At this moment if ca_private_key_passphrase is None loadbalancer
cannot be created due to AttributeError.
Current change adds check for None before encoding.
Story: 2003588
Task: 24896
Change-Id: I40063aa2f96534c12b284f72d16c9f5a72ad1486
WIP - This patch attempts to fix the py3x gates.
Please add to it as you find issues.
Closes-Bug: #1659064
Co-Authored-By: Adam Harwell <flux.adam@gmail.com>
Depends-On: If6b6f19130c965436a637a03a4cf72203e0786b0
Change-Id: If642f7ddcb886b4e9fd04a12397f26c72b3485a4
Replace the hardcoded signing digest with the one as retrieved from
the corresponding configuration attribute.
Change-Id: Id51f44074ce0495609d6c8d99bae8cad7f32057f
Use Anchor for certificate signing to make the octavia communication
more secure. Anchor Ref url: https://github.com/openstack/anchor
Co-Authored-By: bharath <bharath.stacker@gmail.com>
Co-Authored-By: German Eichberger <german.eichberger@hp.com>
Change-Id: Id77b2b1540377db661f15d4eeafc4922f446d987
The new local certificate generator code uses local time
for validity periods causing failures on hosts that do not
use UTC time.
This patch changes this to always use UTC time for certificate
generation.
Change-Id: Ice15ab53f322ac148c85e1f6e781f63f661d6179
Closes-Bug: #1514601
In certain cases (non-deterministic? maybe OS related?) the pyOpenSSL
bindings were not working properly, and since I was meaning to do
this eventually anyway, I just went ahead and did it now.
Change-Id: Ifb71f507875eef5f540eb602c3328b0f563b9796
Adds rest driver methods
Adds rest driver tests
Add cert task for generating server certs
Modified compute task/flow
Fixed local certificate stuff
Refactored to use requests-mock inetad of responses
Added a "conditiobal flow" for REST
Cleaned up and changed the code to work with
https://review.openstack.org/#/c/160034/
Replaces:
https://review.openstack.org/#/c/144348/https://review.openstack.org/#/c/145637/14
Change-Id: Ibcbf0717b785aab4c604deef1061e8b2fa41006c
Co-Authored-By: Phillip Toohill <phillip.toohill@rackspace.com>
Co-Authored-By: German Eichberger <german.eichberger@hp.com>
Co-Authored-By: Stephen Balukoff <sbalukoff@bluebox.net>
Implements: bp/haproxy-amphora-driver
This is for fixing the octavia issue.
We ran the Octavia code base through a static code analyser and several issues got flagged.
As an exercise we looked at each issue and are now proposing fixes to the complexity/code style issues.
Change-Id: I2fc0cf213a9f7488e7cf1dff789d98ca2deeb81f
The generated certs should be recognized as client authenticating
certs as well. The x509 should also be version 3.
Change-Id: Iadceba964761548625550d4aa2c5a4ad90e76684
A basic local filesystem implementation of CertManager and
a local pyOpenSSL implementation of CertGenerator.
Change-Id: I0eb0476afaad8a1bbb2eaaf90564eb63f7872546
Partially-implements: blueprint tls-data-security
Ann Taraday