def test_create_datakey_with_encryption(self, cmd_mock, cd_mock):
app.config['USE_ENCRYPTION'] = True
context = {'from': 'confidant-development',
'to': 'confidant-development'}
keymanager.create_datakey(context)
# Assert that create_datakey was called and create_mock_datakey was
# not called.
self.assertTrue(cd_mock.called)
self.assertFalse(cmd_mock.called)
def test_create_datakey_with_encryption(self, cmd_mock, cd_mock):
app.config['USE_ENCRYPTION'] = True
context = {
'from': 'confidant-development',
'to': 'confidant-development'
}
keymanager.create_datakey(context)
# Assert that create_datakey was called and create_mock_datakey was
# not called.
self.assertTrue(cd_mock.called)
self.assertFalse(cmd_mock.called)
def create_credential():
data = request.get_json()
if not data.get('credential_pairs'):
return jsonify({'error': 'credential_pairs is a required field'}), 400
if not isinstance(data.get('metadata', {}), dict):
return jsonify({'error': 'metadata must be a dict'}), 400
# Ensure credential pair keys are lowercase
credential_pairs = _lowercase_credential_pairs(data['credential_pairs'])
_check, ret = _check_credential_pair_values(credential_pairs)
if not _check:
return jsonify(ret), 400
for cred in Credential.data_type_date_index.query(
'credential', name__eq=data['name']):
# Conflict, the name already exists
msg = 'Name already exists. See id: {0}'.format(cred.id)
return jsonify({'error': msg, 'reference': cred.id}), 409
# Generate an initial stable ID to allow name changes
id = str(uuid.uuid4()).replace('-', '')
# Try to save to the archive
revision = 1
credential_pairs = json.dumps(credential_pairs)
data_key = keymanager.create_datakey(encryption_context={'id': id})
cipher = CipherManager(data_key['plaintext'], version=2)
credential_pairs = cipher.encrypt(credential_pairs)
cred = Credential(
id='{0}-{1}'.format(id, revision),
data_type='archive-credential',
name=data['name'],
credential_pairs=credential_pairs,
metadata=data.get('metadata'),
revision=revision,
enabled=data.get('enabled'),
data_key=data_key['ciphertext'],
cipher_version=2,
modified_by=authnz.get_logged_in_user()
).save(id__null=True)
# Make this the current revision
cred = Credential(
id=id,
data_type='credential',
name=data['name'],
credential_pairs=credential_pairs,
metadata=data.get('metadata'),
revision=revision,
enabled=data.get('enabled'),
data_key=data_key['ciphertext'],
cipher_version=2,
modified_by=authnz.get_logged_in_user()
)
cred.save()
return jsonify({
'id': cred.id,
'name': cred.name,
'credential_pairs': json.loads(cipher.decrypt(cred.credential_pairs)),
'metadata': cred.metadata,
'revision': cred.revision,
'enabled': cred.enabled,
'modified_date': cred.modified_date,
'modified_by': cred.modified_by
})
def create_credential():
data = request.get_json()
if not data.get('credential_pairs'):
return jsonify({'error': 'credential_pairs is a required field'}), 400
if not isinstance(data.get('metadata', {}), dict):
return jsonify({'error': 'metadata must be a dict'}), 400
# Ensure credential pair keys are lowercase
credential_pairs = _lowercase_credential_pairs(data['credential_pairs'])
_check, ret = _check_credential_pair_values(credential_pairs)
if not _check:
return jsonify(ret), 400
for cred in Credential.data_type_date_index.query(
'credential', name__eq=data['name']):
# Conflict, the name already exists
msg = 'Name already exists. See id: {0}'.format(cred.id)
return jsonify({'error': msg, 'reference': cred.id}), 409
