airship/pegleg
Code Issues Proposed changes

Update validity checks and docs of PKI functions

Browse Source 
https://review.openstack.org/#/c/639414/ was merged with outstanding
comments related to PKI cert expiration checks and PKI cert generation

This patch addresses those critiques to:
1. Make documentation clearer and more standard in format
2. Make code clearer by streamlining a validity check

Change-Id: If5352acd33cfd9e3e177aa11ff8f8ba74d5f55af
This commit is contained in:
Alexander Hughes 2019-04-09 12:32:41 -05:00
parent 05dc91eda4
commit 363a3cac36
2 changed files with 11 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
doc/source/cli/cli.rst
View File

@ -477,10 +477,10 @@ Dashes in the document names will be converted to underscores for consistency.
Name of site. Name of site.
**days** (Optional). **-d / --days** (Optional).
Duration (in days) certificates should be valid. Default=365, Duration (in days) certificates should be valid. Default=365,
minimum=0, no maximum. minimum=0, no maximum. Values less than 0 will raise an exception.
NOTE: A generated certificate where days = 0 should only be used for testing. NOTE: A generated certificate where days = 0 should only be used for testing.
A certificate generated in such a way will be valid for 0 seconds. A certificate generated in such a way will be valid for 0 seconds.
@ -510,14 +510,16 @@ Check PKI Certs
--------------- ---------------
Determine if any PKI certificates from a site are expired, or will be expired Determine if any PKI certificates from a site are expired, or will be expired
within N days (default N=60, no maximum, minimum 0). Print those cert names within ``days`` days. If any are found, print the cert names and expiration
and expiration dates to ``stdout``. dates to ``stdout``.
**-d / --days** (Optional). **-d / --days** (Optional).
Number of days past today's date to check certificate expirations. Duration (in days) to check certificate validity from today. Default=60,
Default days=60. Minimum days=0, days less than 0 will raise an exception. minimum=0, no maximum. Values less than 0 will raise an exception.
No maximum days.
NOTE: Checking PKI certs where days = 0 will check for certs that are expired
at the time the command is run.
**site_name** (Required). **site_name** (Required).

8
pegleg/engine/catalog/pki_utility.py
View File

@ -64,9 +64,7 @@ class PKIUtility(object):
@property @property
def ca_config(self): def ca_config(self):
if self.duration is not None and self.duration >= 0: if self.duration is None or self.duration < 0:
pass
else:
raise exceptions.PKICertificateInvalidDuration() raise exceptions.PKICertificateInvalidDuration()
if not self._ca_config_string: if not self._ca_config_string:
@ -209,9 +207,7 @@ class PKIUtility(object):
""" """
if self.duration is not None and self.duration >= 0: if self.duration is None or self.duration < 0:
pass
else:
raise exceptions.PKICertificateInvalidDuration() raise exceptions.PKICertificateInvalidDuration()
info = self.cert_info(cert) info = self.cert_info(cert)