def test_set_certificate_path(self):
"""
Test that the certificate_path configuration property can be set
correctly.
"""
c = config.KmipServerConfig()
c._logger = mock.MagicMock()
self.assertNotIn('certificate_path', c.settings.keys())
# Test that the setting is set correctly with a valid value.
with mock.patch('os.path.exists') as os_mock:
os_mock.return_value = True
c._set_certificate_path('/test/path/server.crt')
self.assertIn('certificate_path', c.settings.keys())
self.assertEqual(
'/test/path/server.crt',
c.settings.get('certificate_path')
)
c._set_certificate_path(None)
self.assertIn('certificate_path', c.settings.keys())
self.assertEqual(None, c.settings.get('certificate_path'))
# Test that a ConfigurationError is generated when setting the wrong
# value.
c = config.KmipServerConfig()
c._logger = mock.MagicMock()
args = (0, )
regex = (
"The certificate path value, if specified, must be a valid "
"string path to a certificate file."
)
self.assertRaisesRegexp(
exceptions.ConfigurationError,
regex,
c._set_certificate_path,
*args
)
self.assertNotEqual(0, c.settings.get('certificate_path'))
args = ('/test/path/server.crt', )
regex = (
"The certificate path value, if specified, must be a valid "
"string path to a certificate file."
)
with mock.patch('os.path.exists') as os_mock:
os_mock.return_value = False
self.assertRaisesRegexp(
exceptions.ConfigurationError,
regex,
c._set_certificate_path,
*args
)
self.assertNotEqual(
'/test/path/server.crt',
c.settings.get('certificate_path')
)
def test_set_auth_suite(self):
"""
Test that the auth_suite configuration property can be set correctly.
"""
c = config.KmipServerConfig()
c._logger = mock.MagicMock()
# Test that the setting is set correctly with a valid value.
c._set_auth_suite('Basic')
self.assertIn('auth_suite', c.settings.keys())
self.assertEqual('Basic', c.settings.get('auth_suite'))
c._set_auth_suite('TLS1.2')
self.assertIn('auth_suite', c.settings.keys())
self.assertEqual('TLS1.2', c.settings.get('auth_suite'))
# Test that a ConfigurationError is generated when setting the wrong
# value.
args = ('invalid', )
regex = (
"The authentication suite must be one of the following: "
"Basic, TLS1.2"
)
self.assertRaisesRegexp(
exceptions.ConfigurationError,
regex,
c._set_auth_suite,
*args
)
self.assertNotEqual('invalid', c.settings.get('auth_suite'))
def test_load_settings(self):
"""
Test that the right calls are made and the right errors generated when
loading configuration settings from a configuration file specified by
a path string.
"""
c = config.KmipServerConfig()
c._logger = mock.MagicMock()
c._parse_settings = mock.MagicMock()
c.parse_auth_settings = mock.MagicMock()
# Test that the right calls are made when correctly processing the
# configuration file.
with mock.patch('os.path.exists') as os_mock:
os_mock.return_value = True
with mock.patch('six.moves.configparser.SafeConfigParser.read'
) as parser_mock:
c.load_settings("/test/path/server.conf")
c._logger.info.assert_any_call(
"Loading server configuration settings from: "
"/test/path/server.conf")
parser_mock.assert_called_with("/test/path/server.conf")
self.assertTrue(c._parse_settings.called)
self.assertTrue(c.parse_auth_settings.called)
# Test that a ConfigurationError is generated when the path is invalid.
c._logger.reset_mock()
with mock.patch('os.path.exists') as os_mock:
os_mock.return_value = False
args = ('/test/path/server.conf', )
self.assertRaises(exceptions.ConfigurationError, c.load_settings,
*args)
def test_set_tls_cipher_suites_preparsed(self):
"""
Test that the tls_cipher_suites configuration property can be set
correctly with a preparsed list of TLS cipher suites, the value
expected if the cipher suites were provided via constructor.
