~lutostag/ubuntu/trusty/maas/1.5.2+packagefix

« back to all changes in this revision

Viewing changes to src/maasserver/security.py

Committer: Package Import Robot
Author(s): Andres Rodriguez
Date: 2014-03-28 10:43:53 UTC
mto: This revision was merged to the branch mainline in revision 57.
Revision ID: package-import@ubuntu.com-20140328104353-ekpolg0pm5xnvq2s

Tags: upstream-1.5+bzr2204

Import upstream version 1.5+bzr2204

files added:
docs/capabilities.rst

docs/development/rpc.rst

docs/media/connect-nodes-to-network.png

docs/media/import-images.png

etc/maas/bootresources.yaml

etc/maas/templates/power/dli.template

etc/maas/templates/pxe/config.xinstall.armhf.template

etc/maas/templates/uefi

etc/maas/templates/uefi/config.commissioning.template

etc/maas/templates/uefi/config.install.template

etc/maas/templates/uefi/config.local.template

etc/maas/templates/uefi/config.xinstall.template

required-packages/build

required-packages/forbidden

scripts/create-testing-certificates

src/maasserver/clusterrpc

src/maasserver/clusterrpc/__init__.py

src/maasserver/clusterrpc/architecture.py

src/maasserver/clusterrpc/power_parameters.py

src/maasserver/clusterrpc/tests

src/maasserver/clusterrpc/tests/__init__.py

src/maasserver/clusterrpc/tests/test_architecture.py

src/maasserver/clusterrpc/tests/test_power_parameters.py

src/maasserver/clusterrpc/utils.py

src/maasserver/locks.py

src/maasserver/management/commands/edit_named_options.py

src/maasserver/migrations/0068_network_description_textfield.py

src/maasserver/migrations/0069_add_mac_network_relation.py

src/maasserver/migrations/0070_drop_network_node_relation.py

src/maasserver/migrations/0071_drop_after_commissioning_action.py

src/maasserver/migrations/0072_remove_ipmi_autodetect.py

src/maasserver/migrations/0073_add_label_to_bootimage.py

src/maasserver/migrations/0074_boot_images_timestamp.py

src/maasserver/rpc/testing

src/maasserver/rpc/testing/__init__.py

src/maasserver/rpc/testing/doubles.py

src/maasserver/rpc/testing/region.crt

src/maasserver/rpc/testing/trust.crt

src/maasserver/rpc/tests/test_module.py

src/maasserver/security.py

src/maasserver/static/css/multiselect_widget.css

src/maasserver/templates/maasserver/bootimage-list.html

src/maasserver/templates/maasserver/multiselect_widget_include.html

src/maasserver/templates/maasserver/no-bootimages-warning.html

src/maasserver/testing/architecture.py

src/maasserver/tests/test_api_boot_images.py

src/maasserver/tests/test_api_version.py

src/maasserver/tests/test_commands_edit_named_options.py

src/maasserver/tests/test_security.py

src/maasserver/utils/async.py

src/maasserver/utils/dblocks.py

src/maasserver/utils/forms.py

src/maasserver/utils/tests/test_async.py

src/maasserver/utils/tests/test_dblocks.py

src/maasserver/utils/tests/test_forms.py

src/maasserver/views/tests/test_boot_image_list.py

src/provisioningserver/boot

src/provisioningserver/boot/__init__.py

src/provisioningserver/boot/install_bootloader.py

src/provisioningserver/boot/install_grub.py

src/provisioningserver/boot/pxe.py

src/provisioningserver/boot/tests

src/provisioningserver/boot/tests/__init__.py

src/provisioningserver/boot/tests/test_boot.py

src/provisioningserver/boot/tests/test_install_bootloader.py

src/provisioningserver/boot/tests/test_install_grub.py

src/provisioningserver/boot/tests/test_pxe.py

src/provisioningserver/boot/tests/test_tftppath.py

src/provisioningserver/boot/tests/test_uefi.py

src/provisioningserver/boot/tests/test_utils.py

src/provisioningserver/boot/tftppath.py

