x/vmware-nsx
Code Issues Proposed changes

Merge "NSXAdmin: Add parameters to certificate generation"

Browse Source
This commit is contained in:
Jenkins 2017-02-08 07:47:29 +00:00 committed by Gerrit Code Review
commit c674746ffd
2 changed files with 39 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
doc/source/admin_util.rst
View File

@ -299,7 +299,7 @@ Client Certificate
- Generate new client certificate (this command will delete previous certificate if exists):: - Generate new client certificate (this command will delete previous certificate if exists)::
nsxadmin -r certificate -o generate --property username=<username> --property password=<password> nsxadmin -r certificate -o generate [--property username=<username> --property password=<password> --property key-size=<size> --property sig-alg=<alg> --property valid-days=<days> --property country=<country> --property state=<state> --property org=<organization> --property unit=<unit> --property host=<hostname>]
- Delete client certificate:: - Delete client certificate::

42
vmware_nsx/shell/admin/plugins/nsxv3/resources/certificates.py
View File

@ -27,12 +27,19 @@ from vmware_nsxlib.v3 import trust_management
from neutron.callbacks import registry from neutron.callbacks import registry
from neutron import context from neutron import context
from neutron_lib import exceptions
from oslo_config import cfg from oslo_config import cfg
LOG = logging.getLogger(__name__) LOG = logging.getLogger(__name__)
# default certificate validity period in days (10 years) CERT_DEFAULTS = {'key-size': 2048,
DEFAULT_CERT_VALIDITY_PERIOD = 3650 'sig-alg': 'sha256',
'valid-days': 3650,
'country': 'US',
'state': 'California',
'org': 'default org',
'unit': 'default unit',
'host': 'defaulthost.org'}
def get_nsx_trust_management(**kwargs): def get_nsx_trust_management(**kwargs):
@ -73,14 +80,41 @@ def generate_cert(resource, event, trigger, **kwargs):
"with storage type 'none'")) "with storage type 'none'"))
return return
# update cert defaults based on user input
properties = CERT_DEFAULTS.copy()
if kwargs.get('property'):
properties.update(admin_utils.parse_multi_keyval_opt(
kwargs['property']))
try:
prop = 'key-size'
key_size = int(properties.get(prop))
prop = 'valid-days'
valid_for_days = int(properties.get(prop))
except ValueError:
LOG.info(_LI("%s property must be a number"), prop)
return
signature_alg = properties.get('sig-alg')
# TODO(annak): use nsxlib constants when they land
subject = {}
subject['country'] = properties.get('country')
subject['state'] = properties.get('state')
subject['organization'] = properties.get('org')
subject['unit'] = properties.get('org')
subject['hostname'] = properties.get('host')
with get_certificate_manager(**kwargs) as cert: with get_certificate_manager(**kwargs) as cert:
if cert.exists(): if cert.exists():
LOG.info(_LI("Deleting existing certificate")) LOG.info(_LI("Deleting existing certificate"))
# Need to delete cert first # Need to delete cert first
cert.delete() cert.delete()
cert.generate(subject={}, try:
valid_for_days=DEFAULT_CERT_VALIDITY_PERIOD) cert.generate(subject, key_size, valid_for_days, signature_alg)
except exceptions.InvalidInput as e:
LOG.info(e)
return
LOG.info(_LI("Client certificate generated succesfully")) LOG.info(_LI("Client certificate generated succesfully"))