"""
c = config.KmipServerConfig()
c._logger = mock.MagicMock()
c._set_tls_cipher_suites(
[
'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA',
'TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384',
'DH-DSS-AES128-SHA'
]
)
self.assertEqual(3, len(c.settings.get('tls_cipher_suites')))
self.assertIn(
'DH-DSS-AES128-SHA',
c.settings.get('tls_cipher_suites')
)
self.assertIn(
'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA',
c.settings.get('tls_cipher_suites')
)
self.assertIn(
'TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384',
c.settings.get('tls_cipher_suites')
)
def test_set_enable_tls_client_auth(self):
"""
Test that the enable_tls_client_auth configuration property can be set
correctly.
"""
c = config.KmipServerConfig()
c._logger = mock.MagicMock()
# Test that the setting is set correctly with a valid value
c._set_enable_tls_client_auth(False)
self.assertEqual(False, c.settings.get('enable_tls_client_auth'))
c._set_enable_tls_client_auth(None)
self.assertEqual(True, c.settings.get('enable_tls_client_auth'))
c._set_enable_tls_client_auth(True)
self.assertEqual(True, c.settings.get('enable_tls_client_auth'))
# Test that a ConfigurationError is generated when setting the wrong
# value.
args = ('invalid', )
self.assertRaisesRegexp(
exceptions.ConfigurationError,
"The flag enabling the TLS certificate client auth flag check "
"must be a boolean.", c._set_enable_tls_client_auth, *args)
def test_set_port(self):
"""
Test that the port configuration property can be set correctly.
"""
c = config.KmipServerConfig()
c._logger = mock.MagicMock()
# Test that the setting is set correctly with a valid value.
c._set_port(5696)
self.assertIn('port', c.settings.keys())
self.assertEqual(5696, c.settings.get('port'))
# Test that a ConfigurationError is generated when setting the wrong
# value.
args = ('invalid', )
regex = "The port value must be an integer in the range 0 - 65535."
self.assertRaisesRegexp(
exceptions.ConfigurationError,
regex,
c._set_port,
*args
)
self.assertNotEqual('invalid', c.settings.get('port'))
args = (65536, )
regex = "The port value must be an integer in the range 0 - 65535."
self.assertRaisesRegexp(
exceptions.ConfigurationError,
regex,
c._set_port,
*args
)
self.assertNotEqual(65536, c.settings.get('port'))
def test_set_setting(self):
"""
Test that the right errors are raised and methods are called when
setting individual settings.
"""
c = config.KmipServerConfig()
c._set_auth_suite = mock.MagicMock()
c._set_ca_path = mock.MagicMock()
c._set_certificate_path = mock.MagicMock()
c._set_hostname = mock.MagicMock()
c._set_key_path = mock.MagicMock()
c._set_port = mock.MagicMock()
c._set_policy_path = mock.MagicMock()
c._set_enable_tls_client_auth = mock.MagicMock()
c._set_tls_cipher_suites = mock.MagicMock()
c._set_logging_level = mock.MagicMock()
c._set_database_path = mock.MagicMock()
# Test the right error is generated when setting an unsupported
# setting.
args = ('invalid', None)
regex = "Setting 'invalid' is not supported."
self.assertRaisesRegexp(exceptions.ConfigurationError, regex,
c.set_setting, *args)
