Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
S
slapos.core
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Ivan Tyagov
slapos.core
Commits
792059be
Commit
792059be
authored
Jun 19, 2017
by
Alain Takoudjou
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
slapos_cloud: use caucase webservice for certificate management
parent
300091cc
Changes
5
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
96 additions
and
21 deletions
+96
-21
master/bt5/slapos_cloud/DocumentTemplateItem/portal_components/document.erp5.Person.py
...entTemplateItem/portal_components/document.erp5.Person.py
+39
-10
master/bt5/slapos_cloud/DocumentTemplateItem/portal_components/document.erp5.Person.xml
...ntTemplateItem/portal_components/document.erp5.Person.xml
+30
-3
master/bt5/slapos_cloud/WorkflowTemplateItem/portal_workflow/computer_slap_interface_workflow/scripts/Computer_generateCertificate.py
...nterface_workflow/scripts/Computer_generateCertificate.py
+16
-6
master/bt5/slapos_cloud/WorkflowTemplateItem/portal_workflow/computer_slap_interface_workflow/scripts/Computer_generateCertificate.xml
...terface_workflow/scripts/Computer_generateCertificate.xml
+8
-0
master/bt5/slapos_cloud/WorkflowTemplateItem/portal_workflow/computer_slap_interface_workflow/scripts/Computer_revokeCertificate.py
..._interface_workflow/scripts/Computer_revokeCertificate.py
+3
-2
No files found.
master/bt5/slapos_cloud/DocumentTemplateItem/portal_components/document.erp5.Person.py
View file @
792059be
...
@@ -2,9 +2,16 @@ from AccessControl import ClassSecurityInfo, Unauthorized, getSecurityManager
...
@@ -2,9 +2,16 @@ from AccessControl import ClassSecurityInfo, Unauthorized, getSecurityManager
from
Products.ERP5.Document.Person
import
Person
as
ERP5Person
from
Products.ERP5.Document.Person
import
Person
as
ERP5Person
from
Products.ERP5Type
import
Permissions
from
Products.ERP5Type
import
Permissions
class
UserCertificateNotFound
(
Exception
):
"""Exception raised when certificate is not found"""
pass
class
UserCertificateFound
(
Exception
):
"""Exception raised when certificate is found"""
pass
class
Person
(
ERP5Person
):
class
Person
(
ERP5Person
):
security
=
ClassSecurityInfo
()
security
=
ClassSecurityInfo
()
security
.
declarePublic
(
'getCertificate'
)
def
_checkCertificateRequest
(
self
):
def
_checkCertificateRequest
(
self
):
try
:
try
:
...
@@ -19,24 +26,46 @@ class Person(ERP5Person):
...
@@ -19,24 +26,46 @@ class Person(ERP5Person):
if
getSecurityManager
().
getUser
().
getId
()
!=
reference
:
if
getSecurityManager
().
getUser
().
getId
()
!=
reference
:
raise
raise
def
_getCertificate
(
self
):
security
.
declarePublic
(
'signCertificate'
)
return
self
.
getPortalObject
().
portal_certificate_authority
\
def
signCertificate
(
self
,
csr
):
.
getNewCertificate
(
self
.
getReference
())
"""Send csr for certificate signature"""
self
.
_checkCertificateRequest
()
if
self
.
getDestinationReference
():
raise
UserCertificateFound
(
"A Certificate already exists, please revoke it first!"
)
ca_service
=
self
.
getPortalObject
().
portal_web_services
.
caucase_adapter
csr_id
=
ca_service
.
putCertificateSigningRequest
(
csr
)
def
_revokeCertificate
(
self
):
# Sign the csr immediately
return
self
.
getPortalObject
().
portal_certificate_authority
\
crt_id
,
url
=
ca_service
.
signCertificate
(
csr_id
)
.
revokeCertificateByCommonName
(
self
.
getReference
())
self
.
setDestinationReference
(
crt_id
)
return
crt_id
,
url
security
.
declarePublic
(
'getCertificate'
)
def
getCertificate
(
self
):
def
getCertificate
(
self
):
"""Returns
new
SSL certificate"""
"""Returns
existing
SSL certificate"""
self
.
_checkCertificateRequest
()
self
.
_checkCertificateRequest
()
return
self
.
