コード例 #1
0
def delete_certificates_from_bay(bay):
    """Delete ca cert and magnum client cert from bay

    :param bay: The bay which has certs
    """
    for cert_ref in [bay.ca_cert_ref, bay.magnum_cert_ref]:
        try:
            if cert_ref:
                cert_manager.get_backend().CertManager.delete_cert(cert_ref)
        except Exception:
            LOG.warn(_LW("Deleting cert is failed: %s") % cert_ref)
コード例 #2
0
ファイル: cert_manager.py プロジェクト: AvnishPal/magnum
def delete_certificates_from_bay(bay, context=None):
    """Delete ca cert and magnum client cert from bay

    :param bay: The bay which has certs
    """
    for cert_ref in ['ca_cert_ref', 'magnum_cert_ref']:
        try:
            cert_ref = getattr(bay, cert_ref, None)
            if cert_ref:
                cert_manager.get_backend().CertManager.delete_cert(
                    cert_ref, resource_ref=bay.uuid, context=context)
        except Exception:
            LOG.warning(_LW("Deleting certs is failed for Bay %s"), bay.uuid)
コード例 #3
0
ファイル: cert_manager.py プロジェクト: vikomall/magnum
def delete_certificates_from_bay(bay, context=None):
    """Delete ca cert and magnum client cert from bay

    :param bay: The bay which has certs
    """
    for cert_ref in ['ca_cert_ref', 'magnum_cert_ref']:
        try:
            cert_ref = getattr(bay, cert_ref, None)
            if cert_ref:
                cert_manager.get_backend().CertManager.delete_cert(
                    cert_ref, resource_ref=bay.uuid, context=context)
        except Exception:
            LOG.warning(_LW("Deleting certs is failed for Bay %s"), bay.uuid)
コード例 #4
0
def delete_certificates_from_cluster(cluster, context=None):
    """Delete ca cert and magnum client cert from cluster

    :param cluster: The cluster which has certs
    """
    for cert_ref in ['ca_cert_ref', 'magnum_cert_ref']:
        try:
            cert_ref = getattr(cluster, cert_ref, None)
            if cert_ref:
                cert_manager.get_backend().CertManager.delete_cert(
                    cert_ref, resource_ref=cluster.uuid, context=context)
        except Exception:
            LOG.warning(_LW("Deleting certs is failed for Cluster %s"),
                        cluster.uuid)
コード例 #5
0
ファイル: cert_manager.py プロジェクト: ragnaray/magnum
def delete_certificates_from_cluster(cluster, context=None):
    """Delete ca cert and magnum client cert from cluster

    :param cluster: The cluster which has certs
    """
    for cert_ref in ['ca_cert_ref', 'magnum_cert_ref']:
        try:
            cert_ref = getattr(cluster, cert_ref, None)
            if cert_ref:
                cert_manager.get_backend().CertManager.delete_cert(
                    cert_ref, resource_ref=cluster.uuid, context=context)
        except Exception:
            LOG.warning("Deleting certs is failed for Cluster %s",
                        cluster.uuid)
コード例 #6
0
ファイル: cert_manager.py プロジェクト: leader716/magnum
def sign_node_certificate(bay, csr):
    ca_cert = cert_manager.get_backend().CertManager.get_cert(
        bay.ca_cert_ref, resource_ref=bay.uuid)

    node_cert = x509.sign(csr, bay.name, ca_cert.get_private_key(),
                          ca_cert.get_private_key_passphrase())
    return node_cert
コード例 #7
0
def get_bay_magnum_cert(bay):
    magnum_cert = cert_manager.get_backend().CertManager.get_cert(
        bay.magnum_cert_ref,
        resource_ref=bay.uuid
    )

    return magnum_cert
コード例 #8
0
ファイル: cert_manager.py プロジェクト: AvnishPal/magnum
def _generate_client_cert(issuer_name, ca_cert, ca_password, context=None):
    """Generate and store magnum_client_cert

