PyPI - opentf-toolkit-nightly - Versions diffs - 0.63.0.dev1418__py3-none-any.whl → 0.63.0.dev1421__py3-none-any.whl - Mend

opentf-toolkit-nightly 0.63.0.dev1418py3-none-any.whl → 0.63.0.dev1421py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

opentf/scripts/startup.py CHANGED Viewed

@@ -434,43 +434,90 @@ def maybe_generate_token() -> None:
 def maybe_populate_keystore() -> None:
-    """Populate keystore if CURL_CA_BUNDLE defined."""
+    """Populate Java keystore if CURL_CA_BUNDLE defined."""
     if (ca_bundle := os.environ.get('CURL_CA_BUNDLE')) is None:
         return
     if not os.path.isfile(ca_bundle):
         logging.error('CURL_CA_BUNDLE "%s" does not exist, aborting.', ca_bundle)
         sys.exit(1)
-    add_keystore_certificate(ca_bundle)
+    with open(ca_bundle, 'r', encoding='utf-8') as bundle_file:
+        ca_list = bundle_file.read().split(CA_END)
+    if not ca_list[-1].rstrip():
+        ca_list.pop()
+    if truststore := os.environ.get('JAVA_TRUSTSTORE'):
+        logging.debug('Using truststore "%s".', truststore)
+        keystore = ('-keystore', truststore)
+    else:
+        logging.debug('Using default truststore.')
+        keystore = ('-cacerts',)
-def add_keystore_certificate(ca_bundle: str) -> None:
-    try:
-        subprocess.run(
-            [
-                'openssl',
-                'pkcs12',
-                '-export',
-                '-nokeys',
-                '-in',
-                ca_bundle,
-                '-password',
-                'pass:',
-                '-out',
-                '/app/keystore.p12',
-            ],
-            stdout=subprocess.PIPE,
-            stderr=subprocess.STDOUT,
-            check=True,
-        )
-        logging.debug('Certificate successfully added to keystore.')
-    except subprocess.CalledProcessError as err:
-        logging.error(
-            'Failed to add certificate to keystore: %s\n%s',
-            err,
-            err.stdout.decode().rstrip(''),
-        )
-        sys.exit(1)
+    for ca_counter, ca in enumerate(ca_list):
+        add_keystore_certificate(ca_counter, f'{ca}{CA_END}', keystore)
+def add_keystore_certificate(
+    ca_counter: int, ca: str, keystore: Tuple[str, ...]
+) -> None:
+    """Add certificate to keystore.
+    !!! warning
+        This calls `keytool`, which requires root privileges, as it
+        add certificates to the system's keystore.
+    Certificates will have an alias of the form:
+        `opentf:{ca_counter}_{random string}`
+    # Required parameters
+    - ca_counter: an integer, the certificate position in the bundle
+    - ca: the certificate as a string
+    """
+    with tempfile.NamedTemporaryFile('w') as ca_file:
+        ca_path = ca_file.name
+        ca_alias = f'opentf:{ca_counter}_{os.path.basename(ca_path)}'
+        try:
+            ca_file.write(ca)
+            logging.debug('File "%s" written.', ca_path)
+        except IOError as err:
+            logging.error('An error occurred while writing the file: %s.', err)
+            sys.exit(1)
+        ca_file.flush()
+        try:
+            ca_import_execute = subprocess.run(
+                [
+                    'keytool',
+                    '-importcert',
+                    '-alias',
+                    ca_alias,
+                    '-file',
+                    ca_path,
+                    '-storepass',
+                    'changeit',
+                    '-noprompt',
+                    *keystore,
+                ],
+                stdout=subprocess.PIPE,
+                stderr=subprocess.STDOUT,
+                check=True,
+            )
+            logging.debug(
+                'Certificate %d successfully added to keystore with alias %s:\n%s.',
+                ca_counter,
+                ca_alias,
+                ca_import_execute.stdout.decode().rstrip(''),
+            )
+        except subprocess.CalledProcessError as err:
+            logging.error(
+                'Failed to add certificate %d with alias %s to keystore: %s.\n%s',
+                ca_counter,
+                ca_alias,
+                err,
+                err.stdout.decode().rstrip(''),
+            )
+            sys.exit(1)
 def _ensure_abac_if_defined(name, value):

{opentf_toolkit_nightly-0.63.0.dev1418.dist-info → opentf_toolkit_nightly-0.63.0.dev1421.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: opentf-toolkit-nightly
-Version: 0.63.0.dev1418
+Version: 0.63.0.dev1421
 Summary: OpenTestFactory Orchestrator Toolkit
 Home-page: https://gitlab.com/henixdevelopment/open-source/opentestfactory/python-toolkit
 Author: Martin Lafaix

