Merge "Make gen_pki.sh & debug_helper.sh bash8 compliant"
This commit is contained in:
commit
db0519dfa0
@ -24,21 +24,21 @@ CMS_DIR=$CURRENT_DIR/cms
|
|||||||
|
|
||||||
|
|
||||||
function rm_old {
|
function rm_old {
|
||||||
rm -rf $CERTS_DIR/*.pem
|
rm -rf $CERTS_DIR/*.pem
|
||||||
rm -rf $PRIVATE_DIR/*.pem
|
rm -rf $PRIVATE_DIR/*.pem
|
||||||
}
|
}
|
||||||
|
|
||||||
function cleanup {
|
function cleanup {
|
||||||
rm -rf *.conf > /dev/null 2>&1
|
rm -rf *.conf > /dev/null 2>&1
|
||||||
rm -rf index* > /dev/null 2>&1
|
rm -rf index* > /dev/null 2>&1
|
||||||
rm -rf *.crt > /dev/null 2>&1
|
rm -rf *.crt > /dev/null 2>&1
|
||||||
rm -rf newcerts > /dev/null 2>&1
|
rm -rf newcerts > /dev/null 2>&1
|
||||||
rm -rf *.pem > /dev/null 2>&1
|
rm -rf *.pem > /dev/null 2>&1
|
||||||
rm -rf serial* > /dev/null 2>&1
|
rm -rf serial* > /dev/null 2>&1
|
||||||
}
|
}
|
||||||
|
|
||||||
function generate_ca_conf {
|
function generate_ca_conf {
|
||||||
echo '
|
echo '
|
||||||
[ req ]
|
[ req ]
|
||||||
default_bits = 2048
|
default_bits = 2048
|
||||||
default_keyfile = cakey.pem
|
default_keyfile = cakey.pem
|
||||||
@ -65,7 +65,7 @@ basicConstraints = critical,CA:true
|
|||||||
}
|
}
|
||||||
|
|
||||||
function generate_ssl_req_conf {
|
function generate_ssl_req_conf {
|
||||||
echo '
|
echo '
|
||||||
[ req ]
|
[ req ]
|
||||||
default_bits = 2048
|
default_bits = 2048
|
||||||
default_keyfile = keystonekey.pem
|
default_keyfile = keystonekey.pem
|
||||||
@ -86,7 +86,7 @@ emailAddress = keystone@openstack.org
|
|||||||
}
|
}
|
||||||
|
|
||||||
function generate_cms_signing_req_conf {
|
function generate_cms_signing_req_conf {
|
||||||
echo '
|
echo '
|
||||||
[ req ]
|
[ req ]
|
||||||
default_bits = 2048
|
default_bits = 2048
|
||||||
default_keyfile = keystonekey.pem
|
default_keyfile = keystonekey.pem
|
||||||
@ -107,7 +107,7 @@ emailAddress = keystone@openstack.org
|
|||||||
}
|
}
|
||||||
|
|
||||||
function generate_signing_conf {
|
function generate_signing_conf {
|
||||||
echo '
|
echo '
|
||||||
[ ca ]
|
[ ca ]
|
||||||
default_ca = signing_ca
|
default_ca = signing_ca
|
||||||
|
|
||||||
@ -138,75 +138,74 @@ commonName = supplied
|
|||||||
}
|
}
|
||||||
|
|
||||||
function setup {
|
function setup {
|
||||||
touch index.txt
|
touch index.txt
|
||||||
echo '10' > serial
|
echo '10' > serial
|
||||||
generate_ca_conf
|
generate_ca_conf
|
||||||
mkdir newcerts
|
mkdir newcerts
|
||||||
}
|
}
|
||||||
|
|
||||||
function check_error {
|
function check_error {
|
||||||
if [ $1 != 0 ] ; then
|
if [ $1 != 0 ] ; then
|
||||||
echo "Failed! rc=${1}"
|
echo "Failed! rc=${1}"
|
||||||
echo 'Bailing ...'
|
echo 'Bailing ...'
