Fix bay-create failure without "name"
Currently magnum allow to create bay without name. But it's failed because `cert_manager.generate_certificates_to_bay` requires bay "name". This fixes it to use bay "uuid" instead of bay "name". Change-Id: I5da8910fcf8b71f9521abb48e72dc178c3785104 Closes-Bug: #1506314
This commit is contained in:
parent
ee7e13f742
commit
8f41e712ba
|
@ -97,6 +97,10 @@ def _generate_self_signed_certificate(subject_name, extensions,
|
|||
|
||||
def _generate_certificate(issuer_name, subject_name, extensions, ca_key=None,
|
||||
encryption_password=None, ca_key_password=None):
|
||||
|
||||
if not isinstance(subject_name, six.text_type):
|
||||
subject_name = six.u(subject_name)
|
||||
|
||||
private_key = rsa.generate_private_key(
|
||||
public_exponent=65537,
|
||||
key_size=cfg.CONF.x509.rsa_key_size,
|
||||
|
@ -159,6 +163,10 @@ def sign(csr, issuer_name, ca_key, ca_key_password=None,
|
|||
ca_key = serialization.load_pem_private_key(ca_key,
|
||||
password=ca_key_password,
|
||||
backend=default_backend())
|
||||
|
||||
if not isinstance(issuer_name, six.text_type):
|
||||
issuer_name = six.u(issuer_name)
|
||||
|
||||
if isinstance(csr, six.text_type):
|
||||
csr = six.b(str(csr))
|
||||
if not isinstance(csr, x509.CertificateSigningRequest):
|
||||
|
|
|
@ -124,8 +124,8 @@ class Handler(object):
|
|||
|
||||
try:
|
||||
# Generate certificate and set the cert reference to bay
|
||||
cert_manager.generate_certificates_to_bay(bay)
|
||||
bay.uuid = uuid.uuid4()
|
||||
cert_manager.generate_certificates_to_bay(bay)
|
||||
created_stack = _create_stack(context, osc, bay,
|
||||
bay_create_timeout)
|
||||
except exc.HTTPBadRequest as e:
|
||||
|
|
|
@ -79,6 +79,9 @@ def generate_certificates_to_bay(bay):
|
|||
:returns: CA cert uuid and magnum client cert uuid
|
||||
"""
|
||||
issuer_name = bay.name
|
||||
if issuer_name is None:
|
||||
issuer_name = bay.uuid
|
||||
|
||||
LOG.debug('Start to generate certificates: %s' % issuer_name)
|
||||
|
||||
ca_cert_ref, ca_cert, ca_password = _generate_ca_cert(issuer_name)
|
||||
|
|
|
@ -123,6 +123,14 @@ class TestX509(base.BaseTestCase):
|
|||
self.assertIn(extended_key_usage, cert.extensions)
|
||||
self.assertIn(basic_constraints, cert.extensions)
|
||||
|
||||
def test_generate_ca_certificate_with_bytes_issuer_name(self):
|
||||
issuer_name = six.b("bytes-issuer-name")
|
||||
cert, _ = self._generate_ca_certificate(issuer_name)
|
||||
|
||||
issuer_name = six.u(issuer_name)
|
||||
self.assertHasSubjectName(cert, issuer_name)
|
||||
self.assertHasIssuerName(cert, issuer_name)
|
||||
|
||||
def test_generate_ca_certificate_has_publickey(self):
|
||||
keypairs = self._generate_ca_certificate(self.issuer_name)
|
||||
|
||||
|
|
|
@ -97,20 +97,16 @@ class CertManagerTestCase(base.BaseTestCase):
|
|||
name=expected_name,
|
||||
)
|
||||
|
||||
@mock.patch('magnum.conductor.handlers.common.cert_manager.'
|
||||
'_generate_client_cert')
|
||||
@mock.patch('magnum.conductor.handlers.common.cert_manager.'
|
||||
'_generate_ca_cert')
|
||||
def test_generate_certificates(self, mock_generate_ca_cert,
|
||||
mock_generate_client_cert):
|
||||
expected_ca_name = 'ca-name'
|
||||
def _test_generate_certificates(self,
|
||||
expected_ca_name,
|
||||
mock_bay,
|
||||
mock_generate_ca_cert,
|
||||
mock_generate_client_cert):
|
||||
expected_ca_password = 'ca-password'
|
||||
expected_ca_cert = {
|
||||
'private_key': 'ca_private_key', 'certificate': 'ca_certificate'}
|
||||
expected_cert_ref = 'cert_ref'
|
||||
expected_ca_cert_ref = 'ca-cert-ref'
|
||||
mock_bay = mock.MagicMock()
|
||||
mock_bay.name = expected_ca_name
|
||||
|
||||
mock_generate_ca_cert.return_value = (expected_ca_cert_ref,
|
||||
expected_ca_cert,
|
||||
|
@ -125,6 +121,37 @@ class CertManagerTestCase(base.BaseTestCase):
|
|||
mock_generate_client_cert.assert_called_once_with(
|
||||
expected_ca_name, expected_ca_cert, expected_ca_password)
|
||||
|
||||
@mock.patch('magnum.conductor.handlers.common.cert_manager.'
|
||||
'_generate_client_cert')
|
||||
@mock.patch('magnum.conductor.handlers.common.cert_manager.'
|
||||
'_generate_ca_cert')
|
||||
def test_generate_certificates(self, mock_generate_ca_cert,
|
||||
mock_generate_client_cert):
|
||||
expected_ca_name = 'ca-name'
|
||||
mock_bay = mock.MagicMock()
|
||||
mock_bay.name = expected_ca_name
|
||||
|
||||
self._test_generate_certificates(expected_ca_name,
|
||||
mock_bay,
|
||||
mock_generate_ca_cert,
|
||||
mock_generate_client_cert)
|
||||
|
||||
@mock.patch('magnum.conductor.handlers.common.cert_manager.'
|
||||
'_generate_client_cert')
|
||||
@mock.patch('magnum.conductor.handlers.common.cert_manager.'
|
||||
'_generate_ca_cert')
|
||||
def test_generate_certificates_without_name(self, mock_generate_ca_cert,
|
||||
mock_generate_client_cert):
|
||||
expected_ca_name = 'ca-uuid'
|
||||
mock_bay = mock.MagicMock()
|
||||
mock_bay.name = None
|
||||
mock_bay.uuid = expected_ca_name
|
||||
|
||||
self._test_generate_certificates(expected_ca_name,
|
||||
mock_bay,
|
||||
mock_generate_ca_cert,
|
||||
mock_generate_client_cert)
|
||||
|
||||
@mock.patch('magnum.common.x509.operations.sign')
|
||||
def test_sign_node_certificate(self, mock_x509_sign):
|
||||
mock_bay = mock.MagicMock()
|
||||
|
|
Loading…
Reference in New Issue