tatu/scripts/get-user-cert

#!/usr/bin/env python
import argparse
import json
import os
import requests
import subprocess
import uuid
from Crypto.PublicKey import RSA

parser = argparse.ArgumentParser(description='Get a user certificate from Tatu API.')
parser.add_argument('--projid', '-P', required=True)
parser.add_argument('--pubkeyfile', '-K', required=True)
parser.add_argument('--userid', '-U', required=True)
parser.add_argument('--tatu-url', default= 'http://127.0.0.1:18322',
                    help='URL of the Tatu API')
args = parser.parse_args()

if not os.path.isfile(args.pubkeyfile):
    print '--pubkeyfile must point to a valid public key.'
    exit()
try:
    auth_id = str(uuid.UUID(args.projid, version=4))
except:
    print '--projid should be the UUID of a Tatu CA (usually a cloud tenant/project).'
    exit()
try:
    user_id = str(uuid.UUID(args.userid, version=4))
except:
    print '--userid should be the UUID of a user with permissions in the cloud project.'
    exit()

with open(args.pubkeyfile, 'r') as f:
    pubkeytext = f.read()

server = args.tatu_url

user = {
    'user_id': user_id,
    'auth_id': auth_id,
    'key.pub': pubkeytext
}

response = requests.post(
    server + '/usercerts',
    data=json.dumps(user)
)
if response.status_code != 201:
    print 'Failed: ' + response
    exit()

assert 'location' in response.headers
location = response.headers['location']
response = requests.get(server + location)
usercert = json.loads(response.content)

print usercert['key-cert.pub']