def load_consumer_id(context):
"""
Returns the consumer's ID if it is registered.
@return: consumer id if registered; None when not registered
@rtype: str, None
"""
filesystem_section = context.config.get('filesystem', None)
if filesystem_section is None:
return None
consumer_cert_path = filesystem_section.get('id_cert_dir', None)
consumer_cert_filename = filesystem_section.get('id_cert_filename', None)
if None in (consumer_cert_path, consumer_cert_filename):
return None
full_filename = os.path.join(consumer_cert_path, consumer_cert_filename)
bundle = Bundle(full_filename)
if not bundle.valid():
return None
content = bundle.read()
x509 = X509.load_cert_string(content)
subject = _subject(x509)
return subject['CN']
def test_uid_invalid_certificate(self, fake_read, fake_valid):
fake_read.return_value = CERTIFICATE
fake_valid.return_value = False
bundle = Bundle('')
uid = bundle.uid()
fake_valid.assert_called_with()
self.assertTrue(uid is None)
def testWrite(self):
b = Bundle(CRTFILE)
b.write(BUNDLE)
f = open(CRTFILE)
s = f.read()
f.close()
self.assertEqual(BUNDLE.strip(), s.strip())
def test_uid_invalid_certificate(self, fake_read, fake_valid):
fake_read.return_value = CERTIFICATE
fake_valid.return_value = False
bundle = Bundle('')
uid = bundle.uid()
fake_valid.assert_called_with()
self.assertTrue(uid is None)
def testWrite(self):
b = Bundle(CRTFILE)
b.write(BUNDLE)
f = open(CRTFILE)
s = f.read()
f.close()
self.assertEqual(BUNDLE.strip(), s.strip())
def test_cn(self, fake_read, fake_valid):
fake_read.return_value = CERTIFICATE
fake_valid.return_value = True
bundle = Bundle('')
cn = bundle.cn()
fake_valid.assert_called_with()
fake_read.assert_called_with()
self.assertEqual(cn, 'localhost')
def test_uid(self, fake_read, fake_valid):
fake_read.return_value = VERIZON_CERTIFICATE
fake_valid.return_value = True
bundle = Bundle('')
uid = bundle.uid()
fake_valid.assert_called_with()
fake_read.assert_called_with()
self.assertEqual(uid, 'vzn-user')
def __init__(self):
"""
Read from file-system on construction.
"""
cfg = Config(CONFIG_PATH)
files = cfg['filesystem']
path = os.path.join(files['id_cert_dir'], files['id_cert_filename'])
Bundle.__init__(self, path)
def test_uid(self, fake_read, fake_valid):
fake_read.return_value = VERIZON_CERTIFICATE
fake_valid.return_value = True
bundle = Bundle('')
uid = bundle.uid()
fake_valid.assert_called_with()
fake_read.assert_called_with()
self.assertEqual(uid, 'vzn-user')
def __init__(self):
"""
Read from file-system on construction.
"""
cfg = Config(CONFIG_PATH)
files = cfg['filesystem']
path = os.path.join(files['id_cert_dir'], files['id_cert_filename'])
Bundle.__init__(self, path)
def test_cn(self, fake_read, fake_valid):
fake_read.return_value = CERTIFICATE
fake_valid.return_value = True
bundle = Bundle('')
cn = bundle.cn()
fake_valid.assert_called_with()
fake_read.assert_called_with()
self.assertEqual(cn, 'localhost')
def run_synchronization(self, progress, cancelled, options):
"""
Run a repo_sync() on this repository.
:param progress: A progress report.
:type progress: pulp_node.progress.RepositoryProgress
:param options: node synchronization options.
:type options: dict
:return: The task result.
"""
warnings.warn(TASK_DEPRECATION_WARNING, NodeDeprecationWarning)
bindings = resources.pulp_bindings()
poller = TaskPoller(bindings)
max_download = options.get(constants.MAX_DOWNLOAD_CONCURRENCY_KEYWORD, constants.DEFAULT_DOWNLOAD_CONCURRENCY)
node_certificate = options[constants.PARENT_SETTINGS][constants.NODE_CERTIFICATE]
key, certificate = Bundle.split(node_certificate)
configuration = {
importer_constants.KEY_MAX_DOWNLOADS: max_download,
importer_constants.KEY_MAX_SPEED: options.get(constants.MAX_DOWNLOAD_BANDWIDTH_KEYWORD),
importer_constants.KEY_SSL_CLIENT_KEY: key,
importer_constants.KEY_SSL_CLIENT_CERT: certificate,
importer_constants.KEY_SSL_VALIDATION: False,
}
http = bindings.repo_actions.sync(self.repo_id, configuration)
if http.response_code != httplib.ACCEPTED:
raise RepoSyncRestError(self.repo_id, http.response_code)
# The repo sync is returned with a single sync task in the Call Report
task = http.response_body.spawned_tasks[0]
result = poller.join(task.task_id, progress, cancelled)
if cancelled():
self._cancel_synchronization(task)
return result
def run_synchronization(self, progress, cancelled, options):
"""
Run a repo_sync() on this repository.