_getCertificate
()
crt_id
=
self
.
getDestinationReference
()
if
crt_id
:
return
self
.
getPortalObject
().
portal_web_services
.
caucase_adapter
\
.
getCertificate
(
crt_id
)
raise
UserCertificateNotFound
(
"No certificate set for the user %s"
%
self
.
getReference
()
)
security
.
declarePublic
(
'revokeCertificate'
)
security
.
declarePublic
(
'revokeCertificate'
)
def
revokeCertificate
(
self
):
def
revokeCertificate
(
self
):
"""Revokes existing certificate"""
"""Revokes existing certificate"""
self
.
_checkCertificateRequest
()
self
.
_checkCertificateRequest
()
self
.
_revokeCertificate
()
crt_id
=
self
.
getDestinationReference
()
if
crt_id
:
response
=
self
.
getPortalObject
().
portal_web_services
.
caucase_adapter
\
.
revokeCertificate
(
crt_id
)
# Remove Destination Reference
self
.
setDestinationReference
(
""
)
return
response
.
read
()
raise
UserCertificateNotFound
(
"No certificate set for the user %s"
%
self
.
getReference
()
)
security
.
declareProtected
(
Permissions
.
AccessContentsInformation
,
security
.
declareProtected
(
Permissions
.
AccessContentsInformation
,
'getTitle'
)
'getTitle'
)
...
...
master/bt5/slapos_cloud/DocumentTemplateItem/portal_components/document.erp5.Person.xml
View file @
792059be
...
@@ -6,10 +6,22 @@
...
@@ -6,10 +6,22 @@
</pickle>
</pickle>
<pickle>
<pickle>
<dictionary>
<dictionary>
<item>
<key>
<string>
_recorded_property_dict
</string>
</key>
<value>
<persistent>
<string
encoding=
"base64"
>
AAAAAAAAAAI=
</string>
</persistent>
</value>
</item>
<item>
<item>
<key>
<string>
default_reference
</string>
</key>
<key>
<string>
default_reference
</string>
</key>
<value>
<string>
Person
</string>
</value>
<value>
<string>
Person
</string>
</value>
</item>
</item>
<item>
<key>
<string>
description
</string>
</key>
<value>
<none/>
</value>
</item>
<item>
<item>
<key>
<string>
id
</string>
</key>
<key>
<string>
id
</string>
</key>
<value>
<string>
document.erp5.Person
</string>
</value>
<value>
<string>
document.erp5.Person
</string>
</value>
...
@@ -43,13 +55,28 @@
...
@@ -43,13 +55,28 @@
<item>
<item>
<key>
<string>
workflow_history
</string>
</key>
<key>
<string>
workflow_history
</string>
</key>
<value>
<value>
<persistent>
<string
encoding=
"base64"
>
AAAAAAAAAA
I
=
</string>
</persistent>
<persistent>
<string
encoding=
"base64"
>
AAAAAAAAAA
M
=
</string>
</persistent>
</value>
</value>
</item>
</item>
</dictionary>
</dictionary>
</pickle>
</pickle>
</record>
</record>
<record
id=
"2"
aka=
"AAAAAAAAAAI="
>
<record
id=
"2"
aka=
"AAAAAAAAAAI="
>
<pickle>
<global
name=
"PersistentMapping"
module=
"Persistence.mapping"
/>
</pickle>
<pickle>
<dictionary>
<item>
<key>
<string>
data
</string>
</key>
<value>
<dictionary/>
</value>
</item>
</dictionary>
</pickle>
</record>
<record
id=
"3"
aka=
"AAAAAAAAAAM="
>
<pickle>
<pickle>
<global
name=
"PersistentMapping"
module=
"Persistence.mapping"
/>
<global
name=
"PersistentMapping"
module=
"Persistence.mapping"
/>
</pickle>
</pickle>
...
@@ -62,7 +89,7 @@
...
@@ -62,7 +89,7 @@
<item>
<item>
<key>
<string>
component_validation_workflow
</string>
</key>
<key>
<string>
component_validation_workflow
</string>
</key>
<value>
<value>
<persistent>
<string
encoding=
"base64"
>
AAAAAAAAAA
M
=
</string>
</persistent>
<persistent>
<string
encoding=
"base64"
>
AAAAAAAAAA
Q
=
</string>
</persistent>
</value>
</value>
</item>
</item>
</dictionary>
</dictionary>
...
@@ -71,7 +98,7 @@
...
@@ -71,7 +98,7 @@
</dictionary>
</dictionary>
</pickle>
</pickle>
</record>
</record>
<record
id=
"
3"
aka=
"AAAAAAAAAAM
="
>
<record
id=
"
4"
aka=
"AAAAAAAAAAQ
="
>
<pickle>
<pickle>
<global
name=
"WorkflowHistoryList"
module=
"Products.ERP5Type.patches.WorkflowTool"
/>
<global
name=
"WorkflowHistoryList"
module=
"Products.ERP5Type.patches.WorkflowTool"
/>
</pickle>
</pickle>
...