# Test the right methods are called when setting supported settings.
c.set_setting('hostname', '127.0.0.1')
c._set_hostname.assert_called_once_with('127.0.0.1')
c.set_setting('port', 5696)
c._set_port.assert_called_once_with(5696)
c.set_setting('certificate_path', '/etc/pykmip/certs/server.crt')
c._set_certificate_path.assert_called_once_with(
'/etc/pykmip/certs/server.crt')
c.set_setting('key_path', '/etc/pykmip/certs/server.key')
c._set_key_path.assert_called_once_with('/etc/pykmip/certs/server.key')
c.set_setting('ca_path', '/etc/pykmip/certs/ca.crt')
c._set_ca_path.assert_called_once_with('/etc/pykmip/certs/ca.crt')
c.set_setting('auth_suite', 'Basic')
c._set_auth_suite.assert_called_once_with('Basic')
c.set_setting('policy_path', '/etc/pykmip/policies')
c._set_policy_path.assert_called_once_with('/etc/pykmip/policies')
c.set_setting('enable_tls_client_auth', False)
c._set_enable_tls_client_auth.assert_called_once_with(False)
c.set_setting('tls_cipher_suites', [])
c._set_tls_cipher_suites.assert_called_once_with([])
c.set_setting('logging_level', 'WARNING')
c._set_logging_level.assert_called_once_with('WARNING')
c.set_setting('database_path', '/var/pykmip/pykmip.db')
c._set_database_path.assert_called_once_with('/var/pykmip/pykmip.db')
def test_set_policy_path(self):
"""
Test that the policy_path configuration property can be set correctly.
"""
c = config.KmipServerConfig()
c._logger = mock.MagicMock()
self.assertNotIn('policy_path', c.settings.keys())
# Test that the setting is set correctly with a valid value.
with mock.patch('os.path.exists') as os_mock:
os_mock.return_value = True
c._set_policy_path('/test/path/policies')
self.assertIn('policy_path', c.settings.keys())
self.assertEqual(
'/test/path/policies',
c.settings.get('policy_path')
)
c._set_policy_path(None)
self.assertIn('policy_path', c.settings.keys())
self.assertEqual(None, c.settings.get('policy_path'))
# Test that a ConfigurationError is generated when setting the wrong
# value.
c._logger.reset_mock()
args = (1, )
self.assertRaises(
exceptions.ConfigurationError,
c._set_policy_path,
*args
)
self.assertNotEqual(1, c.settings.get('policy_path'))
def test_set_tls_cipher_suites_empty(self):
"""
Test that the tls_cipher_suites configuration property can be set
correctly with an empty value.
"""
c = config.KmipServerConfig()
c._logger = mock.MagicMock()
c._set_tls_cipher_suites(None)
self.assertEqual([], c.settings.get('tls_cipher_suites'))
def test_set_logging_level_enum(self):
"""
Test that the logging_level configuration property can be set
correctly with a value expected from the server constructor.
"""
c = config.KmipServerConfig()
c._logger = mock.MagicMock()
c._set_logging_level(logging.DEBUG)
self.assertEqual(logging.DEBUG, c.settings.get('logging_level'))
def test_init(self):
"""
Test that a KmipServerConfig object can be created without error.
"""
c = config.KmipServerConfig()
self.assertIn('enable_tls_client_auth', c.settings.keys())
self.assertEqual(True, c.settings.get('enable_tls_client_auth'))
self.assertIn('tls_cipher_suites', c.settings.keys())
self.assertEqual([], c.settings.get('tls_cipher_suites'))
def test_set_database_path_default(self):
"""
Test that the database_path configuration property can be set correctly
without specifying a value.
"""
c = config.KmipServerConfig()
c._logger = mock.MagicMock()
self.assertNotIn('database_path', c.settings.keys())
c._set_database_path(None)
self.assertIn('database_path', c.settings.keys())
self.assertEqual(None, c.settings.get('database_path'))
def test_set_logging_level_default(self):
"""
Test that the logging_level configuration property can be set
correctly without specifying a value.
"""
c = config.KmipServerConfig()
c._logger = mock.MagicMock()
c._set_logging_level(logging.DEBUG)
self.assertEqual(logging.DEBUG, c.settings.get('logging_level'))
c._set_logging_level(None)
self.assertEqual(logging.INFO, c.settings.get('logging_level'))
def test_set_tls_cipher_suites_invalid_list_value(self):
"""
Test that the right error is raised when an invalid list value is used
to set the tls_cipher_suites configuration property.