# Generate an initial stable ID to allow name changes
id = str(uuid.uuid4()).replace('-', '')
# Try to save to the archive
revision = 1
credential_pairs = json.dumps(credential_pairs)
data_key = keymanager.create_datakey(encryption_context={'id': id})
cipher = CipherManager(data_key['plaintext'], version=2)
credential_pairs = cipher.encrypt(credential_pairs)
cred = Credential(
id='{0}-{1}'.format(id, revision),
data_type='archive-credential',
name=data['name'],
credential_pairs=credential_pairs,
metadata=data.get('metadata'),
revision=revision,
enabled=data.get('enabled'),
data_key=data_key['ciphertext'],
cipher_version=2,
modified_by=authnz.get_logged_in_user()
).save(id__null=True)
# Make this the current revision
cred = Credential(
id=id,
data_type='credential',
name=data['name'],
credential_pairs=credential_pairs,
metadata=data.get('metadata'),
revision=revision,
enabled=data.get('enabled'),
data_key=data_key['ciphertext'],
cipher_version=2,
modified_by=authnz.get_logged_in_user()
)
cred.save()
return jsonify({
'id': cred.id,
'name': cred.name,
'credential_pairs': json.loads(cipher.decrypt(cred.credential_pairs)),
'metadata': cred.metadata,
'revision': cred.revision,
'enabled': cred.enabled,
'modified_date': cred.modified_date,
'modified_by': cred.modified_by
})
def test_create_datakey_mocked(self, fernet_mock):
app.config['USE_ENCRYPTION'] = False
fernet_mock.return_value = 'mocked_fernet_key'
ret = keymanager.create_datakey({})
self.assertTrue(fernet_mock.called)
# Assert that we got a dict returned where the ciphertext and plaintext
# keys are equal
self.assertEquals(ret['ciphertext'], ret['plaintext'])
# Assert ciphertext is mocked_fernet_key
self.assertEquals(ret['ciphertext'], 'mocked_fernet_key')
def test_create_datakey_mocked(self, fernet_mock):
app.config['USE_ENCRYPTION'] = False
fernet_mock.return_value = 'mocked_fernet_key'
ret = keymanager.create_datakey({})
self.assertTrue(fernet_mock.called)
# Assert that we got a dict returned where the ciphertext and plaintext
# keys are equal
self.assertEquals(ret['ciphertext'], ret['plaintext'])
# Assert ciphertext is mocked_fernet_key
self.assertEquals(ret['ciphertext'], 'mocked_fernet_key')
def test_datakey(self):
use_encryption = app.config['USE_ENCRYPTION']
app.config['USE_ENCRYPTION'] = True
context = {'from': 'confidant-development',
'to': 'confidant-development'}
ret = keymanager.create_datakey(context)
# Assert that our ciphertext and plaintext aren't equal.
self.assertNotEquals(ret['ciphertext'], ret['plaintext'])
key = keymanager.decrypt_key(ret['ciphertext'], context)
# Assert that our decrypted key is ciphertext is equal to the original
# plaintext.
self.assertEquals(ret['plaintext'], key)
app.config['USE_ENCRYPTION'] = use_encryption
def test_datakey(self):
use_encryption = app.config['USE_ENCRYPTION']
app.config['USE_ENCRYPTION'] = True
context = {
'from': 'confidant-development',
'to': 'confidant-development'
}
ret = keymanager.create_datakey(context)
# Assert that our ciphertext and plaintext aren't equal.
self.assertNotEquals(ret['ciphertext'], ret['plaintext'])
key = keymanager.decrypt_key(ret['ciphertext'], context)
# Assert that our decrypted key is ciphertext is equal to the original
# plaintext.
self.assertEquals(ret['plaintext'], key)
app.config['USE_ENCRYPTION'] = use_encryption
def update_credential(id):
try:
_cred = Credential.get(id)
except Credential.DoesNotExist:
return jsonify({'error': 'Credential not found.'}), 404
if _cred.data_type != 'credential':
msg = 'id provided is not a credential.'