    :param issuer_name: CA subject name
    :param ca_cert: CA certificate
    :param ca_password: CA private key password
    :returns: Magnum client cert uuid
    """
    client_password = short_id.generate_id()
    client_cert = x509.generate_client_certificate(
        issuer_name,
        CONDUCTOR_CLIENT_NAME,
        ca_cert['private_key'],
        encryption_password=client_password,
        ca_key_password=ca_password,
    )
    magnum_cert_ref = cert_manager.get_backend().CertManager.store_cert(
        certificate=client_cert['certificate'],
        private_key=client_cert['private_key'],
        private_key_passphrase=client_password,
        name=CONDUCTOR_CLIENT_NAME,
        context=context
    )
    LOG.debug('Magnum client cert is created: %s', magnum_cert_ref)
    return magnum_cert_ref
コード例 #9
0
ファイル: cert_manager.py プロジェクト: baikai/magnum
def get_bay_magnum_cert(bay):
    magnum_cert = cert_manager.get_backend().CertManager.get_cert(
        bay.magnum_cert_ref,
        resource_ref=bay.uuid
    )

    return magnum_cert
コード例 #10
0
ファイル: cert_manager.py プロジェクト: ragnaray/magnum
def _generate_client_cert(issuer_name, ca_cert, ca_password, context=None):
    """Generate and store magnum_client_cert

    :param issuer_name: CA subject name
    :param ca_cert: CA certificate
    :param ca_password: CA private key password
    :returns: Magnum client cert uuid
    """
    client_password = short_id.generate_id()
    # TODO(strigazi): set subject name and organization per driver
    # For RBAC kubernetes cluster we need the client to have:
    # subject_name: admin
    # organization_name system:masters
    # Non kubernetes drivers are not using the certificates fields
    # for authorization
    subject_name = 'admin'
    organization_name = 'system:masters'
    client_cert = x509.generate_client_certificate(
        issuer_name,
        subject_name,
        organization_name,
        ca_cert['private_key'],
        encryption_password=client_password,
        ca_key_password=ca_password,
    )
    magnum_cert_ref = cert_manager.get_backend().CertManager.store_cert(
        certificate=client_cert['certificate'],
        private_key=client_cert['private_key'],
        private_key_passphrase=client_password,
        name=CONDUCTOR_CLIENT_NAME,
        context=context
    )
    LOG.debug('Magnum client cert is created: %s', magnum_cert_ref)
    return magnum_cert_ref
コード例 #11
0
ファイル: cert_manager.py プロジェクト: Tennyson53/magnum
def get_bay_ca_certificate(bay):
    ca_cert = cert_manager.get_backend().CertManager.get_cert(
        bay.ca_cert_ref,
        resource_ref=bay.uuid
    )

    return ca_cert.get_certificate()
コード例 #12
0
def _generate_client_cert(issuer_name, ca_cert, ca_password, context=None):
    """Generate and store magnum_client_cert

    :param issuer_name: CA subject name
    :param ca_cert: CA certificate
    :param ca_password: CA private key password
    :returns: Magnum client cert uuid
    """
    client_password = short_id.generate_id()
    # TODO(strigazi): set subject name and organization per driver
    # For RBAC kubernetes cluster we need the client to have:
    # subject_name: admin
    # organization_name system:masters
    # Non kubernetes drivers are not using the certificates fields
    # for authorization
    subject_name = 'admin'
    organization_name = 'system:masters'
    client_cert = x509.generate_client_certificate(
        issuer_name,
        subject_name,
        organization_name,
        ca_cert['private_key'],
        encryption_password=client_password,
        ca_key_password=ca_password,
    )
    magnum_cert_ref = cert_manager.get_backend().CertManager.store_cert(
        certificate=client_cert['certificate'],
        private_key=client_cert['private_key'],
        private_key_passphrase=client_password,
        name=CONDUCTOR_CLIENT_NAME,
        context=context)
    LOG.debug('Magnum client cert is created: %s', magnum_cert_ref)
    return magnum_cert_ref
コード例 #13
0
def get_bay_ca_certificate(bay):
    ca_cert = cert_manager.get_backend().CertManager.get_cert(
        bay.ca_cert_ref,
        resource_ref=bay.uuid
    )