"""
c = config.KmipServerConfig()
c._logger = mock.MagicMock()
args = ([0], )
self.assertRaisesRegexp(
exceptions.ConfigurationError,
"The TLS cipher suites must be a set of strings representing "
"cipher suite names.", c._set_tls_cipher_suites, *args)
def test_set_database_path_invalid_value(self):
"""
Test that the right error is raised when an invalid value is used to
set the database_path configuration property.
"""
c = config.KmipServerConfig()
c._logger = mock.MagicMock()
self.assertNotIn('database_path', c.settings.keys())
args = (1, )
self.assertRaises(exceptions.ConfigurationError, c._set_database_path,
*args)
self.assertNotEqual(1, c.settings.get('database_path'))
def test_set_setting(self):
"""
Test that the right errors are raised and methods are called when
setting individual settings.
"""
c = config.KmipServerConfig()
c._set_auth_suite = mock.MagicMock()
c._set_ca_path = mock.MagicMock()
c._set_certificate_path = mock.MagicMock()
c._set_hostname = mock.MagicMock()
c._set_key_path = mock.MagicMock()
c._set_port = mock.MagicMock()
# Test the right error is generated when setting an unsupported
# setting.
args = ('invalid', None)
regex = "Setting 'invalid' is not supported."
self.assertRaisesRegexp(
exceptions.ConfigurationError,
regex,
c.set_setting,
*args
)
# Test the right methods are called when setting supported settings.
c.set_setting('hostname', '127.0.0.1')
c._set_hostname.assert_called_once_with('127.0.0.1')
c.set_setting('port', 5696)
c._set_port.assert_called_once_with(5696)
c.set_setting('certificate_path', '/etc/pykmip/certs/server.crt')
c._set_certificate_path.assert_called_once_with(
'/etc/pykmip/certs/server.crt'
)
c.set_setting('key_path', '/etc/pykmip/certs/server.key')
c._set_key_path.assert_called_once_with(
'/etc/pykmip/certs/server.key'
)
c.set_setting('ca_path', '/etc/pykmip/certs/ca.crt')
c._set_ca_path.assert_called_once_with('/etc/pykmip/certs/ca.crt')
c.set_setting('auth_suite', 'Basic')
c._set_auth_suite.assert_called_once_with('Basic')
def test_set_tls_cipher_suites(self):
"""
Test that the tls_cipher_suites configuration property can be set
correctly with a value expected from the config file.
"""
c = config.KmipServerConfig()
c._logger = mock.MagicMock()
c._set_tls_cipher_suites("""
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256
""")
self.assertEqual(2, len(c.settings.get('tls_cipher_suites')))
self.assertIn('TLS_RSA_WITH_AES_256_CBC_SHA256',
c.settings.get('tls_cipher_suites'))
self.assertIn('TLS_RSA_WITH_AES_128_CBC_SHA256',
c.settings.get('tls_cipher_suites'))
def test_set_database_path(self):
"""
Test that the database_path configuration property can be set
correctly.
"""
c = config.KmipServerConfig()
c._logger = mock.MagicMock()
self.assertNotIn('database_path', c.settings.keys())
with mock.patch('os.path.exists') as os_mock:
os_mock.return_value = True
c._set_database_path('/test/path/database.db')
self.assertIn('database_path', c.settings.keys())
self.assertEqual('/test/path/database.db',
c.settings.get('database_path'))
def test_parse_auth_settings_no_config(self):
"""
Test that server authentication plugin settings are parsed correctly,
even when not specified.
"""
parser = configparser.SafeConfigParser()
parser.add_section('server')
c = config.KmipServerConfig()
c._logger = mock.MagicMock()
self.assertEqual([], c.settings['auth_plugins'])
c.parse_auth_settings(parser)
configs = c.settings['auth_plugins']
self.assertIsInstance(configs, list)
self.assertEqual(0, len(configs))
def test_set_logging_level_invalid_value(self):
"""
Test that the right error is raised when an invalid value is used to
set the tls_cipher_suites configuration property.
