2 files changed, 96 insertions, 42 deletions

diff --git a/rpkid/rpki/irdb/zookeeper.py b/rpkid/rpki/irdb/zookeeper.py
index 5733b6e1..2cb8dc41 100644
--- a/rpkid/rpki/irdb/zookeeper.py
+++ b/rpkid/rpki/irdb/zookeeper.py
@@ -18,10 +18,30 @@ OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 PERFORMANCE OF THIS SOFTWARE.
 """
 
-import subprocess, csv, re, os, getopt, sys, base64, time, glob, copy, warnings
-import rpki.config, rpki.cli, rpki.sundial, rpki.log, rpki.oids
-import rpki.http, rpki.resource_set, rpki.relaxng, rpki.exceptions
-import rpki.left_right, rpki.x509, rpki.async, rpki.irdb
+import subprocess
+import csv
+import re
+import os
+import getopt
+import sys
+import base64
+import time
+import glob
+import copy
+import warnings
+import rpki.config
+import rpki.cli
+import rpki.sundial
+import rpki.log
+import rpki.oids
+import rpki.http
+import rpki.resource_set
+import rpki.relaxng
+import rpki.exceptions
+import rpki.left_right
+import rpki.x509
+import rpki.async
+import rpki.irdb
 import django.db.transaction
 
 from lxml.etree import (Element, SubElement, ElementTree,
@@ -886,13 +906,14 @@ class Zookeeper(object):
 
 
   def run_rpkid_now(self):
-    """Poke rpkid to immediately run the cron job for the current handle.
+    """
+    Poke rpkid to immediately run the cron job for the current handle.
 
     This method is used by the gui when a user has changed something in the
-    IRDB (ghostbuster, roa) which does not require a full `synchronize()` call,
+    IRDB (ghostbuster, roa) which does not require a full synchronize() call,
     to force the object to be immediately issued.
-
     """
+
     self.call_rpkid(rpki.left_right.self_elt.make_pdu(
       action = "set", self_handle = self.handle, run_now = "yes"))
 
@@ -926,6 +947,25 @@ class Zookeeper(object):
     return call_pubd(*pdus)
 
 
+  def check_error_report(self, pdus):
+    """
+    Check a response from rpkid or pubd for error_report PDUs, log and
+    throw exceptions as needed.
+    """
+
+    if any(isinstance(pdu, (rpki.left_right.report_error_elt, rpki.publication.report_error_elt)) for pdu in pdus):
+      for pdu in pdus:
+        if isinstance(pdu, rpki.left_right.report_error_elt):
+          self.log("rpkid reported failure: %s" % pdu.error_code)
+        elif isinstance(pdu, rpki.publication.report_error_elt):
+          self.log("pubd reported failure: %s" % pdu.error_code)
+        else:
+          continue
+        if pdu.error_text:
+          self.log(pdu.error_text)
+      raise CouldntTalkToDaemon
+
+
   @django.db.transaction.commit_on_success
   def synchronize(self, *handles_to_poke):
     """
@@ -1035,13 +1075,7 @@ class Zookeeper(object):
                         for x in rpkid_reply
                         if isinstance(x, rpki.left_right.bsc_elt) and x.action == "list")
         bsc_pdu = bsc_pdus.pop(bsc_handle, None)
-        for r in rpkid_reply:
-          if isinstance(r, rpki.left_right.report_error_elt):
-            self.log("rpkid reported failure: %s" % r.error_code)
-            if r.error_text:
-              self.log(r.error_text)
-        if any(isinstance(r, rpki.left_right.report_error_elt) for r in rpkid_reply):
-          raise CouldntTalkToDaemon
+        self.check_error_report(rpkid_reply)
 
       rpkid_query = []
 
