Merge pull request #18 from Venafi/master-ven50401-improve-working-wi…

…th-zones Master ven50401 improve working with zones
Venafi · Jul 1, 2019 · 23b7a0c · 23b7a0c
2 parents fbcea33 + 5521ecd
commit 23b7a0c
Show file tree

Hide file tree

Showing 10 changed files with 144 additions and 90 deletions.
diff --git a/Makefile b/Makefile
@@ -16,7 +16,7 @@ test:
 	--env CLOUDURL=$$CLOUDURL \
 	 vcert-tests
 
-
 publish:
+	rm -rf dist/
 	python3 setup.py sdist bdist_wheel
 	twine upload dist/*
diff --git a/examples/get_cert.py b/examples/get_cert.py
@@ -15,6 +15,7 @@
 # limitations under the License.
 #
 
+from __future__ import print_function
 from vcert import (CertificateRequest, Connection, CloudConnection,
                    FakeConnection, TPPConnection, RevocationRequest)
 import string
@@ -58,7 +59,9 @@ def main():
         # Specify ordering certificates in chain. Root can be "first" or "last". By default it last. You also can
         # specify "ignore" to ignore chain (supported only for Platform).
 
-    # make certificate request
+    # Update certificate request from zone
+    zone_config = conn.read_zone_conf(zone)
+    request.update_from_zone_config(zone_config)
     conn.request_cert(request, zone)
 
     # and wait for signing

diff --git a/examples/get_cert27.py b/examples/get_cert27.py
@@ -35,7 +35,7 @@ def main():
     # connection will be chosen automatically based on what arguments are passed,
     # If token is passed Venafi Cloud connection will be used. if user, password, and URL Venafi Platform (TPP) will
     # be used. If none, test connection will be used.
-    conn = Connection(url=url, token=token, user=user, password=password)
+    conn = Connection(url=url, token=token, user=user, password=password, http_request_kwargs={"verify": False})
     # If your TPP server certificate signed with your own CA or available only via proxy you can specify requests vars
     # conn = Connection(url=url, token=token, user=user, password=password,
     #                   http_request_kwargs={"verify": "/path/to/trust/bundle.pem"})
@@ -56,7 +56,9 @@ def main():
         # Specify ordering certificates in chain. Root can be "first" or "last". By default it last. You also can
         # specify "ignore" to ignore chain (supported only for Platform).
 
-    # make certificate request
+    # Update certificate request from zone
+    zone_config = conn.read_zone_conf(zone)
+    request.update_from_zone_config(zone_config)
     conn.request_cert(request, zone)
 
     # and wait for signing

diff --git a/requirements.txt b/requirements.txt
@@ -2,5 +2,6 @@ requests>=2.20.0
 python-dateutil>=2.6.1
 cryptography
 pytest
+six
 ipaddress;python_version<'3.3'
 enum34;python_version<'3.4'
diff --git a/setup.py b/setup.py
@@ -7,7 +7,7 @@
       version='0.5.1',
       url="https://github.com/Venafi/vcert-python",
       packages=['vcert'],
-      install_requires=['requests>=2.20.0', 'python-dateutil>=2.6.1', 'certvalidator',
+      install_requires=['requests>=2.20.0', 'python-dateutil>=2.6.1', 'certvalidator', 'six'
                         'enum34;python_version<"3.4"', 'ipaddress;python_version<"3.3"', 'cryptography'],
       description='Python bindings for Venafi TPP/Venfi Cloud API.',
       author='Denis Subbotin',

diff --git a/tests/test_e2e.py b/tests/test_e2e.py
@@ -73,6 +73,7 @@ def test_cloud(self):
 
     def test_tpp(self):
         zone = environ['TPPZONE']
+        ecdsa_zone = environ['TPPZONE_ECDSA']
         print("Using TPP conection")
         conn = TPPConnection(USER, PASSWORD, TPPURL, http_request_kwargs={"verify": "/tmp/chain.pem"})
 
@@ -82,7 +83,7 @@ def test_tpp(self):
         renew_by_thumbprint(conn, cert)
 
         cn = randomword(10) + ".venafi.example.com"
-        enroll(conn, zone, cn, TEST_KEY_ECDSA[0], TEST_KEY_ECDSA[1])
+        enroll(conn, ecdsa_zone, cn, TEST_KEY_ECDSA[0], TEST_KEY_ECDSA[1])
         cn = randomword(10) + ".venafi.example.com"
         enroll(conn, zone, cn, TEST_KEY_RSA_4096[0], TEST_KEY_RSA_4096[1])
         cn = randomword(10) + ".venafi.example.com"
@@ -162,7 +163,7 @@ def enroll(conn, zone, cn=None, private_key=None, public_key=None, password=None
 def renew(conn, cert_id, pkey, sn, cn):
     print("Trying to renew certificate")
     new_request = CertificateRequest(
-        id=cert_id,
+        cert_id=cert_id,
     )
     conn.renew_cert(new_request)
     time.sleep(5)
@@ -330,13 +331,17 @@ def renew_by_thumbprint(conn, prev_cert):
 
 TEST_KEY_ECDSA = ("""
 -----BEGIN EC PRIVATE KEY-----
-MHcCAQEEIDekjW1i+ve8zVk/4n5oVUgxUAoZ4WpCT02G9YDto2NWoAoGCCqGSM49
-AwEHoUQDQgAEReDae0OJeEruc38ZiG+HlzAulHbbEOB2jODE+aOeLSAUCTxxAyRq
-spCneFmFBhdzLEpPgMDrf88wqcrB3f9U6g==
+MIHcAgEBBEIAhS7UG/d7YwTg/pOnmyGGzmt/YFVCAOIiu18Mo+/3ZFc/Kb50ky2q
+UzHfCWy+tcpWkzIT7FO/eAeUqy7Xzu/lqB+gBwYFK4EEACOhgYkDgYYABADLRK7k
+tpl+AyP2f8MDiVgawDp84WV7qyqHa+aidct/1CMu7KHGKg+LXSCY2VXbxkY6mrV/
+c22Vv6i3GH9pzxFzQwBw6whrrMos5MMDVvQSE1pAjT6fajVzD3sNz6BBlTzUxeLe
+kbm18LiyjLSlxy+taObmfdoraG7/3AdhMcWGP2pp2A==
 -----END EC PRIVATE KEY-----
 """, """
 -----BEGIN PUBLIC KEY-----
-MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEReDae0OJeEruc38ZiG+HlzAulHbb
-EOB2jODE+aOeLSAUCTxxAyRqspCneFmFBhdzLEpPgMDrf88wqcrB3f9U6g==
+MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAy0Su5LaZfgMj9n/DA4lYGsA6fOFl
+e6sqh2vmonXLf9QjLuyhxioPi10gmNlV28ZGOpq1f3Ntlb+otxh/ac8Rc0MAcOsI
+a6zKLOTDA1b0EhNaQI0+n2o1cw97Dc+gQZU81MXi3pG5tfC4soy0pccvrWjm5n3a
+K2hu/9wHYTHFhj9qadg=
 -----END PUBLIC KEY-----
 """)