"""
c = config.KmipServerConfig()
c._logger = mock.MagicMock()
args = (0, )
self.assertRaisesRegexp(
exceptions.ConfigurationError,
"The logging level must be a string representing a valid logging "
"level.", c._set_logging_level, *args)
args = ('invalid', )
self.assertRaisesRegexp(
exceptions.ConfigurationError,
"The logging level must be a string representing a valid logging "
"level.", c._set_logging_level, *args)
def test_set_hostname(self):
"""
Test that the hostname configuration property can be set correctly.
"""
c = config.KmipServerConfig()
c._logger = mock.MagicMock()
# Test that the setting is set correctly with a valid value.
c._set_hostname('127.0.0.1')
self.assertIn('hostname', c.settings.keys())
self.assertEqual('127.0.0.1', c.settings.get('hostname'))
# Test that a ConfigurationError is generated when setting the wrong
# value.
args = (0, )
regex = "The hostname value must be a string."
self.assertRaisesRegexp(exceptions.ConfigurationError, regex,
c._set_hostname, *args)
self.assertNotEqual(0, c.settings.get('hostname'))
def test_parse_auth_settings(self):
"""
Test that server authentication plugin settings are parsed correctly.
"""
parser = configparser.SafeConfigParser()
parser.add_section('server')
parser.add_section('auth:slugs')
parser.set('auth:slugs', 'enabled', 'True')
parser.set('auth:slugs', 'url', 'http://127.0.0.1:8080/slugs/')
parser.add_section('auth:ldap')
parser.set('auth:ldap', 'enabled', 'False')
parser.set('auth:ldap', 'url', 'http://127.0.0.1:8080/ldap/')
c = config.KmipServerConfig()
c._logger = mock.MagicMock()
self.assertEqual([], c.settings['auth_plugins'])
c.parse_auth_settings(parser)
configs = c.settings['auth_plugins']
self.assertIsInstance(configs, list)
self.assertEqual(2, len(configs))
for c in configs:
self.assertIsInstance(c, tuple)
self.assertEqual(2, len(c))
self.assertIn(c[0], ['auth:slugs', 'auth:ldap'])
self.assertIsInstance(c[1], dict)
if c[0] == 'auth:slugs':
self.assertIn('enabled', six.iterkeys(c[1]))
self.assertEqual('True', c[1]['enabled'])
self.assertIn('url', six.iterkeys(c[1]))
self.assertEqual('http://127.0.0.1:8080/slugs/', c[1]['url'])
elif c[0] == 'auth:ldap':
self.assertIn('enabled', six.iterkeys(c[1]))
self.assertEqual('False', c[1]['enabled'])
self.assertIn('url', six.iterkeys(c[1]))
self.assertEqual('http://127.0.0.1:8080/ldap/', c[1]['url'])
def test_parse_settings(self):
"""
Test that the right methods are called and the right errors generated
when parsing the configuration settings.
"""
c = config.KmipServerConfig()
c._logger = mock.MagicMock()
c._set_auth_suite = mock.MagicMock()
c._set_ca_path = mock.MagicMock()
c._set_certificate_path = mock.MagicMock()
c._set_hostname = mock.MagicMock()
c._set_key_path = mock.MagicMock()
c._set_port = mock.MagicMock()
c._set_policy_path = mock.MagicMock()
c._set_enable_tls_client_auth = mock.MagicMock()
c._set_tls_cipher_suites = mock.MagicMock()
c._set_logging_level = mock.MagicMock()
c._set_database_path = mock.MagicMock()