:param progress: A progress report.
:type progress: pulp_node.progress.RepositoryProgress
:param options: node synchronization options.
:type options: dict
:return: The task result.
"""
bindings = resources.pulp_bindings()
poller = TaskPoller(bindings)
max_download = options.get(
constants.MAX_DOWNLOAD_CONCURRENCY_KEYWORD,
constants.DEFAULT_DOWNLOAD_CONCURRENCY)
node_certificate = options[constants.PARENT_SETTINGS][constants.NODE_CERTIFICATE]
key, certificate = Bundle.split(node_certificate)
configuration = {
importer_constants.KEY_MAX_DOWNLOADS: max_download,
importer_constants.KEY_MAX_SPEED: options.get(constants.MAX_DOWNLOAD_BANDWIDTH_KEYWORD),
importer_constants.KEY_SSL_CLIENT_KEY: key,
importer_constants.KEY_SSL_CLIENT_CERT: certificate,
importer_constants.KEY_SSL_VALIDATION: False,
}
http = bindings.repo_actions.sync(self.repo_id, configuration)
if http.response_code != httplib.ACCEPTED:
raise RepoSyncRestError(self.repo_id, http.response_code)
# The repo sync is returned with a single sync task in the Call Report
task = http.response_body.spawned_tasks[0]
result = poller.join(task.task_id, progress, cancelled)
if cancelled():
self._cancel_synchronization(task)
return result
def load_consumer_id(context):
"""
Returns the consumer's ID if it is registered.
@return: consumer id if registered; None when not registered
@rtype: str, None
"""
consumer_cert_path = context.config['filesystem']['id_cert_dir']
consumer_cert_filename = context.config['filesystem']['id_cert_filename']
full_filename = os.path.join(consumer_cert_path, consumer_cert_filename)
bundle = Bundle(full_filename)
if bundle.valid():
content = bundle.read()
x509 = X509.load_cert_string(content)
subject = _subject(x509)
return subject['CN']
else:
return None
def register(consumer_id,
display_name=None,
description=None,
notes=None,
capabilities=None,
rsa_pub=None):
"""
Registers a new Consumer
:param consumer_id: unique identifier for the consumer
:type consumer_id: str
:param rsa_pub: The consumer public key used for message authentication.
:type rsa_pub: str
:param display_name: user-friendly name for the consumer
:type display_name: str
:param description: user-friendly text describing the consumer
:type description: str
:param notes: key-value pairs to pragmatically tag the consumer
:type notes: dict
:param capabilities: operations supported on the consumer
:type capabilities: dict
:raises DuplicateResource: if there is already a consumer or a used with the requested ID
:raises InvalidValue: if any of the fields is unacceptable
:return: A tuple of: (consumer, certificate)
:rtype: tuple
"""
if not is_consumer_id_valid(consumer_id):
raise InvalidValue(['id'])
collection = Consumer.get_collection()
consumer = collection.find_one({'id': consumer_id})
if consumer is not None:
raise DuplicateResource(consumer_id)
if notes is not None and not isinstance(notes, dict):
raise InvalidValue(['notes'])
if capabilities is not None and not isinstance(capabilities, dict):
raise InvalidValue(['capabilities'])
# Use the ID for the display name if one was not specified
display_name = display_name or consumer_id
# Creation
consumer = Consumer(consumer_id, display_name, description, notes, capabilities, rsa_pub)
_id = collection.save(consumer, safe=True)
# Generate certificate
cert_gen_manager = factory.cert_generation_manager()
expiration_date = config.config.getint('security', 'consumer_cert_expiration')
key, certificate = cert_gen_manager.make_cert(consumer_id, expiration_date, uid=str(_id))
factory.consumer_history_manager().record_event(consumer_id, 'consumer_registered')
return consumer, Bundle.join(key, certificate)
def cn(self):
"""
Get the common name (CN) part of the certificate subject.
Returns None, if the certificate is invalid.
:return The common name (CN) part of the certificate subject or None when
the certificate is not found or invalid.