return jsonify({'error': msg}), 400
data = request.get_json()
update = {}
revision = _cred.revision + 1
update['name'] = data.get('name', _cred.name)
if 'enabled' in data:
if not isinstance(data['enabled'], bool):
return jsonify({'error': 'Enabled must be a boolean.'}), 400
update['enabled'] = data['enabled']
else:
update['enabled'] = _cred.enabled
services = _get_services_for_credential(id)
if 'credential_pairs' in data:
# Ensure credential pair keys are lowercase
credential_pairs = _lowercase_credential_pairs(
data['credential_pairs']
)
if not _check_credential_pair_uniqueness(credential_pairs):
ret = {'error': 'credential pairs must be key: value'}
return jsonify(ret), 400
# Ensure credential pairs don't conflicts with pairs from other
# services
conflicts = _pair_key_conflicts_for_services(
id,
credential_pairs,
services
)
if conflicts:
ret = {
'error': 'Conflicting key pairs in mapped service.',
'conflicts': conflicts
}
return jsonify(ret), 400
update['credential_pairs'] = json.dumps(credential_pairs)
else:
data_key = keymanager.decrypt_key(
_cred.data_key,
encryption_context={'id': id}
)
cipher_version = _cred.cipher_version
cipher = CipherManager(data_key, cipher_version)
update['credential_pairs'] = cipher.decrypt(_cred.credential_pairs)
data_key = keymanager.create_datakey(encryption_context={'id': id})
cipher = CipherManager(data_key['plaintext'], version=2)
credential_pairs = cipher.encrypt(update['credential_pairs'])
# Try to save to the archive
try:
Credential(
id='{0}-{1}'.format(id, revision),
name=update['name'],
data_type='archive-credential',
credential_pairs=credential_pairs,
enabled=update['enabled'],
revision=revision,
data_key=data_key['ciphertext'],
cipher_version=2,
modified_by=authnz.get_logged_in_user_email()
).save(id__null=True)
except PutError as e:
logging.error(e)
return jsonify({'error': 'Failed to add credential to archive.'}), 500
try:
cred = Credential(
id=id,
name=update['name'],
data_type='credential',
credential_pairs=credential_pairs,
enabled=update['enabled'],
revision=revision,
data_key=data_key['ciphertext'],
cipher_version=2,
modified_by=authnz.get_logged_in_user_email()
)
cred.save()
except PutError as e:
logging.error(e)
return jsonify({'error': 'Failed to update active credential.'}), 500
if services:
service_names = [x.id for x in services]
msg = 'Updated credential "{0}" ({1}); Revision {2}'
msg = msg.format(cred.name, cred.id, cred.revision)
graphite.send_event(service_names, msg)
return jsonify({
'id': cred.id,
'name': cred.name,
'credential_pairs': json.loads(cipher.decrypt(cred.credential_pairs)),
'revision': cred.revision,
'enabled': cred.enabled,
'modified_date': cred.modified_date,
'modified_by': cred.modified_by
})
def update_credential(id):
try:
_cred = Credential.get(id)
except DoesNotExist:
return jsonify({'error': 'Credential not found.'}), 404
if _cred.data_type != 'credential':
msg = 'id provided is not a credential.'
return jsonify({'error': msg}), 400
data = request.get_json()
update = {}
revision = _get_latest_credential_revision(id, _cred.revision)
update['name'] = data.get('name', _cred.name)
if 'enabled' in data:
if not isinstance(data['enabled'], bool):
return jsonify({'error': 'Enabled must be a boolean.'}), 400
update['enabled'] = data['enabled']
else:
update['enabled'] = _cred.enabled
if not isinstance(data.get('metadata', {}), dict):
return jsonify({'error': 'metadata must be a dict'}), 400
services = _get_services_for_credential(id)
if 'credential_pairs' in data:
# Ensure credential pair keys are lowercase
credential_pairs = _lowercase_credential_pairs(
data['credential_pairs'])
_check, ret = _check_credential_pair_values(credential_pairs)
if not _check:
return jsonify(ret), 400
# Ensure credential pairs don't conflicts with pairs from other
# services
conflicts = _pair_key_conflicts_for_services(
id, list(credential_pairs.keys()), services)
if conflicts:
ret = {
'error': 'Conflicting key pairs in mapped service.',
'conflicts': conflicts
}
return jsonify(ret), 400
