Na}{

Path: ~//lib/python2.7/site-packages/cloudinit/config/

File Content: `cc_ca_certs.py`

# Author: Mike Milner <mike.milner@canonical.com>
#
# This file is part of cloud-init. See LICENSE file for license information.

"""
CA Certs
--------
**Summary:** add ca certificates

This module adds CA certificates to ``/etc/ca-certificates.conf`` and updates
the ssl cert cache using ``update-ca-certificates``. The default certificates
can be removed from the system with the configuration option
``remove-defaults``.

.. note::
    certificates must be specified using valid yaml. in order to specify a
    multiline certificate, the yaml multiline list syntax must be used

**Internal name:** ``cc_ca_certs``

**Module frequency:** per instance

**Supported distros:** ubuntu, debian

**Config keys**::

    ca-certs:
        remove-defaults: <true/false>
        trusted:
            - <single line cert>
            - |
              -----BEGIN CERTIFICATE-----
              YOUR-ORGS-TRUSTED-CA-CERT-HERE
              -----END CERTIFICATE-----
"""

import os

from cloudinit import util

CA_CERT_PATH = "/usr/share/ca-certificates/"
CA_CERT_FILENAME = "cloud-init-ca-certs.crt"
CA_CERT_CONFIG = "/etc/ca-certificates.conf"
CA_CERT_SYSTEM_PATH = "/etc/ssl/certs/"
CA_CERT_FULL_PATH = os.path.join(CA_CERT_PATH, CA_CERT_FILENAME)

distros = ['ubuntu', 'debian']


def update_ca_certs():
    """
    Updates the CA certificate cache on the current machine.
    """
    util.subp(["update-ca-certificates"], capture=False)


def add_ca_certs(certs):
    """
    Adds certificates to the system. To actually apply the new certificates
    you must also call L{update_ca_certs}.

    @param certs: A list of certificate strings.
    """
    if certs:
        # First ensure they are strings...
        cert_file_contents = "\n".join([str(c) for c in certs])
        util.write_file(CA_CERT_FULL_PATH, cert_file_contents, mode=0o644)

        # Append cert filename to CA_CERT_CONFIG file.
        # We have to strip the content because blank lines in the file
        # causes subsequent entries to be ignored. (LP: #1077020)
        orig = util.load_file(CA_CERT_CONFIG)
        cur_cont = '\n'.join([line for line in orig.splitlines()
                              if line != CA_CERT_FILENAME])
        out = "%s\n%s\n" % (cur_cont.rstrip(), CA_CERT_FILENAME)
        util.write_file(CA_CERT_CONFIG, out, omode="wb")


def remove_default_ca_certs():
    """
    Removes all default trusted CA certificates from the system. To actually
    apply the change you must also call L{update_ca_certs}.
    """
    util.delete_dir_contents(CA_CERT_PATH)
    util.delete_dir_contents(CA_CERT_SYSTEM_PATH)
    util.write_file(CA_CERT_CONFIG, "", mode=0o644)
    debconf_sel = "ca-certificates ca-certificates/trust_new_crts select no"
    util.subp(('debconf-set-selections', '-'), debconf_sel)


def handle(name, cfg, _cloud, log, _args):
    """
    Call to handle ca-cert sections in cloud-config file.

    @param name: The module name "ca-cert" from cloud.cfg
    @param cfg: A nested dict containing the entire cloud config contents.
    @param cloud: The L{CloudInit} object in use.
    @param log: Pre-initialized Python logger object to use for logging.
    @param args: Any module arguments from cloud.cfg
    """
    # If there isn't a ca-certs section in the configuration don't do anything
    if "ca-certs" not in cfg:
        log.debug(("Skipping module named %s,"
                   " no 'ca-certs' key in configuration"), name)
        return

    ca_cert_cfg = cfg['ca-certs']

    # If there is a remove-defaults option set to true, remove the system
    # default trusted CA certs first.
    if ca_cert_cfg.get("remove-defaults", False):
        log.debug("Removing default certificates")
        remove_default_ca_certs()

    # If we are given any new trusted CA certs to add, add them.
    if "trusted" in ca_cert_cfg:
        trusted_certs = util.get_cfg_option_list(ca_cert_cfg, "trusted")
        if trusted_certs:
            log.debug("Adding %d certificates" % len(trusted_certs))
            add_ca_certs(trusted_certs)

