uyuni-project · mackdk · Feb 25, 2025 · Feb 25, 2025
@@ -48,6 +48,7 @@
 
 import com.google.gson.Gson;
 import com.google.gson.GsonBuilder;
+import com.google.gson.reflect.TypeToken;
 
 import org.apache.commons.lang3.StringUtils;
 import org.apache.logging.log4j.LogManager;
@@ -143,7 +144,7 @@ private String scheduleProductRefresh(Request request, Response response, IssAcc
     }
 
     private String setHubDetails(Request request, Response response, IssAccessToken accessToken) {
-        Map<String, String> data = GSON.fromJson(request.body(), Map.class);
+        Map<String, String> data = GSON.fromJson(request.body(), new TypeToken<Map<String, String>>() { }.getType());
 
         try {
             hubManager.updateServerData(accessToken, accessToken.getServerFqdn(), IssRole.HUB, data);
@@ -152,6 +153,10 @@ private String setHubDetails(Request request, Response response, IssAccessToken
             LOGGER.error("Invalid data provided: ", ex);
             return badRequest(response, "Invalid data");
         }
+        catch (TaskomaticApiException ex) {
+            LOGGER.error("Unable to schedule Taskomatic execution to refresh the root ca: ", ex);
+            return internalServerError(response, "Unable to schedule refresh of the root CA certificate");
+        }
         return success(response);
     }
 

@@ -528,7 +528,8 @@ public ManagerInfoJson collectManagerInfo(IssAccessToken accessToken) {
      * @param role the role which should be changed
      * @param data the new data
      */
-    public void updateServerData(IssAccessToken token, String fqdn, IssRole role, Map<String, String> data) {
+    public void updateServerData(IssAccessToken token, String fqdn, IssRole role, Map<String, String> data)
+        throws TaskomaticApiException {
         ensureValidToken(token);
         updateServerData(fqdn, role, data);
     }
@@ -540,41 +541,40 @@ public void updateServerData(IssAccessToken token, String fqdn, IssRole role, Ma
      * @param fqdn the FQDN identifying the Hub or Peripheral Server
      * @param role the role which should be changed
      * @param data the new data
+     * @throws TaskomaticApiException when it's not possible to schedule the certificate refresh
      */
-    public void updateServerData(User user, String fqdn, IssRole role, Map<String, String> data) {
+    public void updateServerData(User user, String fqdn, IssRole role, Map<String, String> data)
+        throws TaskomaticApiException {
         ensureSatAdmin(user);
         updateServerData(fqdn, role, data);
     }
 
-    private void updateServerData(String fqdn, IssRole role, Map<String, String> data) {
-        switch (role) {
-            case HUB -> hubFactory.lookupIssHubByFqdn(fqdn).ifPresentOrElse(issHub -> {
-                        if (data.containsKey("root_ca")) {
-                            issHub.setRootCa(data.get("root_ca"));
-                        }
-                        if (data.containsKey("gpg_key")) {
-                            issHub.setGpgKey(data.get("gpg_key"));
-                        }
-                        hubFactory.save(issHub);
-                    },
-                    () -> {
-                        LOG.error("Server {} not found with role {}", fqdn, role);
-                        throw new IllegalArgumentException("Server not found");
-                    });
-            case PERIPHERAL -> hubFactory.lookupIssPeripheralByFqdn(fqdn).ifPresentOrElse(issPeripheral -> {
-                        if (data.containsKey("root_ca")) {
-                            issPeripheral.setRootCa(data.get("root_ca"));
-                        }
-                        hubFactory.save(issPeripheral);
-                    },
-                    ()-> {
-                        LOG.error("Server {} not found with role {}", fqdn, role);
-                        throw new IllegalArgumentException("Server not found");
-                    });
-            default -> {
-                LOG.error("Unknown role {}", role);
-                throw new IllegalArgumentException("Unknown role");
+    private void updateServerData(String fqdn, IssRole role, Map<String, String> data) throws TaskomaticApiException {
+        Optional<? extends IssServer> server = switch (role) {
+            case HUB -> hubFactory.lookupIssHubByFqdn(fqdn);
+            case PERIPHERAL -> hubFactory.lookupIssPeripheralByFqdn(fqdn);
+        };
+
+        boolean needsRefresh = server.map(issServer -> {
+            boolean caUpdated = false;
+            if (data.containsKey("root_ca")) {
+                issServer.setRootCa(data.get("root_ca"));
+                caUpdated = true;
+            }
+
+            if (data.containsKey("gpg_key") && issServer instanceof IssHub issHub) {
+                issHub.setGpgKey(data.get("gpg_key"));
             }
+
+            hubFactory.save(issServer);
+            return caUpdated;
+        }).orElseThrow(() -> {
+            LOG.error("Server {} not found with role {}", fqdn, role);
+            return new IllegalArgumentException("Server not found");
+        });
+
+        if (needsRefresh) {
+            taskomaticApi.scheduleSingleRootCaCertUpdate(computeRootCaFileName(role, fqdn), data.get("root_ca"));
         }
     }
 