{opentf_toolkit_nightly-0.63.0.dev1418.dist-info → opentf_toolkit_nightly-0.63.0.dev1421.dist-info}/RECORD RENAMED Viewed

@@ -56,13 +56,13 @@ opentf/schemas/opentestfactory.org/v1beta1/ServiceConfig.json,sha256=m5ZgWAKbutu
 opentf/schemas/opentestfactory.org/v1beta1/Workflow.json,sha256=QZ8mM9PhzsI9gTmwmKTWYNoRn--rtcM3L0PzgnPBfMU,15424
 opentf/schemas/opentestfactory.org/v1beta2/ServiceConfig.json,sha256=rEvK2YWL5lG94_qYgR_GnLWNsaQhaQ-2kuZdWJr5NnY,3517
 opentf/scripts/launch_java_service.sh,sha256=S0jAaCuv2sZy0Gf2NGBuPX-eD531rcM-b0fNyhmzSjw,2423
-opentf/scripts/startup.py,sha256=CZc4sKOQqox0X4R6qQ8GP-4OJwqewrt-XELJ5unG7o0,21456
+opentf/scripts/startup.py,sha256=DLanDaXutUTYcG2PwoJ34QH-5G0TwfLUY_xy1VkVOqA,23202
 opentf/toolkit/__init__.py,sha256=YnH66dmePAIU7dq_xWFYTIEUrsL9qV9f82LRDiBzbzs,22057
 opentf/toolkit/channels.py,sha256=BQh5ztQmIKpxns6ozDNto4YpegktydPZyhOO9F3g-2Q,27731
 opentf/toolkit/core.py,sha256=jMBDIYZ8Qn3BvsysfKoG0iTtjOnZsggetpH3eXygCsI,9636
 opentf/toolkit/models.py,sha256=PNfXVQbeyOwDfaNrLjcfhYm6duMSlNWBtZsWZcs53ag,6583
-opentf_toolkit_nightly-0.63.0.dev1418.dist-info/licenses/LICENSE,sha256=xx0jnfkXJvxRnG63LTGOxlggYnIysveWIZ6H3PNdCrQ,11357
-opentf_toolkit_nightly-0.63.0.dev1418.dist-info/METADATA,sha256=ZlrRo3jDrv1hF_gDXgQmh6zztZ5NAKTCvti59zQx5EA,2215
-opentf_toolkit_nightly-0.63.0.dev1418.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-opentf_toolkit_nightly-0.63.0.dev1418.dist-info/top_level.txt,sha256=_gPuE6GTT6UNXy1DjtmQSfCcZb_qYA2vWmjg7a30AGk,7
-opentf_toolkit_nightly-0.63.0.dev1418.dist-info/RECORD,,
+opentf_toolkit_nightly-0.63.0.dev1421.dist-info/licenses/LICENSE,sha256=xx0jnfkXJvxRnG63LTGOxlggYnIysveWIZ6H3PNdCrQ,11357
+opentf_toolkit_nightly-0.63.0.dev1421.dist-info/METADATA,sha256=YBdxneEq5WD_IKStBxx6xDLMaoU15v3yOzNn-Qe0KmY,2215
+opentf_toolkit_nightly-0.63.0.dev1421.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+opentf_toolkit_nightly-0.63.0.dev1421.dist-info/top_level.txt,sha256=_gPuE6GTT6UNXy1DjtmQSfCcZb_qYA2vWmjg7a30AGk,7
+opentf_toolkit_nightly-0.63.0.dev1421.dist-info/RECORD,,

{opentf_toolkit_nightly-0.63.0.dev1418.dist-info → opentf_toolkit_nightly-0.63.0.dev1421.dist-info}/WHEEL RENAMED Viewed

File without changes

{opentf_toolkit_nightly-0.63.0.dev1418.dist-info → opentf_toolkit_nightly-0.63.0.dev1421.dist-info}/licenses/LICENSE RENAMED Viewed

File without changes

{opentf_toolkit_nightly-0.63.0.dev1418.dist-info → opentf_toolkit_nightly-0.63.0.dev1421.dist-info}/top_level.txt RENAMED Viewed

File without changes

opentf-toolkit-nightly 0.63.0.dev1418__py3-none-any.whl → 0.63.0.dev1421__py3-none-any.whl

opentf-toolkit-nightly 0.63.0.dev1418py3-none-any.whl → 0.63.0.dev1421py3-none-any.whl