|
||||||
cleanup
|
cleanup
|
||||||
exit $1
|
exit $1
|
||||||
else
|
else
|
||||||
echo 'Done'
|
echo 'Done'
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
function generate_ca {
|
function generate_ca {
|
||||||
echo 'Generating New CA Certificate ...'
|
echo 'Generating New CA Certificate ...'
|
||||||
openssl req -x509 -newkey rsa:2048 -days 21360 -out $CERTS_DIR/cacert.pem -keyout $PRIVATE_DIR/cakey.pem -outform PEM -config ca.conf -nodes
|
openssl req -x509 -newkey rsa:2048 -days 21360 -out $CERTS_DIR/cacert.pem -keyout $PRIVATE_DIR/cakey.pem -outform PEM -config ca.conf -nodes
|
||||||
check_error $?
|
check_error $?
|
||||||
}
|
}
|
||||||
|
|
||||||
function ssl_cert_req {
|
function ssl_cert_req {
|
||||||
echo 'Generating SSL Certificate Request ...'
|
echo 'Generating SSL Certificate Request ...'
|
||||||
generate_ssl_req_conf
|
generate_ssl_req_conf
|
||||||
openssl req -newkey rsa:2048 -keyout $PRIVATE_DIR/ssl_key.pem -keyform PEM -out ssl_req.pem -outform PEM -config ssl_req.conf -nodes
|
openssl req -newkey rsa:2048 -keyout $PRIVATE_DIR/ssl_key.pem -keyform PEM -out ssl_req.pem -outform PEM -config ssl_req.conf -nodes
|
||||||
check_error $?
|
check_error $?
|
||||||
#openssl req -in req.pem -text -noout
|
#openssl req -in req.pem -text -noout
|
||||||
}
|
}
|
||||||
|
|
||||||
function cms_signing_cert_req {
|
function cms_signing_cert_req {
|
||||||
echo 'Generating CMS Signing Certificate Request ...'
|
echo 'Generating CMS Signing Certificate Request ...'
|
||||||
generate_cms_signing_req_conf
|
generate_cms_signing_req_conf
|
||||||
openssl req -newkey rsa:2048 -keyout $PRIVATE_DIR/signing_key.pem -keyform PEM -out cms_signing_req.pem -outform PEM -config cms_signing_req.conf -nodes
|
openssl req -newkey rsa:2048 -keyout $PRIVATE_DIR/signing_key.pem -keyform PEM -out cms_signing_req.pem -outform PEM -config cms_signing_req.conf -nodes
|
||||||
check_error $?
|
check_error $?
|
||||||
#openssl req -in req.pem -text -noout
|
#openssl req -in req.pem -text -noout
|
||||||
}
|
}
|
||||||
|
|
||||||
function issue_certs {
|
function issue_certs {
|
||||||
generate_signing_conf
|
generate_signing_conf
|
||||||
echo 'Issuing SSL Certificate ...'
|
echo 'Issuing SSL Certificate ...'
|
||||||
openssl ca -in ssl_req.pem -config signing.conf -batch
|
openssl ca -in ssl_req.pem -config signing.conf -batch
|
||||||
check_error $?
|
check_error $?
|
||||||
openssl x509 -in $CURRENT_DIR/newcerts/10.pem -out $CERTS_DIR/ssl_cert.pem
|
openssl x509 -in $CURRENT_DIR/newcerts/10.pem -out $CERTS_DIR/ssl_cert.pem
|
||||||
check_error $?
|
check_error $?
|
||||||
echo 'Issuing CMS Signing Certificate ...'
|
echo 'Issuing CMS Signing Certificate ...'
|
||||||
openssl ca -in cms_signing_req.pem -config signing.conf -batch
|
openssl ca -in cms_signing_req.pem -config signing.conf -batch
|
||||||
check_error $?
|
check_error $?
|
||||||
openssl x509 -in $CURRENT_DIR/newcerts/11.pem -out $CERTS_DIR/signing_cert.pem
|
openssl x509 -in $CURRENT_DIR/newcerts/11.pem -out $CERTS_DIR/signing_cert.pem
|
||||||
check_error $?
|
check_error $?
