def sign_certificate(self, context, cluster, certificate):
LOG.debug("Creating self signed x509 certificate")
signed_cert = cert_manager.sign_node_certificate(cluster,
certificate.csr,
context=context)
certificate.pem = signed_cert
return certificate
def sign_certificate(self, context, cluster, certificate):
LOG.debug("Creating self signed x509 certificate")
signed_cert = cert_manager.sign_node_certificate(cluster,
certificate.csr,
context=context)
certificate.pem = signed_cert
return certificate
def sign_certificate(self, context, cluster, certificate):
LOG.debug("Creating self signed x509 certificate")
signed_cert = cert_manager.sign_node_certificate(cluster,
certificate.csr,
context=context)
if six.PY3 and isinstance(signed_cert, six.binary_type):
certificate.pem = signed_cert.decode()
else:
certificate.pem = signed_cert
return certificate
def sign_certificate(self, context, cluster, certificate):
LOG.debug("Creating self signed x509 certificate")
signed_cert = cert_manager.sign_node_certificate(cluster,
certificate.csr,
context=context)
if six.PY3 and isinstance(signed_cert, six.binary_type):
certificate.pem = signed_cert.decode()
else:
certificate.pem = signed_cert
return certificate
def sign_certificate(self, context, cluster, certificate):
LOG.debug("Creating self signed x509 certificate")
try:
ca_cert_type = certificate.ca_cert_type
except Exception:
LOG.debug("There is no CA cert type specified for the CSR")
ca_cert_type = "kubernetes"
signed_cert = cert_manager.sign_node_certificate(cluster,
certificate.csr,
ca_cert_type,
context=context)
if six.PY3 and isinstance(signed_cert, six.binary_type):
certificate.pem = signed_cert.decode()
else:
certificate.pem = signed_cert
return certificate
def test_sign_node_certificate(self, mock_x509_sign):
mock_bay = mock.MagicMock()
mock_ca_cert = mock.MagicMock()
mock_ca_cert.get_private_key.return_value = mock.sentinel.priv_key
passphrase = mock.sentinel.passphrase
mock_ca_cert.get_private_key_passphrase.return_value = passphrase
self.CertManager.get_cert.return_value = mock_ca_cert
mock_csr = mock.MagicMock()
mock_x509_sign.return_value = mock.sentinel.signed_cert
bay_ca_cert = cert_manager.sign_node_certificate(mock_bay, mock_csr)
self.CertManager.get_cert.assert_called_once_with(
mock_bay.ca_cert_ref)
mock_x509_sign.assert_called_once_with(mock_csr, mock_bay.name,
mock.sentinel.priv_key,
passphrase)
self.assertEqual(bay_ca_cert, mock.sentinel.signed_cert)
def test_sign_node_certificate_without_bay_name(self, mock_x509_sign):
mock_bay = mock.MagicMock()
mock_bay.name = None
mock_bay.uuid = "mock_bay_uuid"
mock_ca_cert = mock.MagicMock()
mock_ca_cert.get_private_key.return_value = mock.sentinel.priv_key
passphrase = mock.sentinel.passphrase
mock_ca_cert.get_private_key_passphrase.return_value = passphrase
self.CertManager.get_cert.return_value = mock_ca_cert
mock_csr = mock.MagicMock()
mock_x509_sign.return_value = mock.sentinel.signed_cert
bay_ca_cert = cert_manager.sign_node_certificate(mock_bay, mock_csr)
self.CertManager.get_cert.assert_called_once_with(
mock_bay.ca_cert_ref, resource_ref=mock_bay.uuid, context=None)
mock_x509_sign.assert_called_once_with(mock_csr, mock_bay.uuid,
mock.sentinel.priv_key,
passphrase)
self.assertEqual(mock.sentinel.signed_cert, bay_ca_cert)