    # Update the system with the new cert configuration.
    log.debug("Updating certificates")
    update_ca_certs()

# vi: ts=4 expandtab

Edit Rename Chmod Delete

FILE FOLDER

Name	Size	Permission
__init__.py	1437 bytes	0644
__init__.pyc	1337 bytes	0644
__init__.pyo	1337 bytes	0644
cc_apt_configure.py	33591 bytes	0644
cc_apt_configure.pyc	30924 bytes	0644
cc_apt_configure.pyo	30924 bytes	0644
cc_apt_pipelining.py	2495 bytes	0644
cc_apt_pipelining.pyc	2540 bytes	0644
cc_apt_pipelining.pyo	2540 bytes	0644
cc_bootcmd.py	3588 bytes	0644
cc_bootcmd.pyc	3088 bytes	0644
cc_bootcmd.pyo	3088 bytes	0644
cc_byobu.py	3173 bytes	0644
cc_byobu.pyc	3160 bytes	0644
cc_byobu.pyo	3160 bytes	0644
cc_ca_certs.py	4190 bytes	0644
cc_ca_certs.pyc	4199 bytes	0644
cc_ca_certs.pyo	4199 bytes	0644
cc_chef.py	13490 bytes	0644
cc_chef.pyc	11045 bytes	0644
cc_chef.pyo	11045 bytes	0644
cc_debug.py	3151 bytes	0644
cc_debug.pyc	3428 bytes	0644
cc_debug.pyo	3428 bytes	0644
cc_disable_ec2_metadata.py	1602 bytes	0644
cc_disable_ec2_metadata.pyc	1603 bytes	0644
cc_disable_ec2_metadata.pyo	1603 bytes	0644
cc_disk_setup.py	33590 bytes	0644
cc_disk_setup.pyc	29606 bytes	0644
cc_disk_setup.pyo	29606 bytes	0644
cc_emit_upstart.py	2050 bytes	0644
cc_emit_upstart.pyc	2197 bytes	0644
cc_emit_upstart.pyo	2197 bytes	0644
cc_fan.py	2893 bytes	0644
cc_fan.pyc	3167 bytes	0644
cc_fan.pyo	3167 bytes	0644
cc_final_message.py	2406 bytes	0644
cc_final_message.pyc	2449 bytes	0644
cc_final_message.pyo	2449 bytes	0644
cc_foo.py	2116 bytes	0644
cc_foo.pyc	702 bytes	0644
cc_foo.pyo	702 bytes	0644
cc_growpart.py	11788 bytes	0644
cc_growpart.pyc	11389 bytes	0644
cc_growpart.pyo	11389 bytes	0644
cc_grub_dpkg.py	2940 bytes	0644
cc_grub_dpkg.pyc	2698 bytes	0644
cc_grub_dpkg.pyo	2698 bytes	0644
cc_keys_to_console.py	2417 bytes	0644
cc_keys_to_console.pyc	2449 bytes	0644
cc_keys_to_console.pyo	2449 bytes	0644
cc_landscape.py	4028 bytes	0644
cc_landscape.pyc	4113 bytes	0644
cc_landscape.pyo	4113 bytes	0644
cc_locale.py	1187 bytes	0644
cc_locale.pyc	1189 bytes	0644
cc_locale.pyo	1189 bytes	0644
cc_lxd.py	10521 bytes	0644
cc_lxd.pyc	8531 bytes	0644
cc_lxd.pyo	8531 bytes	0644
cc_mcollective.py	5204 bytes	0644
cc_mcollective.pyc	3891 bytes	0644
cc_mcollective.pyo	3891 bytes	0644
cc_migrator.py	3148 bytes	0644
cc_migrator.pyc	3256 bytes	0644
cc_migrator.pyo	3256 bytes	0644
cc_mounts.py	17653 bytes	0644
cc_mounts.pyc	14941 bytes	0644
cc_mounts.pyo	14941 bytes	0644
cc_ntp.py	20695 bytes	0644
cc_ntp.pyc	16136 bytes	0644
cc_ntp.pyo	16136 bytes	0644
cc_package_update_upgrade_install.py	4208 bytes	0644
cc_package_update_upgrade_install.pyc	4107 bytes	0644
cc_package_update_upgrade_install.pyo	4107 bytes	0644
cc_phone_home.py	4013 bytes	0644
cc_phone_home.pyc	3360 bytes	0644
cc_phone_home.pyo	3360 bytes	0644
cc_power_state_change.py	7838 bytes	0644
cc_power_state_change.pyc	7983 bytes	0644
cc_power_state_change.pyo	7983 bytes	0644
cc_puppet.py	9070 bytes	0644
cc_puppet.pyc	7231 bytes	0644
cc_puppet.pyo	7231 bytes	0644
cc_resizefs.py	11047 bytes	0644
cc_resizefs.pyc	9368 bytes	0644
cc_resizefs.pyo	9368 bytes	0644
cc_resolv_conf.py	3509 bytes	0644
cc_resolv_conf.pyc	3522 bytes	0644
cc_resolv_conf.pyo	3522 bytes	0644
cc_rh_subscription.py	16029 bytes	0644
