Merge pull request #92 from Venafi/py3-migration

Project migration to Python3

Author: rvelaVenafi

examples/get_cert.py

@@ -14,10 +14,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
-
-from __future__ import print_function
-from vcert import (CertificateRequest, Connection, CloudConnection,
-                   FakeConnection, TPPConnection, RevocationRequest, KeyType)
+from vcert import (CertificateRequest, Connection, CloudConnection, FakeConnection, TPPConnection, RevocationRequest,
+                   KeyType)
 import string
 import random
 import logging
@@ -34,7 +32,7 @@ def main():
     user = environ.get('TPP_USER')
     password = environ.get('TPP_PASSWORD')
     url = environ.get('TPP_URL')
-    zone = environ.get("ZONE")
+    zone = environ.get('ZONE')
     fake = environ.get('FAKE')
 
     if fake:
@@ -45,28 +43,28 @@ def main():
         # If token is passed Venafi Cloud connection will be used. 
         # If user, password, and URL Venafi Platform (TPP) will be used.
         conn = Connection(url=url, token=token, user=user, password=password,
-                          http_request_kwargs={"verify": False})
+                          http_request_kwargs={'verify': False})
         # If your TPP server certificate signed with your own CA, or available only via proxy, you can specify
         # a trust bundle using requests vars:
-        #conn = Connection(url=url, token=token, user=user, password=password,
+        # conn = Connection(url=url, token=token, user=user, password=password,
         #                  http_request_kwargs={"verify": "/path-to/bundle.pem"})
 
-    request = CertificateRequest(common_name=randomword(10) + ".venafi.example.com")
+    request = CertificateRequest(common_name=f"{randomword(10)}.venafi.example.com")
     request.san_dns = ["www.client.venafi.example.com", "ww1.client.venafi.example.com"]
     if not isinstance(conn, CloudConnection):
         # Venafi Cloud doesn't support email or IP SANs in CSR
         request.email_addresses = ["e1@venafi.example.com", "e2@venafi.example.com"]
         request.ip_addresses = ["127.0.0.1", "192.168.1.1"]
-        request.uniform_resource_identifiers = ["http://wgtest.com","https://ragnartest.com"]
+        request.uniform_resource_identifiers = ["http://wgtest.com", "https://ragnartest.com"]
         request.user_principal_names = ["e1@venafi.example.com", "e2@venafi.example.com"] 
         # Specify ordering certificates in chain. Root can be "first" or "last". By default it last. You also can
         # specify "ignore" to ignore chain (supported only for Platform).
         # To set Custom Fields for the certificate, specify an array of CustomField objects as name-value pairs
-        #request.custom_fields = [
+        # request.custom_fields = [
         #    CustomField(name="Cost Center", value="ABC123"),
         #    CustomField(name="Environment", value="Production"),
         #    CustomField(name="Environment", value="Staging")
-        #]
+        # ]
 
     # configure key type, RSA example
     request.key_type = KeyType(KeyType.RSA, 2048)
@@ -96,11 +94,9 @@ def main():
     f.close()
 
     if not isinstance(conn, FakeConnection):
-        # fake connection doesn`t support certificate renewing
+        # fake connection doesn't support certificate renewing
         print("Trying to renew certificate")
-        new_request = CertificateRequest(
-            cert_id=request.id,
-        )
+        new_request = CertificateRequest(cert_id=request.id)
         conn.renew_cert(new_request)
         while True:
             new_cert = conn.retrieve_cert(new_request)
@@ -115,8 +111,7 @@ def main():
         fn.write(new_request.private_key_pem)
         fn.close()
     if isinstance(conn, TPPConnection):
-        revocation_req = RevocationRequest(req_id=request.id,
-                                           comments="Just for test")
+        revocation_req = RevocationRequest(req_id=request.id, comments="Just for test")
         print("Revoke", conn.revoke_cert(revocation_req))
 
     print("Trying to sign CSR")
@@ -141,6 +136,7 @@ def main():
     f.write(cert.full_chain)
     f.close()
 
+
 def randomword(length):
     letters = string.ascii_lowercase
     return ''.join(random.choice(letters) for i in range(length))

examples/get_cert27.py

@@ -28,10 +28,10 @@
 def main():
     # Get credentials from environment variables
     url = environ.get('TPP_URL')
-    user = environ.get("TPP_USER")
-    password = environ.get("TPP_PASSWORD")
+    user = environ.get('TPP_USER')
+    password = environ.get('TPP_PASSWORD')
 
-    connector = venafi_connection(url=url, user=user, password=password, http_request_kwargs={"verify": False})
+    connector = venafi_connection(url=url, user=user, password=password, http_request_kwargs={'verify': False})
     # If your TPP server certificate is signed with your own CA, or available only via proxy,
     # you can specify a trust bundle using requests vars:
     # connector = venafi_connection(url=url, api_key=api_key, access_token=access_token,
@@ -58,15 +58,15 @@ def main():
     # This is a placeholder. Make sure an SSH CA already exists on your TPP instance
     cadn = "\\VED\\Certificate Authority\\SSH\\Templates\\my-ca"
     # The id of the SSH certificate
-    key_id = "vcert-python-%s" % random_word(12)
+    key_id = f"vcert-python-{random_word(12)}"
 
