Fix bay-create failure without "name"
Currently magnum allow to create bay without name. But it's failed because `cert_manager.generate_certificates_to_bay` requires bay "name". This fixes it to use bay "uuid" instead of bay "name". Change-Id: I5da8910fcf8b71f9521abb48e72dc178c3785104 Closes-Bug: #1506314
This commit is contained in:
parent
ee7e13f742
commit
8f41e712ba
|
@ -97,6 +97,10 @@ def _generate_self_signed_certificate(subject_name, extensions,
|
||||||
|
|
||||||
def _generate_certificate(issuer_name, subject_name, extensions, ca_key=None,
|
def _generate_certificate(issuer_name, subject_name, extensions, ca_key=None,
|
||||||
encryption_password=None, ca_key_password=None):
|
encryption_password=None, ca_key_password=None):
|
||||||
|
|
||||||
|
if not isinstance(subject_name, six.text_type):
|
||||||
|
subject_name = six.u(subject_name)
|
||||||
|
|
||||||
private_key = rsa.generate_private_key(
|
private_key = rsa.generate_private_key(
|
||||||
public_exponent=65537,
|
public_exponent=65537,
|
||||||
key_size=cfg.CONF.x509.rsa_key_size,
|
key_size=cfg.CONF.x509.rsa_key_size,
|
||||||
|
@ -159,6 +163,10 @@ def sign(csr, issuer_name, ca_key, ca_key_password=None,
|
||||||
ca_key = serialization.load_pem_private_key(ca_key,
|
ca_key = serialization.load_pem_private_key(ca_key,
|
||||||
password=ca_key_password,
|
password=ca_key_password,
|
||||||
backend=default_backend())
|
backend=default_backend())
|
||||||
|
|
||||||
|
if not isinstance(issuer_name, six.text_type):
|
||||||
|
issuer_name = six.u(issuer_name)
|
||||||
|
|
||||||
if isinstance(csr, six.text_type):
|
if isinstance(csr, six.text_type):
|
||||||
csr = six.b(str(csr))
|
csr = six.b(str(csr))
|
||||||
if not isinstance(csr, x509.CertificateSigningRequest):
|
if not isinstance(csr, x509.CertificateSigningRequest):
|
||||||
|
|
|
@ -124,8 +124,8 @@ class Handler(object):
|
||||||
|
|
||||||
try:
|
try:
|
||||||
# Generate certificate and set the cert reference to bay
|
# Generate certificate and set the cert reference to bay
|
||||||
cert_manager.generate_certificates_to_bay(bay)
|
|
||||||
bay.uuid = uuid.uuid4()
|
bay.uuid = uuid.uuid4()
|
||||||
|
cert_manager.generate_certificates_to_bay(bay)
|
||||||
created_stack = _create_stack(context, osc, bay,
|
created_stack = _create_stack(context, osc, bay,
|
||||||
bay_create_timeout)
|
bay_create_timeout)
|
||||||
except exc.HTTPBadRequest as e:
|
except exc.HTTPBadRequest as e:
|
||||||
|
|
|
@ -79,6 +79,9 @@ def generate_certificates_to_bay(bay):
|
||||||
:returns: CA cert uuid and magnum client cert uuid
|
:returns: CA cert uuid and magnum client cert uuid
|
||||||
"""
|
"""
|
||||||
issuer_name = bay.name
|
issuer_name = bay.name
|
||||||
|
if issuer_name is None:
|
||||||
|
issuer_name = bay.uuid
|
||||||
|
|
||||||
LOG.debug('Start to generate certificates: %s' % issuer_name)
|
LOG.debug('Start to generate certificates: %s' % issuer_name)
|
||||||
|
|
||||||
ca_cert_ref, ca_cert, ca_password = _generate_ca_cert(issuer_name)
|
ca_cert_ref, ca_cert, ca_password = _generate_ca_cert(issuer_name)
|
||||||
|
|
|
@ -123,6 +123,14 @@ class TestX509(base.BaseTestCase):
|
||||||
self.assertIn(extended_key_usage, cert.extensions)
|
self.assertIn(extended_key_usage, cert.extensions)
|
||||||
self.assertIn(basic_constraints, cert.extensions)
|
self.assertIn(basic_constraints, cert.extensions)
|
||||||
|
|
||||||
|
def test_generate_ca_certificate_with_bytes_issuer_name(self):
|
||||||
|
issuer_name = six.b("bytes-issuer-name")
|
||||||
|
cert, _ = self._generate_ca_certificate(issuer_name)
|
||||||
|
|
||||||
|
issuer_name = six.u(issuer_name)
|
||||||
|
self.assertHasSubjectName(cert, issuer_name)
|
||||||
|
self.assertHasIssuerName(cert, issuer_name)
|
||||||
|
|
||||||
def test_generate_ca_certificate_has_publickey(self):
|
def test_generate_ca_certificate_has_publickey(self):
|
||||||
keypairs = self._generate_ca_certificate(self.issuer_name)
|
keypairs = self._generate_ca_certificate(self.issuer_name)
|
||||||
|
|
||||||
|
|
|
@ -97,20 +97,16 @@ class CertManagerTestCase(base.BaseTestCase):
|
||||||
name=expected_name,
|
name=expected_name,
|
||||||
)
|
)
|
||||||
|
|
||||||
@mock.patch('magnum.conductor.handlers.common.cert_manager.'