update['credential_pairs'] = json.dumps(credential_pairs)
else:
data_key = keymanager.decrypt_datakey(_cred.data_key,
encryption_context={'id': id})
cipher_version = _cred.cipher_version
cipher = CipherManager(data_key, cipher_version)
update['credential_pairs'] = cipher.decrypt(_cred.credential_pairs)
data_key = keymanager.create_datakey(encryption_context={'id': id})
cipher = CipherManager(data_key['plaintext'], version=2)
credential_pairs = cipher.encrypt(update['credential_pairs'])
update['metadata'] = data.get('metadata', _cred.metadata)
update['documentation'] = data.get('documentation', _cred.documentation)
# Enforce documentation, EXCEPT if we are restoring an old revision
if (not update['documentation'] and settings.get('ENFORCE_DOCUMENTATION')
and not data.get('revision')):
return jsonify({'error': 'documentation is a required field'}), 400
# Try to save to the archive
try:
Credential(id='{0}-{1}'.format(id, revision),
name=update['name'],
data_type='archive-credential',
credential_pairs=credential_pairs,
metadata=update['metadata'],
enabled=update['enabled'],
revision=revision,
data_key=data_key['ciphertext'],
cipher_version=2,
modified_by=authnz.get_logged_in_user(),
documentation=update['documentation']).save(id__null=True)
except PutError as e:
logging.error(e)
return jsonify({'error': 'Failed to add credential to archive.'}), 500
try:
cred = Credential(id=id,
name=update['name'],
data_type='credential',
credential_pairs=credential_pairs,
metadata=update['metadata'],
enabled=update['enabled'],
revision=revision,
data_key=data_key['ciphertext'],
cipher_version=2,
modified_by=authnz.get_logged_in_user(),
documentation=update['documentation'])
cred.save()
except PutError as e:
logging.error(e)
return jsonify({'error': 'Failed to update active credential.'}), 500
if services:
service_names = [x.id for x in services]
msg = 'Updated credential "{0}" ({1}); Revision {2}'
msg = msg.format(cred.name, cred.id, cred.revision)
graphite.send_event(service_names, msg)
webhook.send_event('credential_update', service_names, [cred.id])
return jsonify({
'id':
cred.id,
'name':
cred.name,
'credential_pairs':
json.loads(cipher.decrypt(cred.credential_pairs)),
'metadata':
cred.metadata,
'revision':
cred.revision,
'enabled':
cred.enabled,
'modified_date':
cred.modified_date,
'modified_by':
cred.modified_by,
'documentation':
cred.documentation
})
def update_credential(id):
#credentialid가져오는 중 없을 경우 error발생 예외처리
try:
_cred = Credential.get(id)
except DoesNotExist:
return jsonify({'error': 'Credential not found.'}), 404
#자료의 종류가 credential인지 아닌지 check 아닐 경우 error msg와 함께 리턴
if _cred.data_type != 'credential':
msg = 'id provided is not a credential.'
return jsonify({'error': msg}), 400
#데이터 갖고온다
data = request.get_json()
#update라는 dictionary생성
update = {}
#가장 최근의 revision을 가져온다
revision = _get_latest_credential_revision(id, _cred.revision)
#이름 업데이트
update['name'] = data.get('name', _cred.name)
#data에 'enabled'이 있을 경우 제어문 안으로
if 'enabled' in data:
#허용 안되는 부분이 bool 인스턴스가 아니라면 error발생
if not isinstance(data['enabled'], bool):
return jsonify({'error': 'Enabled must be a boolean.'}), 400
#'enabled'data 대입
update['enabled'] = data['enabled']
else:
#data에 없다면 _cred에서 대입
update['enabled'] = _cred.enabled
#metadata가 dictionary타입이 아닌 경우 error발생
if not isinstance(data.get('metadata', {}), dict):
return jsonify({'error': 'metadata must be a dict'}), 400
#credential의 서비스 가져오기
services = _get_services_for_credential(id)
#data에 credential_pairs가 있다면 제어문 안으로
if 'credential_pairs' in data:
# Ensure credential pair keys are lowercase
# credential pair key가 소문자인지 확실하게 하기 위해 소문자로 만드는 함수를 사용해 credential_pairs가져오기
credential_pairs = _lowercase_credential_pairs(
data['credential_pairs']
)
#확인하기 위해 확인 값 가져오기
_check, ret = _check_credential_pair_values(credential_pairs)
#확인
if not _check:
return jsonify(ret), 400
# Ensure credential pairs don't conflicts with pairs from other services
# 다른 서비스와 충돌하지 않는지 확인
conflicts = _pair_key_conflicts_for_services(
id,
credential_pairs.keys(),
services
)
# 충돌한다면 error발생
if conflicts:
ret = {
'error': 'Conflicting key pairs in mapped service.',
'conflicts': conflicts
}
return jsonify(ret), 400
update['credential_pairs'] = json.dumps(credential_pairs)
#data에 credential_pairs가 없다면 제어문 안으로
else:
#key생성
data_key = keymanager.decrypt_datakey(
_cred.data_key,
encryption_context={'id': id}
)
cipher_version = _cred.cipher_version
cipher = CipherManager(data_key, cipher_version)
update['credential_pairs'] = cipher.decrypt(_cred.credential_pairs)
data_key = keymanager.create_datakey(encryption_context={'id': id})
cipher = CipherManager(data_key['plaintext'], version=2)
credential_pairs = cipher.encrypt(update['credential_pairs'])
update['metadata'] = data.get('metadata', _cred.metadata)
update['documentation'] = data.get('documentation', _cred.documentation)
# Enforce documentation, EXCEPT if we are restoring an old revision
#오래된 버전을 복원 중이지 않는 이상 문서 실행
if (not update['documentation'] and
settings.get('ENFORCE_DOCUMENTATION') and
not data.get('revision')):
return jsonify({'error': 'documentation is a required field'}), 400
# Try to save to the archive
# 아카이브 저장을 위한 try문
try:
Credential(
id='{0}-{1}'.format(id, revision),
name=update['name'],
data_type='archive-credential',
credential_pairs=credential_pairs,
metadata=update['metadata'],
enabled=update['enabled'],
revision=revision,
data_key=data_key['ciphertext'],
cipher_version=2,
modified_by=authnz.get_logged_in_user(),
documentation=update['documentation']
).save(id__null=True)
except PutError as e:
logging.error(e)
return jsonify({'error': 'Failed to add credential to archive.'}), 500
try:
cred = Credential(
id=id,
name=update['name'],
data_type='credential',
credential_pairs=credential_pairs,
metadata=update['metadata'],
enabled=update['enabled'],
revision=revision,
data_key=data_key['ciphertext'],
cipher_version=2,
modified_by=authnz.get_logged_in_user(),
documentation=update['documentation']
)
cred.save()
except PutError as e:
logging.error(e)
return jsonify({'error': 'Failed to update active credential.'}), 500
if services:
service_names = [x.id for x in services]
msg = 'Updated credential "{0}" ({1}); Revision {2}'
msg = msg.format(cred.name, cred.id, cred.revision)
graphite.send_event(service_names, msg)
webhook.send_event('credential_update', service_names, [cred.id])
#update된 내용 리턴
return jsonify({
'id': cred.id,
'name': cred.name,
'credential_pairs': json.loads(cipher.decrypt(cred.credential_pairs)),
'metadata': cred.metadata,
'revision': cred.revision,
'enabled': cred.enabled,
'modified_date': cred.modified_date,
'modified_by': cred.modified_by,
'documentation': cred.documentation
})
def create_credential():
data = request.get_json()
#data들을 받아오지 못한경우 error처리 발생
if not data.get('documentation') and settings.get('ENFORCE_DOCUMENTATION'):
return jsonify({'error': 'documentation is a required field'}), 400
if not data.get('credential_pairs'):
return jsonify({'error': 'credential_pairs is a required field'}), 400
if not isinstance(data.get('metadata', {}), dict):
return jsonify({'error': 'metadata must be a dict'}), 400
# Ensure credential pair keys are lowercase
# credential pair key들이 소문자인지 안전하게 하기 위해 다시 사용
credential_pairs = _lowercase_credential_pairs(data['credential_pairs'])
_check, ret = _check_credential_pair_values(credential_pairs)
#check해서 false이면 error발생
if not _check:
return jsonify(ret), 400
for cred in Credential.data_type_date_index.query(
'credential', name__eq=data['name']):
# Conflict, the name already exists
# 이미 이름이 있는지 점검 있으면 error발생
msg = 'Name already exists. See id: {0}'.format(cred.id)
return jsonify({'error': msg, 'reference': cred.id}), 409
# Generate an initial stable ID to allow name changes
# 이름 변경을 허용하기 위해 아래 id만들기
id = str(uuid.uuid4()).replace('-', '')
# Try to save to the archive
# 아카이브에 저장하기 위해
revision = 1
# credential_pairs json인코딩을 위해
credential_pairs = json.dumps(credential_pairs)
#key 생성
data_key = keymanager.create_datakey(encryption_context={'id': id})
#key암호화(??확실x)
cipher = CipherManager(data_key['plaintext'], version=2)