cc_rh_subscription.pyc	13826 bytes	0644
cc_rh_subscription.pyo	13826 bytes	0644
cc_rightscale_userdata.py	3849 bytes	0644
cc_rightscale_userdata.pyc	2886 bytes	0644
cc_rightscale_userdata.pyo	2886 bytes	0644
cc_rsyslog.py	14435 bytes	0644
cc_rsyslog.pyc	10810 bytes	0644
cc_rsyslog.pyo	10810 bytes	0644
cc_runcmd.py	3185 bytes	0644
cc_runcmd.pyc	2797 bytes	0644
cc_runcmd.pyo	2797 bytes	0644
cc_salt_minion.py	4776 bytes	0644
cc_salt_minion.pyc	3870 bytes	0644
cc_salt_minion.pyo	3870 bytes	0644
cc_scripts_per_boot.py	1232 bytes	0644
cc_scripts_per_boot.pyc	1231 bytes	0644
cc_scripts_per_boot.pyo	1231 bytes	0644
cc_scripts_per_instance.py	1408 bytes	0644
cc_scripts_per_instance.pyc	1413 bytes	0644
cc_scripts_per_instance.pyo	1413 bytes	0644
cc_scripts_per_once.py	1337 bytes	0644
cc_scripts_per_once.pyc	1338 bytes	0644
cc_scripts_per_once.pyo	1338 bytes	0644
cc_scripts_user.py	1456 bytes	0644
cc_scripts_user.pyc	1418 bytes	0644
cc_scripts_user.pyo	1418 bytes	0644
cc_scripts_vendor.py	1418 bytes	0644
cc_scripts_vendor.pyc	1500 bytes	0644
cc_scripts_vendor.pyo	1500 bytes	0644
cc_seed_random.py	4494 bytes	0644
cc_seed_random.pyc	4642 bytes	0644
cc_seed_random.pyo	4642 bytes	0644
cc_set_hostname.py	3022 bytes	0644
cc_set_hostname.pyc	2786 bytes	0644
cc_set_hostname.pyo	2786 bytes	0644
cc_set_passwords.py	8656 bytes	0644
cc_set_passwords.pyc	7800 bytes	0644
cc_set_passwords.pyo	7800 bytes	0644
cc_snap.py	8301 bytes	0644
cc_snap.pyc	7719 bytes	0644
cc_snap.pyo	7719 bytes	0644
cc_snap_config.py	5500 bytes	0644
cc_snap_config.pyc	5150 bytes	0644
cc_snap_config.pyo	5150 bytes	0644
cc_snappy.py	9927 bytes	0644
cc_snappy.pyc	9488 bytes	0644
cc_snappy.pyo	9488 bytes	0644
cc_spacewalk.py	2957 bytes	0644
cc_spacewalk.pyc	2982 bytes	0644
cc_spacewalk.pyo	2982 bytes	0644
cc_ssh.py	10842 bytes	0644
cc_ssh.pyc	9325 bytes	0644
cc_ssh.pyo	9325 bytes	0644
cc_ssh_authkey_fingerprints.py	3513 bytes	0644
cc_ssh_authkey_fingerprints.pyc	4038 bytes	0644
cc_ssh_authkey_fingerprints.pyo	4038 bytes	0644
cc_ssh_import_id.py	2951 bytes	0644
cc_ssh_import_id.pyc	2781 bytes	0644
cc_ssh_import_id.pyo	2781 bytes	0644
cc_timezone.py	1175 bytes	0644
cc_timezone.pyc	1175 bytes	0644
cc_timezone.pyo	1175 bytes	0644
cc_ubuntu_advantage.py	6227 bytes	0644
cc_ubuntu_advantage.pyc	6263 bytes	0644
cc_ubuntu_advantage.pyo	6263 bytes	0644
cc_ubuntu_drivers.py	5800 bytes	0644
cc_ubuntu_drivers.pyc	4745 bytes	0644
cc_ubuntu_drivers.pyo	4745 bytes	0644
cc_update_etc_hosts.py	3414 bytes	0644
cc_update_etc_hosts.pyc	3063 bytes	0644
cc_update_etc_hosts.pyo	3063 bytes	0644
cc_update_hostname.py	1617 bytes	0644
cc_update_hostname.pyc	1704 bytes	0644
cc_update_hostname.pyo	1704 bytes	0644
cc_users_groups.py	7225 bytes	0644
cc_users_groups.pyc	6922 bytes	0644
cc_users_groups.pyo	6922 bytes	0644
cc_write_files.py	5069 bytes	0644
cc_write_files.pyc	5255 bytes	0644
cc_write_files.pyo	5255 bytes	0644
cc_yum_add_repo.py	4403 bytes	0644
cc_yum_add_repo.pyc	4008 bytes	0644
cc_yum_add_repo.pyo	4008 bytes	0644
cc_zypper_add_repo.py	7799 bytes	0644
cc_zypper_add_repo.pyc	7295 bytes	0644
cc_zypper_add_repo.pyo	7295 bytes	0644
schema.py	14401 bytes	0644
schema.pyc	14163 bytes	0644
schema.pyo	14163 bytes	0644

File Content: cc_ca_certs.py

File Content: `cc_ca_certs.py`