From 82c338ef111a839cc97798ca8b37f370f9d26ecd Mon Sep 17 00:00:00 2001 From: Hieu LE Date: Mon, 22 Aug 2016 16:22:14 +0700 Subject: [PATCH] Centralize config option: x509 section Centralize config option of x509 section. Replace oslo_conf cfg to magnum.conf. Change-Id: I1b231d67d792eaa1714751c12798b205d0e2a5d0 Implements: blueprint centralize-config-magnum --- magnum/common/x509/operations.py | 8 ++--- magnum/common/x509/validator.py | 12 +++---- magnum/conf/__init__.py | 4 +-- .../{common/x509/config.py => conf/x509.py} | 31 ++++++++++++------- magnum/opts.py | 2 -- 5 files changed, 32 insertions(+), 25 deletions(-) rename magnum/{common/x509/config.py => conf/x509.py} (74%) diff --git a/magnum/common/x509/operations.py b/magnum/common/x509/operations.py index d312285d17..8d0c4a8e25 100644 --- a/magnum/common/x509/operations.py +++ b/magnum/common/x509/operations.py @@ -21,16 +21,16 @@ from cryptography.hazmat.primitives.asymmetric import rsa from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives import serialization from cryptography import x509 -from oslo_config import cfg from oslo_log import log as logging from magnum.common import exception from magnum.common.x509 import validator +import magnum.conf from magnum.i18n import _LE LOG = logging.getLogger(__name__) -cfg.CONF.import_group('x509', 'magnum.common.x509.config') +CONF = magnum.conf.CONF def generate_ca_certificate(subject_name, encryption_password=None): @@ -106,7 +106,7 @@ def _generate_certificate(issuer_name, subject_name, extensions, ca_key=None, private_key = rsa.generate_private_key( public_exponent=65537, - key_size=cfg.CONF.x509.rsa_key_size, + key_size=CONF.x509.rsa_key_size, backend=default_backend() ) @@ -192,7 +192,7 @@ def sign(csr, issuer_name, ca_key, ca_key_password=None, LOG.exception(_LE("Received invalid csr {0}.").format(csr)) raise exception.InvalidCsr(csr=csr) - term_of_validity = cfg.CONF.x509.term_of_validity + term_of_validity = CONF.x509.term_of_validity one_day = datetime.timedelta(1, 0, 0) expire_after = datetime.timedelta(term_of_validity, 0, 0) diff --git a/magnum/common/x509/validator.py b/magnum/common/x509/validator.py index bee6d6a503..a8ad375628 100644 --- a/magnum/common/x509/validator.py +++ b/magnum/common/x509/validator.py @@ -13,31 +13,31 @@ # under the License. from cryptography import x509 -from oslo_config import cfg from magnum.common import exception from magnum.common.x509 import extensions +import magnum.conf _CA_KEY_USAGES = [ extensions.KeyUsages.KEY_CERT_SIGN.value[0], extensions.KeyUsages.CRL_SIGN.value[0] ] -cfg.CONF.import_group('x509', 'magnum.common.x509.config') +CONF = magnum.conf.CONF def filter_extensions(extensions): filtered_extensions = [] - allowed_key_usage = set(cfg.CONF.x509.allowed_key_usage) - if not cfg.CONF.x509.allow_ca: + allowed_key_usage = set(CONF.x509.allowed_key_usage) + if not CONF.x509.allow_ca: allowed_key_usage = _remove_ca_key_usage(allowed_key_usage) for ext in filter_allowed_extensions(extensions, - cfg.CONF.x509.allowed_extensions): + CONF.x509.allowed_extensions): if ext.oid == x509.OID_KEY_USAGE: ext = _merge_key_usage(ext, allowed_key_usage) elif ext.oid == x509.OID_BASIC_CONSTRAINTS: - if not cfg.CONF.x509.allow_ca: + if not CONF.x509.allow_ca: ext = _disallow_ca_in_basic_constraints(ext) filtered_extensions.append(ext) diff --git a/magnum/conf/__init__.py b/magnum/conf/__init__.py index 43fa675b41..72e4d676fe 100644 --- a/magnum/conf/__init__.py +++ b/magnum/conf/__init__.py @@ -36,7 +36,7 @@ from magnum.conf import rpc from magnum.conf import services from magnum.conf import trust from magnum.conf import utils -# from magnum.conf import x509 +from magnum.conf import x509 CONF = cfg.CONF @@ -61,4 +61,4 @@ rpc.register_opts(CONF) services.register_opts(CONF) trust.register_opts(CONF) utils.register_opts(CONF) -# x509.register_opts(CONF) +x509.register_opts(CONF) diff --git a/magnum/common/x509/config.py b/magnum/conf/x509.py similarity index 74% rename from magnum/common/x509/config.py rename to magnum/conf/x509.py index b2f9e3c89a..f7ef578a90 100644 --- a/magnum/common/x509/config.py +++ b/magnum/conf/x509.py @@ -1,16 +1,14 @@ -# Copyright 2015 NEC Corporation. All rights reserved. +# Licensed under the Apache License, Version 2.0 (the "License"); you may not +# use this file except in compliance with the License. You may obtain a copy +# of the License at # -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. from oslo_config import cfg @@ -31,6 +29,8 @@ DEFAULT_ALLOWED_KEY_USAGE = [ extensions.KeyUsages.KEY_ENCIPHERMENT.value[0], extensions.KeyUsages.CONTENT_COMMITMENT.value[0]] +x509_group = cfg.OptGroup(name='x509', + title='Options for X509 in Magnum') x509_opts = [ cfg.BoolOpt('allow_ca', @@ -50,4 +50,13 @@ x509_opts = [ cfg.IntOpt('rsa_key_size', default=2048, help=_('Size of generated private key. '))] -cfg.CONF.register_opts(x509_opts, group='x509') + +def register_opts(conf): + conf.register_group(x509_group) + conf.register_opts(x509_opts, group=x509_group) + + +def list_opts(): + return { + x509_group: x509_opts + } diff --git a/magnum/opts.py b/magnum/opts.py index 14e5ffc70a..4b28fe2bc4 100644 --- a/magnum/opts.py +++ b/magnum/opts.py @@ -13,13 +13,11 @@ # See the License for the specific language governing permissions and # limitations under the License. -import magnum.common.x509.config import magnum.drivers.common.template_def def list_opts(): return [ - ('x509', magnum.common.x509.config.x509_opts), ('docker_registry', magnum.drivers.common.template_def.docker_registry_opts) ]