Merge "Make cert generation rbac compatible for kubernetes"

rally_openstack/contexts/magnum/ca_certs.py

@@ -14,13 +14,6 @@
 
 import os
 
-from cryptography.hazmat import backends
-from cryptography.hazmat.primitives.asymmetric import rsa
-from cryptography.hazmat.primitives import hashes
-from cryptography.hazmat.primitives import serialization
-from cryptography import x509
-from cryptography.x509 import oid
-
 from rally.common import utils as rutils
 from rally.common import validation
 from rally.task import context
@@ -47,14 +40,24 @@ class CaCertGenerator(context.Context):
 
     def _generate_csr_and_key(self):
         """Return a dict with a new csr and key."""
+        from cryptography.hazmat import backends
+        from cryptography.hazmat.primitives.asymmetric import rsa
+        from cryptography.hazmat.primitives import hashes
+        from cryptography.hazmat.primitives import serialization
+        from cryptography import x509
+        from cryptography.x509.oid import NameOID
+
         key = rsa.generate_private_key(
             public_exponent=65537,
             key_size=2048,
             backend=backends.default_backend())
 
-        csr = x509.CertificateSigningRequestBuilder().subject_name(x509.Name([
-            x509.NameAttribute(oid.NameOID.COMMON_NAME, u"Magnum User"),
-        ])).sign(key, hashes.SHA256(), backends.default_backend())
+        csr = x509.CertificateSigningRequestBuilder().subject_name(
+            x509.Name([
+                x509.NameAttribute(NameOID.COMMON_NAME, u"admin"),
+                x509.NameAttribute(NameOID.ORGANIZATION_NAME,
+                                   u"system:masters")
+            ])).sign(key, hashes.SHA256(), backends.default_backend())
 
         result = {
             "csr": csr.public_bytes(encoding=serialization.Encoding.PEM),