From 1bc669c2996b4376bfaaa9d237935b6d292183de Mon Sep 17 00:00:00 2001 From: Hristo Voyvodov <5427512+voyvodov@users.noreply.github.com> Date: Mon, 13 May 2024 19:26:18 +0300 Subject: [PATCH] Update src/saltext/vault/modules/vault_pki.py Co-authored-by: jeanluc <2163936+lkubb@users.noreply.github.com> --- src/saltext/vault/modules/vault_pki.py | 15 +++++++-------- tests/unit/utils/vault/test_pki.py | 2 +- 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/src/saltext/vault/modules/vault_pki.py b/src/saltext/vault/modules/vault_pki.py index 6ff3ad7..4972073 100644 --- a/src/saltext/vault/modules/vault_pki.py +++ b/src/saltext/vault/modules/vault_pki.py @@ -192,7 +192,7 @@ def write_role( key_usage Specifies the allowed key usage constraint on issued certificates. - If not set defaults to ["DigitalSignature", "KeyAgreement", "KeyEncipherment"] + If unset, defaults to ``["DigitalSignature", "KeyAgreement", "KeyEncipherment"]`` no_store If set, certificates issued/signed against this role will not be stored in the storage backend. @@ -388,7 +388,7 @@ def update_issuer( Specifies the URL values for the CRL Distribution Points field as an array. ocsp_servers - pecifies the URL values for the OCSP Servers field as an array. + Specifies the URL values for the OCSP Servers field as an array. """ endpoint = f"{mount}/issuer/{ref}" @@ -535,8 +535,8 @@ def generate_root( The mount path the PKI backend is mounted to. Defaults to ``pki``. type - Specifies the type of the root to create. If exported, the private key will be returned in the response; - if internal the private key will not be returned and cannot be retrieved later + Specifies the type of the root to create. If ``exported``, the private key will be returned in the response; + if ``internal``, the private key will not be returned and cannot be retrieved later. Defaults to ``internal``. issuer_name Provides a name to the specified issuer. The name must be unique across all issuers and not be the reserved value ``default``. @@ -558,8 +558,8 @@ def generate_root( ignored with ``key_type=ed25519``. max_path_length - Specifies the maximum path length to encode in the generated certificate. -1 means no limit. - Unless the signing certificate has a maximum path length set, in which case the path length is set to one + Specifies the maximum path length to encode in the generated certificate. ``-1`` means no limit, + unless the signing certificate has a maximum path length set, in which case the path length is set to one less than that of the signing certificate. A limit of 0 means a literal path length of zero. """ @@ -1136,8 +1136,7 @@ def _build_csr(private_key, private_key_passphrase=None, digest="sha256", **kwar csr = builder.sign(key, algorithm=algorithm) csr = x509util.load_csr(csr) - csr_encoding = getattr(serialization.Encoding, "PEM") - csr_bytes = csr.public_bytes(csr_encoding) + csr_bytes = csr.public_bytes(serialization.Encoding.PEM) csr = csr_bytes.decode() return csr diff --git a/tests/unit/utils/vault/test_pki.py b/tests/unit/utils/vault/test_pki.py index bc5c87f..2c743e9 100644 --- a/tests/unit/utils/vault/test_pki.py +++ b/tests/unit/utils/vault/test_pki.py @@ -226,4 +226,4 @@ def test_compare_ca_chain_with_same(existing_pki): def test_compare_ca_chain_with_same_diff_len(existing_pki): _, _, chain = existing_pki - assert not pki.compare_ca_chain(chain, chain + chain) + assert pki.compare_ca_chain(chain, chain + chain) is False