From 598a079f5768c03b1947d2ed18a18b74ada6fc3f Mon Sep 17 00:00:00 2001
From: Piotr Dobrowolski <admin@tastycode.pl>
Date: Tue, 9 Apr 2019 13:28:46 +0200
Subject: [PATCH] clustercfg: extract cfssl handling to separate function

---
 cluster/clustercfg/ca.py | 38 ++++++++++++++++++++++----------------
 1 file changed, 22 insertions(+), 16 deletions(-)

diff --git a/cluster/clustercfg/ca.py b/cluster/clustercfg/ca.py
index e4973db6..06f03f32 100644
--- a/cluster/clustercfg/ca.py
+++ b/cluster/clustercfg/ca.py
@@ -1,3 +1,4 @@
+# encoding: utf-8
 import json
 import logging
 import os
@@ -89,6 +90,22 @@ class CA(object):
         with open(self._cert) as f:
             return f.read()
 
+    def _cfssl_call(self, args, obj=None, stdin=None):
+        p = subprocess.Popen(['cfssl'] + args,
+                             stdin=subprocess.PIPE, stdout=subprocess.PIPE,
+                             stderr=subprocess.PIPE)
+        if obj:
+            stdin = json.dumps(stdin)
+
+        outs, errs = p.communicate(stdin.encode())
+        if p.returncode != 0:
+            raise Exception(
+                'cfssl failed. stderr: %r, stdout: %r, code: %r' % (
+                    errs, outs, p.returncode))
+
+        out = json.loads(outs)
+        return out
+
     def _init_ca(self):
         if self.ss.exists(self._secret_key):
             return
@@ -97,11 +114,7 @@ class CA(object):
         ca_csr['CN'] = self.cn
 
         logger.info("{}: Generating CA...".format(self))
-        p = subprocess.Popen(['cfssl', 'gencert', '-initca', '-'],
-                             stdin=subprocess.PIPE, stdout=subprocess.PIPE,
-                             stderr=subprocess.PIPE)
-        outs, errs = p.communicate(json.dumps(ca_csr).encode())
-        out = json.loads(outs)
+        out = self._cfssl_call(['gencert', '-initca', '-'], obj=ca_csr)
 
         f = self.ss.open(self._secret_key, 'w')
         f.write(out['key'])
@@ -132,11 +145,8 @@ class CA(object):
         }
         cfg.update(_ca_config)
         logger.info("{}: Generating key/CSR for {}".format(self, hosts))
-        p = subprocess.Popen(['cfssl', 'genkey', '-'],
-                             stdin=subprocess.PIPE, stdout=subprocess.PIPE,
-                             stderr=subprocess.PIPE)
-        outs, errs = p.communicate(json.dumps(cfg).encode())
-        out = json.loads(outs)
+        out = self._cfssl_call(['genkey', '-'], obj=cfg)
+
         key, csr = out['key'], out['csr']
         if save is not None:
             logging.info("{}: Saving new key to secret {}".format(self, save))
@@ -150,12 +160,8 @@ class CA(object):
         logging.info("{}: Signing CSR".format(self))
         ca = self._cert
         cakey = self.ss.plaintext(self._secret_key)
-        p = subprocess.Popen(['cfssl', 'sign', '-ca=' + ca, '-ca-key=' + cakey,
-                              '-profile=client-server', '-'],
-                             stdin=subprocess.PIPE, stdout=subprocess.PIPE,
-                             stderr=subprocess.PIPE)
-        outs, errs = p.communicate(csr.encode())
-        out = json.loads(outs)
+        out = self._cfssl_call(['sign', '-ca=' + ca, '-ca-key=' + cakey,
+                                '-profile=client-server', '-'], stdin=csr)
         cert = out['cert']
         if save is not None:
             name = os.path.join(self.cdir, save)