def test_should_get_global_preferred_ca(self):
self.create_cas()
resp = self.app.get('/cas/global-preferred')
self.assertEqual(
hrefs.convert_certificate_authority_to_href(self.global_ca_id),
resp.namespace['cas'][0])
def test_should_get_preferred_ca(self):
self.create_cas()
resp = self.app.get('/cas/preferred')
self.assertEqual(
hrefs.convert_certificate_authority_to_href(
self.preferred_ca.id),
resp.namespace['ca_ref'])
def test_should_get_global_preferred_ca(self):
self.create_cas()
resp = self.app.get('/cas/global-preferred')
self.assertEqual(
hrefs.convert_certificate_authority_to_href(self.global_ca_id),
resp.namespace['cas'][0])
def on_post(self, external_project_id, **kwargs):
LOG.debug(u._('Start on_post for project-ID %s:...'),
external_project_id)
data = api.load_body(pecan.request, validator=self.validator)
project = res.get_or_create_project(external_project_id)
ctxt = controllers._get_barbican_context(pecan.request)
if ctxt: # in authenticated pipeline case, always use auth token user
creator_id = ctxt.user
self.quota_enforcer.enforce(project)
new_ca = cert_resources.create_subordinate_ca(
project_model=project,
name=data.get('name'),
description=data.get('description'),
subject_dn=data.get('subject_dn'),
parent_ca_ref=data.get('parent_ca_ref'),
creator_id=creator_id)
url = hrefs.convert_certificate_authority_to_href(new_ca.id)
LOG.debug(u._('URI to sub-CA is %s'), url)
pecan.response.status = 201
pecan.response.headers['Location'] = url
LOG.info(u._LI('Created a sub CA for project: %s'),
external_project_id)
return {'ca_ref': url}
def on_get(self, external_project_id, **kw):
LOG.debug('Start certificate_authorities on_get')
plugin_name = kw.get('plugin_name')
if plugin_name is not None:
plugin_name = urllib.unquote_plus(plugin_name)
plugin_ca_id = kw.get('plugin_ca_id', None)
if plugin_ca_id is not None:
plugin_ca_id = urllib.unquote_plus(plugin_ca_id)
result = self.ca_repo.get_by_create_date(
offset_arg=kw.get('offset', 0),
limit_arg=kw.get('limit', None),
plugin_name=plugin_name,
plugin_ca_id=plugin_ca_id,
suppress_exception=True)
cas, offset, limit, total = result
if not cas:
cas_resp_overall = {'cas': [], 'total': total}
else:
cas_resp = [
hrefs.convert_certificate_authority_to_href(s.id) for s in cas
]
cas_resp_overall = hrefs.add_nav_hrefs('cas', offset, limit, total,
{'cas': cas_resp})
cas_resp_overall.update({'total': total})
return cas_resp_overall
def on_post(self, external_project_id, **kwargs):
LOG.debug('Start on_post for project-ID %s:...', external_project_id)
data = api.load_body(pecan.request, validator=self.validator)
project = res.get_or_create_project(external_project_id)
ctxt = controllers._get_barbican_context(pecan.request)
if ctxt: # in authenticated pipeline case, always use auth token user
creator_id = ctxt.user
self.quota_enforcer.enforce(project)
new_ca = cert_resources.create_subordinate_ca(
project_model=project,
name=data.get('name'),
description=data.get('description'),
subject_dn=data.get('subject_dn'),
parent_ca_ref=data.get('parent_ca_ref'),
creator_id=creator_id
)
url = hrefs.convert_certificate_authority_to_href(new_ca.id)
LOG.debug('URI to sub-CA is %s', url)
pecan.response.status = 201
pecan.response.headers['Location'] = url
LOG.info(u._LI('Created a sub CA for project: %s'),
external_project_id)
return {'ca_ref': url}
def get_global_preferred(self, external_project_id, **kw):
LOG.debug('Start certificate_authorities get_global_preferred CA')
pref_ca = self.preferred_ca_repo.get_global_preferred_ca()
if not pref_ca:
pecan.abort(404, "No global preferred CA defined")
return {
'cas': [hrefs.convert_certificate_authority_to_href(pref_ca.ca_id)]
}
def get_global_preferred(self, external_project_id, **kw):
LOG.debug('Start certificate_authorities get_global_preferred CA')
pref_ca = cert_resources.get_global_preferred_ca()
if not pref_ca:
pecan.abort(404, u._("No global preferred CA defined"))
return {
'ca_ref':
hrefs.convert_certificate_authority_to_href(pref_ca.ca_id)
}
def preferred(self, external_project_id, **kw):
LOG.debug('Start certificate_authorities get project preferred CA')
project = res.get_or_create_project(external_project_id)