src/provisioningserver/boot/uefi.py

src/provisioningserver/boot/utils.py

src/provisioningserver/custom_hardware/tests

src/provisioningserver/custom_hardware/tests/__init__.py

src/provisioningserver/custom_hardware/tests/test_seamicro.py

src/provisioningserver/driver

src/provisioningserver/driver/__init__.py

src/provisioningserver/driver/tests

src/provisioningserver/driver/tests/test_registries.py

src/provisioningserver/import_images/boot_resources.py

src/provisioningserver/import_images/tests/test_boot_resources.py

src/provisioningserver/power_schema.py

src/provisioningserver/rpc/arguments.py

src/provisioningserver/rpc/common.py

src/provisioningserver/rpc/exceptions.py

src/provisioningserver/rpc/interfaces.py

src/provisioningserver/rpc/testing

src/provisioningserver/rpc/testing/__init__.py

src/provisioningserver/rpc/testing/cluster.crt

src/provisioningserver/rpc/testing/doubles.py

src/provisioningserver/rpc/testing/trust.crt

src/provisioningserver/rpc/tests/test_arguments.py

src/provisioningserver/rpc/tests/test_common.py

src/provisioningserver/tests/test_upgrade_cluster.py

src/provisioningserver/upgrade_cluster.py

src/provisioningserver/utils

src/provisioningserver/utils/__init__.py

src/provisioningserver/utils/registry.py

src/provisioningserver/utils/testing.py

src/provisioningserver/utils/tests

src/provisioningserver/utils/tests/__init__.py

src/provisioningserver/utils/tests/test_registry.py

src/provisioningserver/utils/tests/test_utils.py

utilities/doc-lint

files removed:
docs/media/connect-node-to-networks.png

etc/maas/import_ephemerals

etc/maas/templates/pxe/config.commissioning.armhf.template

scripts/maas-import-ephemerals

src/maasserver/power_parameters.py

src/maasserver/tests/test_power_parameters.py

src/provisioningserver/enum.py

src/provisioningserver/import_images/config.py

src/provisioningserver/import_images/ephemerals_script.py

src/provisioningserver/import_images/tests/test_config.py

src/provisioningserver/import_images/tests/test_ephemerals_script.py

src/provisioningserver/import_images/tests/test_tgt.py

src/provisioningserver/import_images/tgt.py

src/provisioningserver/pxe

src/provisioningserver/pxe/__init__.py

src/provisioningserver/pxe/config.py

src/provisioningserver/pxe/install_bootloader.py

src/provisioningserver/pxe/install_image.py

src/provisioningserver/pxe/tests

src/provisioningserver/pxe/tests/__init__.py

src/provisioningserver/pxe/tests/test_config.py

src/provisioningserver/pxe/tests/test_install_bootloader.py

src/provisioningserver/pxe/tests/test_install_image.py

src/provisioningserver/pxe/tests/test_tftppath.py

src/provisioningserver/pxe/tftppath.py

src/provisioningserver/rpc/testing.py

src/provisioningserver/tests/test_utils.py

src/provisioningserver/utils.py

files modified:
INSTALL.txt

Makefile

README

buildout.cfg

contrib/maas-cluster-http.conf

contrib/preseeds_v2/enlist_userdata

docs/cluster-configuration.rst

docs/conf.py

docs/configure.rst

docs/development/building-packages.rst

docs/enum.rst

docs/getting-help.rst

docs/index.rst

docs/maascli.rst

docs/man/maas-import-pxe-files.8.rst

docs/media/add-network.png

docs/networks.rst

docs/nodes.rst

docs/troubleshooting.rst

etc/celeryconfig.py

etc/celeryconfig_cluster.py

etc/maas/pserv.yaml

etc/maas/templates/commissioning-user-data/snippets/maas_enlist.sh

etc/maas/templates/commissioning-user-data/snippets/maas_ipmi_autodetect.py

etc/maas/templates/commissioning-user-data/snippets/tests/test_maas_ipmi_autodetect.py

