From d1d4ccaa97e73461fcfc9137bd8f52528e6751f3 Mon Sep 17 00:00:00 2001 From: Robert Clark Date: Thu, 14 Jan 2016 12:28:52 -0600 Subject: [PATCH] Added the Anchor Driver Anchor is the evolution of eca. It has a different API and different rulesets. Patch tested against the current Anchor Master and docker container Change-Id: I6b04ae50fb7e4e81dc414ef4ea361b3a673bffaa --- cathead/drivers/{eca.py => anchor.py} | 15 ++++++++------ example_config.py | 17 ++++++++-------- tests/test_anchordriver.py | 28 +++++++++++++++++++++++++++ tests/test_ecadriver.py | 11 ----------- 4 files changed, 46 insertions(+), 25 deletions(-) rename cathead/drivers/{eca.py => anchor.py} (78%) create mode 100644 tests/test_anchordriver.py delete mode 100644 tests/test_ecadriver.py diff --git a/cathead/drivers/eca.py b/cathead/drivers/anchor.py similarity index 78% rename from cathead/drivers/eca.py rename to cathead/drivers/anchor.py index 877c467..701ce44 100644 --- a/cathead/drivers/eca.py +++ b/cathead/drivers/anchor.py @@ -23,30 +23,33 @@ from cathead import x509 LOG = logging.getLogger(__name__) -class EcaDriver(cadriver.CaDriver): +class AnchorDriver(cadriver.CaDriver): def __init__(self, host, port, - user, secret, scheme='http'): + user, secret, root='default', scheme='http'): self.host = host self.port = port self.user = user self.secret = secret self.scheme = scheme + self.root = root def sign(self, csr): - url = "{scheme}://{host}:{port}/sign".format(**self.__dict__) + urlscheme = "{scheme}://{host}:{port}/v1/sign/{root}" + url = urlscheme.format(**self.__dict__) LOG.info("Sending CSR to %s" % url) params = {"user": self.user, "secret": self.secret, "encoding": "pem", - "csr": csr} + "csr": csr, + "root": self.root} r = requests.post(url, data=params) cert = r.text - LOG.debug("Received from ECA server:\n%s" % cert) + LOG.debug("Received from Anchor server:\n%s" % cert) if self._is_valid_cert(cert): return cert else: - LOG.info("Received invalid certificate from ECA") + LOG.info("Received invalid certificate from Anchor") def _is_valid_cert(self, cert): try: diff --git a/example_config.py b/example_config.py index bcafadc..29f62bd 100644 --- a/example_config.py +++ b/example_config.py @@ -21,20 +21,21 @@ CONF = { 'ca_key_file': 'ca.p.key', }, { - 'name': 'eca', - 'driver': 'cathead.drivers.eca.EcaDriver', - 'host': '127.0.0.1', - 'port': 5000, + 'name': 'anchor', + 'driver': 'cathead.drivers.anchor.AnchorDriver', + 'host': '192.168.99.100', + 'port': 5016, 'user': 'woot', 'secret': 'woot', + 'root': 'default' } ], 'certs': [ { - 'driver': 'eca', - 'key': 'ca.p.key', - 'cert': 'newcrt.crt', - 'refresh_window': None, + 'driver': 'anchor', + 'key': 'tmp/anchor-test.example.com.key', + 'cert': 'tmp/anchor-test.example.com.crt', + 'refresh_window': 1, 'common_name': '127.0.0.1', 'on_refresh_success': 'hello_system', } diff --git a/tests/test_anchordriver.py b/tests/test_anchordriver.py new file mode 100644 index 0000000..90853fd --- /dev/null +++ b/tests/test_anchordriver.py @@ -0,0 +1,28 @@ +# (c) Copyright 2016 Hewlett Packard Enterprise Development Company, L.P. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import unittest + +from cathead import cadriver +from cathead.drivers import anchor + + +class AnchorDriverTestCase(unittest.TestCase): + + def test_sign(self): + driver = anchor.AnchorDriver("host", "port", + "user", "password", root="default") + self.assertTrue(isinstance(driver, cadriver.CaDriver)) + + # TODO(hyakuhei) functional tests - spin up anchor container maybe? diff --git a/tests/test_ecadriver.py b/tests/test_ecadriver.py deleted file mode 100644 index 5c1d747..0000000 --- a/tests/test_ecadriver.py +++ /dev/null @@ -1,11 +0,0 @@ -import unittest - -from cathead import cadriver -from cathead.drivers import eca - - -class EcaDriverTestCase(unittest.TestCase): - - def test_sign(self): - driver = eca.EcaDriver("host", "port", "user", "password") - self.assertTrue(isinstance(driver, cadriver.CaDriver))