# Test that the right calls are made when correctly parsing settings.
parser = configparser.SafeConfigParser()
parser.add_section('server')
parser.set('server', 'hostname', '127.0.0.1')
parser.set('server', 'port', '5696')
parser.set('server', 'certificate_path', '/test/path/server.crt')
parser.set('server', 'key_path', '/test/path/server.key')
parser.set('server', 'ca_path', '/test/path/ca.crt')
parser.set('server', 'auth_suite', 'Basic')
parser.set('server', 'policy_path', '/test/path/policies')
parser.set('server', 'enable_tls_client_auth', 'False')
parser.set('server', 'tls_cipher_suites',
"\n TLS_RSA_WITH_AES_256_CBC_SHA256")
parser.set('server', 'logging_level', 'ERROR')
parser.set('server', 'database_path', '/var/pykmip/pykmip.db')
c._parse_settings(parser)
c._set_hostname.assert_called_once_with('127.0.0.1')
c._set_port.assert_called_once_with(5696)
c._set_certificate_path.assert_called_once_with(
'/test/path/server.crt')
c._set_key_path.assert_called_once_with('/test/path/server.key')
c._set_ca_path.assert_called_once_with('/test/path/ca.crt')
c._set_auth_suite.assert_called_once_with('Basic')
c._set_policy_path.assert_called_once_with('/test/path/policies')
c._set_enable_tls_client_auth.assert_called_once_with(False)
c._set_tls_cipher_suites.assert_called_once_with(
"\n TLS_RSA_WITH_AES_256_CBC_SHA256")
c._set_logging_level.assert_called_once_with('ERROR')
c._set_database_path.assert_called_once_with('/var/pykmip/pykmip.db')
# Test that a ConfigurationError is generated when the expected
# section is missing.
parser = configparser.SafeConfigParser()
args = (parser, )
regex = (
"The server configuration file does not have a 'server' section.")
self.assertRaisesRegexp(exceptions.ConfigurationError, regex,
c._parse_settings, *args)
# Test that a ConfigurationError is generated when an unexpected
# setting is provided.
parser = configparser.SafeConfigParser()
parser.add_section('server')
parser.set('server', 'invalid', 'invalid')
args = (parser, )
regex = (
"Setting 'invalid' is not a supported setting. Please remove it "
"from the configuration file.")
self.assertRaisesRegexp(exceptions.ConfigurationError, regex,
c._parse_settings, *args)
# Test that a ConfigurationError is generated when an expected
# setting is missing.
parser = configparser.SafeConfigParser()
parser.add_section('server')
args = (parser, )
regex = ("Setting 'hostname' is missing from the configuration file.")
self.assertRaisesRegexp(exceptions.ConfigurationError, regex,
c._parse_settings, *args)
# Test that a ConfigurationError is generated when an expected
# setting is missing.
parser = configparser.SafeConfigParser()
parser.add_section('server')
args = (parser, )
regex = ("Setting 'hostname' is missing from the configuration file.")
self.assertRaisesRegexp(exceptions.ConfigurationError, regex,
c._parse_settings, *args)
def test_init(self):
"""
Test that a KmipServerConfig object can be created without error.
"""
config.KmipServerConfig()
def test_parse_settings(self):
"""
Test that the right methods are called and the right errors generated
when parsing the configuration settings.
"""
c = config.KmipServerConfig()
c._logger = mock.MagicMock()
c._set_auth_suite = mock.MagicMock()
c._set_ca_path = mock.MagicMock()
c._set_certificate_path = mock.MagicMock()
c._set_hostname = mock.MagicMock()
c._set_key_path = mock.MagicMock()
c._set_port = mock.MagicMock()
# Test that the right calls are made when correctly parsing settings.
parser = configparser.SafeConfigParser()
parser.add_section('server')
parser.set('server', 'hostname', '127.0.0.1')
parser.set('server', 'port', '5696')
parser.set('server', 'certificate_path', '/test/path/server.crt')
parser.set('server', 'key_path', '/test/path/server.key')
parser.set('server', 'ca_path', '/test/path/ca.crt')
parser.set('server', 'auth_suite', 'Basic')
c._parse_settings(parser)
c._set_hostname.assert_called_once_with('127.0.0.1')
c._set_port.assert_called_once_with(5696)
c._set_certificate_path.assert_called_once_with(
'/test/path/server.crt'
)
c._set_key_path.assert_called_once_with('/test/path/server.key')
c._set_ca_path.assert_called_once_with('/test/path/ca.crt')
c._set_auth_suite.assert_called_once_with('Basic')
# Test that a ConfigurationError is generated when the expected
# section is missing.
parser = configparser.SafeConfigParser()
args = (parser, )
regex = (
"The server configuration file does not have a 'server' section."
