# Copyright 2018 AT&T Intellectual Property. All other rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. import os from pegleg import config from pegleg.engine.util import git MANAGED_DOCUMENT_SCHEMA = 'pegleg/PeglegManagedDocument/v1' SUPPORTED_SCHEMAS = ( 'deckhand/CertificateAuthority/v1', 'deckhand/CertificateAuthorityKey/v1', 'deckhand/Certificate/v1', 'deckhand/CertificateKey/v1', 'deckhand/PublicKey/v1', 'deckhand/PrivateKey/v1', ) _KIND_TO_PATH = { 'CertificateAuthority': 'certificates', 'CertificateAuthorityKey': 'certificates', 'Certificate': 'certificates', 'CertificateKey': 'certificates', 'PublicKey': 'keypairs', 'PrivateKey': 'keypairs' } def is_managed_document(document): """Utility for determining whether a document is wrapped by ``pegleg/PeglegManagedDocument/v1`` pattern. :param dict document: Document to check. :returns: True if document is managed, else False. :rtype: bool """ return document.get('schema') == "pegleg/PeglegManagedDocument/v1" def get_document_path(sitename, wrapper_document, cert_to_ca_map=None): """Get path for outputting generated certificates or keys to. Also updates the provenance path (``data.generated.specifiedBy.path``) for ``wrapper_document``. * Certificates ar written to: ``/secrets/certificates`` * Keypairs are written to: ``/secrets/keypairs`` * Passphrases are written to: ``/secrets/passphrases`` * The generated filenames for passphrases will follow the pattern ``.yaml``. * The generated filenames for certificate authorities will follow the pattern ``_ca.yaml``. * The generated filenames for certificates will follow the pattern ``__certificate.yaml``. * The generated filenames for certificate keys will follow the pattern ``__key.yaml``. * The generated filenames for keypairs will follow the pattern ``.yaml``. :param str sitename: Name of site. :param dict wrapper_document: Generated ``PeglegManagedDocument``. :param dict cert_to_ca_map: Dict that maps certificate names to their respective CA name. :returns: Path to write document out to. :rtype: str """ cert_to_ca_map = cert_to_ca_map or {} managed_document = wrapper_document['data']['managedDocument'] kind = managed_document['schema'].split("/")[1] name = managed_document['metadata']['name'] path = "%s/secrets/%s" % (sitename, _KIND_TO_PATH[kind]) if 'authority' in kind.lower(): filename_structure = '%s_ca.yaml' elif 'certificate' in kind.lower(): ca_name = cert_to_ca_map[name] filename_structure = ca_name + '_%s_certificate.yaml' elif 'public' in kind.lower() or 'private' in kind.lower(): filename_structure = '%s.yaml' # Dashes in the document names are converted to underscores for # consistency. filename = (filename_structure % name).replace('-', '_') fullpath = os.path.join(path, filename) # Not all managed documents are generated. Only update path provenance # information for those that are. if wrapper_document['data'].get('generated'): wrapper_document['data']['generated']['specifiedBy']['path'] = fullpath return fullpath def _get_repo_url_and_rev(): repo_path_or_url = config.get_site_repo() repo_url = git.repo_url(repo_path_or_url) repo_rev = config.get_site_rev() return repo_url, repo_rev