def _print_version(ctx, param, value): from hyperglass_agent import __version__ if not value or ctx.resilient_parsing: return label("hyperglass-agent version: {v}", v=__version__) ctx.exit()
def _generate_cert(name: str, org: str, duration: int, size: int, show: bool, get: bool): """Generate SSL certificate keypair.""" from hyperglass_agent.cli.actions import write_cert, find_app_path if get: app_path = find_app_path() cert_path = app_path / "agent_cert.pem" if not cert_path.exists(): warning("Certificate & key files have not been generated.") do_gen = confirm( style("Would you like to generate them now?", **WARNING)) if not do_gen: error("Certificate & key files do not yet exist.") else: write_cert(name=name, org=org, duration=duration, starttime=CERT_START, size=size, show=show) else: with cert_path.open("r") as f: cert = f.read() label(f"Public Key:\n\n{cert}") else: write_cert(name=name, org=org, duration=duration, starttime=CERT_START, size=size, show=show)
def gen_cert(name, org, duration, size, show, get): """Generate SSL certificate keypair. Arguments: name {str} -- Common Name org {str} -- Organization duration -- Validity in years size {int} -- Key Size show {bool} -- Show private key in CLI """ from hyperglass_agent.cli.actions import write_cert, find_app_path if get: app_path = find_app_path() cert_path = app_path / "agent_cert.pem" if not cert_path.exists(): warning("Certificate & key files have not been generated.") do_gen = confirm( style("Would you like to generate them now?", **WARNING)) if not do_gen: error("Certificate & key files do not yet exist.") else: write_cert(name=name, org=org, duration=duration, size=size, show=show) else: with cert_path.open("r") as f: cert = f.read() label(f"Public Key:\n\n{cert}") else: write_cert(name=name, org=org, duration=duration, size=size, show=show)
def write_cert(name: str, org: str, duration: int, starttime: str, size: int, show: bool) -> None: """Generate SSL certificate keypair.""" app_path = find_app_path() cert_path = app_path / "agent_cert.pem" key_path = app_path / "agent_key.pem" start = starttime end = start + timedelta(days=duration * 365) label("Hostname: {cn}", cn=name) status(""" A self-signed certificate with the above hostname as the common name attribute will be generated. This hostname must be resolvable by hyperglass via either DNS or a host file, and must match the device's `address:` field in hyperglass's devices.yaml.""") use_name = confirm("Is this the correct hostname?", default=True) if not use_name: name = prompt("Please enter the correct hostname", type=str) all_ips = [f"{a} [{i}]" for i, a in get_addresses()] status(""" hyperglass-agent adds any IP addresses reachable by hyperglass as subject alternative names to the SSL certificate. Please select any IP addresses over which hyperglass may communicate with hyperglass-agent.""") ips = [Checkbox("ips", message="Select IPs", choices=all_ips)] selected = [i.split("[")[0].strip() for i in inquire(ips)["ips"]] selected_ips = [ip_address(i) for i in selected] cert, key = make_cert(cn=name, sans=selected_ips, o=org, start=start, end=end, size=size) if show: info(f'Public Key:\n{cert.decode("utf8")}') info(f'Private Key:\n{key.decode("utf8")}') with cert_path.open("wb") as cf: cf.write(cert) if not cert_path.exists(): error("Error writing public key to {f}", f=cert_path.absolute()) success("Wrote public key to: {f}", f=cert_path.absolute()) with key_path.open("wb") as kf: kf.write(key) if not key_path.exists(): error("Error writing private key to {f}", f=key_path.absolute()) success("Wrote private key to: {f}", f=key_path.absolute())
def generate_secret(length): """Generate a secret for JWT encoding. Arguments: length {int} -- Secret character length """ import secrets gen_secret = secrets.token_urlsafe(length) label("Secret: {s}", s=gen_secret)
def generate_secret(length: int = 32) -> str: """Generate a secret for JWT encoding.""" import secrets gen_secret = secrets.token_urlsafe(length) status(""" This secret will be used to encrypt & decrypt the communication between hyperglass and hyperglass-agent. Before proceeding any further, please add the secret to the `password:` field of the device's configuration in hyperglass's devices.yaml file, and restart hyperglass. """) label("Secret: {s}", s=gen_secret) done = confirm( "Press enter once complete...", default=True, prompt_suffix="", show_default=False, ) if done: # noqa: R503 return gen_secret