)
self.assertRaisesRegexp(
exceptions.ConfigurationError,
regex,
c._parse_settings,
*args
)
# Test that a ConfigurationError is generated when an unexpected
# setting is provided.
parser = configparser.SafeConfigParser()
parser.add_section('server')
parser.set('server', 'invalid', 'invalid')
args = (parser, )
regex = (
"Setting 'invalid' is not a supported setting. Please remove it "
"from the configuration file."
)
self.assertRaisesRegexp(
exceptions.ConfigurationError,
regex,
c._parse_settings,
*args
)
# Test that a ConfigurationError is generated when an expected
# setting is missing.
parser = configparser.SafeConfigParser()
parser.add_section('server')
args = (parser, )
regex = (
"Setting 'hostname' is missing from the configuration file."
)
self.assertRaisesRegexp(
exceptions.ConfigurationError,
regex,
c._parse_settings,
*args
)
# Test that a ConfigurationError is generated when an expected
# setting is missing.
parser = configparser.SafeConfigParser()
parser.add_section('server')
args = (parser, )
regex = (
"Setting 'hostname' is missing from the configuration file."
)
self.assertRaisesRegexp(
exceptions.ConfigurationError,
regex,
c._parse_settings,
*args
)
def __init__(self,
hostname=None,
port=None,
certificate_path=None,
key_path=None,
ca_path=None,
auth_suite=None,
config_path='/etc/pykmip/server.conf',
log_path='/var/log/pykmip/server.log',
policy_path=None,
enable_tls_client_auth=None,
tls_cipher_suites=None,
logging_level=None,
live_policies=False,
database_path=None):
"""
Create a KmipServer.
Settings are loaded initially from the configuration file located at
config_path, if specified. All other configuration options listed
below, if specified, will override the settings loaded from the
configuration file.
A rotating file logger will be set up with the base log file located
at log_path. The server itself will handle rotating the log files as
the logs grow. The server process must have permission to read/write
to the specified log directory.
The main KmipEngine request processor is created here, along with all
information required to manage KMIP client connections and sessions.
Args:
hostname (string): The host address the server will be bound to
(e.g., '127.0.0.1'). Optional, defaults to None.
port (int): The port number the server will be bound to
(e.g., 5696). Optional, defaults to None.
certificate_path (string): The path to the server certificate file
(e.g., '/etc/pykmip/certs/server.crt'). Optional, defaults to
None.
key_path (string): The path to the server certificate key file
(e.g., '/etc/pykmip/certs/server.key'). Optional, defaults to
None.
ca_path (string): The path to the certificate authority (CA)
certificate file (e.g., '/etc/pykmip/certs/ca.crt'). Optional,
defaults to None.
auth_suite (string): A string value indicating the type of
authentication suite to use for establishing TLS connections.
Accepted values are: 'Basic', 'TLS1.2'. Optional, defaults to
None.
config_path (string): The path to the server configuration file
(e.g., '/etc/pykmip/server.conf'). Optional, defaults to
'/etc/pykmip/server.conf'.
log_path (string): The path to the base server log file
(e.g., '/var/log/pykmip/server.log'). Optional, defaults to
'/var/log/pykmip/server.log'.
policy_path (string): The path to the filesystem directory
containing PyKMIP server operation policy JSON files.
