cefc5a9ac3
The Certificate controller has 2 operations: 1. POST Generate X509 certificate using bay's CA cert. Below is an example of Certificate POST API request using magnum command: Example Request: curl -X POST -H 'Content-Type: application/json' \ -d '{"bay_uuid": "<bay_uuid>", "csr": "<csr>"}' \ http://localhost:9511/v1/certificates This creates a X509 certificate signed by the given bay's CA and returns it. No database information is stored in Magnum against it. For each POST request, a new certificate is generated. Example Response: {"bay_uuid": "<bay_uuid>", "csr": "<csr>", "pem": "<pem encoded certifiacte>"} 2. GET Fetches the CA cert associated with a bay. Below is an example of CA GET API request using magnum command: Example Request: curl -X GET http://localhost:9511/v1/certificates/<bay_uuid> This fetches stored CA cert for the given Bay, which can be used to validate any client and node certificates signed by the Bay's CA. The value for each is fetched from Barbican or Magnum db based on the different configuration for storage of certificates. Example Response: {"bay_uuid": "<bay_uuid>", "pem": "<pem encoded certifiacte>"} Co-Authored-By: Andrew Melton <andrew.melton@rackspace.com> Change-Id: I4b72cc1e1bddc7a7c7eeb0ab22d3769a666ccb2b Partially-Implements: bp secure-kubernetes |
||
---|---|---|
.. | ||
magnum.conf.sample | ||
policy.json |