82c338ef11
Centralize config option of x509 section. Replace oslo_conf cfg to magnum.conf. Change-Id: I1b231d67d792eaa1714751c12798b205d0e2a5d0 Implements: blueprint centralize-config-magnum
63 lines
2.4 KiB
Python
63 lines
2.4 KiB
Python
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
|
|
# use this file except in compliance with the License. You may obtain a copy
|
|
# of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
from oslo_config import cfg
|
|
|
|
from magnum.common.x509 import extensions
|
|
from magnum.i18n import _
|
|
|
|
ALLOWED_EXTENSIONS = ['"%s"' % e.value for e in extensions.Extensions]
|
|
DEFAULT_ALLOWED_EXTENSIONS = [
|
|
extensions.Extensions.KEY_USAGE.value,
|
|
extensions.Extensions.EXTENDED_KEY_USAGE.value,
|
|
extensions.Extensions.SUBJECT_ALTERNATIVE_NAME.value,
|
|
extensions.Extensions.BASIC_CONSTRAINTS.value,
|
|
extensions.Extensions.SUBJECT_KEY_IDENTIFIER.value]
|
|
|
|
ALLOWED_KEY_USAGE = ['"%s"' % e.value[0] for e in extensions.KeyUsages]
|
|
DEFAULT_ALLOWED_KEY_USAGE = [
|
|
extensions.KeyUsages.DIGITAL_SIGNATURE.value[0],
|
|
extensions.KeyUsages.KEY_ENCIPHERMENT.value[0],
|
|
extensions.KeyUsages.CONTENT_COMMITMENT.value[0]]
|
|
|
|
x509_group = cfg.OptGroup(name='x509',
|
|
title='Options for X509 in Magnum')
|
|
|
|
x509_opts = [
|
|
cfg.BoolOpt('allow_ca',
|
|
default=False,
|
|
help=_('Certificate can get the CA flag in x509 extensions.')),
|
|
cfg.ListOpt('allowed_extensions',
|
|
default=DEFAULT_ALLOWED_EXTENSIONS,
|
|
help=_('List of allowed x509 extensions. Available values: '
|
|
'%s') % ', '.join(ALLOWED_EXTENSIONS)),
|
|
cfg.ListOpt('allowed_key_usage',
|
|
default=DEFAULT_ALLOWED_KEY_USAGE,
|
|
help=_('List of allowed x509 key usage. Available values: '
|
|
'%s') % ', '.join(ALLOWED_KEY_USAGE)),
|
|
cfg.IntOpt('term_of_validity',
|
|
default=365 * 5,
|
|
help=_('Number of days for which a certificate is valid.')),
|
|
cfg.IntOpt('rsa_key_size',
|
|
default=2048, help=_('Size of generated private key. '))]
|
|
|
|
|
|
def register_opts(conf):
|
|
conf.register_group(x509_group)
|
|
conf.register_opts(x509_opts, group=x509_group)
|
|
|
|
|
|
def list_opts():
|
|
return {
|
|
x509_group: x509_opts
|
|
}
|