def _add_private_key_to_generated_cert_container(container_id, order_model,
                                                 project_model):
    keypair_container_id, keypair_container = _get_container_from_order_meta(
        order_model, project_model)
    private_key_id = None

    for cs in keypair_container.container_secrets:
        if cs.name == 'private_key':
            private_key_id = cs.secret_id

    new_consec_assoc = models.ContainerSecret()
    new_consec_assoc.name = 'private_key'
    new_consec_assoc.container_id = container_id
    new_consec_assoc.secret_id = private_key_id
    container_secret_repo = repos.get_container_secret_repository()
    container_secret_repo.create_from(new_consec_assoc)
Example #2
0
    def on_post(self, external_project_id, **kwargs):
        """Handles adding an existing secret to an existing container."""

        if self.container.type != 'generic':
            pecan.abort(400, u._("Only 'generic' containers can be modified."))

        data = api.load_body(pecan.request, validator=self.validator)

        name = data.get('name')
        secret_ref = data.get('secret_ref')
        secret_id = hrefs.get_secret_id_from_ref(secret_ref)

        secret = self.secret_repo.get(
            entity_id=secret_id,
            external_project_id=external_project_id,
            suppress_exception=True)
        if not secret:
            pecan.abort(404, u._("Secret provided doesn't exist."))

        found_container_secrets = list(
            filter(lambda cs: cs.secret_id == secret_id and cs.name == name,
                   self.container.container_secrets)
        )

        if found_container_secrets:
            pecan.abort(409, u._('Conflict. A secret with that name and ID is '
                                 'already stored in this container. The same '
                                 'secret can exist in a container as long as '
                                 'the name is unique.'))

        LOG.debug('Start container secret on_post...%s', secret_ref)
        new_container_secret = models.ContainerSecret()
        new_container_secret.container_id = self.container.id
        new_container_secret.name = name
        new_container_secret.secret_id = secret_id
        self.container_secret_repo.save(new_container_secret)

        url = hrefs.convert_container_to_href(self.container.id)
        LOG.debug(u._('URI to container is %s'), url)

        pecan.response.status = 201
        pecan.response.headers['Location'] = url
        LOG.info(u._LI('Created a container secret for project: %s'),
                 external_project_id)

        return {'container_ref': url}
Example #3
0
def create_container(id_ref, project_id=None, external_project_id=None):
    """Generate a Container entity instance."""
    container = models.Container()
    container.id = id_ref
    container.name = 'test name'
    container.type = 'rsa'
    container_secret = models.ContainerSecret()
    container_secret.container_id = id_ref
    container_secret.secret_id = '123'
    container.container_secrets.append(container_secret)

    if project_id:
        project = models.Project()
        project.id = project_id
        project.external_id = external_project_id
        container.project = project
    return container