserting certificate for alias {sslCertificate.Name}");
259280
}
260281

261282
public void delete(string alias)
@@ -284,6 +305,42 @@ public void delete(string alias)
284305
logger.LogDebug(response.Error.ToString());
285306
throw new Exception(response.Error.ToString());
286307
}
308+
309+
if (response.Status.ToUpper() != OPERATION_DONE)
310+
WaitForOperation(response.Name, $"Deleting {alias}");
311+
312+
}
313+
314+
private void WaitForOperation(string operationName, string function)
315+
{
316+
logger.LogDebug($"Begin WAIT for {function}.");
317+
DateTime endTime = DateTime.Now.AddMilliseconds(OPERATION_MAX_WAIT_MILLISECONDS);
318+
Operation response = new Operation();
319+
320+
while (DateTime.Now < endTime)
321+
{
322+
logger.LogDebug($"Attempting WAIT for {function} at {DateTime.Now.ToString()}.");
323+
if (string.IsNullOrEmpty(region))
324+
{
325+
GlobalOperationsResource.WaitRequest request = getComputeService().GlobalOperations.Wait(this.project, operationName);
326+
response = request.Execute();
327+
}
328+
else
329+
{
330+
RegionOperationsResource.WaitRequest request = getComputeService().RegionOperations.Wait(this.project, region, operationName);
331+
response = request.Execute();
332+
}
333+
334+
if (response.Status == OPERATION_DONE)
335+
{
336+
logger.LogDebug($"End WAIT for {function}. Task DONE.");
337+
return;
338+
}
339+
340+
System.Threading.Thread.Sleep(OPERATION_INTERVAL_WAIT_MILLISECONDS);
341+
}
342+
343+
throw new Exception($"{function} was still processing after the {OPERATION_MAX_WAIT_MILLISECONDS.ToString()} millisecond maximum wait time.");
287344
}
288345

289346
private void processBindings(string prevCertificateSelfLink, string newCertificateSelfLink)
@@ -345,6 +402,9 @@ private void processBindings(string prevCertificateSelfLink, string newCertifica
345402
logger.LogError($"Error setting SSL Certificates for resource: {proxy.Name} " + response.Error.ToString());
346403
throw new Exception(response.Error.ToString());
347404
}
405+
406+
if (response.Status.ToUpper() != OPERATION_DONE)
407+
WaitForOperation(response.Name, $"Binding for {newCertificateSelfLink}");
348408
}
349409
}
350410
}

0 commit comments

Comments
 (0)