Esempio n. 1
0
    def _update_families_ssl(self):
        """Link channel families with certificates inserted in _update_certificates method"""
        family_ids = {}
        for family in self.families_to_import:
            family_ids[family] = None

        # Populate with IDs
        backend = SQLBackend()
        backend.lookupChannelFamilies(family_ids)

        # Lookup CA cert
        ca_cert = satCerts.lookup_cert(constants.CA_CERT_NAME, None)
        ca_cert_id = int(ca_cert['id'])

        # Queries for updating relation between channel families and certificates
        hdel = rhnSQL.prepare("""
            delete from rhnContentSsl where
            channel_family_id = :cfid
        """)
        hins = rhnSQL.prepare("""
            insert into rhnContentSsl
            (channel_family_id, ssl_ca_cert_id, ssl_client_cert_id, ssl_client_key_id)
            values (:cfid, :ca_cert_id, :client_cert_id, :client_key_id)
        """)

        for entitlement in self.manifest.get_all_entitlements():
            creds = entitlement.get_credentials()
            client_cert = satCerts.lookup_cert(
                constants.CLIENT_CERT_PREFIX + creds.get_id(), None)
            client_key = satCerts.lookup_cert(
                constants.CLIENT_KEY_PREFIX + creds.get_id(), None)
            client_cert_id = int(client_cert['id'])
            client_key_id = int(client_key['id'])
            family_ids_to_link = []
            for product_id in entitlement.get_product_ids():
                try:
                    product = self.products[product_id]
                    for family in product['families']:
                        if family in family_ids:
                            family_ids_to_link.append(family_ids[family])
                except KeyError:
                    print("Cannot map product '%s' into channel families" %
                          product_id)

            family_ids_to_link = set(family_ids_to_link)

            for cfid in family_ids_to_link:
                hdel.execute(cfid=cfid)
                hins.execute(cfid=cfid,
                             ca_cert_id=ca_cert_id,
                             client_cert_id=client_cert_id,
                             client_key_id=client_key_id)

        rhnSQL.commit()
Esempio n. 2
0
    def _update_repositories(self):
        """Setup SSL credential to access repositories
           We do this in 2 steps:
           1. Fetching provided repositories from manifest - URL contains variables to substitute
           2. Assigning one certificate/key set to each repository"""

        # First delete all repositories from previously used manifests
        self._remove_repositories()

        backend = SQLBackend()
        type_id = backend.lookupContentSourceType('yum')

        # Lookup CA cert
        ca_cert = satCerts.lookup_cert(constants.CA_CERT_NAME, None)
        ca_cert_id = int(ca_cert['id'])

        content_sources_batch = {}
        for entitlement in self.manifest.get_all_entitlements():
            # Lookup SSL certificates and keys
            creds = entitlement.get_credentials()
            client_cert = satCerts.lookup_cert(
                constants.CLIENT_CERT_PREFIX + creds.get_id(), None)
            client_key = satCerts.lookup_cert(
                constants.CLIENT_KEY_PREFIX + creds.get_id(), None)
            client_cert_id = int(client_cert['id'])
            client_key_id = int(client_key['id'])
            content_source_ssl = ContentSourceSsl()
            content_source_ssl['ssl_ca_cert_id'] = ca_cert_id
            content_source_ssl['ssl_client_cert_id'] = client_cert_id
            content_source_ssl['ssl_client_key_id'] = client_key_id
            # Loop provided products
            for product in entitlement.get_products():
                repositories = product.get_repositories()
                for repository in repositories:
                    if repository not in content_sources_batch:
                        content_source = ContentSource()
                        content_source[
                            'label'] = constants.MANIFEST_REPOSITORY_DB_PREFIX + repository
                        content_source['source_url'] = repositories[repository]
                        content_source['org_id'] = None
                        content_source['type_id'] = type_id
                        content_source['ssl-sets'] = [content_source_ssl]
                        content_sources_batch[repository] = content_source
                    # There may be more SSL certs to one repository, append it
                    elif content_source_ssl not in content_sources_batch[
                            repository]['ssl-sets']:
                        content_sources_batch[repository]['ssl-sets'].append(
                            content_source_ssl)

        importer = ContentSourcesImport(list(content_sources_batch.values()),
                                        backend)
        importer.run()
Esempio n. 3
0
    def _update_families_ssl(self):
        """Link channel families with certificates inserted in _update_certificates method"""
        family_ids = {}
        for family in self.families_to_import:
            family_ids[family] = None

