curl-dev && \
# needed libcurl to install correctly \
python -m pip install --upgrade pip \
- pip install 'pycurl==7.44.1' && \
+ pip install 'pycurl==7.44.1' && \
set -ex && \
gem update --system --no-document && \
gem install --no-update-sources public_suffix:4.0.7 multipart-post:2.2.0 etc:1.3.0 bundler:2.3.26 chef:13.8.5 berkshelf:6.3.1 io-console:0.4.6 webrick --no-document && \
protocol = "https"
https_flag = "--https"
be_port = node['BE']['https_port']
+ if node['BE-init']['tls_cert'] && node['BE-init']['tls_key']
+ tls_key = "--tls_key " + node['BE-init']['tls_key']
+ tls_cert = "--tls_cert " + node['BE-init']['tls_cert']
+ if node['BE-init']['tls_password']
+ tls_key_pw = "--tls_key_pw " + node['BE-init']['tls_password']
+ end
+ end
+ if node['BE-init']['ca_cert']
+ ca_cert = "--ca_cert " + node['BE-init']['ca_cert']
+ end
else
protocol = "http"
https_flag = ""
end
execute "executing-create_users" do
- command "sdcuserinit -i #{node['Nodes']['BE']} -p #{be_port} #{basic_auth_config} #{user_conf_dir} #{https_flag}"
+ command "sdcuserinit -i #{node['Nodes']['BE']} -p #{be_port} #{basic_auth_config} #{user_conf_dir} #{https_flag} #{tls_cert} #{tls_key} #{tls_key_pw} #{ca_cert}"
action :run
end
execute "executing-create_consumers" do
- command "sdcconsumerinit -i #{node['Nodes']['BE']} -p #{be_port} #{basic_auth_config} #{https_flag}"
+ command "sdcconsumerinit -i #{node['Nodes']['BE']} -p #{be_port} #{basic_auth_config} #{https_flag} #{tls_cert} #{tls_key} #{tls_key_pw} #{ca_cert}"
action :run
end
protocol = "https"
https_flag = "--https"
be_port = node['BE']['https_port']
+ if node['BE-init']['tls_cert'] && node['BE-init']['tls_key']
+ tls_key = "--tls_key " + node['BE-init']['tls_key']
+ tls_cert = "--tls_cert " + node['BE-init']['tls_cert']
+ if node['BE-init']['tls_password']
+ tls_key_pw = "--tls_key_pw " + node['BE-init']['tls_password']
+ end
+ end
+ if node['BE-init']['ca_cert']
+ ca_cert = "--ca_cert " + node['BE-init']['ca_cert']
+ end
else
protocol = "http"
https_flag = ""
end
execute "executing-check_backend_health" do
- command "sdccheckbackend -i #{node['Nodes']['BE']} -p #{be_port} #{basic_auth_config} #{https_flag}"
+ command "sdccheckbackend -i #{node['Nodes']['BE']} -p #{be_port} #{basic_auth_config} #{https_flag} #{tls_cert} #{tls_key} #{tls_key_pw} #{ca_cert}"
action :run
-end
\ No newline at end of file
+end
protocol = "https"
be_port = node['BE']['https_port']
param="-i #{be_ip} -p #{be_port} --https"
+ if node['BE-init']['tls_cert'] && node['BE-init']['tls_key']
+ tls_key = "--tls_key " + node['BE-init']['tls_key']
+ tls_cert = "--tls_cert " + node['BE-init']['tls_cert']
+ if node['BE-init']['tls_password']
+ tls_key_pw = "--tls_key_pw " + node['BE-init']['tls_password']
+ end
+ end
+ if node['BE-init']['ca_cert']
+ ca_cert = "--ca_cert " + node['BE-init']['ca_cert']
+ end
else
protocol = "http"
be_port = node['BE']['http_port']
end
execute "create-jetty-modules" do
- command "set -ex && tar -xvf normatives.tar.gz && cd /var/tmp/normatives/import/tosca && sdcinit #{param} #{basic_auth_config} > #{ENV['ONAP_LOG']}/init.log"
+ command "set -ex && tar -xvf normatives.tar.gz && cd /var/tmp/normatives/import/tosca && sdcinit #{param} #{basic_auth_config} #{tls_cert} #{tls_key} #{tls_key_pw} #{ca_cert} > #{ENV['ONAP_LOG']}/init.log"
cwd "/var/tmp/"
action :run
end
colors = BColors()
