def test_server_cert(self):
"""Test the copy server cert."""
directory = os.path.join(self.temporary_directory, 'server_cert')
destination = os.path.join(directory, 'server.crt')
tlslib.client_cert('unit_tests/tls-test.crt', destination)
assert os.path.isdir(directory)
assert os.path.isfile(destination)
def test_server_cert(self):
"""Test the copy server cert."""
directory = os.path.join(self.temporary_directory, 'server_cert')
destination = os.path.join(directory, 'server.crt')
tlslib.client_cert('unit_tests/tls-test.crt', destination)
assert os.path.isdir(directory)
assert os.path.isfile(destination)
def client_cert():
'''When the client certificate is available, get the client certificate
from the charm unitdata and write it to the kubernetes directory. '''
client_cert = '/srv/kubernetes/client.crt'
client_key = '/srv/kubernetes/client.key'
# Save the client certificate from the default location to the destination.
tlslib.client_cert(None, client_cert, user='******', group='ubuntu')
# Copy the client key from the default location to the destination.
tlslib.client_key(None, client_key, user='******', group='ubuntu')
set_state('k8s.client.certficate available')
def client_cert():
'''When the client certificate is available, get the client certificate
from the charm unitdata and write it to the kubernetes directory. '''
client_cert = '/srv/kubernetes/client.crt'
client_key = '/srv/kubernetes/client.key'
# Save the client certificate from the default location to the destination.
tlslib.client_cert(None, client_cert, user='******', group='ubuntu')
# Copy the client key from the default location to the destination.
tlslib.client_key(None, client_key, user='******', group='ubuntu')
set_state('k8s.client.certficate available')
def broadcast_client_credentials():
''' As the leader, copy the client cert and key to the charm dir and set
the contents as leader data.'''
charm_dir = os.getenv('CHARM_DIR')
client_cert(None, charm_dir)
client_key(None, charm_dir)
with open('client.crt') as fp:
client_certificate = fp.read()
with open('client.key') as fp:
client_certificate_key = fp.read()
leader_set({'client_certificate': client_certificate,
'client_key': client_certificate_key})
set_state('client-credentials-relayed')
def prepare_default_client_credentials():
""" Generate a downloadable package for clients to use to speak to the
swarm cluster. """
# Leverage TLSLib to copy the default cert from PKI
client_cert(None, "./swarm_credentials/cert.pem")
client_key(None, "./swarm_credentials/key.pem")
ca(None, "./swarm_credentials/ca.pem")
with open("swarm_credentials/key.pem", "r") as fp:
key_contents = fp.read()
with open("swarm_credentials/cert.pem", "r") as fp:
crt_contents = fp.read()
leader_set({"client_cert": crt_contents, "client_key": key_contents})
def prepare_default_client_credentials():
""" Generate a downloadable package for clients to use to speak to the
swarm cluster. """
# Leverage TLSLib to copy the default cert from PKI
client_cert(None, './swarm_credentials/cert.pem')
client_key(None, './swarm_credentials/key.pem')
ca(None, './swarm_credentials/ca.pem')
with open('swarm_credentials/key.pem', 'r') as fp:
key_contents = fp.read()
with open('swarm_credentials/cert.pem', 'r') as fp:
crt_contents = fp.read()
leader_set({'client_cert': crt_contents, 'client_key': key_contents})