def _update_families_ssl(self): """Link channel families with certificates inserted in _update_certificates method""" family_ids = {} for family in self.families_to_import: family_ids[family] = None # Populate with IDs backend = SQLBackend() backend.lookupChannelFamilies(family_ids) # Lookup CA cert ca_cert = satCerts.lookup_cert(constants.CA_CERT_NAME, None) ca_cert_id = int(ca_cert['id']) # Queries for updating relation between channel families and certificates hdel = rhnSQL.prepare(""" delete from rhnContentSsl where channel_family_id = :cfid """) hins = rhnSQL.prepare(""" insert into rhnContentSsl (channel_family_id, ssl_ca_cert_id, ssl_client_cert_id, ssl_client_key_id) values (:cfid, :ca_cert_id, :client_cert_id, :client_key_id) """) for entitlement in self.manifest.get_all_entitlements(): creds = entitlement.get_credentials() client_cert = satCerts.lookup_cert( constants.CLIENT_CERT_PREFIX + creds.get_id(), None) client_key = satCerts.lookup_cert( constants.CLIENT_KEY_PREFIX + creds.get_id(), None) client_cert_id = int(client_cert['id']) client_key_id = int(client_key['id']) family_ids_to_link = [] for product_id in entitlement.get_product_ids(): try: product = self.products[product_id] for family in product['families']: if family in family_ids: family_ids_to_link.append(family_ids[family]) except KeyError: print("Cannot map product '%s' into channel families" % product_id) family_ids_to_link = set(family_ids_to_link) for cfid in family_ids_to_link: hdel.execute(cfid=cfid) hins.execute(cfid=cfid, ca_cert_id=ca_cert_id, client_cert_id=client_cert_id, client_key_id=client_key_id) rhnSQL.commit()
def _update_repositories(self): """Setup SSL credential to access repositories We do this in 2 steps: 1. Fetching provided repositories from manifest - URL contains variables to substitute 2. Assigning one certificate/key set to each repository""" # First delete all repositories from previously used manifests self._remove_repositories() backend = SQLBackend() type_id = backend.lookupContentSourceType('yum') # Lookup CA cert ca_cert = satCerts.lookup_cert(constants.CA_CERT_NAME, None) ca_cert_id = int(ca_cert['id']) content_sources_batch = {} for entitlement in self.manifest.get_all_entitlements(): # Lookup SSL certificates and keys creds = entitlement.get_credentials() client_cert = satCerts.lookup_cert( constants.CLIENT_CERT_PREFIX + creds.get_id(), None) client_key = satCerts.lookup_cert( constants.CLIENT_KEY_PREFIX + creds.get_id(), None) client_cert_id = int(client_cert['id']) client_key_id = int(client_key['id']) content_source_ssl = ContentSourceSsl() content_source_ssl['ssl_ca_cert_id'] = ca_cert_id content_source_ssl['ssl_client_cert_id'] = client_cert_id content_source_ssl['ssl_client_key_id'] = client_key_id # Loop provided products for product in entitlement.get_products(): repositories = product.get_repositories() for repository in repositories: if repository not in content_sources_batch: content_source = ContentSource() content_source[ 'label'] = constants.MANIFEST_REPOSITORY_DB_PREFIX + repository content_source['source_url'] = repositories[repository] content_source['org_id'] = None content_source['type_id'] = type_id content_source['ssl-sets'] = [content_source_ssl] content_sources_batch[repository] = content_source # There may be more SSL certs to one repository, append it elif content_source_ssl not in content_sources_batch[ repository]['ssl-sets']: content_sources_batch[repository]['ssl-sets'].append( content_source_ssl) importer = ContentSourcesImport(list(content_sources_batch.values()), backend) importer.run()
def _update_families_ssl(self): """Link channel families with certificates inserted in _update_certificates method""" family_ids = {} for family in self.families_to_import: family_ids[family] = None # Populate with IDs backend = SQLBackend() backend.lookupChannelFamilies(family_ids) # Lookup CA cert ca_cert = satCerts.lookup_cert(constants.CA_CERT_NAME, None) ca_cert_id = int(ca_cert['id']) # Queries for updating relation between channel families and certificates hdel = rhnSQL.prepare(""" delete from rhnContentSsl where channel_family_id = :cfid """) hins = rhnSQL.prepare(""" insert into rhnContentSsl (channel_family_id, ssl_ca_cert_id, ssl_client_cert_id, ssl_client_key_id) values (:cfid, :ca_cert_id, :client_cert_id, :client_key_id) """) for entitlement in self.manifest.get_all_entitlements(): creds = entitlement.get_credentials() client_cert = satCerts.lookup_cert(constants.CLIENT_CERT_PREFIX + creds.get_id(), None) client_key = satCerts.lookup_cert(constants.CLIENT_KEY_PREFIX + creds.get_id(), None) client_cert_id = int(client_cert['id']) client_key_id = int(client_key['id']) family_ids_to_link = [] for product_id in entitlement.get_product_ids(): try: product = self.products[product_id] for family in product['families']: if family in family_ids: family_ids_to_link.append(family_ids[family]) except KeyError: print("Cannot map product '%s' into channel families" % product_id) family_ids_to_link = set(family_ids_to_link) for cfid in family_ids_to_link: hdel.execute(cfid=cfid) hins.execute(cfid=cfid, ca_cert_id=ca_cert_id, client_cert_id=client_cert_id, client_key_id=client_key_id) rhnSQL.commit()
def _update_repositories(self): """Setup SSL credential to access repositories We do this in 2 steps: 1. Fetching provided repositories from manifest - URL contains variables to substitute 2. Assigning one certificate/key set to each repository""" # First delete all repositories from previously used manifests self._remove_repositories() backend = SQLBackend() type_id = backend.lookupContentSourceType('yum') # Lookup CA cert ca_cert = satCerts.lookup_cert(constants.CA_CERT_NAME, None) ca_cert_id = int(ca_cert['id']) content_sources_batch = {} for entitlement in self.manifest.get_all_entitlements(): # Lookup SSL certificates and keys creds = entitlement.get_credentials() client_cert = satCerts.lookup_cert(constants.CLIENT_CERT_PREFIX + creds.get_id(), None) client_key = satCerts.lookup_cert(constants.CLIENT_KEY_PREFIX + creds.get_id(), None) client_cert_id = int(client_cert['id']) client_key_id = int(client_key['id']) content_source_ssl = ContentSourceSsl() content_source_ssl['ssl_ca_cert_id'] = ca_cert_id content_source_ssl['ssl_client_cert_id'] = client_cert_id content_source_ssl['ssl_client_key_id'] = client_key_id # Loop provided products for product in entitlement.get_products(): repositories = product.get_repositories() for repository in repositories: if repository not in content_sources_batch: content_source = ContentSource() content_source['label'] = constants.MANIFEST_REPOSITORY_DB_PREFIX + repository content_source['source_url'] = repositories[repository] content_source['org_id'] = None content_source['type_id'] = type_id content_source['ssl-sets'] = [content_source_ssl] content_sources_batch[repository] = content_source # There may be more SSL certs to one repository, append it elif content_source_ssl not in content_sources_batch[repository]['ssl-sets']: content_sources_batch[repository]['ssl-sets'].append(content_source_ssl) importer = ContentSourcesImport(content_sources_batch.values(), backend) importer.run()