Centralize config option: x509 section
Centralize config option of x509 section. Replace oslo_conf cfg to magnum.conf. Change-Id: I1b231d67d792eaa1714751c12798b205d0e2a5d0 Implements: blueprint centralize-config-magnum
This commit is contained in:
parent
66430eaa98
commit
82c338ef11
@ -21,16 +21,16 @@ from cryptography.hazmat.primitives.asymmetric import rsa
|
||||
from cryptography.hazmat.primitives import hashes
|
||||
from cryptography.hazmat.primitives import serialization
|
||||
from cryptography import x509
|
||||
from oslo_config import cfg
|
||||
from oslo_log import log as logging
|
||||
|
||||
from magnum.common import exception
|
||||
from magnum.common.x509 import validator
|
||||
import magnum.conf
|
||||
from magnum.i18n import _LE
|
||||
|
||||
LOG = logging.getLogger(__name__)
|
||||
|
||||
cfg.CONF.import_group('x509', 'magnum.common.x509.config')
|
||||
CONF = magnum.conf.CONF
|
||||
|
||||
|
||||
def generate_ca_certificate(subject_name, encryption_password=None):
|
||||
@ -106,7 +106,7 @@ def _generate_certificate(issuer_name, subject_name, extensions, ca_key=None,
|
||||
|
||||
private_key = rsa.generate_private_key(
|
||||
public_exponent=65537,
|
||||
key_size=cfg.CONF.x509.rsa_key_size,
|
||||
key_size=CONF.x509.rsa_key_size,
|
||||
backend=default_backend()
|
||||
)
|
||||
|
||||
@ -192,7 +192,7 @@ def sign(csr, issuer_name, ca_key, ca_key_password=None,
|
||||
LOG.exception(_LE("Received invalid csr {0}.").format(csr))
|
||||
raise exception.InvalidCsr(csr=csr)
|
||||
|
||||
term_of_validity = cfg.CONF.x509.term_of_validity
|
||||
term_of_validity = CONF.x509.term_of_validity
|
||||
one_day = datetime.timedelta(1, 0, 0)
|
||||
expire_after = datetime.timedelta(term_of_validity, 0, 0)
|
||||
|
||||
|
@ -13,31 +13,31 @@
|
||||
# under the License.
|
||||
|
||||
from cryptography import x509
|
||||
from oslo_config import cfg
|
||||
|
||||
from magnum.common import exception
|
||||
from magnum.common.x509 import extensions
|
||||
import magnum.conf
|
||||
|
||||
_CA_KEY_USAGES = [
|
||||
extensions.KeyUsages.KEY_CERT_SIGN.value[0],
|
||||
extensions.KeyUsages.CRL_SIGN.value[0]
|
||||
]
|
||||
|
||||
cfg.CONF.import_group('x509', 'magnum.common.x509.config')
|
||||
CONF = magnum.conf.CONF
|
||||
|
||||
|
||||
def filter_extensions(extensions):
|
||||
filtered_extensions = []
|
||||
allowed_key_usage = set(cfg.CONF.x509.allowed_key_usage)
|
||||
if not cfg.CONF.x509.allow_ca:
|
||||
allowed_key_usage = set(CONF.x509.allowed_key_usage)
|
||||
if not CONF.x509.allow_ca:
|
||||
allowed_key_usage = _remove_ca_key_usage(allowed_key_usage)
|
||||
|
||||
for ext in filter_allowed_extensions(extensions,
|
||||
cfg.CONF.x509.allowed_extensions):
|
||||
CONF.x509.allowed_extensions):
|
||||
if ext.oid == x509.OID_KEY_USAGE:
|
||||
ext = _merge_key_usage(ext, allowed_key_usage)
|
||||
elif ext.oid == x509.OID_BASIC_CONSTRAINTS:
|
||||
if not cfg.CONF.x509.allow_ca:
|
||||
if not CONF.x509.allow_ca:
|
||||
ext = _disallow_ca_in_basic_constraints(ext)
|
||||
|
||||
filtered_extensions.append(ext)
|
||||
|
@ -36,7 +36,7 @@ from magnum.conf import rpc
|
||||
from magnum.conf import services
|
||||
from magnum.conf import trust
|
||||
from magnum.conf import utils
|
||||
# from magnum.conf import x509
|
||||
from magnum.conf import x509
|
||||
|
||||
CONF = cfg.CONF
|
||||
|
||||
@ -61,4 +61,4 @@ rpc.register_opts(CONF)
|
||||
services.register_opts(CONF)
|
||||
trust.register_opts(CONF)
|
||||
utils.register_opts(CONF)
|
||||
# x509.register_opts(CONF)
|
||||
x509.register_opts(CONF)
|
||||
|
@ -1,16 +1,14 @@
|
||||
# Copyright 2015 NEC Corporation. All rights reserved.
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
||||
# use this file except in compliance with the License. You may obtain a copy
|
||||
# of the License at
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
from oslo_config import cfg
|
||||
|
||||
@ -31,6 +29,8 @@ DEFAULT_ALLOWED_KEY_USAGE = [
|
||||
extensions.KeyUsages.KEY_ENCIPHERMENT.value[0],
|
||||
extensions.KeyUsages.CONTENT_COMMITMENT.value[0]]
|
||||
|
||||
x509_group = cfg.OptGroup(name='x509',
|
||||
title='Options for X509 in Magnum')
|
||||
|
||||
x509_opts = [
|
||||
cfg.BoolOpt('allow_ca',
|
||||
@ -50,4 +50,13 @@ x509_opts = [
|
||||
cfg.IntOpt('rsa_key_size',
|
||||
default=2048, help=_('Size of generated private key. '))]
|
||||
|
||||
cfg.CONF.register_opts(x509_opts, group='x509')
|
||||
|
||||
def register_opts(conf):
|
||||
conf.register_group(x509_group)
|
||||
conf.register_opts(x509_opts, group=x509_group)
|
||||
|
||||
|
||||
def list_opts():
|
||||
return {
|
||||
x509_group: x509_opts
|
||||
}
|
@ -13,13 +13,11 @@
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
import magnum.common.x509.config
|
||||
import magnum.drivers.common.template_def
|
||||
|
||||
|
||||
def list_opts():
|
||||
return [
|
||||
('x509', magnum.common.x509.config.x509_opts),
|
||||
('docker_registry',
|
||||
magnum.drivers.common.template_def.docker_registry_opts)
|
||||
]
|
||||
|
Loading…
Reference in New Issue
Block a user