diff --git a/magnum/common/cert_manager/x509keypair_cert_manager.py b/magnum/common/cert_manager/x509keypair_cert_manager.py index cce8622932..619c072a91 100644 --- a/magnum/common/cert_manager/x509keypair_cert_manager.py +++ b/magnum/common/cert_manager/x509keypair_cert_manager.py @@ -14,6 +14,7 @@ from magnum.common.cert_manager import cert_manager from magnum import objects +import six class Cert(cert_manager.Cert): @@ -58,6 +59,10 @@ class CertManager(cert_manager.CertManager): :returns: the UUID of the stored cert """ + if six.PY3 and isinstance(certificate, six.binary_type): + certificate = certificate.decode() + if six.PY3 and isinstance(private_key, six.binary_type): + private_key = private_key.decode() x509keypair = {'certificate': certificate, 'private_key': private_key, 'private_key_passphrase': private_key_passphrase, 'intermediates': intermediates, diff --git a/magnum/common/x509/operations.py b/magnum/common/x509/operations.py index 3831a1fe06..4be4f27be5 100644 --- a/magnum/common/x509/operations.py +++ b/magnum/common/x509/operations.py @@ -134,6 +134,9 @@ def _generate_certificate(issuer_name, subject_name, extensions, csr = csr.sign(private_key, hashes.SHA256(), default_backend()) + if six.PY3 and isinstance(encryption_password, six.text_type): + encryption_password = encryption_password.encode() + if encryption_password: encryption_algorithm = serialization.BestAvailableEncryption( encryption_password) diff --git a/magnum/conductor/handlers/ca_conductor.py b/magnum/conductor/handlers/ca_conductor.py index eee89c9dbd..92eca6a2f9 100644 --- a/magnum/conductor/handlers/ca_conductor.py +++ b/magnum/conductor/handlers/ca_conductor.py @@ -19,6 +19,7 @@ from magnum.common import profiler from magnum.conductor.handlers.common import cert_manager from magnum.drivers.common import driver from magnum import objects +import six LOG = logging.getLogger(__name__) @@ -39,14 +40,20 @@ class Handler(object): signed_cert = cert_manager.sign_node_certificate(cluster, certificate.csr, context=context) - certificate.pem = signed_cert + if six.PY3 and isinstance(signed_cert, six.binary_type): + certificate.pem = signed_cert.decode() + else: + certificate.pem = signed_cert return certificate def get_ca_certificate(self, context, cluster): ca_cert = cert_manager.get_cluster_ca_certificate(cluster, context=context) certificate = objects.Certificate.from_object_cluster(cluster) - certificate.pem = ca_cert.get_certificate() + if six.PY3 and isinstance(ca_cert.get_certificate(), six.binary_type): + certificate.pem = ca_cert.get_certificate().decode() + else: + certificate.pem = ca_cert.get_certificate() return certificate def rotate_ca_certificate(self, context, cluster): diff --git a/magnum/drivers/heat/k8s_fedora_template_def.py b/magnum/drivers/heat/k8s_fedora_template_def.py index b3720021b0..ed8f9b0892 100644 --- a/magnum/drivers/heat/k8s_fedora_template_def.py +++ b/magnum/drivers/heat/k8s_fedora_template_def.py @@ -20,6 +20,7 @@ from magnum.drivers.heat import k8s_template_def from magnum.drivers.heat import template_def from magnum.i18n import _ from oslo_config import cfg +import six CONF = cfg.CONF @@ -132,9 +133,16 @@ class K8sFedoraTemplateDefinition(k8s_template_def.K8sTemplateDefinition): if strutils.bool_from_string(cert_manager_api): extra_params['cert_manager_api'] = cert_manager_api ca_cert = cert_manager.get_cluster_ca_certificate(cluster) - extra_params['ca_key'] = x509.decrypt_key( - ca_cert.get_private_key(), - ca_cert.get_private_key_passphrase()).replace("\n", "\\n") + if six.PY3 and isinstance(ca_cert.get_private_key_passphrase(), + six.text_type): + extra_params['ca_key'] = x509.decrypt_key( + ca_cert.get_private_key(), + ca_cert.get_private_key_passphrase().encode() + ).decode().replace("\n", "\\n") + else: + extra_params['ca_key'] = x509.decrypt_key( + ca_cert.get_private_key(), + ca_cert.get_private_key_passphrase()).replace("\n", "\\n") extra_params['project_id'] = cluster.project_id