Infra/lemur
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Making CLOUDCA_API_ENDPOINT configurable

Browse Source
This commit is contained in:
kevgliss 2015-08-17 17:09:31 -07:00
parent eb55d5465f
commit dd607e5c07
1 changed files with 20 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
lemur/plugins/lemur_cloudca/plugin.py
View File

@ -14,6 +14,7 @@ from json import dumps
import arrow import arrow
import requests import requests
from requests.adapters import HTTPAdapter from requests.adapters import HTTPAdapter
from requests.exceptions import ConnectionError
from flask import current_app from flask import current_app
@ -23,8 +24,6 @@ from lemur.plugins import lemur_cloudca as cloudca
from lemur.authorities import service as authority_service from lemur.authorities import service as authority_service
API_ENDPOINT = '/v1/ca/netflix' # TODO this should be configurable
class CloudCAException(LemurException): class CloudCAException(LemurException):
def __init__(self, message): def __init__(self, message):
@ -172,7 +171,11 @@ class CloudCA(object):
# we set a low timeout, if cloudca is down it shouldn't bring down # we set a low timeout, if cloudca is down it shouldn't bring down
# lemur # lemur
response = self.session.post(self.url + endpoint, data=data, timeout=10, verify=self.ca_bundle) try:
response = self.session.post(self.url + endpoint, data=data, timeout=10, verify=self.ca_bundle)
except ConnectionError:
raise Exception("Could not talk to CloudCA, is it up?")
return process_response(response) return process_response(response)
def get(self, endpoint): def get(self, endpoint):
@ -182,7 +185,11 @@ class CloudCA(object):
:param endpoint: :param endpoint:
:return: :return:
""" """
response = self.session.get(self.url + endpoint, timeout=10, verify=self.ca_bundle) try:
response = self.session.get(self.url + endpoint, timeout=10, verify=self.ca_bundle)
except ConnectionError:
raise Exception("Could not talk to CloudCA, is it up?")
return process_response(response) return process_response(response)
def random(self, length=10): def random(self, length=10):
@ -202,7 +209,7 @@ class CloudCA(object):
:return: :return:
""" """
endpoint = '{0}/listCAs'.format(API_ENDPOINT) endpoint = '{0}/listCAs'.format(current_app.config.get('CLOUDCA_API_ENDPOINT'))
authorities = [] authorities = []
for ca in self.get(endpoint)['data']['caList']: for ca in self.get(endpoint)['data']['caList']:
try: try:
@ -230,7 +237,7 @@ class CloudCAIssuerPlugin(IssuerPlugin, CloudCA):
:return: :return:
""" """
# this is weird and I don't like it # this is weird and I don't like it
endpoint = '{0}/createCA'.format(API_ENDPOINT) endpoint = '{0}/createCA'.format(current_app.config.get('CLOUDCA_API_ENDPOINT'))
options['caDN']['email'] = options['ownerEmail'] options['caDN']['email'] = options['ownerEmail']
if options['caType'] == 'subca': if options['caType'] == 'subca':
@ -239,8 +246,11 @@ class CloudCAIssuerPlugin(IssuerPlugin, CloudCA):
options['validityStart'] = convert_date_to_utc_time(options['validityStart']).isoformat() options['validityStart'] = convert_date_to_utc_time(options['validityStart']).isoformat()
options['validityEnd'] = convert_date_to_utc_time(options['validityEnd']).isoformat() options['validityEnd'] = convert_date_to_utc_time(options['validityEnd']).isoformat()
response = self.session.post(self.url + endpoint, data=dumps(remove_none(options)), timeout=10, try:
verify=self.ca_bundle) response = self.session.post(self.url + endpoint, data=dumps(remove_none(options)), timeout=10,
verify=self.ca_bundle)
except ConnectionError:
raise Exception("Could not communicate with CloudCA, is it up?")
json = process_response(response) json = process_response(response)
roles = [] roles = []
@ -274,7 +284,7 @@ class CloudCAIssuerPlugin(IssuerPlugin, CloudCA):
:param csr: :param csr:
:param options: :param options:
""" """
endpoint = '{0}/enroll'.format(API_ENDPOINT) endpoint = '{0}/enroll'.format(current_app.config.get('CLOUDCA_API_ENDPOINT'))
# lets default to two years if it's not specified # lets default to two years if it's not specified
# we do some last minute data massaging # we do some last minute data massaging
options = get_default_issuance(options) options = get_default_issuance(options)
@ -330,7 +340,7 @@ class CloudCASourcePlugin(SourcePlugin, CloudCA):
:param cert_handle: :param cert_handle:
:return: :return:
""" """
endpoint = '{0}/getCert'.format(API_ENDPOINT) endpoint = '{0}/getCert'.format(current_app.config.get('CLOUDCA_API_ENDPOINT'))
response = self.session.post(self.url + endpoint, data=dumps({'caName': ca_name}), timeout=10, response = self.session.post(self.url + endpoint, data=dumps({'caName': ca_name}), timeout=10,
verify=self.ca_bundle) verify=self.ca_bundle)
raw = process_response(response) raw = process_response(response)