Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions api-ref/source/clustertemplates.inc
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,7 @@ Request
- image_id: image_id
- volume_driver: volume_driver
- registry_enabled: registry_enabled
- insecure_registry: insecure_registry
- docker_storage_driver: docker_storage_driver
- name: name
- network_driver: network_driver
Expand Down
1 change: 1 addition & 0 deletions api-ref/source/samples/clustertemplate-create-req.json
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
"image_id":"fedora-atomic-latest",
"volume_driver":"cinder",
"registry_enabled":false,
"insecure_registry":null,
"docker_storage_driver":"devicemapper",
"name":"k8s-bm2",
"network_driver":"flannel",
Expand Down
6 changes: 6 additions & 0 deletions magnum/common/x509/operations.py
Original file line number Diff line number Diff line change
Expand Up @@ -223,6 +223,12 @@ def sign(csr, issuer_name, ca_key, ca_key_password=None,
builder = builder.add_extension(extention.value,
critical=extention.critical)

subject_key_identifier = x509.SubjectKeyIdentifier.from_public_key(
csr.public_key())
builder = builder.add_extension(
subject_key_identifier, critical=False
)

certificate = builder.sign(
private_key=ca_key, algorithm=hashes.SHA256(),
).public_bytes(serialization.Encoding.PEM).strip()
Expand Down
7 changes: 4 additions & 3 deletions magnum/tests/unit/api/base.py
Original file line number Diff line number Diff line change
Expand Up @@ -67,9 +67,10 @@ def reset_pecan():

self.addCleanup(reset_pecan)

p = mock.patch('magnum.api.controllers.v1.Controller._check_version')
self._check_version = p.start()
self.addCleanup(p.stop)
# Controller._check_version is needed in some tests,
# must be mocked in others. Enable the mock when needed.
self.patch_check_version = mock.patch(
'magnum.api.controllers.v1.Controller._check_version')

def _verify_attrs(self, attrs, response, positive=True):
if positive is True:
Expand Down
3 changes: 3 additions & 0 deletions magnum/tests/unit/api/controllers/test_root.py
Original file line number Diff line number Diff line change
Expand Up @@ -222,9 +222,12 @@ def test_healthcheck_disable_file(self):

class TestV1Routing(api_base.FunctionalTest):
def test_route_checks_version(self):
# Temporarily instantiate mock for Controller._check_version
self._check_version = self.patch_check_version.start()
self.get_json('/')
self._check_version.assert_called_once_with(mock.ANY,
mock.ANY)
self.patch_check_version.stop()


class TestCheckVersions(test_base.TestCase):
Expand Down
18 changes: 18 additions & 0 deletions magnum/tests/unit/api/controllers/v1/test_nodegroup.py
Original file line number Diff line number Diff line change
Expand Up @@ -253,6 +253,24 @@ def test_get_all_wrong_microversion(self):
response = self.get_json(url, headers=headers, expect_errors=True)
self.assertEqual(406, response.status_code)

def test_get_all_api_minor_version_above_range(self):
headers = {"Openstack-Api-Version": "container-infra 1.999"}
url = '/clusters/%s/nodegroups/' % (self.cluster.uuid)
response = self.get_json(url, headers=headers, expect_errors=True)
self.assertEqual(406, response.status_code)
self.assertIsNotNone(response.json['errors'])
self.assertEqual('magnum.microversion-unsupported',
response.json['errors'][0]['code'])

def test_get_all_api_major_version_above_range(self):
headers = {"Openstack-Api-Version": "container-infra 2.11"}
url = '/clusters/%s/nodegroups/' % (self.cluster.uuid)
response = self.get_json(url, headers=headers, expect_errors=True)
self.assertEqual(406, response.status_code)
self.assertIsNotNone(response.json['errors'])
self.assertEqual('magnum.microversion-unsupported',
response.json['errors'][0]['code'])


class TestPost(NodeGroupControllerTest):
def setUp(self):
Expand Down
20 changes: 20 additions & 0 deletions magnum/tests/unit/common/x509/test_sign.py
Original file line number Diff line number Diff line change
Expand Up @@ -233,6 +233,26 @@ def test_sign_empty_chars(self, mock_load_pem):
self.assertEqual(certificate,
certificate.strip())

# If a subject key identifier is given in the CSR, ensure it is added
@mock.patch('cryptography.x509.load_pem_x509_csr')
def test_sign_subject_key_identifier(self, mock_load_pem):
ca_key = self._generate_private_key()
private_key = self._generate_private_key()
csr_obj = self._build_csr(private_key)
csr = csr_obj.public_bytes(serialization.Encoding.PEM)
csr = csr.decode('utf-8')

mock_load_pem.return_value = csr_obj
certificate = operations.sign(csr, self.issuer_name,
ca_key, skip_validation=True)

# Ensure the Subject Key Identifier extension is present
cert = c_x509.load_pem_x509_certificate(certificate)
ext_ski = [ext for ext in cert.extensions
if cert.extensions[0].oid ==
c_x509.oid.ExtensionOID.SUBJECT_KEY_IDENTIFIER]
self.assertEqual(len(ext_ski), 1)

def test_sign_with_invalid_csr(self):
ca_key = self._generate_private_key()
csr = 'test'
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
---
features:
- |
Add subject key identifier extension to x509 operations
signing function. Allows for magnum Kubernetes clusters
to generate certificates with authority key
identifier extension.