def on_put(self, external_project_id, **kwargs): if (not pecan.request.content_type or pecan.request.content_type == 'application/json'): pecan.abort( 415, u._("Content-Type of '{content_type}' is not supported for " "PUT.").format(content_type=pecan.request.content_type)) transport_key_id = kwargs.get('transport_key_id') payload = pecan.request.body if not payload: raise exception.NoDataToProcess() if validators.secret_too_big(payload): raise exception.LimitExceeded() if self.secret.encrypted_data or self.secret.secret_store_metadata: _secret_already_has_data() project_model = res.get_or_create_project(external_project_id) content_type = pecan.request.content_type content_encoding = pecan.request.headers.get('Content-Encoding') plugin.store_secret(unencrypted_raw=payload, content_type_raw=content_type, content_encoding=content_encoding, secret_model=self.secret, project_model=project_model, transport_key_id=transport_key_id) LOG.info('Updated secret for project: %s', external_project_id)
def create_encrypted_datum(secret, payload, content_type, content_encoding, tenant, crypto_manager, datum_repo, kek_repo): """Modifies the secret to add the plain_text secret information. :param secret: the secret entity to associate the secret data to :param payload: secret data to store :param content_type: payload content mime type :param content_encoding: payload content encoding :param tenant: the tenant (entity) who owns the secret :param crypto_manager: the crypto plugin manager :param datum_repo: the encrypted datum repository :param kek_repo: the KEK metadata repository :retval The response body, None if N/A """ if not payload: raise exception.NoDataToProcess() if validators.secret_too_big(payload): raise exception.LimitExceeded() if secret.encrypted_data: raise ValueError('Secret already has encrypted data stored for it.') # Encrypt payload LOG.debug('Encrypting secret payload...') new_datum = crypto_manager.encrypt(payload, content_type, content_encoding, secret, tenant, kek_repo) datum_repo.create_from(new_datum) return new_datum
def on_put(self, external_project_id, **kwargs): LOG.debug('=== ProjectQuotasController PUT ===') if not pecan.request.body: raise exception.NoDataToProcess() api.load_body(pecan.request, validator=self.validator) self.quota_driver.set_project_quotas(self.passed_project_id, kwargs['project_quotas']) LOG.info('Put Project Quotas') pecan.response.status = 204
def create_secret(data, tenant, crypto_manager, secret_repo, tenant_secret_repo, datum_repo, ok_to_generate=False): """ Common business logic to create a secret. """ new_secret = models.Secret(data) new_datum = None if 'plain_text' in data: plain_text = data['plain_text'] if not plain_text: raise exception.NoDataToProcess() LOG.debug('Encrypting plain_text secret...') new_datum = crypto_manager.encrypt(data['plain_text'], new_secret, tenant) elif ok_to_generate: LOG.debug('Generating new secret...') # TODO: Generate a good key new_datum = crypto_manager.generate_data_encryption_key( new_secret, tenant) else: LOG.debug('Creating metadata only for the new secret. ' 'A subsequent PUT is required') crypto_manager.supports(new_secret, tenant) # Create Secret entities in datastore. secret_repo.create_from(new_secret) new_assoc = models.TenantSecret() new_assoc.tenant_id = tenant.id new_assoc.secret_id = new_secret.id new_assoc.role = "admin" new_assoc.status = models.States.ACTIVE tenant_secret_repo.create_from(new_assoc) if new_datum: new_datum.secret_id = new_secret.id datum_repo.create_from(new_datum) return new_secret
def on_put(self, external_project_id, **kwargs): if (not pecan.request.content_type or pecan.request.content_type == 'application/json'): pecan.abort( 415, u._("Content-Type of '{content_type}' is not supported for " "PUT.").format(content_type=pecan.request.content_type)) transport_key_id = kwargs.get('transport_key_id') payload = pecan.request.body if not payload: raise exception.NoDataToProcess() if validators.secret_too_big(payload): raise exception.LimitExceeded() secret_model = self.repos.secret_repo.get( entity_id=self.secret_id, external_project_id=external_project_id, suppress_exception=True) if not secret_model: _secret_not_found() if secret_model.encrypted_data: _secret_already_has_data() project_model = res.get_or_create_project(external_project_id, self.repos.project_repo) content_type = pecan.request.content_type content_encoding = pecan.request.headers.get('Content-Encoding') plugin.store_secret(payload, content_type, content_encoding, secret_model.to_dict_fields(), secret_model, project_model, self.repos, transport_key_id=transport_key_id)
def create_encrypted_datum(secret, plain_text, tenant, crypto_manager, tenant_secret_repo, datum_repo): """ Modifies the secret to add the plain_text secret information. :param secret: the secret entity to associate the secret data to :param plain_text: plain-text of the secret data to store :param tenant: the tenant (entity) who owns the secret :param crypto_manager: the crypto plugin manager :param tenant_secret_repo: the tenant/secret association repository :param datum_repo: the encrypted datum repository :retval The response body, None if N/A """ if not plain_text: raise exception.NoDataToProcess() if validators.secret_too_big(plain_text): raise exception.LimitExceeded() if secret.encrypted_data: raise ValueError('Secret already has encrypted data stored for it.') fields = secret.to_dict_fields() fields['plain_text'] = plain_text # Encrypt plain_text LOG.debug('Encrypting plain_text secret') new_datum = crypto_manager.encrypt(plain_text, secret, tenant) datum_repo.create_from(new_datum) # Create Tenant/Secret entity. new_assoc = models.TenantSecret() new_assoc.tenant_id = tenant.id new_assoc.secret_id = secret.id new_assoc.role = "admin" new_assoc.status = models.States.ACTIVE tenant_secret_repo.create_from(new_assoc) return new_datum