def _authenticate( cfg_element: model.btp_service_binding.BtpServiceBinding, cfg_factory: model.ConfigFactory, ) -> SBClient: auth = cfg_element.auth_service_binding() credentials = cfg_factory.btp_service_binding(auth).credentials() sm_url = credentials['sm_url'] access_token = _get_oauth_token(credentials) return SBClient(sm_url, access_token)
def rotate_cfg_element( cfg_element: BtpApplicationCertificate, cfg_factory: model.ConfigFactory, ) -> typing.Tuple[cfg_mgmt.revert_function, dict, model.NamedModelElement]: gbaas_auth = cfg_factory.btp_application_certificate( cfg_element.auth_application_certificate()) gbaas_client = GBaasAppClient(gbaas_auth) # calc next serial no cn = cfg_element.common_name() serial_no, base = BtpApplicationCertificate.parse_serial_no_from_common_name( cn) next_sn = serial_no + 1 for info in gbaas_client.list_certificates_by_base(base): if info.serial_no >= next_sn: next_sn = info.serial_no + 1 next_cn = f'{next_sn}.{base}' # create certificate csr_pem, key_pem = _create_csr(cfg_element.subject(next_cn)) sb_auth = cfg_factory.btp_service_binding( cfg_element.cert_service_binding()) cs_client = CertServiceClient(sb_auth.credentials()) response = cs_client.create_client_certificate_chain( csr_pem, cfg_element.validity_in_days()) cert_pem = _extract_client_certificate(response) # add certificate to GBaas application id = gbaas_client.put_certificate( cert_pem=cert_pem, desc=f'CN={next_cn}', scopes=cfg_element.scopes(), ) secret_id = {'common_name': cn} raw_cfg = copy.deepcopy(cfg_element.raw) raw_cfg['certificate_pem'] = cert_pem raw_cfg['private_key_pem'] = key_pem raw_cfg['common_name'] = next_cn updated_elem = BtpApplicationCertificate(name=cfg_element.name(), raw_dict=raw_cfg, type_name=cfg_element._type_name) def revert(): gbaas_client.delete_certificate(next_cn, id) return revert, secret_id, updated_elem