def main(cls):
LOG.warn(_LW('keystone-manage pki_setup is not recommended for '
'production use.'))
keystone_user_id, keystone_group_id = cls.get_user_group()
conf_pki = openssl.ConfigurePKI(keystone_user_id, keystone_group_id,
rebuild=CONF.command.rebuild)
conf_pki.run()
def test_fetch_signing_cert(self, rebuild=False):
pki = openssl.ConfigurePKI(None, None, rebuild=rebuild)
pki.run()
# NOTE(jamielennox): Use request directly because certificate
# requests don't have some of the normal information
signing_resp = self.request(self.public_app,
'/v2.0/certificates/signing',
method='GET',
expected_status=http_client.OK)
cacert_resp = self.request(self.public_app,
'/v2.0/certificates/ca',
method='GET',
expected_status=http_client.OK)
with open(CONF.signing.certfile) as f:
self.assertEqual(f.read(), signing_resp.text)
with open(CONF.signing.ca_certs) as f:
self.assertEqual(f.read(), cacert_resp.text)
# NOTE(jamielennox): This is weird behaviour that we need to enforce.
# It doesn't matter what you ask for it's always going to give text
# with a text/html content_type.
for path in ['/v2.0/certificates/signing', '/v2.0/certificates/ca']:
for accept in [None, 'text/html', 'application/json', 'text/xml']:
headers = {'Accept': accept} if accept else {}
resp = self.request(self.public_app, path, method='GET',
expected_status=http_client.OK,
headers=headers)
self.assertEqual('text/html', resp.content_type)
def main(cls):
msg = _('keystone-manage pki_setup is not recommended for production '
'use.')
LOG.warn(msg)
keystone_user_id, keystone_group_id = cls.get_user_group()
conf_pki = openssl.ConfigurePKI(keystone_user_id, keystone_group_id)
conf_pki.run()
def main(cls):
versionutils.report_deprecated_feature(
LOG,
_LW("keystone-manage pki_setup is deprecated as of Mitaka in "
"favor of not using PKI tokens and may be removed in 'O' "
"release."))
LOG.warning(_LW('keystone-manage pki_setup is not recommended for '
'production use.'))
keystone_user_id, keystone_group_id = cls.get_user_group()
conf_pki = openssl.ConfigurePKI(keystone_user_id, keystone_group_id,
rebuild=CONF.command.rebuild)
conf_pki.run()
def test_running_an_invalid_command(self, mock_check_output):
cmd = ['ls']
output = 'this is the output string'
error = subprocess.CalledProcessError(returncode=1,
cmd=cmd,
output=output)
mock_check_output.side_effect = error
ssl = openssl.ConfigurePKI('keystone_user', 'keystone_group')
e = self.assertRaises(subprocess.CalledProcessError, ssl.exec_command,
cmd)
self.assertThat(e.output, matchers.Equals(output))
def main():
keystone_user_id = None
keystone_group_id = None
try:
a = CONF.command.keystone_user
if a:
keystone_user_id = pwd.getpwnam(a).pw_uid
except KeyError:
raise ValueError("Unknown user '%s' in --keystone-user" % a)
try:
a = CONF.command.keystone_group
if a:
keystone_group_id = grp.getgrnam(a).gr_gid
except KeyError:
raise ValueError("Unknown group '%s' in --keystone-group" % a)
conf_ssl = openssl.ConfigurePKI(keystone_user_id, keystone_group_id)
conf_ssl.run()
def main(self):
conf_ssl = openssl.ConfigurePKI()
conf_ssl.run()
def test_create_pki_certs(self, rebuild=False):
pki = openssl.ConfigurePKI(None, None, rebuild=rebuild)
pki.run()
self.assertTrue(os.path.exists(CONF.signing.certfile))
self.assertTrue(os.path.exists(CONF.signing.ca_certs))
self.assertTrue(os.path.exists(CONF.signing.keyfile))
def test_fetch_signing_cert_when_rebuild(self):
pki = openssl.ConfigurePKI(None, None)
pki.run()
self.test_fetch_signing_cert(rebuild=True)
def test_create_certs(self):
ssl = openssl.ConfigurePKI(None, None)
ssl.run()
self.assertTrue(os.path.exists(CONF.signing.certfile))
self.assertTrue(os.path.exists(CONF.signing.ca_certs))
self.assertTrue(os.path.exists(CONF.signing.keyfile))
def main(cls):
keystone_user_id, keystone_group_id = cls.get_user_group()
conf_pki = openssl.ConfigurePKI(keystone_user_id, keystone_group_id)
conf_pki.run()
def test_running_a_successful_command(self, mock_poll):
mock_poll.return_value = 0
ssl = openssl.ConfigurePKI('keystone_user', 'keystone_group')
ssl.exec_command(['ls'])