Optional, defaults to None.
enable_tls_client_auth (boolean): A boolean indicating if the TLS
certificate client auth flag should be required for client
certificates when establishing a new client session. Optional,
defaults to None.
tls_cipher_suites (string): A comma-delimited list of cipher suite
names (e.g., TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_
128_CBC_SHA256), indicating which specific cipher suites should
be used by the server when establishing a TLS connection with
a client. Optional, defaults to None. If None, the default set
of TLS cipher suites will be used.
logging_level (string): A logging level enumeration defined by the
logging package (e.g., DEBUG, INFO). Sets the base logging
level for the server. All log messages logged at this level or
higher in criticality will be logged. All log messages lower
in criticality will not be logged. Optional, defaults to None.
live_policies (boolean): A boolean indicating if the operation
policy directory should be actively monitored to autoload any
policy changes while the server is running. Optional, defaults
to False.
database_path (string): The path to the server's SQLite database
file. Optional, defaults to None.
"""
self._logger = logging.getLogger('kmip.server')
self._setup_logging(log_path)
self.config = config.KmipServerConfig()
self._setup_configuration(config_path, hostname, port,
certificate_path, key_path, ca_path,
auth_suite, policy_path,
enable_tls_client_auth, tls_cipher_suites,
logging_level, database_path)
self.live_policies = live_policies
self.policies = {}
self._logger.setLevel(self.config.settings.get('logging_level'))
cipher_suites = self.config.settings.get('tls_cipher_suites')
if self.config.settings.get('auth_suite') == 'TLS1.2':
self.auth_suite = auth.TLS12AuthenticationSuite(cipher_suites)
else:
self.auth_suite = auth.BasicAuthenticationSuite(cipher_suites)
self._session_id = 1
self._is_serving = False
def __init__(self,
hostname=None,
port=None,
certificate_path=None,
key_path=None,
ca_path=None,
auth_suite=None,
config_path='/etc/pykmip/server.conf',
log_path='/var/log/pykmip/server.log',
policy_path=None):
"""
Create a KmipServer.
Settings are loaded initially from the configuration file located at
config_path, if specified. All other configuration options listed
below, if specified, will override the settings loaded from the
configuration file.
A rotating file logger will be set up with the base log file located
at log_path. The server itself will handle rotating the log files as
the logs grow. The server process must have permission to read/write
to the specified log directory.
The main KmipEngine request processor is created here, along with all
information required to manage KMIP client connections and sessions.
Args:
hostname (string): The host address the server will be bound to
(e.g., '127.0.0.1'). Optional, defaults to None.
port (int): The port number the server will be bound to
(e.g., 5696). Optional, defaults to None.
certificate_path (string): The path to the server certificate file
(e.g., '/etc/pykmip/certs/server.crt'). Optional, defaults to
None.
key_path (string): The path to the server certificate key file
(e.g., '/etc/pykmip/certs/server.key'). Optional, defaults to
None.
ca_path (string): The path to the certificate authority (CA)
certificate file (e.g., '/etc/pykmip/certs/ca.crt'). Optional,
defaults to None.
auth_suite (string): A string value indicating the type of
authentication suite to use for establishing TLS connections.
Accepted values are: 'Basic', 'TLS1.2'. Optional, defaults to
None.
config_path (string): The path to the server configuration file
(e.g., '/etc/pykmip/server.conf'). Optional, defaults to
'/etc/pykmip/server.conf'.
log_path (string): The path to the base server log file
(e.g., '/var/log/pykmip/server.log'). Optional, defaults to
'/var/log/pykmip/server.log'.
policy_path (string): The path to the filesystem directory
containing PyKMIP server operation policy JSON files.
Optional, defaults to None.
"""
self._logger = logging.getLogger('kmip.server')
self._setup_logging(log_path)
self.config = config.KmipServerConfig()
self._setup_configuration(config_path, hostname, port,
certificate_path, key_path, ca_path,
auth_suite, policy_path)
if self.config.settings.get('auth_suite') == 'TLS1.2':
self.auth_suite = auth.TLS12AuthenticationSuite()
else:
self.auth_suite = auth.BasicAuthenticationSuite()
self._engine = engine.KmipEngine(
self.config.settings.get('policy_path'))
self._session_id = 1
self._is_serving = False