:rtype: str
"""
try:
return Bundle.cn(self)
except X509Error:
log.warn('certificate: %s, not valid', self.path)
def testVerify(self):
self.assertTrue(Bundle.haskey(KEY))
self.assertTrue(Bundle.haskey(KEY2))
self.assertFalse(Bundle.hascrt(KEY))
self.assertTrue(Bundle.hascrt(CERTIFICATE))
self.assertTrue(Bundle.hascrt(CERTIFICATE))
self.assertTrue(Bundle.hasboth(BUNDLE))
def testVerify(self):
self.assertTrue(Bundle.haskey(KEY))
self.assertTrue(Bundle.haskey(KEY2))
self.assertFalse(Bundle.hascrt(KEY))
self.assertTrue(Bundle.hascrt(CERTIFICATE))
self.assertTrue(Bundle.hascrt(CERTIFICATE))
self.assertTrue(Bundle.hasboth(BUNDLE))
def uid(self):
"""
Get the userid (UID) part of the certificate subject.
Returns None, if the certificate is invalid.
:return The userid (UID) part of the certificate subject or None when
the certificate is not found or invalid.
:rtype: str
"""
try:
return Bundle.uid(self)
except X509Error:
msg = _('certificate: %(p)s, not valid')
log.warn(msg, {'p': self.path})
def uid(self):
"""
Get the userid (UID) part of the certificate subject.
Returns None, if the certificate is invalid.
:return The userid (UID) part of the certificate subject or None when
the certificate is not found or invalid.
:rtype: str
"""
try:
return Bundle.uid(self)
except X509Error:
msg = _('certificate: %(p)s, not valid')
log.warn(msg, {'p': self.path})
def register(self, id, display_name=None, description=None, notes=None, capabilities=None):
"""
Registers a new Consumer
@param id: unique identifier for the consumer
@type id: str
@param display_name: user-friendly name for the consumer
@type display_name: str
@param description: user-friendly text describing the consumer
@type description: str
@param notes: key-value pairs to programmatically tag the consumer
@type notes: dict
@param capabilities: operations permitted on the consumer
@type capabilities: dict
@raises DuplicateResource: if there is already a consumer or a used with the requested ID
@raises InvalidValue: if any of the fields is unacceptable
"""
if not is_consumer_id_valid(id):
raise InvalidValue(['id'])
existing_consumer = Consumer.get_collection().find_one({'id' : id})
if existing_consumer is not None:
raise DuplicateResource(id)
if notes is not None and not isinstance(notes, dict):
raise InvalidValue(['notes'])
if capabilities is not None and not isinstance(capabilities, dict):
raise InvalidValue(['capabilities'])
# Use the ID for the display name if one was not specified
display_name = display_name or id
# Generate certificate
cert_gen_manager = factory.cert_generation_manager()
expiration_date = config.config.getint('security', 'consumer_cert_expiration')
key, crt = cert_gen_manager.make_cert(id, expiration_date)
# Creation
create_me = Consumer(id, display_name, description, notes, capabilities, certificate=crt.strip())
Consumer.get_collection().save(create_me, safe=True)
factory.consumer_history_manager().record_event(id, 'consumer_registered')
create_me.certificate = Bundle.join(key, crt)
return create_me
def register(self, id, display_name=None, description=None, notes=None, capabilities=None):
"""
Registers a new Consumer
@param id: unique identifier for the consumer
@type id: str
@param display_name: user-friendly name for the consumer
@type display_name: str
@param description: user-friendly text describing the consumer
@type description: str
@param notes: key-value pairs to programmatically tag the consumer
@type notes: dict
@param capabilities: operations permitted on the consumer
@type capabilities: dict
@raises DuplicateResource: if there is already a consumer or a used with the requested ID
@raises InvalidValue: if any of the fields is unacceptable
"""
if not is_consumer_id_valid(id):
raise InvalidValue(['id'])
existing_consumer = Consumer.get_collection().find_one({'id' : id})
if existing_consumer is not None:
raise DuplicateResource(id)
if notes is not None and not isinstance(notes, dict):
