Commit Graph

16 Commits (65e132a734f005f090a384bfa129482d195c6d6e)

Author SHA1 Message Date
Ann Taraday 2a2b308a39 Fix passphrase None errors
At this moment if ca_private_key_passphrase is None loadbalancer
cannot be created due to AttributeError.
Current change adds check for None before encoding.

Story: 2003588

Task: 24896

Change-Id: I40063aa2f96534c12b284f72d16c9f5a72ad1486
2018-08-30 09:47:54 +00:00
e dc882e9d27 Remove log translations from octavia
Log messages are no longer being translated. This removes all use of
the _LE, _LI, and _LW translation markers to simplify logging and to
avoid confusion with new contributions.

This patch also adds hacking rules for the translation tags.


Co-Authored-By: Michael Johnson <>
Change-Id: Ic95111d09e38b3f44fd6c85d0bcf0355c21ef545
2017-05-03 20:30:47 -07:00
Michael Johnson 119e223750 Fix py3x gates and functional
WIP - This patch attempts to fix the py3x gates.
Please add to it as you find issues.

Closes-Bug: #1659064

Co-Authored-By: Adam Harwell <>
Depends-On: If6b6f19130c965436a637a03a4cf72203e0786b0

Change-Id: If642f7ddcb886b4e9fd04a12397f26c72b3485a4
2017-02-07 11:06:08 -08:00
Adam Harwell 654e88686e Correcting error message for CA Key validation failure
Change-Id: I8f16b56d09f69b07423faf23615a3bdd15c3b10a
2017-01-04 23:09:43 -08:00
Adam Harwell a2f02d3ec7 Add SubjectAltName and KeyUsage for localcertgen
Change-Id: I3919d392722a625dffe25c7dfe2ec3359f96e8a4
Co-Authored-By: Carlos D. Garza <>
Closes-Bug: 1494420
2016-02-04 11:45:54 -06:00
Bharath M 65ab10aa14 Use signing digest defined in config to sign CSR
Replace the hardcoded signing digest with the one as retrieved from
the corresponding configuration attribute.

Change-Id: Id51f44074ce0495609d6c8d99bae8cad7f32057f
2016-01-28 16:06:39 -08:00
bharath d2072ae0ae Anchor support to Octavia
Use Anchor for certificate signing to make the octavia communication
more secure. Anchor Ref url:

Co-Authored-By: bharath <>
Co-Authored-By: German Eichberger <>

Change-Id: Id77b2b1540377db661f15d4eeafc4922f446d987
2015-12-03 10:06:04 -08:00
Michael Johnson f9cfd2cb0f New local certificate generator uses local time
The new local certificate generator code uses local time
for validity periods causing failures on hosts that do not
use UTC time.
This patch changes this to always use UTC time for certificate

Change-Id: Ice15ab53f322ac148c85e1f6e781f63f661d6179
Closes-Bug: #1514601
2015-11-09 22:26:38 +00:00
Adam Harwell 604ea75069 Swap out pyOpenSSL for cryptography in LocalCertGenerator
In certain cases (non-deterministic? maybe OS related?) the pyOpenSSL
bindings were not working properly, and since I was meaning to do
this eventually anyway, I just went ahead and did it now.

Change-Id: Ifb71f507875eef5f540eb602c3328b0f563b9796
2015-11-05 16:25:51 +00:00
German Eichberger 0abcbc4f7d haproxy reference amphora REST API client
Adds rest driver methods
Adds rest driver tests
Add cert task for generating server certs
Modified compute task/flow
Fixed local certificate stuff
Refactored to use requests-mock inetad of responses
Added a "conditiobal flow" for REST

Cleaned up and changed the code to work with


Change-Id: Ibcbf0717b785aab4c604deef1061e8b2fa41006c
Co-Authored-By: Phillip Toohill <>
Co-Authored-By: German Eichberger <>
Co-Authored-By: Stephen Balukoff <>
Implements: bp/haproxy-amphora-driver
2015-06-29 09:08:37 -07:00
minwang 321bc765ae Fix Octavia complexity issues
This is for fixing the octavia issue.
We ran the Octavia code base through a static code analyser and several issues got flagged.
As an exercise we looked at each issue and are now proposing fixes to the complexity/code style issues.

Change-Id: I2fc0cf213a9f7488e7cf1dff789d98ca2deeb81f
2015-04-28 13:17:10 -07:00
Doug Wiegley ccecb6ea26 Sync with oslo-incubator, tweak as needed
Change-Id: Ice3cfd55ebdfc0b1355ecbb48d42c123cdb743bb
2015-03-30 18:06:47 -06:00
Adam Harwell eef90e4962 Update certificate generator implementations
Add PK+Cert generation implementations.

Change-Id: I66d8e202d7d3db55538e8fa8fd16b9e95acb8816
2015-01-14 12:35:29 -06:00
Carlos D. Garza 19856c014e Add nsCertType and ExtendedKey usage extensions to CertGenerator
The generated certs should be recognized as client authenticating
certs as well. The x509 should also be version 3.

Change-Id: Iadceba964761548625550d4aa2c5a4ad90e76684
2015-01-09 00:37:26 -06:00
Doug Wiegley 941c302757 Oslo incubator updates
Change-Id: I9559d8a6d59477f6b5ba3f82ab9ecf9b71b75f70
2014-12-02 12:00:34 -07:00
Adam Harwell 1e866f3ba2 Local development implementation for Certificates
A basic local filesystem implementation of CertManager and
a local pyOpenSSL implementation of CertGenerator.

Change-Id: I0eb0476afaad8a1bbb2eaaf90564eb63f7872546
Partially-implements: blueprint tls-data-security
2014-11-12 15:40:10 -06:00