     # Create the request object
     request = SSHCertRequest(cadn=cadn, key_id=key_id)
     # Add any additional info for the certificate, like:
     request.validity_period = "4h"
     request.source_addresses = ["test.com"]
     request.extensions = {
-        "permit-pty": ""
+        'permit-pty': ""
     }
     # Include the locally-generated public key. If not set, the server will generate one for the certificate
     request.set_public_key_data(ssh_kp.public_key())

examples/ssh_certificates/get_cert_ssh.py

@@ -28,10 +28,10 @@
 def main():
     # Get credentials from environment variables
     url = environ.get('TPP_URL')
-    user = environ.get("TPP_USER")
-    password = environ.get("TPP_PASSWORD")
+    user = environ.get('TPP_USER')
+    password = environ.get('TPP_PASSWORD')
 
-    connector = venafi_connection(url=url, user=user, password=password, http_request_kwargs={"verify": False})
+    connector = venafi_connection(url=url, user=user, password=password, http_request_kwargs={'verify': False})
     # If your TPP server certificate signed with your own CA, or available only via proxy,
     # you can specify a trust bundle using requests vars:
     # connector = venafi_connection(url=url, api_key=api_key, access_token=access_token,
@@ -51,15 +51,15 @@ def main():
     # The path to the SSH CA in the TPP instance
     cadn = "\\VED\\Certificate Authority\\SSH\\Templates\\my-ca"
     # The id of the SSH certificate
-    key_id = "vcert-python-%s" % random_word(12)
+    key_id = f"vcert-python-{random_word(12)}"
 
     # Create the request object
     request = SSHCertRequest(cadn=cadn, key_id=key_id)
     # Add any additional info for the certificate, like:
     request.validity_period = "4h"
     request.source_addresses = ["test.com"]
     request.extensions = {
-        "permit-pty": ""
+        'permit-pty': ""
     }
 
     # Request the certificate from TPP instance

examples/ssh_certificates/get_cert_ssh_service.py

@@ -29,13 +29,13 @@ def main():
     ca_dn = environ.get('TPP_SSH_CADN')
     ca_guid = environ.get('TPP_SSH_CA_GUID')
     # Authentication is required for retrieving the CA principals only.
-    user = environ.get("TPP_USER")
-    password = environ.get("TPP_PASSWORD")
+    user = environ.get('TPP_USER')
+    password = environ.get('TPP_PASSWORD')
 
     # A Connector can be instantiated with no values by using the platform argument.
     # url argument is always required for TPP.
     connector = venafi_connection(platform=VenafiPlatform.TPP, url=url,
-                                  http_request_kwargs={"verify": "/tmp/chain.pem"})
+                                  http_request_kwargs={'verify': "/tmp/chain.pem"})
     # Optionally, the connector can be instantiated passing the specific arguments:
     # connector = venafi_connection(url=url, user=user, password=password, http_request_kwargs={"verify": False})
 
@@ -70,7 +70,7 @@ def main():
     ssh_config = connector.retrieve_ssh_config(ca_request=request)
     with open("./ca2-pub.key", 'w') as ca_file:
         ca_file.write(pub_key_data)
-    print("Certificate Authority principals: %s" % ssh_config.ca_principals)
+    print(f"Certificate Authority principals: {ssh_config.ca_principals}")
 
 
 if __name__ == '__main__':

examples/ssh_certificates/retrieve_ca_public_key.py

@@ -14,8 +14,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
-
-from __future__ import print_function
 from vcert import (CertificateRequest, Connection, FakeConnection, TPPConnection, RevocationRequest, KeyType,
                    TPPTokenConnection, venafi_connection)
 import string
@@ -33,7 +31,7 @@ def main():
     user = environ.get('TPP_USER')
     password = environ.get('TPP_PASSWORD')
     url = environ.get('TPP_TOKEN_URL')
-    zone = environ.get("TPP_ZONE")
+    zone = environ.get('TPP_ZONE')
     fake = environ.get('FAKE')
 
     if fake:
@@ -43,18 +41,18 @@ def main():
         # If user and password are passed, you can get a new token from them.
         # If access_token and refresh_token are passed, there is no need for the username and password.
         # If only access_token is passed, the Connection will fail when token expires, as there is no way to refresh it.
-        conn = venafi_connection(url=url, user=user, password=password, http_request_kwargs={"verify": False})
+        conn = venafi_connection(url=url, user=user, password=password, http_request_kwargs={'verify': False})
         # If your TPP server certificate signed with your own CA, or available only via proxy, you can specify
         # a trust bundle using requests vars:
         # conn = token_connection(url=url, user=user, password=password,
         #                         http_request_kwargs={"verify": "/path-to/bundle.pem"})
 
