def on_put(self, external_project_id, **kwargs): if (not pecan.request.content_type or pecan.request.content_type == 'application/json'): pecan.abort( 415, u._("Content-Type of '{content_type}' is not supported for " "PUT.").format(content_type=pecan.request.content_type) ) transport_key_id = kwargs.get('transport_key_id') payload = pecan.request.body if not payload: raise exception.NoDataToProcess() if validators.secret_too_big(payload): raise exception.LimitExceeded() if self.secret.encrypted_data or self.secret.secret_store_metadata: _secret_already_has_data() project_model = res.get_or_create_project(external_project_id) content_type = pecan.request.content_type content_encoding = pecan.request.headers.get('Content-Encoding') plugin.store_secret( unencrypted_raw=payload, content_type_raw=content_type, content_encoding=content_encoding, secret_model=self.secret, project_model=project_model, transport_key_id=transport_key_id) LOG.info(u._LI('Updated secret for project: %s'), external_project_id)
def on_put(self, external_project_id, **kwargs): if (not pecan.request.content_type or pecan.request.content_type == 'application/json'): pecan.abort( 415, u._("Content-Type of '{content_type}' is not supported for " "PUT.").format(content_type=pecan.request.content_type)) transport_key_id = kwargs.get('transport_key_id') payload = pecan.request.body if not payload: raise exception.NoDataToProcess() if validators.secret_too_big(payload): raise exception.LimitExceeded() if self.secret.encrypted_data or self.secret.secret_store_metadata: _secret_already_has_data() project_model = res.get_or_create_project(external_project_id) content_type = pecan.request.content_type content_encoding = pecan.request.headers.get('Content-Encoding') plugin.store_secret(unencrypted_raw=payload, content_type_raw=content_type, content_encoding=content_encoding, secret_model=self.secret, project_model=project_model, transport_key_id=transport_key_id) LOG.info('Updated secret for project: %s', external_project_id)
def on_put(self, keystone_id, **kwargs): if not pecan.request.content_type or \ pecan.request.content_type == 'application/json': pecan.abort( 415, u._("Content-Type of '{0}' is not supported for PUT.").format( pecan.request.content_type ) ) payload = pecan.request.body if not payload: raise exception.NoDataToProcess() if validators.secret_too_big(payload): raise exception.LimitExceeded() secret_model = self.repos.secret_repo.get(entity_id=self.secret_id, keystone_id=keystone_id, suppress_exception=True) if not secret_model: _secret_not_found() if secret_model.encrypted_data: _secret_already_has_data() tenant_model = res.get_or_create_tenant(keystone_id, self.repos.tenant_repo) content_type = pecan.request.content_type content_encoding = pecan.request.headers.get('Content-Encoding') plugin.store_secret(payload, content_type, content_encoding, secret_model.to_dict_fields, secret_model, tenant_model, self.repos)
def _save_secrets(result, project_model, request_type, order_model): cert_secret_model, transport_key_model = plugin.store_secret( unencrypted_raw=result.certificate, content_type_raw='application/pkix-cert', content_encoding='base64', secret_model=models.Secret(), project_model=project_model) # save the certificate chain as a secret. if result.intermediates: intermediates_secret_model, transport_key_model = plugin.store_secret( unencrypted_raw=result.intermediates, content_type_raw='application/pkix-cert', content_encoding='base64', secret_model=models.Secret(), project_model=project_model ) else: intermediates_secret_model = None container_model = models.Container() container_model.type = "certificate" container_model.status = models.States.ACTIVE container_model.project_id = project_model.id container_repo = repos.get_container_repository() container_repo.create_from(container_model) # create container_secret for certificate new_consec_assoc = models.ContainerSecret() new_consec_assoc.name = 'certificate' new_consec_assoc.container_id = container_model.id new_consec_assoc.secret_id = cert_secret_model.id container_secret_repo = repos.get_container_secret_repository() container_secret_repo.create_from(new_consec_assoc) if intermediates_secret_model: # create container_secret for intermediate certs new_consec_assoc = models.ContainerSecret() new_consec_assoc.name = 'intermediates' new_consec_assoc.container_id = container_model.id new_consec_assoc.secret_id = intermediates_secret_model.id container_secret_repo.create_from(new_consec_assoc) if request_type == cert.CertificateRequestType.STORED_KEY_REQUEST: _add_private_key_to_generated_cert_container(container_model.id, order_model, project_model) return container_model
def on_post(self, keystone_id, **kwargs): LOG.debug('Start on_post for project-ID %s:...', keystone_id) data = api.load_body(pecan.request, validator=self.validator) project = res.get_or_create_project(keystone_id, self.repos.project_repo) transport_key_needed = data.get('transport_key_needed', 'false').lower() == 'true' new_secret, transport_key_model = plugin.store_secret( data.get('payload'), data.get('payload_content_type', 'application/octet-stream'), data.get('payload_content_encoding'), data, None, project, self.repos, transport_key_needed=transport_key_needed, transport_key_id=data.get('transport_key_id')) pecan.response.status = 201 pecan.response.headers['Location'] = '/secrets/{0}'.format( new_secret.id ) url = hrefs.convert_secret_to_href(new_secret.id) LOG.debug('URI to secret is %s', url) if transport_key_model is not None: tkey_url = hrefs.convert_transport_key_to_href( transport_key_model.id) return {'secret_ref': url, 'transport_key_ref': tkey_url} else: return {'secret_ref': url}
