Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix misplaced periods in tls #62139

Merged
merged 8 commits into from
Nov 16, 2022
Merged

Fix misplaced periods in tls #62139

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
5a922be
Fix misplaced periods in tls
waynew Jun 6, 2022
5f33064
SQUASHME
waynew Nov 8, 2022
a11d80b
Fix unit tests with misplaced periods
waynew Nov 10, 2022
e0f9433
remove test_tls.py to keep history
waynew Nov 10, 2022
3ff0b1f
move unittest to pytest
waynew Nov 10, 2022
fbe301e
Converted unittest to pytest.
waynew Nov 10, 2022
6fb87dc
add changelog
waynew Nov 10, 2022
316fba1
Merge branch 'master' into fix-tls-misplaced-periods
waynew Nov 10, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions changelog/62139.fixed
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Fixed extra period in filename output in tls module. Instead of "server.crt." it will now be "server.crt".
51 changes: 27 additions & 24 deletions salt/modules/tls.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,8 +43,8 @@
.. code-block:: bash

# salt-call tls.create_csr my_little CN=DBReplica_No.1 cert_type=client
Created Private Key: "/etc/pki/my_little/certs//DBReplica_No.1.key."
Created CSR for "DBReplica_No.1": "/etc/pki/my_little/certs/DBReplica_No.1.csr."
Created Private Key: "/etc/pki/my_little/certs//DBReplica_No.1.key"
Created CSR for "DBReplica_No.1": "/etc/pki/my_little/certs/DBReplica_No.1.csr"

# salt-call tls.create_ca_signed_cert my_little CN=DBReplica_No.1
Created Certificate for "DBReplica_No.1": "/etc/pki/my_little/certs/DBReplica_No.1.crt"
Expand All @@ -56,8 +56,8 @@

# salt-call tls.create_csr my_little CN=MasterDBReplica_No.2 \
cert_type=client
Created Private Key: "/etc/pki/my_little/certs/MasterDBReplica_No.2.key."
Created CSR for "DBReplica_No.1": "/etc/pki/my_little/certs/MasterDBReplica_No.2.csr."
Created Private Key: "/etc/pki/my_little/certs/MasterDBReplica_No.2.key"
Created CSR for "DBReplica_No.1": "/etc/pki/my_little/certs/MasterDBReplica_No.2.csr"

# salt-call tls.create_ca_signed_cert my_little CN=MasterDBReplica_No.2
Created Certificate for "DBReplica_No.1": "/etc/pki/my_little/certs/DBReplica_No.1.crt"
Expand All @@ -70,8 +70,8 @@

# salt-call tls.create_csr my_little CN=MasterDBReplica_No.2 \
cert_type=server type_ext=True
Created Private Key: "/etc/pki/my_little/certs/DBReplica_No.1_client.key."
Created CSR for "DBReplica_No.1": "/etc/pki/my_little/certs/DBReplica_No.1_client.csr."
Created Private Key: "/etc/pki/my_little/certs/DBReplica_No.1_client.key"
Created CSR for "DBReplica_No.1": "/etc/pki/my_little/certs/DBReplica_No.1_client.csr"

# salt-call tls.create_ca_signed_cert my_little CN=MasterDBReplica_No.2
Certificate "MasterDBReplica_No.2" already exists
Expand All @@ -90,8 +90,8 @@

# salt-call tls.create_csr my_little CN=www.anothersometh.ing \
cert_type=server type_ext=True
Created Private Key: "/etc/pki/my_little/certs/www.anothersometh.ing_server.key."
Created CSR for "DBReplica_No.1": "/etc/pki/my_little/certs/www.anothersometh.ing_server.csr."
Created Private Key: "/etc/pki/my_little/certs/www.anothersometh.ing_server.key"
Created CSR for "DBReplica_No.1": "/etc/pki/my_little/certs/www.anothersometh.ing_server.csr"

# salt-call tls_create_ca_signed_cert my_little CN=www.anothersometh.ing \
cert_type=server cert_filename="something_completely_different"
Expand Down Expand Up @@ -172,6 +172,14 @@ def _microtime():
return "{:f}{}".format(val1, val2)


def _context_or_config(key):
"""
Return the value corresponding to the key in __context__ or if not present,
fallback to config.option.
"""
return __context__.get(key, __salt__["config.option"](key))


def cert_base_path(cacert_path=None):
"""
Return the base path for certs from CLI or from options
Expand All @@ -185,16 +193,11 @@ def cert_base_path(cacert_path=None):

salt '*' tls.cert_base_path
"""
if not cacert_path:
cacert_path = __context__.get(
"ca.contextual_cert_base_path",
__salt__["config.option"]("ca.contextual_cert_base_path"),
)
if not cacert_path:
cacert_path = __context__.get(
"ca.cert_base_path", __salt__["config.option"]("ca.cert_base_path")
)
return cacert_path
return (
cacert_path
or _context_or_config("ca.contextual_cert_base_path")
or _context_or_config("ca.cert_base_path")
)


def _cert_base_path(cacert_path=None):
Expand Down Expand Up @@ -842,10 +845,10 @@ def create_ca(

_write_cert_to_database(ca_name, ca)

ret = 'Created Private Key: "{}/{}/{}.key." '.format(
ret = 'Created Private Key: "{}/{}/{}.key" '.format(
cert_base_path(), ca_name, ca_filename
)
ret += 'Created CA "{0}": "{1}/{0}/{2}.crt."'.format(
ret += 'Created CA "{0}": "{1}/{0}/{2}.crt"'.format(
ca_name, cert_base_path(), ca_filename
)

Expand Down Expand Up @@ -1168,8 +1171,8 @@ def create_csr(
)
)

ret = 'Created Private Key: "{}{}.key." '.format(csr_path, csr_filename)
ret += 'Created CSR for "{}": "{}{}.csr."'.format(CN, csr_path, csr_filename)
ret = 'Created Private Key: "{}{}.key" '.format(csr_path, csr_filename)
ret += 'Created CSR for "{}": "{}{}.csr"'.format(CN, csr_path, csr_filename)

return ret

Expand Down Expand Up @@ -1310,10 +1313,10 @@ def create_self_signed_cert(

_write_cert_to_database(tls_dir, cert)

ret = 'Created Private Key: "{}/{}/certs/{}.key." '.format(
ret = 'Created Private Key: "{}/{}/certs/{}.key" '.format(
cert_base_path(), tls_dir, cert_filename
)
ret += 'Created Certificate: "{}/{}/certs/{}.crt."'.format(
ret += 'Created Certificate: "{}/{}/certs/{}.crt"'.format(
cert_base_path(), tls_dir, cert_filename
)

Expand Down
Loading