etc/maas/templates/commissioning-user-data/user_data.template

etc/maas/templates/dhcp/dhcpd.conf.template

etc/maas/templates/power/ipmi.template

etc/maas/templates/power/sm15k.template

etc/maas/templates/pxe/config.install.armhf.template

man/maas-import-pxe-files.8

man/maas-region-admin.8

man/maas.8

required-packages/base

scripts/maas-import-pxe-files

setup.py

src/maascli/api.py

src/maascli/tests/test_api.py

src/maascli/tests/test_auth.py

src/maasserver/api.py

src/maasserver/api_support.py

src/maasserver/api_utils.py

src/maasserver/apidoc.py

src/maasserver/config_forms.py

src/maasserver/context_processors.py

src/maasserver/dhcp.py

src/maasserver/dns.py

src/maasserver/enum.py

src/maasserver/eventloop.py

src/maasserver/exceptions.py

src/maasserver/fields.py

src/maasserver/forms.py

src/maasserver/forms_settings.py

src/maasserver/management/commands/dbshell.py

src/maasserver/migrations/0003_rename_sshkeys.py

src/maasserver/migrations/0004_add_node_error.py

src/maasserver/migrations/0006_increase_filestorage_filename_length.py

src/maasserver/migrations/0008_node_power_address.py

src/maasserver/migrations/0009_add_nodegroup.py

src/maasserver/migrations/0012_DHCPLease.py

src/maasserver/migrations/0017_add_dhcp_key_to_nodegroup.py

src/maasserver/migrations/0018_activate_worker_user.py

src/maasserver/migrations/0019_add_nodegroup_dhcp_interface.py

src/maasserver/migrations/0021_add_uuid_to_nodegroup.py

src/maasserver/migrations/0022_add_status_to_nodegroup.py

src/maasserver/migrations/0023_add_bootimage_model.py

src/maasserver/migrations/0024_add_nodegroupinterface.py

src/maasserver/migrations/0026_add_node_distro_series.py

src/maasserver/migrations/0029_zone_sharing.py

src/maasserver/migrations/0031_node_architecture_field_size.py

src/maasserver/migrations/0032_node_subarch.py

src/maasserver/migrations/0034_timestamp_component_error.py

src/maasserver/migrations/0036_populate_nodegroup_cluster_name.py

src/maasserver/migrations/0037_nodegroup_cluster_name_unique.py

src/maasserver/migrations/0039_add_nodegroup_to_bootimage.py

src/maasserver/migrations/0045_add_tag_kernel_opts.py

src/maasserver/migrations/0050_shared_to_per_tenant_storage.py

src/maasserver/migrations/0053_node_routers.py

src/maasserver/migrations/0054_download_progress.py

src/maasserver/migrations/0059_dhcp_detection_model.py

src/maasserver/migrations/0061_add_ref_from_node_to_zone.py

src/maasserver/migrations/0062_add_vlan_model.py

src/maasserver/migrations/0067_default_commissioning_trusty.py

src/maasserver/models/bootimage.py

src/maasserver/models/config.py

src/maasserver/models/macaddress.py

src/maasserver/models/network.py

src/maasserver/models/node.py

src/maasserver/models/nodegroup.py

src/maasserver/models/tests/test_bootimage.py

src/maasserver/models/tests/test_macaddress.py

src/maasserver/models/tests/test_network.py

src/maasserver/models/tests/test_node.py

src/maasserver/models/tests/test_nodegroup.py

src/maasserver/models/userprofile.py

src/maasserver/node_constraint_filter_forms.py

src/maasserver/populate_tags.py

src/maasserver/preseed.py

src/maasserver/rpc/__init__.py

src/maasserver/rpc/regionservice.py

src/maasserver/rpc/tests/test_regionservice.py

src/maasserver/start_up.py

src/maasserver/static/css/base.css

src/maasserver/static/css/components/blocks.css

src/maasserver/static/css/components/data_list.css

src/maasserver/static/css/components/flash_messages.css

src/maasserver/static/css/components/pagination.css

src/maasserver/static/css/components/search_box.css

src/maasserver/static/css/components/slider.css