credential_pairs = cipher.encrypt(credential_pairs)
cred = Credential(
id='{0}-{1}'.format(id, revision),
data_type='archive-credential',
name=data['name'],
credential_pairs=credential_pairs,
metadata=data.get('metadata'),
revision=revision,
enabled=data.get('enabled'),
data_key=data_key['ciphertext'],
cipher_version=2,
modified_by=authnz.get_logged_in_user(),
documentation=data.get('documentation')
).save(id__null=True)
# Make this the current revision
# 현재 버전으로 만든다
cred = Credential(
id=id,
data_type='credential',
name=data['name'],
credential_pairs=credential_pairs,
metadata=data.get('metadata'),
revision=revision,
enabled=data.get('enabled'),
data_key=data_key['ciphertext'],
cipher_version=2,
modified_by=authnz.get_logged_in_user(),
documentation=data.get('documentation')
)
#저장
cred.save()
#마무리 최종 저장된 값들 리턴
return jsonify({
'id': cred.id,
'name': cred.name,
'credential_pairs': json.loads(cipher.decrypt(cred.credential_pairs)),
'metadata': cred.metadata,
'revision': cred.revision,
'enabled': cred.enabled,
'modified_date': cred.modified_date,
'modified_by': cred.modified_by,
'documentation': cred.documentation
})
def update_credential(id):
try:
_cred = Credential.get(id)
except Credential.DoesNotExist:
return jsonify({'error': 'Credential not found.'}), 404
if _cred.data_type != 'credential':
msg = 'id provided is not a credential.'
return jsonify({'error': msg}), 400
data = request.get_json()
update = {}
revision = _cred.revision + 1
update['name'] = data.get('name', _cred.name)
if 'enabled' in data:
if not isinstance(data['enabled'], bool):
return jsonify({'error': 'Enabled must be a boolean.'}), 400
update['enabled'] = data['enabled']
else:
update['enabled'] = _cred.enabled
services = _get_services_for_credential(id)
if 'credential_pairs' in data:
# Ensure credential pair keys are lowercase
credential_pairs = _lowercase_credential_pairs(
data['credential_pairs'])
if not _check_credential_pair_uniqueness(credential_pairs):
ret = {'error': 'credential pairs must be key: value'}
return jsonify(ret), 400
# Ensure credential pairs don't conflicts with pairs from other
# services
conflicts = _pair_key_conflicts_for_services(id, credential_pairs,
services)
if conflicts:
ret = {
'error': 'Conflicting key pairs in mapped service.',
'conflicts': conflicts
}
return jsonify(ret), 400
update['credential_pairs'] = json.dumps(credential_pairs)
else:
data_key = keymanager.decrypt_key(_cred.data_key,
encryption_context={'id': id})
cipher_version = _cred.cipher_version
cipher = CipherManager(data_key, cipher_version)
update['credential_pairs'] = cipher.decrypt(_cred.credential_pairs)
data_key = keymanager.create_datakey(encryption_context={'id': id})
cipher = CipherManager(data_key['plaintext'], version=2)
credential_pairs = cipher.encrypt(update['credential_pairs'])
# Try to save to the archive
try:
Credential(
id='{0}-{1}'.format(id, revision),
name=update['name'],
data_type='archive-credential',
credential_pairs=credential_pairs,
enabled=update['enabled'],
revision=revision,
data_key=data_key['ciphertext'],
cipher_version=2,
modified_by=authnz.get_logged_in_user_email()).save(id__null=True)
except PutError as e:
log.error(e)
return jsonify({'error': 'Failed to add credential to archive.'}), 500
try:
cred = Credential(id=id,
name=update['name'],
data_type='credential',
credential_pairs=credential_pairs,
enabled=update['enabled'],
revision=revision,
data_key=data_key['ciphertext'],
cipher_version=2,
modified_by=authnz.get_logged_in_user_email())
cred.save()
except PutError as e:
log.error(e)
return jsonify({'error': 'Failed to update active credential.'}), 500
if services:
service_names = [x.id for x in services]
msg = 'Updated credential "{0}" ({1}); Revision {2}'
msg = msg.format(cred.name, cred.id, cred.revision)
graphite.send_event(service_names, msg)
return jsonify({
'id':
cred.id,
'name':
cred.name,
'credential_pairs':
json.loads(cipher.decrypt(cred.credential_pairs)),
'revision':
cred.revision,
'enabled':
cred.enabled,
'modified_date':
cred.modified_date,
'modified_by':
cred.modified_by
})