Added the Anchor Driver

Anchor is the evolution of eca. It has a different API
and different rulesets.

Patch tested against the current Anchor Master and docker
container

Change-Id: I6b04ae50fb7e4e81dc414ef4ea361b3a673bffaa

cathead/drivers/anchor.py

@@ -23,30 +23,33 @@ from cathead import x509
 LOG = logging.getLogger(__name__)
 
 
-class EcaDriver(cadriver.CaDriver):
+class AnchorDriver(cadriver.CaDriver):
 
     def __init__(self, host, port,
-                 user, secret, scheme='http'):
+                 user, secret, root='default', scheme='http'):
         self.host = host
         self.port = port
         self.user = user
         self.secret = secret
         self.scheme = scheme
+        self.root = root
 
     def sign(self, csr):
-        url = "{scheme}://{host}:{port}/sign".format(**self.__dict__)
+        urlscheme = "{scheme}://{host}:{port}/v1/sign/{root}"
+        url = urlscheme.format(**self.__dict__)
         LOG.info("Sending CSR to %s" % url)
         params = {"user": self.user,
                   "secret": self.secret,
                   "encoding": "pem",
-                  "csr": csr}
+                  "csr": csr,
+                  "root": self.root}
         r = requests.post(url, data=params)
         cert = r.text
-        LOG.debug("Received from ECA server:\n%s" % cert)
+        LOG.debug("Received from Anchor server:\n%s" % cert)
         if self._is_valid_cert(cert):
             return cert
         else:
-            LOG.info("Received invalid certificate from ECA")
+            LOG.info("Received invalid certificate from Anchor")
 
     def _is_valid_cert(self, cert):
         try:

example_config.py

@@ -21,20 +21,21 @@ CONF = {
             'ca_key_file': 'ca.p.key',
         },
         {
-            'name': 'eca',
+            'name': 'anchor',
-            'driver': 'cathead.drivers.eca.EcaDriver',
+            'driver': 'cathead.drivers.anchor.AnchorDriver',
-            'host': '127.0.0.1',
+            'host': '192.168.99.100',
-            'port': 5000,
+            'port': 5016,
             'user': 'woot',
             'secret': 'woot',
+            'root': 'default'
         }
     ],
     'certs': [
         {
-            'driver': 'eca',
+            'driver': 'anchor',
-            'key': 'ca.p.key',
+            'key': 'tmp/anchor-test.example.com.key',
-            'cert': 'newcrt.crt',
+            'cert': 'tmp/anchor-test.example.com.crt',
-            'refresh_window': None,
+            'refresh_window': 1,
             'common_name': '127.0.0.1',
             'on_refresh_success': 'hello_system',
         }

tests/test_anchordriver.py

@@ -0,0 +1,28 @@
+#   (c) Copyright 2016 Hewlett Packard Enterprise Development Company, L.P.
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+
+import unittest
+
+from cathead import cadriver
+from cathead.drivers import anchor
+
+
+class AnchorDriverTestCase(unittest.TestCase):
+
+    def test_sign(self):
+        driver = anchor.AnchorDriver("host", "port",
+                                     "user", "password", root="default")
+        self.assertTrue(isinstance(driver, cadriver.CaDriver))
+
+    # TODO(hyakuhei) functional tests - spin up anchor container maybe?

tests/test_ecadriver.py

@@ -1,11 +0,0 @@
-import unittest
-
-from cathead import cadriver
-from cathead.drivers import eca
-
-
-class EcaDriverTestCase(unittest.TestCase):
-
-    def test_sign(self):
-        driver = eca.EcaDriver("host", "port", "user", "password")
-        self.assertTrue(isinstance(driver, cadriver.CaDriver))