Python get_dc_token Beispiele

Beispiel #1

Datei: certificate_mon_manager.py Projekt: gaozhengwei/config

    def audit_sc_cert_task(self, context):
        if len(self.subclouds_to_audit) > 0:
            subcloud_name = self.subclouds_to_audit[0]
            if subcloud_name == TASK_NAME_PAUSE_AUDIT:
                LOG.info('Pause audit for ongoing update to complete')
                self.subclouds_to_audit.pop(0)
                return

            LOG.info('Auditing %s' % subcloud_name)

            try:
                subcloud_sysinv_url = utils.dc_get_subcloud_sysinv_url(
                    subcloud_name)
                sc_ssl_cert = utils.get_endpoint_certificate(
                    subcloud_sysinv_url)

                secret = utils.get_sc_intermediate_ca_secret(subcloud_name)
                check_list = ['ca.crt', 'tls.crt', 'tls.key']
                for item in check_list:
                    if item not in secret.data:
                        raise Exception('%s certificate data missing %s' %
                                        (subcloud_name, item))

                txt_ssl_cert = base64.b64decode(secret.data['tls.crt'])
                txt_ssl_key = base64.b64decode(secret.data['tls.key'])
                txt_ca_cert = base64.b64decode(secret.data['ca.crt'])
            except Exception as e:
                LOG.error('Cannot audit ssl certificate on %s' % subcloud_name)
                LOG.exception(e)
                # certificate is not ready, no reaudit. Will be picked up
                # by certificate MODIFIED event if it comes back
                self.subclouds_to_audit.pop(0)
                return

            cert_chain = txt_ssl_cert + txt_ca_cert
            dc_token = utils.get_dc_token(subcloud_name)
            if not cutils.verify_intermediate_ca_cert(cert_chain, sc_ssl_cert):
                # The subcloud needs renewal.
                LOG.info(
                    'Updating {} intermediate CA as it is out-of-sync'.format(
                        subcloud_name))
                # move the subcloud to the end of the queue for reauditing
                self.requeue_audit(subcloud_name)

                utils.update_subcloud_status(dc_token, subcloud_name,
                                             utils.SYNC_STATUS_OUT_OF_SYNC)
                try:
                    utils.update_subcloud_ca_cert(dc_token, subcloud_name,
                                                  subcloud_sysinv_url,
                                                  txt_ca_cert, txt_ssl_cert,
                                                  txt_ssl_key)
                except Exception:
                    LOG.exception('Failed to update intermediate CA on %s' %
                                  subcloud_name)
            else:
                LOG.info('%s intermediate CA cert is in-sync' % subcloud_name)
                utils.update_subcloud_status(dc_token, subcloud_name,
                                             utils.SYNC_STATUS_IN_SYNC)

                self.subclouds_to_audit.remove(subcloud_name)

Beispiel #2

Datei: watcher.py Projekt: gaozhengwei/config

 def get_dc_token(self, region_name):
     if region_name in self._dc_tokens:
         dc_token = self._dc_tokens[region_name]
     else:
         dc_token = None
     if not dc_token or dc_token.is_expired():
         dc_token = utils.get_dc_token(region_name)
         self._dc_tokens[region_name] = dc_token
     return dc_token