def admit(server_principal: str) -> str: config = configuration.get_config() principal_hostname = config.get_fqdn(server_principal) errs = [] try: if config.is_kerberos_enabled(): return access.call_keyreq("bootstrap-token", principal_hostname).decode().strip() except Exception as e: print('[keyreq failed, set SPIRE_DEBUG for traceback]') if os.environ.get('SPIRE_DEBUG'): traceback.print_exc() errs.append(e) try: return ssh.check_ssh_output(config.keyserver, "keyinitadmit", principal_hostname).decode().strip() except Exception as e: print('[keyinitadmit failed, set SPIRE_DEBUG for traceback]') if os.environ.get('SPIRE_DEBUG'): traceback.print_exc() errs.append(e) if len(errs) > 1: raise command.MultipleExceptions('admit failed', errs) raise Exception('admit failed') from errs[0]
def infra_admit(server_principal: str) -> None: config = configuration.get_config() principal_hostname = config.get_fqdn(server_principal) token = access.call_keyreq("bootstrap-token", principal_hostname, collect=True) print("Token granted for %s: '%s'" % (server_principal, token.decode().strip()))
def admit(server_principal: str) -> str: config = configuration.get_config() principal_hostname = config.get_fqdn(server_principal) if config.is_kerberos_enabled(): return access.call_keyreq("bootstrap-token", principal_hostname).decode().strip() else: keyserver_hostname = config.keyserver.hostname + "." + config.external_domain return ssh.check_ssh_output(config.keyserver, "keyinitadmit", setup.CONFIG_DIR + "/keyserver.yaml", keyserver_hostname, principal_hostname, "bootstrap-keyinit").decode().strip()
def infra_admit_all() -> None: config = configuration.get_config() tokens = {} for node in config.nodes: if node.kind == "supervisor": continue principal = node.hostname + "." + config.external_domain token = access.call_keyreq("bootstrap-token", principal, collect=True).decode().strip() tokens[node.hostname] = (node.kind, node.ip, token) print("host".center(16, "="), "kind".center(8, "="), "ip".center(14, "="), "token".center(23, "=")) for key, (kind, ip, token) in sorted(tokens.items()): print(key.rjust(16), kind.center(8), str(ip).center(14), token.ljust(23)) print("host".center(16, "="), "kind".center(8, "="), "ip".center(14, "="), "token".center(23, "="))
def check_keygateway(): try: access.call_keyreq("check") except subprocess.CalledProcessError as e: command.fail("keygateway check failed: %s" % e) print("keygateway access confirmed.")
def check_keygateway(): access.call_keyreq("check") print("keygateway access confirmed.")
def check_keygateway(): "verify that the keygateway has been properly started" access.call_keyreq("check") print("keygateway access confirmed.")
def infra_admit(server_principal: str) -> None: token = access.call_keyreq("bootstrap-token", server_principal, collect=True) print("Token granted for %s: '%s'" % (server_principal, token.decode().strip()))