@@ -1204,21 +1238,24 @@ class Zookeeper(object):
         bsc_pdus = dict((x.bsc_handle, x) for x in rpkid_reply if isinstance(x, rpki.left_right.bsc_elt))
         if bsc_handle in bsc_pdus and bsc_pdus[bsc_handle].pkcs10_request:
           bsc_req = bsc_pdus[bsc_handle].pkcs10_request
-        for r in rpkid_reply:
-          if isinstance(r, rpki.left_right.report_error_elt):
-            self.log("rpkid reported failure: %s" % r.error_code)
-            if r.error_text:
-              self.log(r.error_text)
-        if any(isinstance(r, rpki.left_right.report_error_elt) for r in rpkid_reply):
-          raise CouldntTalkToDaemon
+        self.check_error_report(rpkid_reply)
 
       if pubd_query:
         assert self.run_pubd
         pubd_reply = self.call_pubd(*pubd_query)
-        for r in pubd_reply:
-          if isinstance(r, rpki.publication.report_error_elt):
-            self.log("pubd reported failure: %s" % r.error_code)
-            if r.error_text:
-              self.log(r.error_text)
-        if any(isinstance(r, rpki.publication.report_error_elt) for r in pubd_reply):
-          raise CouldntTalkToDaemon
+        self.check_error_report(pubd_reply)
+
+    # Finally, clean up any <self/> objects rpkid might be holding
+    # that don't match ResourceCA object.
+
+    rpkid_reply = self.call_rpkid(rpki.left_right.self_elt.make_pdu(action = "list"))
+    self.check_error_report(rpkid_reply)
+
+    self_handles = set(s.self_handle for s in rpkid_reply)
+    ca_handles   = set(ca.handle for ca in rpki.irdb.ResourceHolderCA.objects.all())
+    assert ca_handles <= self_handles
+
+    rpkid_query = [rpki.left_right.self_elt.make_pdu(action = "destroy", self_handle = handle)
+                   for handle in (self_handles - ca_handles)]
+    rpkid_reply = self.call_rpkid(*rpkid_query)
+    self.check_error_report(rpkid_reply)
diff --git a/rpkid/rpki/rpkic.py b/rpkid/rpki/rpkic.py
index 98c494fe..4a07bc77 100644
--- a/rpkid/rpki/rpkic.py
+++ b/rpkid/rpki/rpkic.py
@@ -17,7 +17,7 @@ integration with the Django-based GUI interface.
 
 $Id$
 
-Copyright (C) 2009--2011  Internet Systems Consortium ("ISC")
+Copyright (C) 2009--2012  Internet Systems Consortium ("ISC")
 
 Permission to use, copy, modify, and distribute this software for any
 purpose with or without fee is hereby granted, provided that the above
@@ -39,17 +39,28 @@ PERFORMANCE OF THIS SOFTWARE.
 # modules, or anything that imports Django modules.  Bottom line is
 # that we don't import such modules until we need them.
 
-
-# We need context managers for transactions.  Well, unless we're
-# willing to have this program depend on a Django settings.py file so
-# that we can use decorators, which I'm not, at the moment.
-
-from __future__ import with_statement
-
-import csv, re, os, getopt, sys, base64, time, glob, copy, warnings
-import rpki.config, rpki.cli, rpki.sundial, rpki.log, rpki.oids
-import rpki.http, rpki.resource_set, rpki.relaxng, rpki.exceptions
-import rpki.left_right, rpki.x509, rpki.async
+import csv
+import re
+import os
+import getopt
+import sys
+import base64
+import time
+import glob
+import copy
+import warnings
+import rpki.config
+import rpki.cli
+import rpki.sundial
+import rpki.log
+import rpki.oids
+import rpki.http
+import rpki.resource_set
+import rpki.relaxng
+import rpki.exceptions
+import rpki.left_right
+import rpki.x509
+import rpki.async
 
 class BadCommandSyntax(Exception):      "Bad command line syntax."
 class BadPrefixSyntax(Exception):       "Bad prefix syntax."
@@ -336,6 +347,14 @@ class main(rpki.cli.Cmd):
     return self.irdb_handle_complete(rpki.irdb.Repository, *args)
 
 
+  def do_delete_self(self, arg):
+    """
+    Delete the current RPKI entity (<self/> object).
+    """
+
+    self.zoo.delete_self()
+
+
   def do_renew_child(self, arg):
     """
     Update validity period for one child entity.
@@ -434,8 +453,6 @@ class main(rpki.cli.Cmd):
     self.zoo.load_roa_requests(argv[0])
 
 
-
-
   def do_synchronize(self, arg):
     """
     Whack daemons to match IRDB.