cefc5a9ac3
The Certificate controller has 2 operations:
1. POST
Generate X509 certificate using bay's CA cert.
Below is an example of Certificate POST API request using magnum command:
Example Request:
curl -X POST -H 'Content-Type: application/json' \
-d '{"bay_uuid": "<bay_uuid>", "csr": "<csr>"}' \
http://localhost:9511/v1/certificates
This creates a X509 certificate signed by the given bay's CA and returns
it. No database information is stored in Magnum against it. For each POST
request, a new certificate is generated.
Example Response:
{"bay_uuid": "<bay_uuid>", "csr": "<csr>",
"pem": "<pem encoded certifiacte>"}
2. GET
Fetches the CA cert associated with a bay. Below is an example of CA GET
API request using magnum command:
Example Request:
curl -X GET http://localhost:9511/v1/certificates/<bay_uuid>
This fetches stored CA cert for the given Bay, which can be used to validate
any client and node certificates signed by the Bay's CA. The value for each
is fetched from Barbican or Magnum db based on the different configuration
for storage of certificates.
Example Response:
{"bay_uuid": "<bay_uuid>", "pem": "<pem encoded certifiacte>"}
Co-Authored-By: Andrew Melton <andrew.melton@rackspace.com>
Change-Id: I4b72cc1e1bddc7a7c7eeb0ab22d3769a666ccb2b
Partially-Implements: bp secure-kubernetes
46 lines
1.5 KiB
Python
46 lines
1.5 KiB
Python
# coding=utf-8
|
|
#
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
from oslo_versionedobjects import fields
|
|
|
|
from magnum.objects import base
|
|
|
|
|
|
@base.MagnumObjectRegistry.register
|
|
class Certificate(base.MagnumPersistentObject, base.MagnumObject,
|
|
base.MagnumObjectDictCompat):
|
|
# Version 1.0: Initial version
|
|
VERSION = '1.0'
|
|
|
|
fields = {
|
|
'project_id': fields.StringField(nullable=True),
|
|
'user_id': fields.StringField(nullable=True),
|
|
'bay_uuid': fields.StringField(nullable=True),
|
|
'csr': fields.StringField(nullable=True),
|
|
'pem': fields.StringField(nullable=True),
|
|
}
|
|
|
|
@classmethod
|
|
def from_object_bay(cls, bay):
|
|
return cls(project_id=bay.project_id,
|
|
user_id=bay.user_id,
|
|
bay_uuid=bay.uuid)
|
|
|
|
@classmethod
|
|
def from_db_bay(cls, bay):
|
|
return cls(project_id=bay['project_id'],
|
|
user_id=bay['user_id'],
|
|
bay_uuid=bay['uuid'])
|