def _generate_client_cert(issuer_name, ca_cert, ca_password, context=None):
"""Generate and store magnum_client_cert
:param issuer_name: CA subject name
:param ca_cert: CA certificate
:param ca_password: CA private key password
:returns: Magnum client cert uuid
"""
client_password = short_id.generate_id()
# TODO(strigazi): set subject name and organization per driver
# For RBAC kubernetes cluster we need the client to have:
# subject_name: admin
# organization_name system:masters
# Non kubernetes drivers are not using the certificates fields
# for authorization
subject_name = 'admin'
organization_name = 'system:masters'
client_cert = x509.generate_client_certificate(
issuer_name,
subject_name,
organization_name,
ca_cert['private_key'],
encryption_password=client_password,
ca_key_password=ca_password,
)
magnum_cert_ref = cert_manager.get_backend().CertManager.store_cert(
certificate=client_cert['certificate'],
private_key=client_cert['private_key'],
private_key_passphrase=client_password,
name=CONDUCTOR_CLIENT_NAME,
context=context
)
LOG.debug('Magnum client cert is created: %s', magnum_cert_ref)
return magnum_cert_ref
def _generate_client_cert(issuer_name, ca_cert, ca_password, context=None):
"""Generate and store magnum_client_cert
:param issuer_name: CA subject name
:param ca_cert: CA certificate
:param ca_password: CA private key password
:returns: Magnum client cert uuid
"""
client_password = short_id.generate_id()
client_cert = x509.generate_client_certificate(
issuer_name,
CONDUCTOR_CLIENT_NAME,
ca_cert['private_key'],
encryption_password=client_password,
ca_key_password=ca_password,
)
magnum_cert_ref = cert_manager.get_backend().CertManager.store_cert(
certificate=client_cert['certificate'],
private_key=client_cert['private_key'],
private_key_passphrase=client_password,
name=CONDUCTOR_CLIENT_NAME,
context=context
)
LOG.debug('Magnum client cert is created: %s', magnum_cert_ref)
return magnum_cert_ref
def _generate_client_cert(issuer_name, ca_cert, ca_password, context=None):
"""Generate and store magnum_client_cert
:param issuer_name: CA subject name
:param ca_cert: CA certificate
:param ca_password: CA private key password
:returns: Magnum client cert uuid
"""
client_password = short_id.generate_id()
# TODO(strigazi): set subject name and organization per driver
# For RBAC kubernetes cluster we need the client to have:
# subject_name: admin
# organization_name system:masters
# Non kubernetes drivers are not using the certificates fields
# for authorization
subject_name = 'admin'
organization_name = 'system:masters'
client_cert = x509.generate_client_certificate(
issuer_name,
subject_name,
organization_name,
ca_cert['private_key'],
encryption_password=client_password,
ca_key_password=ca_password,
)
magnum_cert_ref = cert_manager.get_backend().CertManager.store_cert(
certificate=client_cert['certificate'],
private_key=client_cert['private_key'],
private_key_passphrase=client_password,
name=CONDUCTOR_CLIENT_NAME,
context=context)
LOG.debug('Magnum client cert is created: %s', magnum_cert_ref)
return magnum_cert_ref
def _generate_client_certificate(self, issuer_name, subject_name):
ca = operations.generate_ca_certificate(self.issuer_name, encryption_password=self.ca_encryption_password)
keypairs = operations.generate_client_certificate(
self.issuer_name,
self.subject_name,
ca["private_key"],
encryption_password=self.encryption_password,
ca_key_password=self.ca_encryption_password,
)
return self._load_pems(keypairs, self.encryption_password)
def _generate_client_certificate(self, issuer_name, subject_name):
ca = operations.generate_ca_certificate(
self.issuer_name, encryption_password=self.ca_encryption_password)
keypairs = operations.generate_client_certificate(
self.issuer_name,
self.subject_name,
ca['private_key'],
encryption_password=self.encryption_password,
ca_key_password=self.ca_encryption_password,
)
return self._load_pems(keypairs, self.encryption_password)
def _generate_client_cert(issuer_name, ca_cert, ca_password, context=None):
"""Generate and store magnum_client_cert
:param issuer_name: CA subject name
:param ca_cert: CA certificate
:param ca_password: CA private key password
:returns: Magnum client cert uuid
"""
client_password = short_id.generate_id()
client_cert = x509.generate_client_certificate(
issuer_name,
CONDUCTOR_CLIENT_NAME,
ca_cert['private_key'],
encryption_password=client_password,
ca_key_password=ca_password,
)
magnum_cert_ref = cert_manager.get_backend().CertManager.store_cert(
certificate=client_cert['certificate'],
private_key=client_cert['private_key'],
private_key_passphrase=client_password,
name=CONDUCTOR_CLIENT_NAME,
context=context)
LOG.debug('Magnum client cert is created: %s', magnum_cert_ref)
return magnum_cert_ref