def test_get_x509_fingerprint(self):
fingerprint = ("D7:5C:60:9E:BE:8F:78:67:1D:0E:16:98:80:96:3A:B5:"
"FF:88:A7:94:19:75:6D:11:A0:3E:1F:33:21:90:54:7F")
assert SecretUtils.get_x509_fingerprint(
os.path.join(ASSET_PATH, "cert.pem")
) == fingerprint
def deploy_cert( # pylint: disable=too-many-arguments
self,
domain,
cert_path,
key_path,
chain_path,
fullchain_path
):
# type: (str, str, str, str, str) -> None
"""Create Docker Swarm Secrets from certificates.
:param str domain: Certificate domain.
:param str cert_path: Path to the certificate file.
:param str key_path: Path to the private key file.
:param str chain_path: Path to the certificate chain file.
:param str fullchain_path: Path to the fullchain file.
"""
fp = SecretUtils.get_x509_fingerprint(cert_path)
cert = None
key = None
chain = None
fc = None
# Create new secrets.
if not self.is_secret_deployed(domain, "cert", fp):
cert = self.secret_from_file(domain, "cert", cert_path, fp)
if not self.is_secret_deployed(domain, "key", fp):
key = self.secret_from_file(domain, "key", key_path, fp)
if not self.is_secret_deployed(domain, "chain", fp):
chain = self.secret_from_file(domain, "chain", chain_path, fp)
if not self.is_secret_deployed(domain, "fullchain", fp):
fc = self.secret_from_file(domain, "fullchain", fullchain_path, fp)
if not cert or not key or not chain or not fc:
logger.info("Some secrets already deployed. They were skipped.")
if cert is not None:
self.secret_spec.update_refs(cert)
if key is not None:
self.secret_spec.update_refs(key)
if chain is not None:
self.secret_spec.update_refs(chain)
if fc is not None:
self.secret_spec.update_refs(fc)