    return ca_cert
コード例 #14
0
ファイル: cert_manager.py プロジェクト: wirespecter/magnum
def get_cluster_magnum_cert(cluster, context=None):
    magnum_cert = cert_manager.get_backend().CertManager.get_cert(
        cluster.magnum_cert_ref,
        resource_ref=cluster.uuid,
        context=context
    )

    return magnum_cert
コード例 #15
0
ファイル: cert_manager.py プロジェクト: wirespecter/magnum
def get_cluster_ca_certificate(cluster, context=None):
    ca_cert = cert_manager.get_backend().CertManager.get_cert(
        cluster.ca_cert_ref,
        resource_ref=cluster.uuid,
        context=context
    )

    return ca_cert
コード例 #16
0
ファイル: cert_manager.py プロジェクト: AvnishPal/magnum
def get_bay_magnum_cert(bay, context=None):
    magnum_cert = cert_manager.get_backend().CertManager.get_cert(
        bay.magnum_cert_ref,
        resource_ref=bay.uuid,
        context=context
    )

    return magnum_cert
コード例 #17
0
def sign_node_certificate(cluster, csr, context=None):
    ca_cert = cert_manager.get_backend().CertManager.get_cert(
        cluster.ca_cert_ref, resource_ref=cluster.uuid, context=context)

    node_cert = x509.sign(csr, _get_issuer_name(cluster),
                          ca_cert.get_private_key(),
                          ca_cert.get_private_key_passphrase())
    return node_cert
コード例 #18
0
ファイル: cert_manager.py プロジェクト: ragnaray/magnum
def get_cluster_magnum_cert(cluster, context=None):
    magnum_cert = cert_manager.get_backend().CertManager.get_cert(
        cluster.magnum_cert_ref,
        resource_ref=cluster.uuid,
        context=context
    )

    return magnum_cert
コード例 #19
0
ファイル: cert_manager.py プロジェクト: ragnaray/magnum
def get_cluster_ca_certificate(cluster, context=None):
    ca_cert = cert_manager.get_backend().CertManager.get_cert(
        cluster.ca_cert_ref,
        resource_ref=cluster.uuid,
        context=context
    )

    return ca_cert
コード例 #20
0
ファイル: cert_manager.py プロジェクト: AvnishPal/magnum
def get_bay_ca_certificate(bay, context=None):
    ca_cert = cert_manager.get_backend().CertManager.get_cert(
        bay.ca_cert_ref,
        resource_ref=bay.uuid,
        context=context
    )

    return ca_cert
コード例 #21
0
ファイル: cert_manager.py プロジェクト: Tennyson53/magnum
def sign_node_certificate(bay, csr):
    ca_cert = cert_manager.get_backend().CertManager.get_cert(
        bay.ca_cert_ref,
        resource_ref=bay.uuid
    )

    node_cert = x509.sign(csr, bay.name, ca_cert.get_private_key(),
                          ca_cert.get_private_key_passphrase())
    return node_cert
コード例 #22
0
ファイル: cert_manager.py プロジェクト: stackhpc/magnum
def get_cluster_ca_certificate(cluster, context=None, ca_cert_type=None):
    ref = cluster.ca_cert_ref
    if ca_cert_type == "etcd":
        ref = cluster.etcd_ca_cert_ref
    elif ca_cert_type in ["front_proxy", "front-proxy"]:
        ref = cluster.front_proxy_ca_cert_ref

    ca_cert = cert_manager.get_backend().CertManager.get_cert(
        ref, resource_ref=cluster.uuid, context=context)

    return ca_cert
コード例 #23
0
ファイル: cert_manager.py プロジェクト: ragnaray/magnum
def sign_node_certificate(cluster, csr, context=None):
    ca_cert = cert_manager.get_backend().CertManager.get_cert(
        cluster.ca_cert_ref,
        resource_ref=cluster.uuid,
        context=context
    )

    node_cert = x509.sign(csr,
                          _get_issuer_name(cluster),
                          ca_cert.get_private_key(),
                          ca_cert.get_private_key_passphrase())
    return node_cert
コード例 #24
0
ファイル: k8s_api.py プロジェクト: leader716/magnum
    def _create_certificate_files(self, bay):
        """Read certificate and key for a bay and stores in files.