-    request = CertificateRequest(common_name=random_word(10) + ".venafi.example.com")
-    request.san_dns = [u"www.client.venafi.example.com", u"ww1.client.venafi.example.com"]
-    request.email_addresses = [u"e1@venafi.example.com", u"e2@venafi.example.com"]
-    request.ip_addresses = [u"127.0.0.1", u"192.168.1.1"]
-    request.uniform_resource_identifiers = [u"http://wgtest.com",u"https://ragnartest.com"]
-    request.user_principal_names = [u"e1@venafi.example.com", u"e2@venafi.example.com"]
+    request = CertificateRequest(common_name=f"{random_word(10)}.venafi.example.com")
+    request.san_dns = ["www.client.venafi.example.com", "ww1.client.venafi.example.com"]
+    request.email_addresses = ["e1@venafi.example.com", "e2@venafi.example.com"]
+    request.ip_addresses = ["127.0.0.1", u"192.168.1.1"]
+    request.uniform_resource_identifiers = ["http://wgtest.com", "https://ragnartest.com"]
+    request.user_principal_names = ["e1@venafi.example.com", "e2@venafi.example.com"]
     # Specify ordering certificates in chain. Root can be "first" or "last". By default its last. You also can
     # specify "ignore" to ignore chain (supported only for Platform).
     # To set Custom Fields for the certificate, specify an array of CustomField objects as name-value pairs

examples/tpp/get_cert_tpp_token.py

@@ -14,9 +14,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
-
-from __future__ import print_function
-
 from vcert import (CertificateRequest, venafi_connection, CSR_ORIGIN_SERVICE, CHAIN_OPTION_FIRST)
 import string
 import random
@@ -32,25 +29,25 @@ def main():
     url = environ.get('TPP_TOKEN_URL')
     user = environ.get('TPP_USER')
     password = environ.get('TPP_PASSWORD')
-    zone = environ.get("TPP_ZONE")
+    zone = environ.get('TPP_ZONE')
     server_trust_bundle = environ.get('TPP_TRUST_BUNDLE')
 
     # Connection will be chosen automatically based on which arguments are passed.
     # If token is passed Venafi Cloud connection will be used.
     # If user, password, and URL Venafi Platform (TPP) will be used.
     # If your TPP server certificate signed with your own CA, or available only via proxy, you can specify
     # a trust bundle using http_request_kwargs.
-    conn = venafi_connection(url=url, user=user, password=password, http_request_kwargs={"verify": server_trust_bundle})
+    conn = venafi_connection(url=url, user=user, password=password, http_request_kwargs={'verify': server_trust_bundle})
 
     # Build a Certificate request
-    request = CertificateRequest(common_name=random_word(10) + ".venafi.example.com")
+    request = CertificateRequest(common_name=f"{random_word(10)}.venafi.example.com")
     # Set the request to use a service generated CSR
     request.csr_origin = CSR_ORIGIN_SERVICE
     # Include some Subject Alternative Names
     request.san_dns = ["www.dns.venafi.example.com", "ww1.dns.venafi.example.com"]
     request.email_addresses = ["email1@venafi.example.com", "email2@venafi.example.com"]
     request.ip_addresses = ["127.0.0.1", "192.168.1.1"]
-    request.uniform_resource_identifiers = ["http://wgtest.uri.com","https://ragnartest.uri.com"]
+    request.uniform_resource_identifiers = ["http://wgtest.uri.com", "https://ragnartest.uri.com"]
     request.user_principal_names = ["upn1@venafi.example.com", "upn2@venafi.example.com"]
     # Specify whether or not to return the private key. It is False by default.
     # A password should be defined for the private key if include_private_key is True.

examples/tpp/get_service_gen_cert_tpp.py

@@ -18,8 +18,8 @@
 
 from parser import json_parser, yaml_parser
 from parser.utils import parse_policy_spec
-from policy.policy_spec import PolicySpecification, Policy, Subject, KeyPair, SubjectAltNames, Defaults, \
-    DefaultSubject, DefaultKeyPair
+from policy.policy_spec import (PolicySpecification, Policy, Subject, KeyPair, SubjectAltNames, Defaults,
+                                DefaultSubject, DefaultKeyPair)
 from vcert import venafi_connection
 from vcert.common import Authentication, SCOPE_PM
 import logging
@@ -40,7 +40,7 @@ def main():
     # Get connector object.
     # The default state of this connection only allows for certificate management.
     connector = venafi_connection(url=url, user=user, password=password,
-                                  http_request_kwargs={"verify": server_trust_bundle})
+                                  http_request_kwargs={'verify': server_trust_bundle})
 
     # Create Authentication object with required scope for policy management.
     auth = Authentication(user=user, password=password, scope=SCOPE_PM)