Exemplo n.º 1
0
def select(endpoint,
           cert=None,
           key=None,
           pem=None,
           ca=None,
           aad=False,
           no_verify=False):
    #pylint: disable-msg=too-many-locals
    """
    Connects to a Service Fabric cluster endpoint.
    If connecting to secure cluster specify an absolute path to a cert (.crt)
    and key file (.key) or a single file with both (.pem). Do not specify both.
    Optionally, if connecting to a secure cluster, specify also an absolute
    path to a CA bundle file or directory of trusted CA certs.
    :param str endpoint: Cluster endpoint URL, including port and HTTP or HTTPS
    prefix
    :param str cert: Absolute path to a client certificate file
    :param str key: Absolute path to client certificate key file
    :param str pem: Absolute path to client certificate, as a .pem file
    :param str ca: Absolute path to CA certs directory to treat as valid
    or CA bundle
    file
    :param bool aad: Use Azure Active Directory for authentication
    :param bool no_verify: Disable verification for certificates when using
    HTTPS, note: this is an insecure option and should not be used for
    production environments
    """
    from sfctl.config import (set_ca_cert, set_auth, set_aad_cache,
                              set_cluster_endpoint, set_no_verify)
    from msrest import ServiceClient, Configuration
    from sfctl.auth import ClientCertAuthentication, AdalAuthentication

    select_arg_verify(endpoint, cert, key, pem, ca, aad, no_verify)

    if aad:
        new_token, new_cache = get_aad_token(endpoint, no_verify)
        set_aad_cache(new_token, new_cache)
        rest_client = ServiceClient(AdalAuthentication(no_verify),
                                    Configuration(endpoint))

        # Make sure basic GET request succeeds
        rest_client.send(rest_client.get('/')).raise_for_status()
    else:
        client_cert = None
        if pem:
            client_cert = pem
        elif cert:
            client_cert = (cert, key)

        rest_client = ServiceClient(
            ClientCertAuthentication(client_cert, ca, no_verify),
            Configuration(endpoint))

        # Make sure basic GET request succeeds
        rest_client.send(rest_client.get('/')).raise_for_status()

    set_cluster_endpoint(endpoint)
    set_no_verify(no_verify)
    set_ca_cert(ca)
    set_auth(pem, cert, key, aad)
def select(endpoint='http://localhost:19080', cert=None, key=None, pem=None, ca=None, #pylint: disable=invalid-name, too-many-arguments
           aad=False, no_verify=False):
    #pylint: disable-msg=too-many-locals
    """
    Connects to a Service Fabric cluster endpoint.
    If connecting to secure cluster, specify an absolute path to a cert (.crt)
    and key file (.key) or a single file with both (.pem). Do not specify both.
    Optionally, if connecting to a secure cluster, also specify an absolute
    path to a CA bundle file or directory of trusted CA certs.

    There is no connection to a cluster without running this command first, including
    a connection to localhost. However, no explicit endpoint is required for connecting
    to a local cluster.

    If using a self signed cert, or other certificate not signed by a well known CA,
    pass in the --ca parameter to ensure that validation passes. If not on a production
    cluster, to bypass client side validation (useful for self signed or not well known
    CA signed), use the --no-verify option. While possible, it is not recommended for
    production clusters. A certificate verification error may result otherwise.

    :param str endpoint: Cluster endpoint URL, including port and HTTP or HTTPS
    prefix. Typically, the endpoint will look something like https://<your-url>:19080.
    If no endpoint is given, it will default to http://localhost:19080.
    :param str cert: Absolute path to a client certificate file
    :param str key: Absolute path to client certificate key file
    :param str pem: Absolute path to client certificate, as a .pem file
    :param str ca: Absolute path to CA certs directory to treat as valid
    or CA bundle file. If using a
    directory of CA certs, `c_rehash <directory>` provided by OpenSSL must be run first to compute
    the certificate hashes and create the appropriate symbolics links.
    This is used to verify that the certificate returned by the cluster is valid
    :param bool aad: Use Azure Active Directory for authentication
    :param bool no_verify: Disable verification for certificates when using
    HTTPS, note: this is an insecure option and should not be used for
    production environments
    """

    # Regarding c_rehash:
    # The c_rehash is needed when specifying a CA certs directory
    # because requests.Sessions which is used underneath requires
    # the c_rehash operation to be performed.
    # See http://docs.python-requests.org/en/master/user/advanced/

    from sfctl.config import (set_ca_cert, set_auth,
                              set_cluster_endpoint,
                              set_no_verify)

    select_arg_verify(endpoint, cert, key, pem, ca, aad, no_verify)

    # Make sure basic GET request succeeds
    rest_client = _get_rest_client(endpoint, cert, key, pem, ca, aad, no_verify)
    rest_client.send(rest_client.get('/')).raise_for_status()

    set_cluster_endpoint(endpoint)
    set_no_verify(no_verify)
    set_ca_cert(ca)
    set_auth(pem, cert, key, aad)
Exemplo n.º 3
0
def select(
        endpoint,
        cert=None,
        key=None,
        pem=None,
        ca=None,  #pylint: disable=invalid-name, too-many-arguments
        aad=False,
        no_verify=False):
    #pylint: disable-msg=too-many-locals
    """
    Connects to a Service Fabric cluster endpoint.
    If connecting to secure cluster, specify an absolute path to a cert (.crt)
    and key file (.key) or a single file with both (.pem). Do not specify both.
    Optionally, if connecting to a secure cluster, also specify an absolute
    path to a CA bundle file or directory of trusted CA certs. If using a
    directory of CA certs, `c_rehash <directory>` provided by OpenSSL must be run first to compute
    the certificate hashes and create the appropriate symbolics links.

    Typically, the endpoint will look something like https://<your-url>:19080

    :param str endpoint: Cluster endpoint URL, including port and HTTP or HTTPS
    prefix
    :param str cert: Absolute path to a client certificate file
    :param str key: Absolute path to client certificate key file
    :param str pem: Absolute path to client certificate, as a .pem file
    :param str ca: Absolute path to CA certs directory to treat as valid
    or CA bundle
    file
    :param bool aad: Use Azure Active Directory for authentication
    :param bool no_verify: Disable verification for certificates when using
    HTTPS, note: this is an insecure option and should not be used for
    production environments
    """

    # Regarding c_rehash:
    # The c_rehash is needed when specifying a CA certs directory
    # because requests.Sessions which is used underneath requires
    # the c_rehash operation to be performed.
    # See http://docs.python-requests.org/en/master/user/advanced/

    from sfctl.config import (set_ca_cert, set_auth, set_cluster_endpoint,
                              set_no_verify)

    select_arg_verify(endpoint, cert, key, pem, ca, aad, no_verify)

    # Make sure basic GET request succeeds
    rest_client = _get_rest_client(endpoint, cert, key, pem, ca, aad,
                                   no_verify)
    rest_client.send(rest_client.get('/')).raise_for_status()

    set_cluster_endpoint(endpoint)
    set_no_verify(no_verify)
    set_ca_cert(ca)
    set_auth(pem, cert, key, aad)