def create_container_secret(container=None, secret=None, session=None):
container_secret = models.ContainerSecret()
container_secret.container_id = container.id
container_secret.secret_id = secret.id
container_secret_repo = repositories.get_container_secret_repository()
container_secret_repo.create_from(container_secret, session=session)
return container_secret
def create_container_secret(container=None, secret=None, session=None):
container_secret = models.ContainerSecret()
container_secret.container_id = container.id
container_secret.secret_id = secret.id
container_secret_repo = repositories.get_container_secret_repository()
container_secret_repo.create_from(container_secret, session=session)
return container_secret
def __init__(self, container):
LOG.debug('=== Creating ContainerSecretsController ===')
super().__init__()
self.container = container
self.container_secret_repo = repo.get_container_secret_repository()
self.secret_repo = repo.get_secret_repository()
self.validator = validators.ContainerSecretValidator()
def _create_container_secret_association(assoc_name, secret_model,
container_model):
container_secret = models.ContainerSecret()
container_secret.name = assoc_name
container_secret.container_id = container_model.id
container_secret.secret_id = secret_model.id
container_secret_repo = repos.get_container_secret_repository()
container_secret_repo.create_from(container_secret)
def _create_container_secret_association(assoc_name, secret_model,
container_model):
container_secret = models.ContainerSecret()
container_secret.name = assoc_name
container_secret.container_id = container_model.id
container_secret.secret_id = secret_model.id
container_secret_repo = repos.get_container_secret_repository()
container_secret_repo.create_from(container_secret)
def _add_private_key_to_generated_cert_container(container_id, order_model, project_model):
keypair_container_id, keypair_container = _get_container_from_order_meta(order_model, project_model)
private_key_id = None
for cs in keypair_container.container_secrets:
if cs.name == "private_key":
private_key_id = cs.secret_id
new_consec_assoc = models.ContainerSecret()
new_consec_assoc.name = "private_key"
new_consec_assoc.container_id = container_id
new_consec_assoc.secret_id = private_key_id
container_secret_repo = repos.get_container_secret_repository()
container_secret_repo.create_from(new_consec_assoc)
def _save_secrets(result, project_model, request_type, order_model):
cert_secret_model, transport_key_model = plugin.store_secret(
unencrypted_raw=result.certificate,
content_type_raw='application/pkix-cert',
content_encoding='base64',
secret_model=models.Secret(),
project_model=project_model)
# save the certificate chain as a secret.
if result.intermediates:
intermediates_secret_model, transport_key_model = plugin.store_secret(
unencrypted_raw=result.intermediates,
content_type_raw='application/pkix-cert',
content_encoding='base64',
secret_model=models.Secret(),
project_model=project_model
)
else:
intermediates_secret_model = None
container_model = models.Container()
container_model.type = "certificate"
container_model.status = models.States.ACTIVE
container_model.project_id = project_model.id
container_repo = repos.get_container_repository()
container_repo.create_from(container_model)
# create container_secret for certificate
new_consec_assoc = models.ContainerSecret()
new_consec_assoc.name = 'certificate'
new_consec_assoc.container_id = container_model.id
new_consec_assoc.secret_id = cert_secret_model.id
container_secret_repo = repos.get_container_secret_repository()
container_secret_repo.create_from(new_consec_assoc)
if intermediates_secret_model:
# create container_secret for intermediate certs
new_consec_assoc = models.ContainerSecret()
new_consec_assoc.name = 'intermediates'
new_consec_assoc.container_id = container_model.id
new_consec_assoc.secret_id = intermediates_secret_model.id
container_secret_repo.create_from(new_consec_assoc)
if request_type == cert.CertificateRequestType.STORED_KEY_REQUEST:
_add_private_key_to_generated_cert_container(container_model.id,
order_model,
project_model)
return container_model
def _add_private_key_to_generated_cert_container(container_id, order_model,
project_model):
keypair_container_id, keypair_container = _get_container_from_order_meta(
order_model, project_model)
private_key_id = None
for cs in keypair_container.container_secrets:
if cs.name == 'private_key':
private_key_id = cs.secret_id
new_consec_assoc = models.ContainerSecret()
new_consec_assoc.name = 'private_key'
new_consec_assoc.container_id = container_id
new_consec_assoc.secret_id = private_key_id
container_secret_repo = repos.get_container_secret_repository()
container_secret_repo.create_from(new_consec_assoc)
class ContainerSecret(base.BarbicanObject, base.BarbicanPersistentObject,
object_base.VersionedObjectDictCompat):
fields = {
'name': fields.StringField(nullable=True, default=None),
'container_id': fields.StringField(),
'secret_id': fields.StringField(),
}
db_model = models.ContainerSecret
db_repo = repos.get_container_secret_repository()
def create(self, session=None):
change_fields = self._get_changed_persistent_fields()
self._validate_fields(change_fields)
db_entity = self._get_db_entity()
db_entity.update(change_fields)
db_entity = self.db_repo.create_from(db_entity, session=session)
return self._from_db_object(db_entity)
def __init__(self, container):
LOG.debug('=== Creating ContainerSecretsController ===')
self.container = container
self.container_secret_repo = repo.get_container_secret_repository()
self.secret_repo = repo.get_secret_repository()
self.validator = validators.ContainerSecretValidator()
