Exemplo n.º 1
0
 def main(cls):
     LOG.warn(_LW('keystone-manage pki_setup is not recommended for '
                  'production use.'))
     keystone_user_id, keystone_group_id = cls.get_user_group()
     conf_pki = openssl.ConfigurePKI(keystone_user_id, keystone_group_id,
                                     rebuild=CONF.command.rebuild)
     conf_pki.run()
Exemplo n.º 2
0
    def test_fetch_signing_cert(self, rebuild=False):
        pki = openssl.ConfigurePKI(None, None, rebuild=rebuild)
        pki.run()

        # NOTE(jamielennox): Use request directly because certificate
        # requests don't have some of the normal information
        signing_resp = self.request(self.public_app,
                                    '/v2.0/certificates/signing',
                                    method='GET',
                                    expected_status=http_client.OK)

        cacert_resp = self.request(self.public_app,
                                   '/v2.0/certificates/ca',
                                   method='GET',
                                   expected_status=http_client.OK)

        with open(CONF.signing.certfile) as f:
            self.assertEqual(f.read(), signing_resp.text)

        with open(CONF.signing.ca_certs) as f:
            self.assertEqual(f.read(), cacert_resp.text)

        # NOTE(jamielennox): This is weird behaviour that we need to enforce.
        # It doesn't matter what you ask for it's always going to give text
        # with a text/html content_type.

        for path in ['/v2.0/certificates/signing', '/v2.0/certificates/ca']:
            for accept in [None, 'text/html', 'application/json', 'text/xml']:
                headers = {'Accept': accept} if accept else {}
                resp = self.request(self.public_app, path, method='GET',
                                    expected_status=http_client.OK,
                                    headers=headers)

                self.assertEqual('text/html', resp.content_type)
Exemplo n.º 3
0
 def main(cls):
     msg = _('keystone-manage pki_setup is not recommended for production '
             'use.')
     LOG.warn(msg)
     keystone_user_id, keystone_group_id = cls.get_user_group()
     conf_pki = openssl.ConfigurePKI(keystone_user_id, keystone_group_id)
     conf_pki.run()
Exemplo n.º 4
0
 def main(cls):
     versionutils.report_deprecated_feature(
         LOG,
         _LW("keystone-manage pki_setup is deprecated as of Mitaka in "
             "favor of not using PKI tokens and may be removed in 'O' "
             "release."))
     LOG.warning(_LW('keystone-manage pki_setup is not recommended for '
                     'production use.'))
     keystone_user_id, keystone_group_id = cls.get_user_group()
     conf_pki = openssl.ConfigurePKI(keystone_user_id, keystone_group_id,
                                     rebuild=CONF.command.rebuild)
     conf_pki.run()
Exemplo n.º 5
0
    def test_running_an_invalid_command(self, mock_check_output):
        cmd = ['ls']

        output = 'this is the output string'

        error = subprocess.CalledProcessError(returncode=1,
                                              cmd=cmd,
                                              output=output)
        mock_check_output.side_effect = error

        ssl = openssl.ConfigurePKI('keystone_user', 'keystone_group')
        e = self.assertRaises(subprocess.CalledProcessError, ssl.exec_command,
                              cmd)
        self.assertThat(e.output, matchers.Equals(output))
Exemplo n.º 6
0
    def main():
        keystone_user_id = None
        keystone_group_id = None
        try:
            a = CONF.command.keystone_user
            if a:
                keystone_user_id = pwd.getpwnam(a).pw_uid
        except KeyError:
            raise ValueError("Unknown user '%s' in --keystone-user" % a)

        try:
            a = CONF.command.keystone_group
            if a:
                keystone_group_id = grp.getgrnam(a).gr_gid
        except KeyError:
            raise ValueError("Unknown group '%s' in --keystone-group" % a)

        conf_ssl = openssl.ConfigurePKI(keystone_user_id, keystone_group_id)
        conf_ssl.run()
Exemplo n.º 7
0
 def main(self):
     conf_ssl = openssl.ConfigurePKI()
     conf_ssl.run()
Exemplo n.º 8
0
 def test_create_pki_certs(self, rebuild=False):
     pki = openssl.ConfigurePKI(None, None, rebuild=rebuild)
     pki.run()
     self.assertTrue(os.path.exists(CONF.signing.certfile))
     self.assertTrue(os.path.exists(CONF.signing.ca_certs))
     self.assertTrue(os.path.exists(CONF.signing.keyfile))
Exemplo n.º 9
0
 def test_fetch_signing_cert_when_rebuild(self):
     pki = openssl.ConfigurePKI(None, None)
     pki.run()
     self.test_fetch_signing_cert(rebuild=True)
Exemplo n.º 10
0
 def test_create_certs(self):
     ssl = openssl.ConfigurePKI(None, None)
     ssl.run()
     self.assertTrue(os.path.exists(CONF.signing.certfile))
     self.assertTrue(os.path.exists(CONF.signing.ca_certs))
     self.assertTrue(os.path.exists(CONF.signing.keyfile))
Exemplo n.º 11
0
 def main(cls):
     keystone_user_id, keystone_group_id = cls.get_user_group()
     conf_pki = openssl.ConfigurePKI(keystone_user_id, keystone_group_id)
     conf_pki.run()
Exemplo n.º 12
0
    def test_running_a_successful_command(self, mock_poll):
        mock_poll.return_value = 0

        ssl = openssl.ConfigurePKI('keystone_user', 'keystone_group')
        ssl.exec_command(['ls'])