pref_ca_id = cert_resources.get_project_preferred_ca_id(project.id)
if not pref_ca_id:
pecan.abort(404, u._("No preferred CA defined for this project"))
return {
'ca_ref': hrefs.convert_certificate_authority_to_href(pref_ca_id)
}
def _display_cas(self, cas, offset, limit, total):
if not cas:
cas_resp_overall = {'cas': [], 'total': total}
else:
cas_resp = [
hrefs.convert_certificate_authority_to_href(ca.id)
for ca in cas
]
cas_resp_overall = hrefs.add_nav_hrefs('cas', offset, limit, total,
{'cas': cas_resp})
cas_resp_overall.update({'total': total})
return cas_resp_overall
def preferred(self, external_project_id, **kw):
LOG.debug('Start certificate_authorities get project preferred CA')
project = res.get_or_create_project(external_project_id)
pref_ca_id = cert_resources.get_project_preferred_ca_id(project.id)
if not pref_ca_id:
pecan.abort(404, u._("No preferred CA defined for this project"))
return {
'ca_ref':
hrefs.convert_certificate_authority_to_href(pref_ca_id)
}
def _display_cas(self, cas, offset, limit, total):
if not cas:
cas_resp_overall = {'cas': [],
'total': total}
else:
cas_resp = [
hrefs.convert_certificate_authority_to_href(ca.id)
for ca in cas]
cas_resp_overall = hrefs.add_nav_hrefs('cas', offset, limit, total,
{'cas': cas_resp})
cas_resp_overall.update({'total': total})
return cas_resp_overall
def preferred(self, external_project_id, **kw):
LOG.debug('Start certificate_authorities get project preferred CA')
project = self.project_repo.find_by_external_project_id(
external_project_id)
pref_ca = self.preferred_ca_repo.get_project_entities(project.id)
if not pref_ca:
pecan.abort(404, "No preferred CA defined for this project")
return {
'cas':
[hrefs.convert_certificate_authority_to_href(pref_ca[0].ca_id)]
}
def preferred(self, external_project_id, **kw):
LOG.debug('Start certificate_authorities get project preferred CA')
project = self.project_repo.find_by_external_project_id(
external_project_id)
pref_ca = self.preferred_ca_repo.get_project_entities(project.id)
if not pref_ca:
pecan.abort(404, "No preferred CA defined for this project")
return {
'cas':
[hrefs.convert_certificate_authority_to_href(pref_ca[0].ca_id)]
}
def test_should_raise_unauthorized_parent_ca(self):
subca = cert_res.create_subordinate_ca(
project_model=self.project2,
name=self.name,
description=self.description,
subject_dn=self.subject_name,
parent_ca_ref=self.parent_ca_ref,
creator_id=self.creator_id)
subca_ref = hrefs.convert_certificate_authority_to_href(subca.id)
self.assertRaises(excep.UnauthorizedSubCA,
cert_res.create_subordinate_ca,
project_model=self.project,
name=self.name,
description=self.description,
subject_dn=self.subject_name,
parent_ca_ref=subca_ref,
creator_id=self.creator_id)
def test_should_raise_unauthorized_parent_ca(self):
subca = cert_res.create_subordinate_ca(
project_model=self.project2,
name=self.name,
description=self.description,
subject_dn=self.subject_name,
parent_ca_ref=self.parent_ca_ref,
creator_id=self.creator_id
)
subca_ref = hrefs.convert_certificate_authority_to_href(subca.id)
self.assertRaises(
excep.UnauthorizedSubCA,
cert_res.create_subordinate_ca,
project_model=self.project,
name=self.name,
description=self.description,
subject_dn=self.subject_name,
parent_ca_ref=subca_ref,
creator_id=self.creator_id)
def on_get(self, external_project_id, **kw):
LOG.debug('Start certificate_authorities on_get')
plugin_name = kw.get('plugin_name')
if plugin_name is not None:
plugin_name = urllib.unquote_plus(plugin_name)
plugin_ca_id = kw.get('plugin_ca_id', None)
if plugin_ca_id is not None:
plugin_ca_id = urllib.unquote_plus(plugin_ca_id)
result = self.ca_repo.get_by_create_date(
offset_arg=kw.get('offset', 0),
limit_arg=kw.get('limit', None),
plugin_name=plugin_name,
plugin_ca_id=plugin_ca_id,
suppress_exception=True
)
cas, offset, limit, total = result
if not cas:
cas_resp_overall = {'cas': [],
'total': total}
else:
cas_resp = [
hrefs.convert_certificate_authority_to_href(s.id)
for s in cas
]
cas_resp_overall = hrefs.add_nav_hrefs(
'cas',
offset,
limit,
total,
{'cas': cas_resp}
)
cas_resp_overall.update({'total': total})
return cas_resp_overall
