Exemple #1
0
 def testParseIssuingOptionsRejectsExplicitPublishCrlForDevOpsTier(self):
     flags.AddPublishCaCertFlag(self.parser)
     flags.AddPublishCrlFlag(self.parser)
     flags.AddTierFlag(self.parser)
     args = self.parser.parse_args(['--tier=devops', '--publish-crl'])
     with self.assertRaisesRegex(exceptions.InvalidArgumentException,
                                 '--publish-crl.*DevOps.*'):
         flags.ParseIssuingOptions(args)
Exemple #2
0
 def testParseIssuingOptionsDefaultsPublishCrlToFalseForDevOpsTier(self):
     flags.AddPublishCaCertFlag(self.parser)
     flags.AddPublishCrlFlag(self.parser)
     flags.AddTierFlag(self.parser)
     args = self.parser.parse_args(['--tier=devops'])
     issuing_options = flags.ParseIssuingOptions(args)
     self.assertTrue(issuing_options.includeCaCertUrl)
     self.assertFalse(issuing_options.includeCrlAccessUrl)
Exemple #3
0
 def testParseIssuingOptionsDefaultsAllToTrueForEnterpriseTier(self):
     flags.AddPublishCaCertFlag(self.parser)
     flags.AddPublishCrlFlag(self.parser)
     flags.AddTierFlag(self.parser)
     args = self.parser.parse_args(['--tier=enterprise'])
     issuing_options = flags.ParseIssuingOptions(args)
     self.assertTrue(issuing_options.includeCaCertUrl)
     self.assertTrue(issuing_options.includeCrlAccessUrl)
Exemple #4
0
 def testParseIssuingOptionsAcceptsExplicitPublishCrlForEnterpriseTier(
         self):
     flags.AddPublishCaCertFlag(self.parser)
     flags.AddPublishCrlFlag(self.parser)
     flags.AddTierFlag(self.parser)
     args = self.parser.parse_args(['--tier=enterprise', '--publish-crl'])
     issuing_options = flags.ParseIssuingOptions(args)
     self.assertTrue(issuing_options.includeCaCertUrl)
     self.assertTrue(issuing_options.includeCrlAccessUrl)
Exemple #5
0
    def Args(parser):
        key_spec_group = parser.add_group(
            mutex=True,
            help=
            'The key configuration used for the CA certificate. Defaults to a '
            'managed key if not specified.')
        reusable_config_group = parser.add_group(
            mutex=True,
            required=False,
            help='The X.509 configuration used for the CA certificate.')
        issuer_configuration_group = parser.add_group(
            mutex=True,
            required=True,
            help='The issuer configuration used for this CA certificate.')

        concept_parsers.ConceptParser([
            presentation_specs.ResourcePresentationSpec(
                'CERTIFICATE_AUTHORITY',
                resource_args.CreateCertificateAuthorityResourceSpec(
                    'Certificate Authority'),
                'The name of the subordinate CA to create.',
                required=True),
            presentation_specs.ResourcePresentationSpec(
                '--issuer',
                resource_args.CreateCertificateAuthorityResourceSpec('Issuer'),
                'The issuing certificate authority to use, if it is on Private CA.',
                prefixes=True,
                group=issuer_configuration_group),
            presentation_specs.ResourcePresentationSpec(
                '--kms-key-version',
                resource_args.CreateKmsKeyVersionResourceSpec(),
                'The KMS key version backing this CA.',
                group=key_spec_group),
            presentation_specs.ResourcePresentationSpec(
                '--reusable-config',
                resource_args.
                CreateReusableConfigResourceSpec(location_fallthroughs=[
                    deps.Fallthrough(
                        function=lambda: '',
                        hint=(
                            'location will default to the same location as the '
                            'CA'),
                        active=False,
                        plural=False)
                ]),
                'The Reusable Config containing X.509 values for this CA.',
                flag_name_overrides={
                    'location': '',
                    'project': '',
                },
                group=reusable_config_group),
            presentation_specs.ResourcePresentationSpec(
                '--from-ca',
                resource_args.CreateCertificateAuthorityResourceSpec(
                    'source CA'),
                'An existing CA from which to copy configuration values for the '
                'new CA. You can still override any of those values by explicitly '
                'providing the appropriate flags.',
                flag_name_overrides={'project': '--from-ca-project'},
                prefixes=True)
        ]).AddToParser(parser)
        flags.AddTierFlag(parser)
        flags.AddSubjectFlags(parser, subject_required=False)
        flags.AddPublishCaCertFlag(parser, use_update_help_text=False)
        flags.AddPublishCrlFlag(parser, use_update_help_text=False)
        flags.AddKeyAlgorithmFlag(key_spec_group,
                                  default='rsa-pkcs1-2048-sha256')
        flags.AddInlineReusableConfigFlags(reusable_config_group, is_ca=True)
        flags.AddValidityFlag(parser,
                              resource_name='CA',
                              default_value='P3Y',
                              default_value_text='3 years')
        flags.AddCertificateAuthorityIssuancePolicyFlag(parser)
        labels_util.AddCreateLabelsFlags(parser)
        flags.AddBucketFlag(parser)

