Kolla provides production-ready containers and deployment tools for operating OpenStack clouds
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

86 lines
2.6KB

  1. #!/usr/bin/python
  2. # Licensed under the Apache License, Version 2.0 (the "License");
  3. # you may not use this file except in compliance with the License.
  4. # You may obtain a copy of the License at
  5. #
  6. # http://www.apache.org/licenses/LICENSE-2.0
  7. #
  8. # Unless required by applicable law or agreed to in writing, software
  9. # distributed under the License is distributed on an "AS IS" BASIS,
  10. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  11. # See the License for the specific language governing permissions and
  12. # limitations under the License.
  13. # Basically this module will fetch the fernet tokens and compare them to the
  14. # required time constrains to determine whether the host needs to resync with
  15. # other nodes in the cluster.
  16. from __future__ import print_function
  17. import argparse
  18. from datetime import datetime
  19. from datetime import timedelta
  20. import json
  21. import os
  22. import sys
  23. # Adding nosec since this fails bandit B105, 'Possible hardcoded password'.
  24. TOKEN_PATH = '/etc/keystone/fernet-keys' # nosec
  25. def json_exit(msg=None, failed=False, changed=False):
  26. if type(msg) is not dict:
  27. msg = {'msg': str(msg)}
  28. msg.update({'failed': failed, 'changed': changed})
  29. print(json.dumps(msg))
  30. sys.exit()
  31. def has_file(filename_path):
  32. if not os.path.exists(filename_path):
  33. return False
  34. return True
  35. def num_tokens():
  36. _, _, files = os.walk(TOKEN_PATH).next()
  37. return len(files)
  38. def tokens_populated(expected):
  39. return num_tokens() >= int(expected)
  40. def token_stale(seconds, filename='0'):
  41. max_token_age = datetime.now() - timedelta(seconds=int(seconds))
  42. filename_path = os.path.join(TOKEN_PATH, filename)
  43. if not has_file(filename_path):
  44. return True
  45. modified_date = datetime.fromtimestamp(os.path.getmtime(filename_path))
  46. return modified_date < max_token_age
  47. def main():
  48. parser = argparse.ArgumentParser(description='''Checks to see if a fernet
  49. token no older than a desired time.''')
  50. parser.add_argument('-t', '--time',
  51. help='Time in seconds for a token rotation',
  52. required=True)
  53. parser.add_argument('-f', '--filename',
  54. help='Filename of token to check',
  55. default='0')
  56. parser.add_argument('-n', '--number',
  57. help='Minimum number of tokens that should exist',
  58. required=True)
  59. args = parser.parse_args()
  60. json_exit({
  61. 'populated': tokens_populated(args.number),
  62. 'update_required': token_stale(args.time, args.filename),
  63. })
  64. if __name__ == '__main__':
  65. main()