[hopem,r=] fix ssl cert inject

2015-03-18 13:31:27 +01:00 · 2015-03-18 13:31:27 +01:00 · 705ff4c7d8
commit 705ff4c7d8
parent fa4aff9281
6 changed files with 162 additions and 4 deletions
--- a/charm-helpers-hooks.yaml
+++ b/charm-helpers-hooks.yaml
@ -1,4 +1,4 @@
-branch: lp:charm-helpers
+branch: lp:~hopem/charm-helpers/fix-ssl-install-from-config
 destination: hooks/charmhelpers
 include:
    - core
--- a/charm-helpers-tests.yaml
+++ b/charm-helpers-tests.yaml
@ -1,4 +1,4 @@
-branch: lp:charm-helpers
+branch: lp:~hopem/charm-helpers/fix-ssl-install-from-config
 destination: tests/charmhelpers
 include:
    - contrib.amulet
--- a/hooks/charmhelpers/contrib/openstack/context.py
+++ b/hooks/charmhelpers/contrib/openstack/context.py
@ -16,6 +16,7 @@
 import json
 import os
 import re
 import time
 from base64 import b64decode
 from subprocess import check_call
@ -48,6 +49,8 @@ from charmhelpers.core.hookenv import (
 from charmhelpers.core.sysctl import create as sysctl_create
 from charmhelpers.core.host import (
    list_nics,
    get_nic_hwaddr,
    mkdir,
    write_file,
 )
@ -65,12 +68,18 @@ from charmhelpers.contrib.hahelpers.apache import (
 from charmhelpers.contrib.openstack.neutron import (
    neutron_plugin_attribute,
 )
 from charmhelpers.contrib.openstack.ip import (
    resolve_address,
    INTERNAL,
 )
 from charmhelpers.contrib.network.ip import (
    get_address_in_network,
    get_ipv4_addr,
    get_ipv6_addr,
    get_netmask_for_address,
    format_ipv6_addr,
    is_address_in_network,
    is_bridge_member,
 )
 from charmhelpers.contrib.openstack.utils import get_host_ip
@ -727,7 +736,14 @@ class ApacheSSLContext(OSContextGenerator):
                'endpoints': [],
                'ext_ports': []}
-        for cn in self.canonical_names():
+        cns = self.canonical_names()
        if cns:
            for cn in cns:
                self.configure_cert(cn)
        else:
            # Expect cert/key provided in config (currently assumed that ca
            # uses ip for cn)
            cn = resolve_address(endpoint_type=INTERNAL)
            self.configure_cert(cn)
        addresses = self.get_network_addresses()
@ -883,6 +899,48 @@ class NeutronContext(OSContextGenerator):
        return ctxt
 class NeutronPortContext(OSContextGenerator):
    NIC_PREFIXES = ['eth', 'bond']
    def resolve_ports(self, ports):
        """Resolve NICs not yet bound to bridge(s)
        If hwaddress provided then returns resolved hwaddress otherwise NIC.
        """
        if not ports:
            return None
        hwaddr_to_nic = {}
        hwaddr_to_ip = {}
        for nic in list_nics(self.NIC_PREFIXES):
            hwaddr = get_nic_hwaddr(nic)
            hwaddr_to_nic[hwaddr] = nic
            addresses = get_ipv4_addr(nic, fatal=False)
            addresses += get_ipv6_addr(iface=nic, fatal=False)
            hwaddr_to_ip[hwaddr] = addresses
        resolved = []
        mac_regex = re.compile(r'([0-9A-F]{2}[:-]){5}([0-9A-F]{2})', re.I)
        for entry in ports:
            if re.match(mac_regex, entry):
                # NIC is in known NICs and does NOT hace an IP address
                if entry in hwaddr_to_nic and not hwaddr_to_ip[entry]:
                    # If the nic is part of a bridge then don't use it
                    if is_bridge_member(hwaddr_to_nic[entry]):
                        continue
                    # Entry is a MAC address for a valid interface that doesn't
                    # have an IP address assigned yet.
                    resolved.append(hwaddr_to_nic[entry])
            else:
                # If the passed entry is not a MAC address, assume it's a valid
                # interface, and that the user put it there on purpose (we can
                # trust it to be the real external network).
                resolved.append(entry)
        return resolved
 class OSConfigFlagContext(OSContextGenerator):
    """Provides support for user-defined config flags.
