def __call__(self): ''' Grab cert and key from configuration for SSL config ''' ctxt = {'ssl_configured': False} use_local_ca = True for rid in relation_ids('certificates'): if related_units(rid): use_local_ca = False if use_local_ca: ca_cert = get_ca_cert() if not ca_cert: return ctxt install_ca_cert(b64decode(ca_cert)) ssl_cert, ssl_key = get_cert() if all([ssl_cert, ssl_key]): with open('/etc/ssl/certs/dashboard.cert', 'w') as cert_out: cert_out.write(b64decode(ssl_cert)) with open('/etc/ssl/private/dashboard.key', 'w') as key_out: key_out.write(b64decode(ssl_key)) os.chmod('/etc/ssl/private/dashboard.key', 0600) ctxt = { 'ssl_configured': True, 'ssl_cert': '/etc/ssl/certs/dashboard.cert', 'ssl_key': '/etc/ssl/private/dashboard.key', } else: if os.path.exists(SSL_CERT_FILE) and os.path.exists(SSL_KEY_FILE): ctxt = { 'ssl_configured': True, 'ssl_cert': SSL_CERT_FILE, 'ssl_key': SSL_KEY_FILE, } return ctxt
def test_get_ca_cert_from_relation(self): self.config_get.return_value = None self.relation_ids.return_value = 'identity-service:0' self.relation_list.return_value = 'keystone/0' self.relation_get.side_effect = [ 'keystone_provided_ca', ] result = apache_utils.get_ca_cert() self.assertEquals('keystone_provided_ca', result)
def test_get_ca_cert_from_relation(self): self.config_get.return_value = None self.relation_ids.side_effect = [['identity-service:0'], ['identity-credentials:1']] self.relation_list.return_value = 'keystone/0' self.relation_get.side_effect = [ 'keystone_provided_ca', ] result = apache_utils.get_ca_cert() self.relation_ids.assert_has_calls( [call('identity-service'), call('identity-credentials')]) self.assertEquals('keystone_provided_ca', result)
def configure_cert(self): if not os.path.isdir('/etc/apache2/ssl'): os.mkdir('/etc/apache2/ssl') ssl_dir = os.path.join('/etc/apache2/ssl/', self.service_namespace) if not os.path.isdir(ssl_dir): os.mkdir(ssl_dir) cert, key = get_cert() with open(os.path.join(ssl_dir, 'cert'), 'w') as cert_out: cert_out.write(b64decode(cert)) with open(os.path.join(ssl_dir, 'key'), 'w') as key_out: key_out.write(b64decode(key)) ca_cert = get_ca_cert() if ca_cert: with open(CA_CERT_PATH, 'w') as ca_out: ca_out.write(b64decode(ca_cert)) check_call(['update-ca-certificates'])
def configure_cert(self): if not os.path.isdir("/etc/apache2/ssl"): os.mkdir("/etc/apache2/ssl") ssl_dir = os.path.join("/etc/apache2/ssl/", self.service_namespace) if not os.path.isdir(ssl_dir): os.mkdir(ssl_dir) cert, key = get_cert() with open(os.path.join(ssl_dir, "cert"), "w") as cert_out: cert_out.write(b64decode(cert)) with open(os.path.join(ssl_dir, "key"), "w") as key_out: key_out.write(b64decode(key)) ca_cert = get_ca_cert() if ca_cert: with open(CA_CERT_PATH, "w") as ca_out: ca_out.write(b64decode(ca_cert)) check_call(["update-ca-certificates"])
def configure_cert(self): if not os.path.isdir('/etc/apache2/ssl'): os.mkdir('/etc/apache2/ssl') ssl_dir = os.path.join('/etc/apache2/ssl/', self.service_namespace) if not os.path.isdir(ssl_dir): os.mkdir(ssl_dir) cert, key = get_cert() # Swift specific - generate a cert by default if not using # a) user supplied cert or b) keystone signed cert if None in [cert, key]: cert, key = generate_cert() with open(os.path.join(ssl_dir, 'cert'), 'w') as cert_out: cert_out.write(b64decode(cert)) with open(os.path.join(ssl_dir, 'key'), 'w') as key_out: key_out.write(b64decode(key)) ca_cert = get_ca_cert() if ca_cert: with open(CA_CERT_PATH, 'w') as ca_out: ca_out.write(b64decode(ca_cert)) subprocess.check_call(['update-ca-certificates'])
def __call__(self): ''' Grab cert and key from configuration for SSL config ''' ca_cert = get_ca_cert() if ca_cert: install_ca_cert(b64decode(ca_cert)) (ssl_cert, ssl_key) = get_cert() if None not in [ssl_cert, ssl_key]: with open('/etc/ssl/certs/dashboard.cert', 'w') as cert_out: cert_out.write(b64decode(ssl_cert)) with open('/etc/ssl/private/dashboard.key', 'w') as key_out: key_out.write(b64decode(ssl_key)) os.chmod('/etc/ssl/private/dashboard.key', 0600) ctxt = { 'ssl_configured': True, 'ssl_cert': '/etc/ssl/certs/dashboard.cert', 'ssl_key': '/etc/ssl/private/dashboard.key', } else: # Use snakeoil ones by default ctxt = { 'ssl_configured': False, } return ctxt
def __call__(self): ''' Grab cert and key from configuration for SSL config ''' ca_cert = get_ca_cert() if ca_cert: install_ca_cert(b64decode(ca_cert)) ssl_cert, ssl_key = get_cert() if all([ssl_cert, ssl_key]): with open('/etc/ssl/certs/dashboard.cert', 'w') as cert_out: cert_out.write(b64decode(ssl_cert)) with open('/etc/ssl/private/dashboard.key', 'w') as key_out: key_out.write(b64decode(ssl_key)) os.chmod('/etc/ssl/private/dashboard.key', 0600) ctxt = { 'ssl_configured': True, 'ssl_cert': '/etc/ssl/certs/dashboard.cert', 'ssl_key': '/etc/ssl/private/dashboard.key', } else: # Use snakeoil ones by default ctxt = { 'ssl_configured': False, } return ctxt
def test_get_ca_cert_from_config(self): self.config_get.return_value = "some_ca_cert" self.assertEquals('some_ca_cert', apache_utils.get_ca_cert())
def configure_ca(self): ca_cert = get_ca_cert() if ca_cert: install_ca_cert(b64decode(ca_cert))