|
||||||
}
|
}
|
||||||
|
|
||||||
function create_middleware_cert {
|
function create_middleware_cert {
|
||||||
cp $CERTS_DIR/ssl_cert.pem $CERTS_DIR/middleware.pem
|
cp $CERTS_DIR/ssl_cert.pem $CERTS_DIR/middleware.pem
|
||||||
cat $PRIVATE_DIR/ssl_key.pem >> $CERTS_DIR/middleware.pem
|
cat $PRIVATE_DIR/ssl_key.pem >> $CERTS_DIR/middleware.pem
|
||||||
}
|
}
|
||||||
|
|
||||||
function check_openssl {
|
function check_openssl {
|
||||||
echo 'Checking openssl availability ...'
|
echo 'Checking openssl availability ...'
|
||||||
which openssl
|
which openssl
|
||||||
check_error $?
|
check_error $?
|
||||||
}
|
}
|
||||||
|
|
||||||
function gen_sample_cms {
|
function gen_sample_cms {
|
||||||
for json_file in "${CMS_DIR}/auth_token_revoked.json" "${CMS_DIR}/auth_token_unscoped.json" "${CMS_DIR}/auth_token_scoped.json" "${CMS_DIR}/revocation_list.json"
|
for json_file in "${CMS_DIR}/auth_token_revoked.json" "${CMS_DIR}/auth_token_unscoped.json" "${CMS_DIR}/auth_token_scoped.json" "${CMS_DIR}/revocation_list.json"; do
|
||||||
do
|
openssl cms -sign -in $json_file -nosmimecap -signer $CERTS_DIR/signing_cert.pem -inkey $PRIVATE_DIR/signing_key.pem -outform PEM -nodetach -nocerts -noattr -out ${json_file/.json/.pem}
|
||||||
openssl cms -sign -in $json_file -nosmimecap -signer $CERTS_DIR/signing_cert.pem -inkey $PRIVATE_DIR/signing_key.pem -outform PEM -nodetach -nocerts -noattr -out ${json_file/.json/.pem}
|
done
|
||||||
done
|
|
||||||
}
|
}
|
||||||
|
|
||||||
check_openssl
|
check_openssl
|
||||||
|
@ -1,4 +1,5 @@
|
|||||||
hacking>=0.8.0,<0.9
|
hacking>=0.8.0,<0.9
|
||||||
|
bash8
|
||||||
|
|
||||||
# Optional backend: SQL
|
# Optional backend: SQL
|
||||||
pysqlite
|
pysqlite
|
||||||
|
@ -8,8 +8,7 @@ TESTS_TO_RUN=$TMP_DIR/ks_to_run
|
|||||||
|
|
||||||
python -m testtools.run discover -t ./ ./keystone/tests --list > $ALL_TESTS
|
python -m testtools.run discover -t ./ ./keystone/tests --list > $ALL_TESTS
|
||||||
|
|
||||||
if [ "$1" ]
|
if [ "$1" ]; then
|
||||||
then
|
|
||||||
grep "$1" < $ALL_TESTS > $TESTS_TO_RUN
|
grep "$1" < $ALL_TESTS > $TESTS_TO_RUN
|
||||||
else
|
else
|
||||||
mv $ALL_TESTS $TESTS_TO_RUN
|
mv $ALL_TESTS $TESTS_TO_RUN
|
||||||
|
5
tox.ini
5
tox.ini
@ -40,6 +40,11 @@ commands =
|
|||||||
bash -c "find keystone -type f -regex '.*\.pot*' -print0| \
|
bash -c "find keystone -type f -regex '.*\.pot*' -print0| \
|
||||||
xargs -0 -n 1 msgfmt --check-format -o /dev/null"
|
xargs -0 -n 1 msgfmt --check-format -o /dev/null"
|
||||||
|
|
||||||
|
[testenv:bash8]
|
||||||
|
envdir = {toxworkdir}/venv
|
||||||
|
commands =
|
||||||
|
bash8 examples/pki/gen_pki.sh tools/debug_helper.sh
|
||||||
|
|
||||||
[tox:jenkins]
|
[tox:jenkins]
|
||||||
downloadcache = ~/cache/pip
|
downloadcache = ~/cache/pip
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user