|
def _test_generate_certificates(self,
|
||||||
'_generate_client_cert')
|
expected_ca_name,
|
||||||
@mock.patch('magnum.conductor.handlers.common.cert_manager.'
|
mock_bay,
|
||||||
'_generate_ca_cert')
|
mock_generate_ca_cert,
|
||||||
def test_generate_certificates(self, mock_generate_ca_cert,
|
mock_generate_client_cert):
|
||||||
mock_generate_client_cert):
|
|
||||||
expected_ca_name = 'ca-name'
|
|
||||||
expected_ca_password = 'ca-password'
|
expected_ca_password = 'ca-password'
|
||||||
expected_ca_cert = {
|
expected_ca_cert = {
|
||||||
'private_key': 'ca_private_key', 'certificate': 'ca_certificate'}
|
'private_key': 'ca_private_key', 'certificate': 'ca_certificate'}
|
||||||
expected_cert_ref = 'cert_ref'
|
expected_cert_ref = 'cert_ref'
|
||||||
expected_ca_cert_ref = 'ca-cert-ref'
|
expected_ca_cert_ref = 'ca-cert-ref'
|
||||||
mock_bay = mock.MagicMock()
|
|
||||||
mock_bay.name = expected_ca_name
|
|
||||||
|
|
||||||
mock_generate_ca_cert.return_value = (expected_ca_cert_ref,
|
mock_generate_ca_cert.return_value = (expected_ca_cert_ref,
|
||||||
expected_ca_cert,
|
expected_ca_cert,
|
||||||
|
@ -125,6 +121,37 @@ class CertManagerTestCase(base.BaseTestCase):
|
||||||
mock_generate_client_cert.assert_called_once_with(
|
mock_generate_client_cert.assert_called_once_with(
|
||||||
expected_ca_name, expected_ca_cert, expected_ca_password)
|
expected_ca_name, expected_ca_cert, expected_ca_password)
|
||||||
|
|
||||||
|
@mock.patch('magnum.conductor.handlers.common.cert_manager.'
|
||||||
|
'_generate_client_cert')
|
||||||
|
@mock.patch('magnum.conductor.handlers.common.cert_manager.'
|
||||||
|
'_generate_ca_cert')
|
||||||
|
def test_generate_certificates(self, mock_generate_ca_cert,
|
||||||
|
mock_generate_client_cert):
|
||||||
|
expected_ca_name = 'ca-name'
|
||||||
|
mock_bay = mock.MagicMock()
|
||||||
|
mock_bay.name = expected_ca_name
|
||||||
|
|
||||||
|
self._test_generate_certificates(expected_ca_name,
|
||||||
|
mock_bay,
|
||||||
|
mock_generate_ca_cert,
|
||||||
|
mock_generate_client_cert)
|
||||||
|
|
||||||
|
@mock.patch('magnum.conductor.handlers.common.cert_manager.'
|
||||||
|
'_generate_client_cert')
|
||||||
|
@mock.patch('magnum.conductor.handlers.common.cert_manager.'
|
||||||
|
'_generate_ca_cert')
|
||||||
|
def test_generate_certificates_without_name(self, mock_generate_ca_cert,
|
||||||
|
mock_generate_client_cert):
|
||||||
|
expected_ca_name = 'ca-uuid'
|
||||||
|
mock_bay = mock.MagicMock()
|
||||||
|
mock_bay.name = None
|
||||||
|
mock_bay.uuid = expected_ca_name
|
||||||
|
|
||||||
|
self._test_generate_certificates(expected_ca_name,
|
||||||
|
mock_bay,
|
||||||
|
mock_generate_ca_cert,
|
||||||
|
mock_generate_client_cert)
|
||||||
|
|
||||||
@mock.patch('magnum.common.x509.operations.sign')
|
@mock.patch('magnum.common.x509.operations.sign')
|
||||||
def test_sign_node_certificate(self, mock_x509_sign):
|
def test_sign_node_certificate(self, mock_x509_sign):
|
||||||
mock_bay = mock.MagicMock()
|
mock_bay = mock.MagicMock()
|
||||||
|
|
Loading…
Reference in New Issue