diff options
author | Stephen Finucane <stephen.finucane@intel.com> | 2016-04-04 13:37:06 +0100 |
---|---|---|
committer | Stephen Finucane <stephen.finucane@intel.com> | 2016-04-05 12:01:06 +0100 |
commit | e301ed2457996d5143e8a6a8cba1a97b29098485 (patch) | |
tree | 95139973a8c86c6bb3e5066ce4e50543ec6c4147 /nova/crypto.py | |
parent | ac0fee5d6b8e88f22155fb59872cbe46e720078f (diff) | |
download | nova-e301ed2457996d5143e8a6a8cba1a97b29098485.tar.gz |
config options: Move crypto options into a group
Move all crypto configuration into [crypto] group. Update references to
these configuration options to reflect new group.
Change-Id: I660b5c20e2b33f276a9d4c49b0e6279d7d8e41c7
Diffstat (limited to 'nova/crypto.py')
-rw-r--r-- | nova/crypto.py | 25 |
1 files changed, 13 insertions, 12 deletions
diff --git a/nova/crypto.py b/nova/crypto.py index eb954d19a0..e92438146d 100644 --- a/nova/crypto.py +++ b/nova/crypto.py @@ -54,25 +54,25 @@ CONF = nova.conf.CONF def ca_folder(project_id=None): - if CONF.use_project_ca and project_id: - return os.path.join(CONF.ca_path, 'projects', project_id) - return CONF.ca_path + if CONF.crypto.use_project_ca and project_id: + return os.path.join(CONF.crypto.ca_path, 'projects', project_id) + return CONF.crypto.ca_path def ca_path(project_id=None): - return os.path.join(ca_folder(project_id), CONF.ca_file) + return os.path.join(ca_folder(project_id), CONF.crypto.ca_file) def key_path(project_id=None): - return os.path.join(ca_folder(project_id), CONF.key_file) + return os.path.join(ca_folder(project_id), CONF.crypto.key_file) def crl_path(project_id=None): - return os.path.join(ca_folder(project_id), CONF.crl_file) + return os.path.join(ca_folder(project_id), CONF.crypto.crl_file) def fetch_ca(project_id=None): - if not CONF.use_project_ca: + if not CONF.crypto.use_project_ca: project_id = None ca_file_path = ca_path(project_id) if not os.path.exists(ca_file_path): @@ -160,7 +160,7 @@ def generate_key_pair(bits=2048): def fetch_crl(project_id): """Get crl file for project.""" - if not CONF.use_project_ca: + if not CONF.crypto.use_project_ca: project_id = None crl_file_path = crl_path(project_id) if not os.path.exists(crl_file_path): @@ -206,7 +206,7 @@ def revoke_cert(project_id, file_name): utils.execute('openssl', 'ca', '-config', './openssl.cnf', '-revoke', file_name, cwd=ca_folder(project_id)) utils.execute('openssl', 'ca', '-gencrl', '-config', './openssl.cnf', - '-out', CONF.crl_file, cwd=ca_folder(project_id)) + '-out', CONF.crypto.crl_file, cwd=ca_folder(project_id)) except OSError: raise exception.ProjectNotFound(project_id=project_id) except processutils.ProcessExecutionError: @@ -239,12 +239,13 @@ def revoke_certs_by_user_and_project(user_id, project_id): def _project_cert_subject(project_id): """Helper to generate user cert subject.""" - return CONF.project_cert_subject % (project_id, utils.isotime()) + return CONF.crypto.project_cert_subject % (project_id, utils.isotime()) def _user_cert_subject(user_id, project_id): """Helper to generate user cert subject.""" - return CONF.user_cert_subject % (project_id, user_id, utils.isotime()) + return CONF.crypto.user_cert_subject % (project_id, user_id, + utils.isotime()) def generate_x509_cert(user_id, project_id, bits=2048): @@ -342,7 +343,7 @@ def generate_vpn_files(project_id): def sign_csr(csr_text, project_id=None): - if not CONF.use_project_ca: + if not CONF.crypto.use_project_ca: project_id = None if not project_id: return _sign_csr(csr_text, ca_folder()) |