🗃️ [#74] Delete the old certificate field

Added to the migration file with the data migration so
everything runs in a single transaction.

digid_eherkenning/migrations/0012_move_config_certificate.py

@@ -36,4 +36,12 @@ class Migration(migrations.Migration):
     operations = [
         # reverse migration is ambiguous, if needed, you can easily use the UI
         migrations.RunPython(move_certificates, migrations.RunPython.noop),
+        migrations.RemoveField(
+            model_name="digidconfiguration",
+            name="certificate",
+        ),
+        migrations.RemoveField(
+            model_name="eherkenningconfiguration",
+            name="certificate",
+        ),
     ]

digid_eherkenning/models/base.py

@@ -7,10 +7,10 @@
 from onelogin.saml2.constants import OneLogin_Saml2_Constants
 from onelogin.saml2.idp_metadata_parser import OneLogin_Saml2_IdPMetadataParser
 from privates.fields import PrivateMediaFileField
-from simple_certmanager.models import Certificate
 from solo.models import SingletonModel
 
 from ..choices import DigestAlgorithms, SignatureAlgorithms, XMLContentTypes
+from .certificates import ConfigCertificate
 
 
 class ConfigurationManager(models.Manager):
@@ -20,16 +20,6 @@ def get_queryset(self):
 
 
 class BaseConfiguration(SingletonModel):
-    certificate = models.ForeignKey(
-        Certificate,
-        null=True,
-        on_delete=models.PROTECT,
-        verbose_name=_("key pair"),
-        help_text=_(
-            "The private key and public certificate pair to use during the "
-            "authentication flow."
-        ),
-    )
     idp_metadata_file = PrivateMediaFileField(
         _("identity provider metadata"),
         blank=True,
@@ -240,6 +230,8 @@ def save(self, *args, **kwargs):
         super().save(*args, **kwargs)
 
     def clean(self):
-        if not self.certificate:
-            raise ValidationError(_("You must select a certificate"))
         super().clean()
+
+        # require that a certificate is configured
+        if not ConfigCertificate.objects.for_config(self).exists():
+            raise ValidationError(_("You must select a certificate"))

digid_eherkenning/models/certificates.py

@@ -5,6 +5,7 @@
 from __future__ import annotations
 
 import logging
+from typing import TYPE_CHECKING, TypeAlias
 
 from django.db import models
 from django.utils import timezone
@@ -15,10 +16,24 @@
 
 from ..choices import ConfigTypes
 
+if TYPE_CHECKING:
+    from .digid import DigidConfiguration
+    from .eherkenning import EherkenningConfiguration
+
 logger = logging.getLogger(__name__)
 
+_AnyDigiD: TypeAlias = "type[DigidConfiguration] | DigidConfiguration"
+_AnyEH: TypeAlias = "type[EherkenningConfiguration] | EherkenningConfiguration"
+
+
+class ConfigCertificateQuerySet(models.QuerySet):
+    def for_config(self, config: _AnyDigiD | _AnyEH):
+        opts = config._meta
+        config_type = ConfigTypes(f"{opts.app_label}.{opts.object_name}")
+        return self.filter(config_type=config_type)
+
 
-class ConfigCertificateManager(models.Manager):
+class ConfigCertificateManager(models.Manager.from_queryset(ConfigCertificateQuerySet)):
     def get_queryset(self):
         qs = super().get_queryset()
         return qs.select_related("certificate")