#!/usr/bin/env python # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. import argparse import json import os import requests import subprocess import uuid from Crypto.PublicKey import RSA parser = argparse.ArgumentParser(description='Get a user certificate from Tatu API.') parser.add_argument('--projid', '-P', required=True) parser.add_argument('--pubkeyfile', '-K', required=True) parser.add_argument('--userid', '-U', required=True) parser.add_argument('--tatu-url', default= 'http://127.0.0.1:18322', help='URL of the Tatu API') args = parser.parse_args() if not os.path.isfile(args.pubkeyfile): print '--pubkeyfile must point to a valid public key.' exit() try: auth_id = str(uuid.UUID(args.projid, version=4)) except: print '--projid should be the UUID of a Tatu CA (usually a cloud tenant/project).' exit() try: user_id = str(uuid.UUID(args.userid, version=4)) except: print '--userid should be the UUID of a user with permissions in the cloud project.' exit() with open(args.pubkeyfile, 'r') as f: pubkeytext = f.read() server = args.tatu_url user = { 'user_id': user_id, 'auth_id': auth_id, 'pub_key': pubkeytext } response = requests.post( server + '/usercerts', data=json.dumps(user) ) if response.status_code != 201: print 'Failed: ' + str(response) exit() assert 'location' in response.headers location = response.headers['location'] response = requests.get(server + location) usercert = json.loads(response.content) print usercert['cert']