1 files changed, 28 insertions, 38 deletions

diff --git a/keystone-moon/keystone/common/openssl.py b/keystone-moon/keystone/common/openssl.py
index be56b9cc..0bea6d8e 100644
--- a/keystone-moon/keystone/common/openssl.py
+++ b/keystone-moon/keystone/common/openssl.py
@@ -63,42 +63,35 @@ class BaseCertificateConfigure(object):
                                'cert_subject': conf_obj.cert_subject}
 
         try:
-            # OpenSSL 1.0 and newer support default_md = default, olders do not
-            openssl_ver = environment.subprocess.Popen(
-                ['openssl', 'version'],
-                stdout=environment.subprocess.PIPE).stdout.read()
-            if "OpenSSL 0." in openssl_ver:
+            # OpenSSL 1.0 and newer support default_md = default,
+            # older versions do not
+            openssl_ver = environment.subprocess.check_output(  # the arguments
+                # are hardcoded and just check the openssl version
+                ['openssl', 'version'])
+            if b'OpenSSL 0.' in openssl_ver:
                 self.ssl_dictionary['default_md'] = 'sha1'
-        except OSError:
-            LOG.warn(_LW('Failed to invoke ``openssl version``, '
-                         'assuming is v1.0 or newer'))
+        except environment.subprocess.CalledProcessError:
+            LOG.warning(_LW('Failed to invoke ``openssl version``, '
+                            'assuming is v1.0 or newer'))
         self.ssl_dictionary.update(kwargs)
 
     def exec_command(self, command):
-        to_exec = []
-        for cmd_part in command:
-            to_exec.append(cmd_part % self.ssl_dictionary)
+        to_exec = [part % self.ssl_dictionary for part in command]
         LOG.info(_LI('Running command - %s'), ' '.join(to_exec))
-        # NOTE(Jeffrey4l): Redirect both stdout and stderr to pipe, so the
-        # output can be captured.
-        # NOTE(Jeffrey4l): check_output is not compatible with Python 2.6.
-        # So use Popen instead.
-        process = environment.subprocess.Popen(
-            to_exec,
-            stdout=environment.subprocess.PIPE,
-            stderr=environment.subprocess.STDOUT)
-        output = process.communicate()[0]
-        retcode = process.poll()
-        if retcode:
-            LOG.error(_LE('Command %(to_exec)s exited with %(retcode)s'
+        try:
+            # NOTE(shaleh): use check_output instead of the simpler
+            # `check_call()` in order to log any output from an error.
+            environment.subprocess.check_output(  # the arguments being passed
+                # in are defined in this file and trusted to build CAs, keys
+                # and certs
+                to_exec,
+                stderr=environment.subprocess.STDOUT)
+        except environment.subprocess.CalledProcessError as e:
+            LOG.error(_LE('Command %(to_exec)s exited with %(retcode)s '
                           '- %(output)s'),
                       {'to_exec': to_exec,
-                       'retcode': retcode,
-                       'output': output})
-            e = environment.subprocess.CalledProcessError(retcode, to_exec[0])
-            # NOTE(Jeffrey4l): Python 2.6 compatibility:
-            # CalledProcessError did not have output keyword argument
-            e.output = output
+                       'retcode': e.returncode,
+                       'output': e.output})
             raise e
 
     def clean_up_existing_files(self):
@@ -134,9 +127,8 @@ class BaseCertificateConfigure(object):
                         user=self.use_keystone_user,
                         group=self.use_keystone_group, log=LOG)
         if not file_exists(self.ssl_config_file_name):
-            ssl_config_file = open(self.ssl_config_file_name, 'w')
-            ssl_config_file.write(self.sslconfig % self.ssl_dictionary)
-            ssl_config_file.close()
+            with open(self.ssl_config_file_name, 'w') as ssl_config_file:
+                ssl_config_file.write(self.sslconfig % self.ssl_dictionary)
         utils.set_permissions(self.ssl_config_file_name,
                               mode=PRIVATE_FILE_PERMS,
                               user=self.use_keystone_user,
@@ -144,9 +136,8 @@ class BaseCertificateConfigure(object):
 
         index_file_name = os.path.join(self.conf_dir, 'index.txt')
         if not file_exists(index_file_name):
-            index_file = open(index_file_name, 'w')
-            index_file.write('')
-            index_file.close()
+            with open(index_file_name, 'w') as index_file:
+                index_file.write('')
         utils.set_permissions(index_file_name,
                               mode=PRIVATE_FILE_PERMS,
                               user=self.use_keystone_user,
@@ -154,9 +145,8 @@ class BaseCertificateConfigure(object):
 
         serial_file_name = os.path.join(self.conf_dir, 'serial')
         if not file_exists(serial_file_name):
-            index_file = open(serial_file_name, 'w')
-            index_file.write('01')
-            index_file.close()
+            with open(serial_file_name, 'w') as index_file:
+                index_file.write('01')
         utils.set_permissions(serial_file_name,
                               mode=PRIVATE_FILE_PERMS,
                               user=self.use_keystone_user,