-def check_backend(sdc_be_proxy=None, reply_append_count=1, be_host=None, be_port=None, header=None, scheme=None, debug=False):
+def check_backend(sdc_be_proxy=None, reply_append_count=1, be_host=None, be_port=None, header=None, scheme=None, debug=False, ca_cert=None, tls_cert=None, tls_key=None, tls_key_pw=None):
if sdc_be_proxy is None:
- sdc_be_proxy = SdcBeProxy(be_host, be_port, header, scheme, debug=debug)
+ sdc_be_proxy = SdcBeProxy(be_host, be_port, header, scheme, tls_cert, tls_key, tls_key_pw, ca_cert, debug=debug)
for i in range(1, reply_append_count + 1):
if sdc_be_proxy.check_backend() == 200:
return False
-def run(be_host, be_port, header, protocol):
+def run(be_host, be_port, header, protocol, tls_key, tls_cert, tls_key_pw, ca_cert):
if not check_backend(reply_append_count=properties.retry_attempts, be_host=be_host,
- be_port=be_port, header=header, scheme=protocol):
+ be_port=be_port, header=header, scheme=protocol, ca_cert=ca_cert, tls_cert=tls_cert, tls_key=tls_key, tls_key_pw=tls_key_pw):
print('[ERROR]: ' + time.strftime('%Y/%m/%d %H:%M:%S') + colors.FAIL + ' Backend is DOWN :-(' + colors.END_C)
sys.exit()
parser.add_argument('-p', '--port', required=True)
parser.add_argument('--header')
parser.add_argument('--https', action='store_true')
+ parser.add_argument('--tls_key')
+ parser.add_argument('--tls_cert')
+ parser.add_argument('--tls_key_pw')
+ parser.add_argument('--ca_cert')
args = parser.parse_args()
init_properties(10, 10)
- return [args.ip, args.port, args.header, 'https' if args.https else 'http']
+ return [args.ip, args.port, args.header, 'https' if args.https else 'http', args.tls_key, args.tls_cert, args.tls_key_pw, args.ca_cert]
def main():
def process_and_create_normative_element(normative_element,
- scheme=None, be_host=None, be_port=None, header=None, admin_user=None, sdc_be_proxy=None,
+ scheme=None, be_host=None, be_port=None, header=None, admin_user=None,
+ tls_cert=None, tls_key=None, tls_key_pw=None, ca_cert=None, sdc_be_proxy=None,
model=None, debug=False,
exit_on_success=False):
if sdc_be_proxy is None:
- sdc_be_proxy = SdcBeProxy(be_host, be_port, header, scheme, admin_user, debug=debug)
+ sdc_be_proxy = SdcBeProxy(be_host, be_port, header, scheme, tls_cert, tls_key, tls_key_pw, ca_cert, admin_user, debug=debug)
file_dir, url_suffix, element_name, element_from_name, with_metadata = normative_element.get_parameters()
_create_normative_element(sdc_be_proxy,
def process_and_create_normative_types(normative_type,
- scheme=None, be_host=None, be_port=None, header=None, admin_user=None,
+ scheme=None, be_host=None, be_port=None, header=None,
+ tls_cert=None, tls_key=None, tls_key_pw=None, ca_cert=None, admin_user=None,
sdc_be_proxy=None,
update_version=False,
debug=False,
exit_on_success=False):
if sdc_be_proxy is None:
- sdc_be_proxy = SdcBeProxy(be_host, be_port, header, scheme, admin_user, debug=debug)
+ sdc_be_proxy = SdcBeProxy(be_host, be_port, header, scheme, tls_cert, tls_key, tls_key_pw, ca_cert, admin_user, debug=debug)
file_dir, normative_type_list = normative_type.get_parameters()
BODY_SEPARATOR = "\r\n\r\n"
CHARTSET = 'UTF-8'
- def __init__(self, be_ip, be_port, header, scheme, user_id="jh0003",
+ def __init__(self, be_ip, be_port, header, scheme, tls_cert, tls_key, tls_key_pw, ca_cert, user_id="jh0003",
debug=False, connector=None):
if not check_arguments_not_none(be_ip, be_port, scheme, user_id):