src/maasserver/static/css/components/table_list.css

src/maasserver/static/css/components/title_form.css

src/maasserver/static/css/components/yui_node_add.css

src/maasserver/static/css/components/yui_overlay.css

src/maasserver/static/css/components/yui_panel.css

src/maasserver/static/css/forms.css

src/maasserver/static/css/layout.css

src/maasserver/static/css/modifiers.css

src/maasserver/static/css/typography.css

src/maasserver/static/css/ubuntu-webfonts.css

src/maasserver/static/js/node.js

src/maasserver/static/js/node_add.js

src/maasserver/static/js/power_parameters.js

src/maasserver/static/js/reveal.js

src/maasserver/static/js/tests/test_enums.js

src/maasserver/static/js/tests/test_node_add.html

src/maasserver/static/js/tests/test_node_add.js

src/maasserver/static/js/tests/test_power_parameters.html

src/maasserver/static/js/tests/test_power_parameters.js

src/maasserver/static/js/tests/test_reveal.js

src/maasserver/support/pertenant/tests/test_migration.py

src/maasserver/templates/maasserver/base.html

src/maasserver/templates/maasserver/index.html

src/maasserver/templates/maasserver/mac_confirm_delete.html

src/maasserver/templates/maasserver/network_detail.html

src/maasserver/templates/maasserver/network_edit.html

src/maasserver/templates/maasserver/network_list.html

src/maasserver/templates/maasserver/node_add_mac.html

src/maasserver/templates/maasserver/node_edit.html

src/maasserver/templates/maasserver/node_list.html

src/maasserver/templates/maasserver/node_view.html

src/maasserver/templates/maasserver/nodegroup_edit.html

src/maasserver/templates/maasserver/snippets.html

src/maasserver/templates/maasserver/zone_list.html

src/maasserver/testing/__init__.py

src/maasserver/testing/factory.py

src/maasserver/testing/testcase.py

src/maasserver/testing/tests/test_factory.py

src/maasserver/testing/tests/test_module.py

src/maasserver/tests/test_api.py

src/maasserver/tests/test_api_enlistment.py

src/maasserver/tests/test_api_macaddress.py

src/maasserver/tests/test_api_network.py

src/maasserver/tests/test_api_networks.py

src/maasserver/tests/test_api_node.py

src/maasserver/tests/test_api_nodegroup.py

src/maasserver/tests/test_api_nodes.py

src/maasserver/tests/test_api_pxeconfig.py

src/maasserver/tests/test_api_register.py

src/maasserver/tests/test_api_zones.py

src/maasserver/tests/test_apidoc.py

src/maasserver/tests/test_config_forms.py

src/maasserver/tests/test_dhcp.py

src/maasserver/tests/test_dns.py

src/maasserver/tests/test_eventloop.py

src/maasserver/tests/test_fields.py

src/maasserver/tests/test_forms.py

src/maasserver/tests/test_node_constraint_filter_forms.py

src/maasserver/tests/test_preseed.py

src/maasserver/tests/test_start_up.py

src/maasserver/urls.py

src/maasserver/urls_api.py

src/maasserver/utils/__init__.py

src/maasserver/utils/jsenums.py

src/maasserver/utils/tests/test_jsenums.py

src/maasserver/utils/tests/test_utils.py

src/maasserver/views/nodes.py

src/maasserver/views/rpc.py

src/maasserver/views/settings_clusters.py

src/maasserver/views/tests/test_general.py

src/maasserver/views/tests/test_networks.py

src/maasserver/views/tests/test_nodes.py

src/maasserver/views/tests/test_rpc.py

src/maasserver/views/tests/test_settings.py

src/maasserver/views/tests/test_settings_clusters.py

src/maasserver/views/tests/test_zones.py

src/maastesting/factory.py

src/maastesting/matchers.py

src/maastesting/tests/test_matchers.py

src/maastesting/utils.py

src/metadataserver/commissioning/tests/test_user_data.py

src/metadataserver/enum.py

src/metadataserver/migrations/0004_add_commissioningscript.py

src/metadataserver/migrations/0011_commission_result_binary_data_col.py