raise InvalidValue(['notes'])
if capabilities is not None and not isinstance(capabilities, dict):
raise InvalidValue(['capabilities'])
# Use the ID for the display name if one was not specified
display_name = display_name or id
# Generate certificate
cert_gen_manager = factory.cert_generation_manager()
expiration_date = config.config.getint('security', 'consumer_cert_expiration')
key, crt = cert_gen_manager.make_cert(id, expiration_date)
# Creation
create_me = Consumer(id, display_name, description, notes, capabilities, certificate=crt.strip())
Consumer.get_collection().save(create_me, safe=True)
factory.consumer_history_manager().record_event(id, 'consumer_registered')
create_me.certificate = Bundle.join(key, crt)
return create_me
def test_repository(self, *mocks):
# Setup
repository = Repository(REPO_ID)
progress = Mock()
cancelled = Mock(return_value=False)
# Test
options = {
constants.MAX_DOWNLOAD_CONCURRENCY_KEYWORD: MAX_CONCURRENCY,
constants.MAX_DOWNLOAD_BANDWIDTH_KEYWORD: MAX_BANDWIDTH,
constants.PARENT_SETTINGS: PARENT_SETTINGS,
}
repository.run_synchronization(progress, cancelled, options)
binding = mocks[1]
key, certificate = Bundle.split(NODE_CERTIFICATE)
expected_conf = {
importer_constants.KEY_SSL_VALIDATION: False,
importer_constants.KEY_MAX_DOWNLOADS: MAX_CONCURRENCY,
importer_constants.KEY_MAX_SPEED: MAX_BANDWIDTH,
importer_constants.KEY_SSL_CLIENT_KEY: key,
importer_constants.KEY_SSL_CLIENT_CERT: certificate,
}
# Verify
binding.assert_called_with(REPO_ID, expected_conf)
def test_repository(self, *mocks):
# Setup
repository = Repository(REPO_ID)
progress = Mock()
cancelled = Mock(return_value=False)
# Test
options = {
constants.MAX_DOWNLOAD_CONCURRENCY_KEYWORD: MAX_CONCURRENCY,
constants.MAX_DOWNLOAD_BANDWIDTH_KEYWORD: MAX_BANDWIDTH,
constants.PARENT_SETTINGS: PARENT_SETTINGS,
}
repository.run_synchronization(progress, cancelled, options)
binding = mocks[1]
key, certificate = Bundle.split(NODE_CERTIFICATE)
expected_conf = {
importer_constants.KEY_SSL_VALIDATION: False,
importer_constants.KEY_MAX_DOWNLOADS: MAX_CONCURRENCY,
importer_constants.KEY_MAX_SPEED: MAX_BANDWIDTH,
importer_constants.KEY_SSL_CLIENT_KEY: key,
importer_constants.KEY_SSL_CLIENT_CERT: certificate,
}
# Verify
binding.assert_called_with(REPO_ID, expected_conf)
def __init__(self, user):
path = str(os.path.join(getattr(settings,
'PULP_CERTIFICATE_PATH',
'certs'),
"%s.crt" % user))
Bundle.__init__(self, path)
def testJoin(self):
bundle = Bundle.join(KEY, CERTIFICATE)
print bundle
self.assertTrue(KEY.strip() in bundle)
self.assertTrue(CERTIFICATE.strip() in bundle)
def testSplit(self):
key, crt = Bundle.split(BUNDLE)
self.assertEqual(key.strip(), KEY.strip())
self.assertEqual(crt.strip(), CERTIFICATE.strip())
def __init__(self):
path = os.path.join(cfg.filesystem.id_cert_dir,
cfg.filesystem.id_cert_filename)
Bundle.__init__(self, path)
def testRead(self):
b = Bundle(CRTFILE)
b.write(BUNDLE)
s = b.read()
self.assertEqual(BUNDLE.strip(), s.strip())
def __init__(self):
Bundle.__init__(self, cfg.rest.clientcert)
def __init__(self):
path = os.path.join(
cfg['filesystem']['id_cert_dir'],
cfg['filesystem']['id_cert_filename'])
BundleImpl.__init__(self, path)
def testRead(self):
b = Bundle(CRTFILE)
b.write(BUNDLE)
s = b.read()
self.assertEqual(BUNDLE.strip(), s.strip())
def __init__(self):
path = os.path.join(
cfg['filesystem']['id_cert_dir'],
cfg['filesystem']['id_cert_filename'])
BundleImpl.__init__(self, path)
def __init__(self):
path = os.path.join(cfg.filesystem.id_cert_dir, cfg.filesystem.id_cert_filename)
Bundle.__init__(self, path)
def testSplit(self):
key, crt = Bundle.split(BUNDLE)
self.assertEqual(key.strip(), KEY.strip())
self.assertEqual(crt.strip(), CERTIFICATE.strip())
def testJoin(self):
bundle = Bundle.join(KEY, CERTIFICATE)
print bundle
self.assertTrue(KEY.strip() in bundle)
self.assertTrue(CERTIFICATE.strip() in bundle)