@@ -36,19 +36,12 @@ protected Logger getLogger() {
 
     /**
      * Save a {@link IssHub} object
-     * @param issHubIn object to save
+     * @param issServer object to save
      */
-    public void save(IssHub issHubIn) {
-        saveObject(issHubIn);
+    public void save(IssServer issServer) {
+        saveObject(issServer);
     }
 
-    /**
-     * Save a {@link IssPeripheral} object
-     * @param issPeripheralIn object to save
-     */
-    public void save(IssPeripheral issPeripheralIn) {
-        saveObject(issPeripheralIn);
-    }
 
     /**
      * Save a {@link IssPeripheralChannels} object

@@ -331,9 +331,14 @@ private String updateServerRootCA(Request request, Response response, User user,
             return badRequest(response, LOC.getMessage("hub.cannot_find_server"));
         }
 
-        // Collections.singletonMap() is used in place of Map.of() because it allows null as value
-        Map<String, String> dataMap = Collections.singletonMap("root_ca", rootCA);
-        hubManager.updateServerData(user, server.getFqdn(), role, dataMap);
+        try {
+            // Collections.singletonMap() is used in place of Map.of() because it allows null as value
+            Map<String, String> dataMap = Collections.singletonMap("root_ca", rootCA);
+            hubManager.updateServerData(user, server.getFqdn(), role, dataMap);
+        }
+        catch (TaskomaticApiException e) {
+            return internalServerError(response, LOC.getMessage("hub.cannot_refresh_certificate"));
+        }
 
         return success(response);
     }

@@ -317,7 +317,7 @@ public int registerPeripheralWithToken(User loggedInUser, String fqdn, String to
         }
         catch (TaskomaticApiException ex) {
             LOGGER.error("Unable to schedule root CA certificate update {}", fqdn, ex);
-            throw new TokenExchangeFailedException(ex);
+            throw new com.redhat.rhn.frontend.xmlrpc.TaskomaticApiException("Unable to refresh root CA certificate");
         }
 
         return 1;
@@ -396,7 +396,12 @@ public int deregister(User loggedInUser, String fqdn, boolean onlyLocal) {
      */
     public int setDetails(User loggedInUser, String fqdn, String role, Map<String, String> data) {
         ensureSatAdmin(loggedInUser);
-        hubManager.updateServerData(loggedInUser, fqdn, IssRole.valueOf(role), data);
+        try {
+            hubManager.updateServerData(loggedInUser, fqdn, IssRole.valueOf(role), data);
+        }
+        catch (TaskomaticApiException e) {
+            throw new com.redhat.rhn.frontend.xmlrpc.TaskomaticApiException("Unable to refresh root CA certificate");
+        }
         return 1;
     }
 }