src/metadataserver/migrations/0012_commission_result_binary_data_recode.py

src/metadataserver/migrations/0013_commission_result_drop_old_data_col.py

src/metadataserver/migrations/0014_commission_result_rename_data_bin_col.py

src/metadataserver/models/tests/test_commissioningscript.py

src/metadataserver/tests/test_api.py

src/provisioningserver/__main__.py

src/provisioningserver/boot_images.py

src/provisioningserver/config.py

src/provisioningserver/custom_hardware/seamicro.py

src/provisioningserver/custom_hardware/utils.py

src/provisioningserver/dhcp/config.py

src/provisioningserver/dhcp/tests/test_config.py

src/provisioningserver/dhcp/tests/test_detect.py

src/provisioningserver/dhcp/tests/test_writer.py

src/provisioningserver/dns/config.py

src/provisioningserver/kernel_opts.py

src/provisioningserver/network.py

src/provisioningserver/omshell.py

src/provisioningserver/plugin.py

src/provisioningserver/power/poweraction.py

src/provisioningserver/power/tests/test_poweraction.py

src/provisioningserver/rpc/cluster.py

src/provisioningserver/rpc/clusterservice.py

src/provisioningserver/rpc/region.py

src/provisioningserver/rpc/tests/test_clusterservice.py

src/provisioningserver/tasks.py

src/provisioningserver/testing/boot_images.py

src/provisioningserver/testing/config.py

src/provisioningserver/tests/test_boot_images.py

src/provisioningserver/tests/test_config.py

src/provisioningserver/tests/test_kernel_opts.py

src/provisioningserver/tests/test_maas_import_pxe_files.py

src/provisioningserver/tests/test_omshell.py

src/provisioningserver/tests/test_plugin.py

src/provisioningserver/tests/test_tasks.py

src/provisioningserver/tests/test_tftp.py

src/provisioningserver/tftp.py

versions.cfg

Show diffs side-by-side

added added

removed removed

src/maasserver/security.py

# GNU Affero General Public License version 3 (see the file LICENSE).

"""Security-related code, primarily relating to TLS."""

from __future__ import (

absolute_import,

print_function,

unicode_literals,

)

str = None

__metaclass__ = type

__all__ = [

"get_region_certificate",

]

from datetime import datetime

from maasserver import locks

from maasserver.models.config import Config

from provisioningserver.utils import synchronous

from pytz import UTC

from twisted.internet import ssl

def get_serial():

ref = datetime(2012, 01, 16, tzinfo=UTC)

now = datetime.now(tz=UTC)

serial = (now - ref).total_seconds()

return int(serial)

def load_region_certificate():

upem = Config.objects.get_config("rpc_region_certificate")

if upem is None:

return None

else:

# The certificate will be returned as a unicode string. However,

# it's in PEM form, a base-64 encoded certificate and key, so we

# need to get back to bytes, then parse it.

pem = upem.decode("ascii")

return ssl.PrivateCertificate.loadPEM(pem)

def save_region_certificate(cert):

assert isinstance(cert, ssl.PrivateCertificate)

# We'll store the PEM dump of the certificate in the database. We'll

# get this as a byte-string, so we need to decode to unicode.

upem = cert.dumpPEM().decode("ascii")

Config.objects.set_config("rpc_region_certificate", upem)

def generate_region_certificate():

key = ssl.KeyPair.generate(size=2048)

return key.selfSignedCert(serialNumber=get_serial(), CN="MAAS Region")

@synchronous

def get_region_certificate():

cert = load_region_certificate()

if cert is None:

with locks.security:

# Load again, while holding the security lock.

cert = load_region_certificate()

if cert is None:

cert = generate_region_certificate()

save_region_certificate(cert)

return cert

Older »