puppet-tripleo/files/cm_ipa_subca_wrapper.py
Hervé Beraud 14fadeda6d Stop to use the __future__ module.
The __future__ module [1] was used in this context to ensure compatibility
between python 2 and python 3.

We previously dropped the support of python 2.7 [2] and now we only support
python 3 so we don't need to continue to use this module and the imports
listed below.

Imports commonly used and their related PEPs:
- `division` is related to PEP 238 [3]
- `print_function` is related to PEP 3105 [4]
- `unicode_literals` is related to PEP 3112 [5]
- `with_statement` is related to PEP 343 [6]
- `absolute_import` is related to PEP 328 [7]

[1] https://docs.python.org/3/library/__future__.html
[2] https://governance.openstack.org/tc/goals/selected/ussuri/drop-py27.html
[3] https://www.python.org/dev/peps/pep-0238
[4] https://www.python.org/dev/peps/pep-3105
[5] https://www.python.org/dev/peps/pep-3112
[6] https://www.python.org/dev/peps/pep-0343
[7] https://www.python.org/dev/peps/pep-0328

Change-Id: I1a658a73efc0753d4728ab72e04b70621927a510
2020-06-02 20:45:19 +02:00

75 lines
2.1 KiB
Python

#!/usr/bin/python
try:
import ConfigParser as configparser
except ImportError:
import configparser
import os
import sys
import subprocess
CM_SUBMIT_STATUS_ISSUED = 0
CM_SUBMIT_STATUS_UNCONFIGURED = 4
def main():
if len(sys.argv) < 3:
return CM_SUBMIT_STATUS_UNCONFIGURED
sub_ca = sys.argv[1]
wrapped_command = sys.argv[2:]
operation = os.environ.get('CERTMONGER_OPERATION')
os.environ['CERTMONGER_CA_NICKNAME'] = 'IPA'
if operation == 'FETCH-ROOTS' and sub_ca.lower() != 'ipa':
config = configparser.ConfigParser()
try:
with open('/etc/ipa/default.conf') as fp:
config.readfp(fp)
except:
return CM_SUBMIT_STATUS_UNCONFIGURED
host = config.get('global', 'host')
realm = config.get('global', 'realm')
if host is None or realm is None:
return CM_SUBMIT_STATUS_UNCONFIGURED
principal = 'host/{}@{}'.format(host, realm)
os.environ['KRB5CCNAME'] = '/tmp/krb5cc_cm_ipa_subca_wrapper'
try:
subprocess.check_call([
'/usr/bin/kinit', '-k', principal
])
except:
return CM_SUBMIT_STATUS_UNCONFIGURED
try:
data = subprocess.check_output([
'/usr/bin/ipa', 'ca-show', sub_ca
])
except:
return CM_SUBMIT_STATUS_ISSUED
config = {}
for line in data.split('\n'):
line = line.strip()
try:
key, value = line.split(': ')
except:
continue
config[key] = value
if config.get('Name').lower() != sub_ca.lower():
return CM_SUBMIT_STATUS_ISSUED
print(realm, sub_ca, 'CA')
print('-----BEGIN CERTIFICATE-----')
certificate = config['Certificate']
for i in range((len(certificate)/64) + 1):
print(certificate[i*64:(i+1)*64])
print('-----END CERTIFICATE-----')
sys.stdout.flush()
else:
os.environ['CERTMONGER_CA_ISSUER'] = sub_ca
os.execl(wrapped_command[0], *wrapped_command)
if __name__ == '__main__':
main()