cmk.messaging: immediately use new certificates

As soon as the certificates are stored on disk,
clients (that have just been started) might use
them to authenticate against RabbitMQ.
To keep the chance of a missmatch as small as
possible, we make the broker aware of them ASAP.

Change-Id: I46bf92af6fa60b085745a8ad5e05ee6cb9f9649f

cmk/gui/watolib/broker_certificates.py

@@ -31,6 +31,7 @@
     BrokerCertificates,
     ca_key_file,
     cacert_file,
+    clear_brokers_certs_cache,
     multisite_cert_file,
     site_cert_file,
     site_key_file,
@@ -188,5 +189,6 @@ def execute(self, api_request: BrokerCertificates) -> bool:
         store.save_bytes_to_file(site_key_file(paths.omd_root), api_request.key)
         cacert_file(paths.omd_root).unlink(missing_ok=True)
         ca_key_file(paths.omd_root).unlink(missing_ok=True)
+        clear_brokers_certs_cache()
 
         return True

packages/cmk-messaging/cmk/messaging/__init__.py

@@ -10,6 +10,7 @@
     BrokerCertificates,
     ca_key_file,
     cacert_file,
+    clear_brokers_certs_cache,
     get_local_port,
     multisite_ca_key_file,
     multisite_cacert_file,
@@ -44,6 +45,7 @@
     "ca_key_file",
     "Channel",
     "check_remote_connection",
+    "clear_brokers_certs_cache",
     "CMKConnectionError",
     "Connection",
     "ConnectionFailed",

packages/cmk-messaging/cmk/messaging/_config.py

@@ -157,3 +157,7 @@ def _make_ssl_context(omd_root: Path) -> ssl.SSLContext:
     context.verify_mode = ssl.CERT_REQUIRED
     context.load_cert_chain(site_cert_file(omd_root), site_key_file(omd_root))
     return context
+
+
+def clear_brokers_certs_cache() -> None:
+    subprocess.check_output(["rabbitmqctl", "eval", "ssl:clear_pem_cache()."])