def _print_version(ctx, param, value):
from hyperglass_agent import __version__
if not value or ctx.resilient_parsing:
return
label("hyperglass-agent version: {v}", v=__version__)
ctx.exit()
def _generate_cert(name: str, org: str, duration: int, size: int, show: bool,
get: bool):
"""Generate SSL certificate keypair."""
from hyperglass_agent.cli.actions import write_cert, find_app_path
if get:
app_path = find_app_path()
cert_path = app_path / "agent_cert.pem"
if not cert_path.exists():
warning("Certificate & key files have not been generated.")
do_gen = confirm(
style("Would you like to generate them now?", **WARNING))
if not do_gen:
error("Certificate & key files do not yet exist.")
else:
write_cert(name=name,
org=org,
duration=duration,
starttime=CERT_START,
size=size,
show=show)
else:
with cert_path.open("r") as f:
cert = f.read()
label(f"Public Key:\n\n{cert}")
else:
write_cert(name=name,
org=org,
duration=duration,
starttime=CERT_START,
size=size,
show=show)
def gen_cert(name, org, duration, size, show, get):
"""Generate SSL certificate keypair.
Arguments:
name {str} -- Common Name
org {str} -- Organization
duration -- Validity in years
size {int} -- Key Size
show {bool} -- Show private key in CLI
"""
from hyperglass_agent.cli.actions import write_cert, find_app_path
if get:
app_path = find_app_path()
cert_path = app_path / "agent_cert.pem"
if not cert_path.exists():
warning("Certificate & key files have not been generated.")
do_gen = confirm(
style("Would you like to generate them now?", **WARNING))
if not do_gen:
error("Certificate & key files do not yet exist.")
else:
write_cert(name=name,
org=org,
duration=duration,
size=size,
show=show)
else:
with cert_path.open("r") as f:
cert = f.read()
label(f"Public Key:\n\n{cert}")
else:
write_cert(name=name, org=org, duration=duration, size=size, show=show)
def write_cert(name: str, org: str, duration: int, starttime: str, size: int,
show: bool) -> None:
"""Generate SSL certificate keypair."""
app_path = find_app_path()
cert_path = app_path / "agent_cert.pem"
key_path = app_path / "agent_key.pem"
start = starttime
end = start + timedelta(days=duration * 365)
label("Hostname: {cn}", cn=name)
status("""
A self-signed certificate with the above hostname as the common name
attribute will be generated. This hostname must be resolvable by
hyperglass via either DNS or a host file, and must match the device's
`address:` field in hyperglass's devices.yaml.""")
use_name = confirm("Is this the correct hostname?", default=True)
if not use_name:
name = prompt("Please enter the correct hostname", type=str)
all_ips = [f"{a} [{i}]" for i, a in get_addresses()]
status("""
hyperglass-agent adds any IP addresses reachable by hyperglass as
subject alternative names to the SSL certificate. Please select any IP
addresses over which hyperglass may communicate with hyperglass-agent.""")
ips = [Checkbox("ips", message="Select IPs", choices=all_ips)]
selected = [i.split("[")[0].strip() for i in inquire(ips)["ips"]]
selected_ips = [ip_address(i) for i in selected]
cert, key = make_cert(cn=name,
sans=selected_ips,
o=org,
start=start,
end=end,
size=size)
if show:
info(f'Public Key:\n{cert.decode("utf8")}')
info(f'Private Key:\n{key.decode("utf8")}')
with cert_path.open("wb") as cf:
cf.write(cert)
if not cert_path.exists():
error("Error writing public key to {f}", f=cert_path.absolute())
success("Wrote public key to: {f}", f=cert_path.absolute())
with key_path.open("wb") as kf:
kf.write(key)
if not key_path.exists():
error("Error writing private key to {f}", f=key_path.absolute())
success("Wrote private key to: {f}", f=key_path.absolute())
def generate_secret(length):
"""Generate a secret for JWT encoding.
Arguments:
length {int} -- Secret character length
"""
import secrets
gen_secret = secrets.token_urlsafe(length)
label("Secret: {s}", s=gen_secret)
def generate_secret(length: int = 32) -> str:
"""Generate a secret for JWT encoding."""
import secrets
gen_secret = secrets.token_urlsafe(length)
status("""
This secret will be used to encrypt & decrypt the communication between
hyperglass and hyperglass-agent. Before proceeding any further, please
add the secret to the `password:` field of the device's configuration in
hyperglass's devices.yaml file, and restart hyperglass.
""")
label("Secret: {s}", s=gen_secret)
done = confirm(
"Press enter once complete...",
default=True,
prompt_suffix="",
show_default=False,
)
if done: # noqa: R503
return gen_secret
