outposts: add docker TLS authentication and verification

2020-11-19 00:53:33 +01:00
parent 120f5f2e44
commit 0a8d4eecae
10 changed files with 189 additions and 16 deletions
--- a/passbook/outposts/migrations/0010_service_connection.py
+++ b/passbook/outposts/migrations/0010_service_connection.py
@ -20,10 +20,6 @@ def migrate_to_service_connection(apps: Apps, schema_editor: BaseDatabaseSchemaE
    KubernetesServiceConnection = apps.get_model(
        "passbook_outposts", "KubernetesServiceConnection"
    )
-    from passbook.outposts.apps import PassbookOutpostConfig
-
-    # Ensure that local connection have been created
-    PassbookOutpostConfig.init_local_connection(None)

    docker = DockerServiceConnection.objects.filter(local=True).first()
    k8s = KubernetesServiceConnection.objects.filter(local=True).first()
--- a/passbook/outposts/migrations/0011_docker_tls_auth.py
+++ b/passbook/outposts/migrations/0011_docker_tls_auth.py
@ -0,0 +1,45 @@
+# Generated by Django 3.1.3 on 2020-11-18 21:51
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("passbook_crypto", "0002_create_self_signed_kp"),
+        ("passbook_outposts", "0010_service_connection"),
+    ]
+
+    operations = [
+        migrations.RemoveField(
+            model_name="dockerserviceconnection",
+            name="tls",
+        ),
+        migrations.AddField(
+            model_name="dockerserviceconnection",
+            name="tls_authentication",
+            field=models.ForeignKey(
+                blank=True,
+                default=None,
+                help_text="Certificate/Key used for authentication. Can be left empty for no authentication.",
+                null=True,
+                on_delete=django.db.models.deletion.SET_DEFAULT,
+                related_name="+",
+                to="passbook_crypto.certificatekeypair",
+            ),
+        ),
+        migrations.AddField(
+            model_name="dockerserviceconnection",
+            name="tls_verification",
+            field=models.ForeignKey(
+                blank=True,
+                default=None,
+                help_text="CA which the endpoint's Certificate is verified against. Can be left empty for no validation.",
+                null=True,
+                on_delete=django.db.models.deletion.SET_DEFAULT,
+                related_name="+",
+                to="passbook_crypto.certificatekeypair",
+            ),
+        ),
+    ]
--- a/passbook/outposts/migrations/0012_service_connection_non_unique.py
+++ b/passbook/outposts/migrations/0012_service_connection_non_unique.py
@ -0,0 +1,21 @@
+# Generated by Django 3.1.3 on 2020-11-18 21:54
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("passbook_outposts", "0011_docker_tls_auth"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="outpostserviceconnection",
+            name="local",
+            field=models.BooleanField(
+                default=False,
+                help_text="If enabled, use the local connection. Required Docker socket/Kubernetes Integration",
+            ),
+        ),
+    ]