        :param bay: Bay object
        """
        magnum_cert_obj = cert_manager.get_backend().CertManager.get_cert(
            bay.magnum_cert_ref, resource_ref=bay.uuid)
        self.cert_file = self._create_temp_file_with_content(
            magnum_cert_obj.get_certificate())
        private_key = serialization.load_pem_private_key(
            magnum_cert_obj.get_private_key(),
            password=magnum_cert_obj.get_private_key_passphrase(),
            backend=default_backend(),
        )
        private_key = private_key.private_bytes(
            encoding=serialization.Encoding.PEM,
            format=serialization.PrivateFormat.PKCS8,
            encryption_algorithm=serialization.NoEncryption())
        self.key_file = self._create_temp_file_with_content(private_key)
        ca_cert_obj = cert_manager.get_backend().CertManager.get_cert(
            bay.ca_cert_ref, resource_ref=bay.uuid)
        self.ca_file = self._create_temp_file_with_content(
            ca_cert_obj.get_certificate())
コード例 #25
0
ファイル: cert_manager.py プロジェクト: stackhpc/magnum
def sign_node_certificate(cluster, csr, ca_cert_type=None, context=None):
    ref = cluster.ca_cert_ref
    if ca_cert_type == "etcd":
        ref = cluster.etcd_ca_cert_ref
    elif ca_cert_type in ["front_proxy", "front-proxy"]:
        ref = cluster.front_proxy_ca_cert_ref

    ca_cert = cert_manager.get_backend().CertManager.get_cert(
        ref, resource_ref=cluster.uuid, context=context)

    node_cert = x509.sign(csr, _get_issuer_name(cluster),
                          ca_cert.get_private_key(),
                          ca_cert.get_private_key_passphrase())
    return node_cert
コード例 #26
0
ファイル: k8s_api.py プロジェクト: viperf/magnum
    def _create_certificate_files(self, bay):
        """Read certificate and key for a bay and stores in files.

        :param bay: Bay object
        """
        magnum_cert_obj = cert_manager.get_backend().CertManager.get_cert(
            bay.magnum_cert_ref, resource_ref=bay.uuid)
        self.cert_file = self._create_temp_file_with_content(
            magnum_cert_obj.get_certificate())
        private_key = serialization.load_pem_private_key(
            magnum_cert_obj.get_private_key(),
            password=magnum_cert_obj.get_private_key_passphrase(),
            backend=default_backend(),
        )
        private_key = private_key.private_bytes(
            encoding=serialization.Encoding.PEM,
            format=serialization.PrivateFormat.PKCS8,
            encryption_algorithm=serialization.NoEncryption())
        self.key_file = self._create_temp_file_with_content(
            private_key)
        ca_cert_obj = cert_manager.get_backend().CertManager.get_cert(
            bay.ca_cert_ref, resource_ref=bay.uuid)
        self.ca_file = self._create_temp_file_with_content(
            ca_cert_obj.get_certificate())
コード例 #27
0
ファイル: cert_manager.py プロジェクト: leader716/magnum
def _generate_ca_cert(issuer_name):
    """Generate and store ca_cert

