예제 #1
0
def _generate_client_cert(issuer_name, ca_cert, ca_password, context=None):
    """Generate and store magnum_client_cert

    :param issuer_name: CA subject name
    :param ca_cert: CA certificate
    :param ca_password: CA private key password
    :returns: Magnum client cert uuid
    """
    client_password = short_id.generate_id()
    # TODO(strigazi): set subject name and organization per driver
    # For RBAC kubernetes cluster we need the client to have:
    # subject_name: admin
    # organization_name system:masters
    # Non kubernetes drivers are not using the certificates fields
    # for authorization
    subject_name = 'admin'
    organization_name = 'system:masters'
    client_cert = x509.generate_client_certificate(
        issuer_name,
        subject_name,
        organization_name,
        ca_cert['private_key'],
        encryption_password=client_password,
        ca_key_password=ca_password,
    )
    magnum_cert_ref = cert_manager.get_backend().CertManager.store_cert(
        certificate=client_cert['certificate'],
        private_key=client_cert['private_key'],
        private_key_passphrase=client_password,
        name=CONDUCTOR_CLIENT_NAME,
        context=context
    )
    LOG.debug('Magnum client cert is created: %s', magnum_cert_ref)
    return magnum_cert_ref
예제 #2
0
def _generate_client_cert(issuer_name, ca_cert, ca_password, context=None):
    """Generate and store magnum_client_cert

    :param issuer_name: CA subject name
    :param ca_cert: CA certificate
    :param ca_password: CA private key password
    :returns: Magnum client cert uuid
    """
    client_password = short_id.generate_id()
    client_cert = x509.generate_client_certificate(
        issuer_name,
        CONDUCTOR_CLIENT_NAME,
        ca_cert['private_key'],
        encryption_password=client_password,
        ca_key_password=ca_password,
    )
    magnum_cert_ref = cert_manager.get_backend().CertManager.store_cert(
        certificate=client_cert['certificate'],
        private_key=client_cert['private_key'],
        private_key_passphrase=client_password,
        name=CONDUCTOR_CLIENT_NAME,
        context=context
    )
    LOG.debug('Magnum client cert is created: %s', magnum_cert_ref)
    return magnum_cert_ref
예제 #3
0
def _generate_client_cert(issuer_name, ca_cert, ca_password, context=None):
    """Generate and store magnum_client_cert

    :param issuer_name: CA subject name
    :param ca_cert: CA certificate
    :param ca_password: CA private key password
    :returns: Magnum client cert uuid
    """
    client_password = short_id.generate_id()
    # TODO(strigazi): set subject name and organization per driver
    # For RBAC kubernetes cluster we need the client to have:
    # subject_name: admin
    # organization_name system:masters
    # Non kubernetes drivers are not using the certificates fields
    # for authorization
    subject_name = 'admin'
    organization_name = 'system:masters'
    client_cert = x509.generate_client_certificate(
        issuer_name,
        subject_name,
        organization_name,
        ca_cert['private_key'],
        encryption_password=client_password,
        ca_key_password=ca_password,
    )
    magnum_cert_ref = cert_manager.get_backend().CertManager.store_cert(
        certificate=client_cert['certificate'],
        private_key=client_cert['private_key'],
        private_key_passphrase=client_password,
        name=CONDUCTOR_CLIENT_NAME,
        context=context)
    LOG.debug('Magnum client cert is created: %s', magnum_cert_ref)
    return magnum_cert_ref
예제 #4
0
    def _generate_client_certificate(self, issuer_name, subject_name):
        ca = operations.generate_ca_certificate(self.issuer_name, encryption_password=self.ca_encryption_password)
        keypairs = operations.generate_client_certificate(
            self.issuer_name,
            self.subject_name,
            ca["private_key"],
            encryption_password=self.encryption_password,
            ca_key_password=self.ca_encryption_password,
        )

        return self._load_pems(keypairs, self.encryption_password)
예제 #5
0
    def _generate_client_certificate(self, issuer_name, subject_name):
        ca = operations.generate_ca_certificate(
            self.issuer_name, encryption_password=self.ca_encryption_password)
        keypairs = operations.generate_client_certificate(
            self.issuer_name,
            self.subject_name,
            ca['private_key'],
            encryption_password=self.encryption_password,
            ca_key_password=self.ca_encryption_password,
        )

        return self._load_pems(keypairs, self.encryption_password)
예제 #6
0
def _generate_client_cert(issuer_name, ca_cert, ca_password, context=None):
    """Generate and store magnum_client_cert

    :param issuer_name: CA subject name
    :param ca_cert: CA certificate
    :param ca_password: CA private key password
    :returns: Magnum client cert uuid
    """
    client_password = short_id.generate_id()
    client_cert = x509.generate_client_certificate(
        issuer_name,
        CONDUCTOR_CLIENT_NAME,
        ca_cert['private_key'],
        encryption_password=client_password,
        ca_key_password=ca_password,
    )
    magnum_cert_ref = cert_manager.get_backend().CertManager.store_cert(
        certificate=client_cert['certificate'],
        private_key=client_cert['private_key'],
        private_key_passphrase=client_password,
        name=CONDUCTOR_CLIENT_NAME,
        context=context)
    LOG.debug('Magnum client cert is created: %s', magnum_cert_ref)
    return magnum_cert_ref