...
master/bt5/slapos_cloud/WorkflowTemplateItem/portal_workflow/computer_slap_interface_workflow/scripts/Computer_generateCertificate.py
View file @
792059be
computer
=
state_change
[
'object'
]
computer
=
state_change
[
'object'
]
# Get required arguments
kwargs
=
state_change
.
kwargs
try
:
certificate_signature_request
=
kwargs
[
"csr"
]
except
KeyError
,
e
:
raise
TypeError
(
"Computer_generateCertificate takes exactly 1 argument: %s"
%
str
(
e
))
if
computer
.
getDestinationReference
()
is
not
None
:
if
computer
.
getDestinationReference
()
is
not
None
:
context
.
REQUEST
.
set
(
"computer_certificate"
,
None
)
context
.
REQUEST
.
set
(
"computer_certificate"
,
None
)
context
.
REQUEST
.
set
(
"computer_
key
"
,
None
)
context
.
REQUEST
.
set
(
"computer_
certificate_url
"
,
None
)
raise
ValueError
(
'Certificate still active.'
)
raise
ValueError
(
'Certificate still active.'
)
ca
=
context
.
getPortalObject
().
portal_certificate_authority
ca_service
=
context
.
getPortalObject
().
portal_web_services
.
caucase_adapter
certificate_dict
=
ca
.
getNewCertificate
(
computer
.
getReference
())
csr_id
=
ca_service
.
putCertificateSigningRequest
(
certificate_signature_request
)
# Sign the csr immediately
crt_id
,
url
=
ca_service
.
signCertificate
(
csr_id
)
certificate
=
ca_service
.
getCertificate
(
crt_id
)
computer
.
setDestinationReference
(
c
ertificate_dict
[
"id"
]
)
computer
.
setDestinationReference
(
c
rt_id
)
context
.
REQUEST
.
set
(
"computer_certificate"
,
certificate
_dict
[
"certificate"
]
)
context
.
REQUEST
.
set
(
"computer_certificate"
,
certificate
)
context
.
REQUEST
.
set
(
"computer_
key"
,
certificate_dict
[
"key"
]
)
context
.
REQUEST
.
set
(
"computer_
certificate_url"
,
url
)
master/bt5/slapos_cloud/WorkflowTemplateItem/portal_workflow/computer_slap_interface_workflow/scripts/Computer_generateCertificate.xml
View file @
792059be
...
@@ -52,6 +52,14 @@
...
@@ -52,6 +52,14 @@
<key>
<string>
_params
</string>
</key>
<key>
<string>
_params
</string>
</key>
<value>
<string>
state_change
</string>
</value>
<value>
<string>
state_change
</string>
</value>
</item>
</item>
<item>
<key>
<string>
_proxy_roles
</string>
</key>
<value>
<tuple>
<string>
Manager
</string>
</tuple>
</value>
</item>
<item>
<item>
<key>
<string>
id
</string>
</key>
<key>
<string>
id
</string>
</key>
<value>
<string>
Computer_generateCertificate
</string>
</value>
<value>
<string>
Computer_generateCertificate
</string>
</value>
...
...
master/bt5/slapos_cloud/WorkflowTemplateItem/portal_workflow/computer_slap_interface_workflow/scripts/Computer_revokeCertificate.py
View file @
792059be
computer
=
state_change
[
'object'
]
computer
=
state_change
[
'object'
]
context
.
REQUEST
.
set
(
'computer_certificate'
,
None
)
context
.
REQUEST
.
set
(
'computer_certificate'
,
None
)
context
.
REQUEST
.
set
(
'computer_
key
'
,
None
)
context
.
REQUEST
.
set
(
'computer_
certificate_url
'
,
None
)
destination_reference
=
computer
.
getDestinationReference
()
destination_reference
=
computer
.
getDestinationReference
()
if
destination_reference
is
None
:
if
destination_reference
is
None
:
raise
ValueError
(
'No certificate'
)
raise
ValueError
(
'No certificate'
)
context
.
getPortalObject
().
portal_certificate_authority
.
revokeCertificate
(
destination_reference
)
context
.
getPortalObject
().
portal_web_services
.
caucase_adapter
\
.
revokeCertificate
(
destination_reference
)
computer
.
setDestinationReference
(
None
)
computer
.
setDestinationReference
(
None
)
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment