def _update_families_ssl(self):
"""Link channel families with certificates inserted in _update_certificates method"""
family_ids = {}
for family in self.families_to_import:
family_ids[family] = None
# Populate with IDs
backend = SQLBackend()
backend.lookupChannelFamilies(family_ids)
# Lookup CA cert
ca_cert = satCerts.lookup_cert(constants.CA_CERT_NAME, None)
ca_cert_id = int(ca_cert['id'])
# Queries for updating relation between channel families and certificates
hdel = rhnSQL.prepare("""
delete from rhnContentSsl where
channel_family_id = :cfid
""")
hins = rhnSQL.prepare("""
insert into rhnContentSsl
(channel_family_id, ssl_ca_cert_id, ssl_client_cert_id, ssl_client_key_id)
values (:cfid, :ca_cert_id, :client_cert_id, :client_key_id)
""")
for entitlement in self.manifest.get_all_entitlements():
creds = entitlement.get_credentials()
client_cert = satCerts.lookup_cert(
constants.CLIENT_CERT_PREFIX + creds.get_id(), None)
client_key = satCerts.lookup_cert(
constants.CLIENT_KEY_PREFIX + creds.get_id(), None)
client_cert_id = int(client_cert['id'])
client_key_id = int(client_key['id'])
family_ids_to_link = []
for product_id in entitlement.get_product_ids():
try:
product = self.products[product_id]
for family in product['families']:
if family in family_ids:
family_ids_to_link.append(family_ids[family])
except KeyError:
print("Cannot map product '%s' into channel families" %
product_id)
family_ids_to_link = set(family_ids_to_link)
for cfid in family_ids_to_link:
hdel.execute(cfid=cfid)
hins.execute(cfid=cfid,
ca_cert_id=ca_cert_id,
client_cert_id=client_cert_id,
client_key_id=client_key_id)
rhnSQL.commit()
def _update_repositories(self):
"""Setup SSL credential to access repositories
We do this in 2 steps:
1. Fetching provided repositories from manifest - URL contains variables to substitute
2. Assigning one certificate/key set to each repository"""
# First delete all repositories from previously used manifests
self._remove_repositories()
backend = SQLBackend()
type_id = backend.lookupContentSourceType('yum')
# Lookup CA cert
ca_cert = satCerts.lookup_cert(constants.CA_CERT_NAME, None)
ca_cert_id = int(ca_cert['id'])
content_sources_batch = {}
for entitlement in self.manifest.get_all_entitlements():
# Lookup SSL certificates and keys
creds = entitlement.get_credentials()
client_cert = satCerts.lookup_cert(
constants.CLIENT_CERT_PREFIX + creds.get_id(), None)
client_key = satCerts.lookup_cert(
constants.CLIENT_KEY_PREFIX + creds.get_id(), None)
client_cert_id = int(client_cert['id'])
client_key_id = int(client_key['id'])
content_source_ssl = ContentSourceSsl()
content_source_ssl['ssl_ca_cert_id'] = ca_cert_id
content_source_ssl['ssl_client_cert_id'] = client_cert_id
content_source_ssl['ssl_client_key_id'] = client_key_id
# Loop provided products
for product in entitlement.get_products():
repositories = product.get_repositories()
for repository in repositories:
if repository not in content_sources_batch:
content_source = ContentSource()
content_source[
'label'] = constants.MANIFEST_REPOSITORY_DB_PREFIX + repository
content_source['source_url'] = repositories[repository]
content_source['org_id'] = None
content_source['type_id'] = type_id
content_source['ssl-sets'] = [content_source_ssl]
content_sources_batch[repository] = content_source
# There may be more SSL certs to one repository, append it
elif content_source_ssl not in content_sources_batch[
repository]['ssl-sets']:
content_sources_batch[repository]['ssl-sets'].append(
content_source_ssl)
importer = ContentSourcesImport(list(content_sources_batch.values()),
backend)
importer.run()
def _update_families_ssl(self):
"""Link channel families with certificates inserted in _update_certificates method"""
family_ids = {}
for family in self.families_to_import:
family_ids[family] = None
# Populate with IDs
backend = SQLBackend()
backend.lookupChannelFamilies(family_ids)
# Lookup CA cert
ca_cert = satCerts.lookup_cert(constants.CA_CERT_NAME, None)
ca_cert_id = int(ca_cert['id'])
# Queries for updating relation between channel families and certificates
hdel = rhnSQL.prepare("""
delete from rhnContentSsl where
channel_family_id = :cfid
""")
hins = rhnSQL.prepare("""
insert into rhnContentSsl
(channel_family_id, ssl_ca_cert_id, ssl_client_cert_id, ssl_client_key_id)
values (:cfid, :ca_cert_id, :client_cert_id, :client_key_id)
""")
for entitlement in self.manifest.get_all_entitlements():
creds = entitlement.get_credentials()
client_cert = satCerts.lookup_cert(constants.CLIENT_CERT_PREFIX +
creds.get_id(), None)
client_key = satCerts.lookup_cert(constants.CLIENT_KEY_PREFIX +
creds.get_id(), None)
client_cert_id = int(client_cert['id'])
client_key_id = int(client_key['id'])
family_ids_to_link = []
for product_id in entitlement.get_product_ids():
try:
product = self.products[product_id]
for family in product['families']:
if family in family_ids:
family_ids_to_link.append(family_ids[family])
except KeyError:
print("Cannot map product '%s' into channel families" % product_id)
family_ids_to_link = set(family_ids_to_link)
for cfid in family_ids_to_link:
hdel.execute(cfid=cfid)
hins.execute(cfid=cfid, ca_cert_id=ca_cert_id,
client_cert_id=client_cert_id, client_key_id=client_key_id)
rhnSQL.commit()
def _update_repositories(self):
"""Setup SSL credential to access repositories
We do this in 2 steps:
1. Fetching provided repositories from manifest - URL contains variables to substitute
2. Assigning one certificate/key set to each repository"""
# First delete all repositories from previously used manifests
self._remove_repositories()
backend = SQLBackend()
type_id = backend.lookupContentSourceType('yum')
# Lookup CA cert
ca_cert = satCerts.lookup_cert(constants.CA_CERT_NAME, None)
ca_cert_id = int(ca_cert['id'])
content_sources_batch = {}
for entitlement in self.manifest.get_all_entitlements():
# Lookup SSL certificates and keys
creds = entitlement.get_credentials()
client_cert = satCerts.lookup_cert(constants.CLIENT_CERT_PREFIX +
creds.get_id(), None)
client_key = satCerts.lookup_cert(constants.CLIENT_KEY_PREFIX +
creds.get_id(), None)
client_cert_id = int(client_cert['id'])
client_key_id = int(client_key['id'])
content_source_ssl = ContentSourceSsl()
content_source_ssl['ssl_ca_cert_id'] = ca_cert_id
content_source_ssl['ssl_client_cert_id'] = client_cert_id
content_source_ssl['ssl_client_key_id'] = client_key_id
# Loop provided products
for product in entitlement.get_products():
repositories = product.get_repositories()
for repository in repositories:
if repository not in content_sources_batch:
content_source = ContentSource()
content_source['label'] = constants.MANIFEST_REPOSITORY_DB_PREFIX + repository
content_source['source_url'] = repositories[repository]
content_source['org_id'] = None
content_source['type_id'] = type_id
content_source['ssl-sets'] = [content_source_ssl]
content_sources_batch[repository] = content_source
# There may be more SSL certs to one repository, append it
elif content_source_ssl not in content_sources_batch[repository]['ssl-sets']:
content_sources_batch[repository]['ssl-sets'].append(content_source_ssl)
importer = ContentSourcesImport(content_sources_batch.values(), backend)
importer.run()