raise AttributeError("The be_host, be_port, scheme or admin_user are missing")
url = get_url(be_ip, be_port, scheme)
self.con = connector if connector \
- else CurlConnector(url, user_id, header, protocol=scheme, debug=debug)
+ else CurlConnector(url, user_id, header, tls_cert, tls_key, tls_key_pw, ca_cert, protocol=scheme, debug=debug)
def check_backend(self):
return self.con.get('/sdc2/rest/v1/user/jh0003')
CONTENT_TYPE_HEADER = "Content-Type: application/json"
ACCEPT_HEADER = "Accept: application/json; charset=UTF-8"
- def __init__(self, url, user_id_header, header, buffer=None, protocol="http", debug=False):
+ def __init__(self, url, user_id_header, header, tls_cert, tls_key, tls_key_pw, ca_cert, buffer=None, protocol="http", debug=False):
self.__debug = debug
self.__protocol = protocol
+ self.__tls_cert = tls_cert
+ self.__tls_key = tls_key
+ self.__tls_key_pw = tls_key_pw
+ self.__ca_cert = ca_cert
self.c = self.__build_default_curl()
self.user_header = "USER_ID: " + user_id_header
if self.__protocol == 'https':
curl.setopt(pycurl.SSL_VERIFYPEER, 0)
curl.setopt(pycurl.SSL_VERIFYHOST, 0)
+ if self.__tls_cert is not None and self.__tls_key is not None:
+ curl.setopt(curl.SSLCERT, self.__tls_cert)
+ curl.setopt(curl.SSLKEY, self.__tls_key)
+ if self.__tls_key_pw is not None:
+ curl.setopt(curl.KEYPASSWD, self.__tls_key_pw)
+ if self.__ca_cert is not None:
+ curl.setopt(pycurl.SSL_VERIFYPEER, 1)
+ curl.setopt(pycurl.SSL_VERIFYHOST, 2)
+ curl.setopt(curl.CAINFO, self.__ca_cert)
curl.setopt(pycurl.HEADER, True)
return curl
from sdcBePy.users.run import colors
-def be_consumers_init(be_ip, be_port, header, protocol, consumer_candidate_list):
- sdc_be_proxy = SdcBeProxy(be_ip, be_port, header, protocol)
+def be_consumers_init(be_ip, be_port, header, protocol, tls_cert, tls_key, tls_key_pw, ca_cert, consumer_candidate_list):
+ sdc_be_proxy = SdcBeProxy(be_ip, be_port, header, protocol, tls_cert, tls_key, tls_key_pw, ca_cert)
if check_backend(sdc_be_proxy, properties.retry_attempts):
for consumer in consumer_candidate_list:
if sdc_be_proxy.check_user(consumer.consumer_name) != 200:
def main():
- be_ip, be_port, header, protocol = get_args()
- be_consumers_init(be_ip, be_port, header, protocol, get_consumers())
+ be_ip, be_port, header, protocol, tls_key, tls_cert, tls_key_pw, ca_cert = get_args()
+ be_consumers_init(be_ip, be_port, header, protocol, tls_cert, tls_key, tls_key_pw, ca_cert, get_consumers())
if __name__ == '__main__':
def main():
- scheme, be_host, be_port, admin_user, _, debug = get_args()
+ scheme, be_host, be_port, admin_user, _, debug, tls_cert, tls_key, tls_key_pw, ca_cert = get_args()
candidate = NormativeTypeCandidate(*get_normative_prams())
try:
process_and_create_normative_types(candidate,
- scheme, be_host, be_port, admin_user,
+ scheme, be_host, be_port, admin_user, tls_cert, tls_key, tls_key_pw, ca_cert,
debug=debug,
exit_on_success=True)
except AttributeError:
def run(candidate):
- scheme, be_host, be_port, header, admin_user, _, debug = get_args()
+ scheme, be_host, be_port, header, admin_user, _, debug, tls_cert, tls_key, tls_key_pw, ca_cert = get_args()
try:
process_and_create_normative_element(candidate,
- scheme, be_host, be_port, header, admin_user,
+ scheme, be_host, be_port, header, admin_user, tls_cert, tls_key, tls_key_pw, ca_cert,
debug=debug,
exit_on_success=True)
except AttributeError:
def run(candidate, exit_on_success=True):
- scheme, be_host, be_port, admin_user, update_version, debug = get_args()
+ scheme, be_host, be_port, admin_user, update_version, debug, tls_cert, tls_key, tls_key_pw, ca_cert = get_args()
try:
process_and_create_normative_types(candidate,
scheme,
be_host,
be_port,
admin_user,
+ tls_cert, tls_key, tls_key_pw, ca_cert,
update_version=update_version,
debug=debug,
exit_on_success=exit_on_success)
parser.add_argument('--https', action='store_true')
parser.add_argument('--updateVersion', action='store_false')
parser.add_argument('--debug', action='store_true')
+ parser.add_argument('--tls_cert')
+ parser.add_argument('--tls_key')
+ parser.add_argument('--tls_key_pw')
+ parser.add_argument('--ca_cert')
args, _ = parser.parse_known_args()
return [args.conf, 'https' if args.https else 'http',
args.ip, args.port, args.header, args.adminUser, args.updateVersion,
- args.debug]
+ args.debug, args.tls_cert, args.tls_key, args.tls_key_pw, args.ca_cert]
def get_args():
print('Number of arguments:', len(sys.argv), 'arguments.')
- conf_path, scheme, be_host, be_port, header, admin_user, update_version, debug = parse_param()
+ conf_path, scheme, be_host, be_port, header, admin_user, update_version, debug, tls_cert, tls_key, tls_key_pw, ca_cert = parse_param()
defaults = load_be_config(conf_path)
# Use defaults if param not provided by the user
', debug =', debug, ', update_version =', update_version)
init_properties(defaults["retryTime"], defaults["retryAttempt"], defaults["resourceLen"])
- return scheme, be_host, be_port, header, admin_user, update_version, debug
+ return scheme, be_host, be_port, header, admin_user, update_version, debug, tls_cert, tls_key, tls_key_pw, ca_cert
def parse_and_create_proxy():
- scheme, be_host, be_port, header, admin_user, update_version, debug = get_args()
+ scheme, be_host, be_port, header, admin_user, update_version, debug, tls_cert, tls_key, tls_key_pw, ca_cert = get_args()
if debug is False:
print('Disabling debug mode')
logger.debugFlag = debug
try:
- sdc_be_proxy = SdcBeProxy(be_host, be_port, header, scheme, admin_user, debug=debug)
+ sdc_be_proxy = SdcBeProxy(be_host, be_port, header, scheme, tls_cert, tls_key, tls_key_pw, ca_cert, admin_user, debug=debug)
except AttributeError:
usage()
sys.exit(3)
return json.load(f)
-def be_user_init(be_ip, be_port, header, protocol, conf_path):
- sdc_be_proxy = SdcBeProxy(be_ip, be_port, header, protocol)
+def be_user_init(be_ip, be_port, header, protocol, conf_path, tls_cert, tls_key, tls_key_pw, ca_cert):
+ sdc_be_proxy = SdcBeProxy(be_ip, be_port, header, protocol, tls_cert, tls_key, tls_key_pw, ca_cert)
if check_backend(sdc_be_proxy, properties.retry_attempts):
users = load_users(conf_path)
for user in users:
parser.add_argument('--https', action='store_true')
path = os.path.dirname(__file__)
parser.add_argument('--conf', default=os.path.join(path, 'data', 'users.json'))
+ parser.add_argument('--tls_cert')
+ parser.add_argument('--tls_key')
+ parser.add_argument('--tls_key_pw')
+ parser.add_argument('--ca_cert')
args = parser.parse_args()
init_properties(10, 10)
- return [args.ip, args.port, args.header, 'https' if args.https else 'http', args.conf]
+ return [args.ip, args.port, args.header, 'https' if args.https else 'http', args.conf, args.tls_cert, args.tls_key, args.tls_key_pw, args.ca_cert]
def main():
Code Review / sdc.git / commitdiff