--- a/hooks/charmhelpers/contrib/openstack/neutron.py
+++ b/hooks/charmhelpers/contrib/openstack/neutron.py
@ -16,6 +16,7 @@
 # Various utilies for dealing with Neutron and the renaming from Quantum.
 import six
 from subprocess import check_output
 from charmhelpers.core.hookenv import (
@ -237,3 +238,72 @@ def network_manager():
    else:
        # ensure accurate naming for all releases post-H
        return 'neutron'
 def parse_mappings(mappings):
    parsed = {}
    if mappings:
        mappings = mappings.split(' ')
        for m in mappings:
            p = m.partition(':')
            if p[1] == ':':
                parsed[p[0].strip()] = p[2].strip()
    return parsed
 def parse_bridge_mappings(mappings):
    """Parse bridge mappings.
    Mappings must be a space-delimited list of provider:bridge mappings.
    Returns dict of the form {provider:bridge}.
    """
    return parse_mappings(mappings)
 def parse_data_port_mappings(mappings, default_bridge='br-data'):
    """Parse data port mappings.
    Mappings must be a space-delimited list of bridge:port mappings.
    Returns dict of the form {bridge:port}.
    """
    _mappings = parse_mappings(mappings)
    if not _mappings:
        if not mappings:
            return {}
        # For backwards-compatibility we need to support port-only provided in
        # config.
        _mappings = {default_bridge: mappings.split(' ')[0]}
    bridges = _mappings.keys()
    ports = _mappings.values()
    if len(set(bridges)) != len(bridges):
        raise Exception("It is not allowed to have more than one port "
                        "configured on the same bridge")
    if len(set(ports)) != len(ports):
        raise Exception("It is not allowed to have the same port configured "
                        "on more than one bridge")
    return _mappings
 def parse_vlan_range_mappings(mappings):
    """Parse vlan range mappings.
    Mappings must be a space-delimited list of provider:start:end mappings.
    Returns dict of the form {provider: (start, end)}.
    """
    _mappings = parse_mappings(mappings)
    if not _mappings:
        return {}
    mappings = {}
    for p, r in six.iteritems(_mappings):
        mappings[p] = tuple(r.split(':'))
    return mappings
--- a/hooks/charmhelpers/core/hookenv.py
+++ b/hooks/charmhelpers/core/hookenv.py
@ -566,3 +566,29 @@ class Hooks(object):
 def charm_dir():
    """Return the root directory of the current charm"""
    return os.environ.get('CHARM_DIR')
@cached
 def action_get(key=None):
    """Gets the value of an action parameter, or all key/value param pairs"""
    cmd = ['action-get']
    if key is not None:
        cmd.append(key)
    cmd.append('--format=json')
    action_data = json.loads(subprocess.check_output(cmd).decode('UTF-8'))
    return action_data
 def action_set(values):
    """Sets the values to be returned after the action finishes"""
    cmd = ['action-set']
    for k, v in list(values.items()):
        cmd.append('{}={}'.format(k, v))
    subprocess.check_call(cmd)
 def action_fail(message):
    """Sets the action status to failed and sets the error message.
    The results set by action_set are preserved."""
    subprocess.check_call(['action-fail', message])
--- a/hooks/charmhelpers/core/host.py
+++ b/hooks/charmhelpers/core/host.py
@ -339,12 +339,16 @@ def lsb_release():
 def pwgen(length=None):
    """Generate a random pasword."""
    if length is None:
        # A random length is ok to use a weak PRNG
        length = random.choice(range(35, 45))
    alphanumeric_chars = [
        l for l in (string.ascii_letters + string.digits)
        if l not in 'l0QD1vAEIOUaeiou']
    # Use a crypto-friendly PRNG (e.g. /dev/urandom) for making the
    # actual password
    random_generator = random.SystemRandom()
    random_chars = [
-        random.choice(alphanumeric_chars) for _ in range(length)]
+        random_generator.choice(alphanumeric_chars) for _ in range(length)]
    return(''.join(random_chars))