-
Notifications
You must be signed in to change notification settings - Fork 5.5k
/
Copy pathvirt.py
74 lines (63 loc) · 1.95 KB
/
virt.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
# -*- coding: utf-8 -*-
'''
This module contains routines shared by the virt system.
'''
from __future__ import absolute_import
# Import python libs
import os
import time
import logging
# Import salt libs
import salt.utils
log = logging.getLogger(__name__)
class VirtKey(object):
'''
Used to manage key signing requests.
'''
def __init__(self, hyper, id_, opts):
self.opts = opts
self.hyper = hyper
self.id = id_
path = os.path.join(self.opts['pki_dir'], 'virtkeys', hyper)
if not os.path.isdir(path):
os.makedirs(path)
self.path = os.path.join(path, id_)
def accept(self, pub):
'''
Accept the provided key
'''
try:
expiry = int(salt.utils.fopen(self.path, 'r').read())
except IOError:
log.error('Request to sign key for minion "{0}" on hyper "{1}" denied: '
'no authorization'.format(self.id, self.hyper))
return False
# Limit acceptance window to 10 minutes
# TODO: Move this value to the master config file
if (time.time() - expiry) > 600:
log.warning('Request to sign key for minion "{0}" on hyper "{1}" denied: '
'authorization expired'.format(self.id, self.hyper))
return False
pubfn = os.path.join(self.opts['pki_dir'],
'minions',
self.id)
with salt.utils.fopen(pubfn, 'w+') as fp_:
fp_.write(pub)
self.void()
return True
def authorize(self):
'''
Prepare the master to expect a signing request
'''
with salt.utils.fopen(self.path, 'w+') as fp_:
fp_.write(str(int(time.time())))
return True
def void(self):
'''
Invalidate any existing authorization
'''
try:
os.unlink(self.path)
return True
except OSError:
return False