        offline_issuer_group = issuer_configuration_group.add_group(help=(
            'If the issuing CA is not hosted on Private CA, you must provide '
            'these settings:'))
        base.Argument(
            '--create-csr',
            help=
            ('Indicates that a CSR should be generated which can be signed by '
             'the issuing CA. This must be set if --issuer is not provided.'),
            action='store_const',
            const=True,
            default=False,
            required=True).AddToParser(offline_issuer_group)
        base.Argument(
            '--csr-output-file',
            help=(
                'The path where the resulting PEM-encoded CSR file should be '
                'written.'),
            required=True).AddToParser(offline_issuer_group)
  def Args(parser):
    key_spec_group = parser.add_group(
        mutex=True,
        help='The key configuration used for the CA certificate. Defaults to a '
        'managed key if not specified.')
    reusable_config_group = parser.add_group(
        mutex=True,
        required=False,
        help='The X.509 configuration used for the CA certificate.')

    concept_parsers.ConceptParser([
        presentation_specs.ResourcePresentationSpec(
            'CERTIFICATE_AUTHORITY',
            resource_args.CreateCertificateAuthorityResourceSpec(
                'Certificate Authority'),
            'The name of the root CA to create.',
            required=True),
        presentation_specs.ResourcePresentationSpec(
            '--kms-key-version',
            resource_args.CreateKmsKeyVersionResourceSpec(),
            'An existing KMS key version to back this CA.',
            group=key_spec_group),
        presentation_specs.ResourcePresentationSpec(
            '--reusable-config',
            resource_args.CreateReusableConfigResourceSpec(
                location_fallthroughs=[
                    deps.Fallthrough(
                        function=lambda: '',
                        hint=('location will default to the same location as '
                              'the CA'),
                        active=False,
                        plural=False)
                ]),
            'The Reusable Config containing X.509 values for this CA.',
            flag_name_overrides={
                'location': '',
                'project': '',
            },
            group=reusable_config_group),
        presentation_specs.ResourcePresentationSpec(
            '--from-ca',
            resource_args.CreateCertificateAuthorityResourceSpec('source CA'),
            'An existing CA from which to copy configuration values for the new CA. '
            'You can still override any of those values by explicitly providing '
            'the appropriate flags.',
            flag_name_overrides={'project': '--from-ca-project'},
            prefixes=True)
    ]).AddToParser(parser)
    flags.AddSubjectFlags(parser, subject_required=False)
    flags.AddKeyAlgorithmFlag(key_spec_group, default='rsa-pkcs1-4096-sha256')
    flags.AddValidityFlag(
        parser,
        resource_name='CA',
        default_value='P10Y',
        default_value_text='10 years')
    labels_util.AddCreateLabelsFlags(parser)
    flags.AddBucketFlag(parser)
    flags.AddTierFlag(parser)
    flags.AddPublishCaCertFlag(parser, use_update_help_text=False)
    flags.AddPublishCrlFlag(parser, use_update_help_text=False)
    flags.AddCertificateAuthorityIssuancePolicyFlag(parser)
    flags.AddInlineReusableConfigFlags(
        reusable_config_group,
        is_ca_command=True,
        default_max_chain_length=None)