        # Populate with IDs
        backend = SQLBackend()
        backend.lookupChannelFamilies(family_ids)

        # Lookup CA cert
        ca_cert = satCerts.lookup_cert(constants.CA_CERT_NAME, None)
        ca_cert_id = int(ca_cert['id'])

        # Queries for updating relation between channel families and certificates
        hdel = rhnSQL.prepare("""
            delete from rhnContentSsl where
            channel_family_id = :cfid
        """)
        hins = rhnSQL.prepare("""
            insert into rhnContentSsl
            (channel_family_id, ssl_ca_cert_id, ssl_client_cert_id, ssl_client_key_id)
            values (:cfid, :ca_cert_id, :client_cert_id, :client_key_id)
        """)

        for entitlement in self.manifest.get_all_entitlements():
            creds = entitlement.get_credentials()
            client_cert = satCerts.lookup_cert(constants.CLIENT_CERT_PREFIX +
                                               creds.get_id(), None)
            client_key = satCerts.lookup_cert(constants.CLIENT_KEY_PREFIX +
                                              creds.get_id(), None)
            client_cert_id = int(client_cert['id'])
            client_key_id = int(client_key['id'])
            family_ids_to_link = []
            for product_id in entitlement.get_product_ids():
                try:
                    product = self.products[product_id]
                    for family in product['families']:
                        if family in family_ids:
                            family_ids_to_link.append(family_ids[family])
                except KeyError:
                    print("Cannot map product '%s' into channel families" % product_id)

            family_ids_to_link = set(family_ids_to_link)

            for cfid in family_ids_to_link:
                hdel.execute(cfid=cfid)
                hins.execute(cfid=cfid, ca_cert_id=ca_cert_id,
                             client_cert_id=client_cert_id, client_key_id=client_key_id)

        rhnSQL.commit()
Esempio n. 4
0
    def _update_repositories(self):
        """Setup SSL credential to access repositories
           We do this in 2 steps:
           1. Fetching provided repositories from manifest - URL contains variables to substitute
           2. Assigning one certificate/key set to each repository"""

        # First delete all repositories from previously used manifests
        self._remove_repositories()

        backend = SQLBackend()
        type_id = backend.lookupContentSourceType('yum')

        # Lookup CA cert
        ca_cert = satCerts.lookup_cert(constants.CA_CERT_NAME, None)
        ca_cert_id = int(ca_cert['id'])

        content_sources_batch = {}
        for entitlement in self.manifest.get_all_entitlements():
            # Lookup SSL certificates and keys
            creds = entitlement.get_credentials()
            client_cert = satCerts.lookup_cert(constants.CLIENT_CERT_PREFIX +
                                               creds.get_id(), None)
            client_key = satCerts.lookup_cert(constants.CLIENT_KEY_PREFIX +
                                              creds.get_id(), None)
            client_cert_id = int(client_cert['id'])
            client_key_id = int(client_key['id'])
            content_source_ssl = ContentSourceSsl()
            content_source_ssl['ssl_ca_cert_id'] = ca_cert_id
            content_source_ssl['ssl_client_cert_id'] = client_cert_id
            content_source_ssl['ssl_client_key_id'] = client_key_id
            # Loop provided products
            for product in entitlement.get_products():
                repositories = product.get_repositories()
                for repository in repositories:
                    if repository not in content_sources_batch:
                        content_source = ContentSource()
                        content_source['label'] = constants.MANIFEST_REPOSITORY_DB_PREFIX + repository
                        content_source['source_url'] = repositories[repository]
                        content_source['org_id'] = None
                        content_source['type_id'] = type_id
                        content_source['ssl-sets'] = [content_source_ssl]
                        content_sources_batch[repository] = content_source
                    # There may be more SSL certs to one repository, append it
                    elif content_source_ssl not in content_sources_batch[repository]['ssl-sets']:
                        content_sources_batch[repository]['ssl-sets'].append(content_source_ssl)

        importer = ContentSourcesImport(content_sources_batch.values(), backend)
        importer.run()