[SSL] fix validate_writeable_directory
We have to exmand user if ~ was used in path and we have to use normpath in order not to traverse nonexisting directory and remove trailing /. Change-Id: Ic44917b6a1e01c9565cef1df60ed57d3da39cf33
This commit is contained in:
parent
185b932c42
commit
fb99b80db5
|
@ -207,8 +207,10 @@ def validate_writeable_directory(param, options=None):
|
|||
return
|
||||
|
||||
options = options or []
|
||||
if not ((os.path.isdir(param) and os.access(param, os.W_OK)) or
|
||||
os.access(os.path.join(param, os.pardir), os.W_OK)):
|
||||
path = os.path.expanduser(param)
|
||||
if not ((os.path.isdir(path) and os.access(path, os.W_OK)) or
|
||||
os.access(
|
||||
os.path.normpath(os.path.join(path, os.pardir)), os.W_OK)):
|
||||
logging.debug('validate_writeable_directory(%s, options=%s) failed.' %
|
||||
(param, options))
|
||||
msg = 'Given directory does not exist or is not writeable: %s'
|
||||
|
|
|
@ -137,7 +137,7 @@ def generate_ssl_cert(config, host, service, ssl_key_file, ssl_cert_file):
|
|||
|
||||
final_cert = crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
|
||||
final_key = crypto.dump_privatekey(crypto.FILETYPE_PEM, k)
|
||||
deliver_ssl_file(ca_file, config['CONFIG_SSL_CACERT_FILE'], host)
|
||||
deliver_ssl_file(ca_file, config['CONFIG_SSL_CACERT'], host)
|
||||
deliver_ssl_file(final_cert, ssl_cert_file, host)
|
||||
deliver_ssl_file(final_key, ssl_key_file, host)
|
||||
|
||||
|
|
|
@ -174,7 +174,7 @@ def create_manifest(config, messages):
|
|||
ssl_key_file = '/etc/pki/tls/private/ssl_amqp.key'
|
||||
ssl_cert_file = '/etc/pki/tls/certs/ssl_amqp.crt'
|
||||
cacert = config['CONFIG_AMQP_SSL_CACERT_FILE'] = (
|
||||
config['CONFIG_SSL_CACERT_FILE']
|
||||
config['CONFIG_SSL_CACERT']
|
||||
)
|
||||
generate_ssl_cert(config, amqp_host, service, ssl_key_file,
|
||||
ssl_cert_file)
|
||||
|
|
|
@ -172,7 +172,7 @@ def create_manifest(config, messages):
|
|||
ssl_key_file = config["CONFIG_HORIZON_SSL_KEY"] = (
|
||||
'/etc/pki/tls/private/ssl_dashboard.key'
|
||||
)
|
||||
cacert = config['CONFIG_SSL_CACERT_FILE']
|
||||
cacert = config['CONFIG_SSL_CACERT']
|
||||
config["CONFIG_HORIZON_SSL_CACERT"] = cacert
|
||||
ssl_host = config['CONFIG_CONTROLLER_HOST']
|
||||
service = 'dashboard'
|
||||
|
|
|
@ -212,10 +212,17 @@ def create_self_signed_cert(config, messages):
|
|||
OpenSSL wrapper to create selfsigned CA.
|
||||
"""
|
||||
|
||||
# for now hardcoded place for landing CACert file on servers
|
||||
config['CONFIG_SSL_CACERT'] = '/etc/pki/tls/certs/packstack_cacert.crt'
|
||||
|
||||
if (config['CONFIG_AMQP_ENABLE_SSL'] != 'y' and
|
||||
config["CONFIG_HORIZON_SSL"] != 'y'):
|
||||
return
|
||||
|
||||
config['CONFIG_SSL_CERT_DIR'] = os.path.expanduser(
|
||||
config['CONFIG_SSL_CERT_DIR']
|
||||
)
|
||||
|
||||
if not os.path.isdir(config['CONFIG_SSL_CERT_DIR']):
|
||||
os.mkdir(config['CONFIG_SSL_CERT_DIR'])
|
||||
certs = os.path.join(config['CONFIG_SSL_CERT_DIR'], 'certs')
|
||||
|
|
|
@ -74,7 +74,7 @@ class ValidatorsTestCase(PackstackTestCaseMixin, TestCase):
|
|||
def test_validate_file(self):
|
||||
"""Test packstack.installer.validators.validate_file."""
|
||||
dname = os.path.join(self.tempdir, '.test_validate_file')
|
||||
bad_name = os.path.join(self.tempdir, '.me_no_exists')
|
||||
bad_name = os.path.join(self.tempdir, '.me_no/exists')
|
||||
os.mkdir(dname)
|
||||
validate_writeable_directory(dname)
|
||||
self.assertRaises(ParamValidationError, validate_writeable_directory, bad_name)
|
||||
|
|
Loading…
Reference in New Issue