    :param issuer_name: CA subject name
    :returns: CA cert uuid and CA cert, CA private key password
    """
    ca_password = short_id.generate_id()
    ca_cert = x509.generate_ca_certificate(issuer_name,
                                           encryption_password=ca_password)
    ca_cert_ref = cert_manager.get_backend().CertManager.store_cert(
        certificate=ca_cert['certificate'],
        private_key=ca_cert['private_key'],
        private_key_passphrase=ca_password,
        name=issuer_name,
    )
    LOG.debug('CA cert is created: %s' % ca_cert_ref)
    return ca_cert_ref, ca_cert, ca_password
コード例 #28
0
ファイル: cert_manager.py プロジェクト: Tennyson53/magnum
def _generate_ca_cert(issuer_name):
    """Generate and store ca_cert

    :param issuer_name: CA subject name
    :returns: CA cert uuid and CA cert, CA private key password
    """
    ca_password = short_id.generate_id()
    ca_cert = x509.generate_ca_certificate(issuer_name,
                                           encryption_password=ca_password)
    ca_cert_ref = cert_manager.get_backend().CertManager.store_cert(
        certificate=ca_cert['certificate'],
        private_key=ca_cert['private_key'],
        private_key_passphrase=ca_password,
        name=issuer_name,
    )
    LOG.debug('CA cert is created: %s' % ca_cert_ref)
    return ca_cert_ref, ca_cert, ca_password
コード例 #29
0
def _generate_client_cert(issuer_name, ca_cert, ca_password, context=None):
    """Generate and store magnum_client_cert

    :param issuer_name: CA subject name
    :param ca_cert: CA certificate
    :param ca_password: CA private key password
    :returns: Magnum client cert uuid
    """
    client_password = short_id.generate_id()
    client_cert = x509.generate_client_certificate(
        issuer_name,
        CONDUCTOR_CLIENT_NAME,
        ca_cert['private_key'],
        encryption_password=client_password,
        ca_key_password=ca_password,
    )
    magnum_cert_ref = cert_manager.get_backend().CertManager.store_cert(
        certificate=client_cert['certificate'],
        private_key=client_cert['private_key'],
        private_key_passphrase=client_password,
        name=CONDUCTOR_CLIENT_NAME,
        context=context)
    LOG.debug('Magnum client cert is created: %s', magnum_cert_ref)
    return magnum_cert_ref
コード例 #30
0
ファイル: cert_manager.py プロジェクト: vikomall/magnum
def get_bay_magnum_cert(bay, context=None):
    magnum_cert = cert_manager.get_backend().CertManager.get_cert(
        bay.magnum_cert_ref, resource_ref=bay.uuid, context=context)

    return magnum_cert
コード例 #31
0
def get_bay_ca_certificate(bay):
    ca_cert = cert_manager.get_backend().CertManager.get_cert(bay.ca_cert_ref)
    return ca_cert.get_certificate()
コード例 #32
0
 def test_local_cert_manager(self):
     fixture.Config().config(group='certificates',
                             cert_manager_type='local')
     self.assertEqual(get_backend().CertManager, lcm.CertManager)
コード例 #33
0
ファイル: cert_manager.py プロジェクト: vikomall/magnum
def get_bay_ca_certificate(bay, context=None):
    ca_cert = cert_manager.get_backend().CertManager.get_cert(
        bay.ca_cert_ref, resource_ref=bay.uuid, context=context)

    return ca_cert
コード例 #34
0
 def test_barbican_cert_manager(self):
     fixture.Config().config(group='certificates',
                             cert_manager_type='barbican')
     self.assertEqual(get_backend().CertManager, bcm.CertManager)
コード例 #35
0
ファイル: test_cert_manager.py プロジェクト: Gobella/magnum
 def test_barbican_cert_manager(self):
     fixture.Config().config(group='certificates',
                             cert_manager_type='barbican')
     self.assertEqual(get_backend().CertManager,
                      bcm.CertManager)
コード例 #36
0
ファイル: test_cert_manager.py プロジェクト: Gobella/magnum
 def test_local_cert_manager(self):
     fixture.Config().config(group='certificates',
                             cert_manager_type='local')
     self.assertEqual(get_backend().CertManager,
                      lcm.CertManager)