def on_post(self, external_project_id, **kwargs): LOG.debug('Start on_post for project-ID %s:...', external_project_id) data = api.load_body(pecan.request, validator=self.validator) project = res.get_or_create_project(external_project_id, self.repos.project_repo) transport_key_needed = data.get('transport_key_needed', 'false').lower() == 'true' new_secret, transport_key_model = plugin.store_secret( data.get('payload'), data.get('payload_content_type', 'application/octet-stream'), data.get('payload_content_encoding'), data, None, project, self.repos, transport_key_needed=transport_key_needed, transport_key_id=data.get('transport_key_id')) pecan.response.status = 201 pecan.response.headers['Location'] = '/secrets/{0}'.format( new_secret.id) url = hrefs.convert_secret_to_href(new_secret.id) LOG.debug('URI to secret is %s', url) if transport_key_model is not None: tkey_url = hrefs.convert_transport_key_to_href( transport_key_model.id) return {'secret_ref': url, 'transport_key_ref': tkey_url} else: return {'secret_ref': url}
def on_post(self, external_project_id, **kwargs): LOG.debug('Start on_post for project-ID %s:...', external_project_id) data = api.load_body(pecan.request, validator=self.validator) project = res.get_or_create_project(external_project_id) transport_key_needed = data.get('transport_key_needed', 'false').lower() == 'true' ctxt = controllers._get_barbican_context(pecan.request) if ctxt: # in authenticated pipleline case, always use auth token user data['creator_id'] = ctxt.user new_secret, transport_key_model = plugin.store_secret( data.get('payload'), data.get('payload_content_type', 'application/octet-stream'), data.get('payload_content_encoding'), data, None, project, transport_key_needed=transport_key_needed, transport_key_id=data.get('transport_key_id')) url = hrefs.convert_secret_to_href(new_secret.id) LOG.debug('URI to secret is %s', url) pecan.response.status = 201 pecan.response.headers['Location'] = url LOG.info(u._LI('Created a secret for project: %s'), external_project_id) if transport_key_model is not None: tkey_url = hrefs.convert_transport_key_to_href( transport_key_model.id) return {'secret_ref': url, 'transport_key_ref': tkey_url} else: return {'secret_ref': url}
def _save_secrets(result, project_model, repos): cert_secret_model, transport_key_model = plugin.store_secret( unencrypted_raw=result.certificate, content_type_raw='text/plain', content_encoding='base64', spec={}, secret_model=None, project_model=project_model, repos=repos) # save the certificate chain as a secret. if result.intermediates: intermediates_secret_model, transport_key_model = plugin.store_secret( unencrypted_raw=result.intermediates, content_type_raw='text/plain', content_encoding='base64', spec={}, secret_model=None, project_model=project_model, repos=repos ) else: intermediates_secret_model = None container_model = models.Container() container_model.type = "certificate" container_model.status = models.States.ACTIVE container_model.tenant_id = project_model.id repos.container_repo.create_from(container_model) # create container_secret for certificate new_consec_assoc = models.ContainerSecret() new_consec_assoc.name = 'certificate' new_consec_assoc.container_id = container_model.id new_consec_assoc.secret_id = cert_secret_model.id repos.container_secret_repo.create_from(new_consec_assoc) if intermediates_secret_model: # create container_secret for intermediate certs new_consec_assoc = models.ContainerSecret() new_consec_assoc.name = 'intermediates' new_consec_assoc.container_id = container_model.id new_consec_assoc.secret_id = intermediates_secret_model.id repos.container_secret_repo.create_from(new_consec_assoc) return container_model
def _save_secrets(result, project_model, repos): cert_secret_model, transport_key_model = plugin.store_secret( unencrypted_raw=result.certificate, content_type_raw='text/plain', content_encoding='base64', spec={}, secret_model=None, project_model=project_model, repos=repos) # save the certificate chain as a secret. if result.intermediates: intermediates_secret_model, transport_key_model = plugin.store_secret( unencrypted_raw=result.intermediates, content_type_raw='text/plain', content_encoding='base64', spec={}, secret_model=None, project_model=project_model, repos=repos) else: intermediates_secret_model = None container_model = models.Container() container_model.type = "certificate" container_model.status = models.States.ACTIVE container_model.project_id = project_model.id repos.container_repo.create_from(container_model) # create container_secret for certificate new_consec_assoc = models.ContainerSecret() new_consec_assoc.name = 'certificate' new_consec_assoc.container_id = container_model.id new_consec_assoc.secret_id = cert_secret_model.id repos.container_secret_repo.create_from(new_consec_assoc) if intermediates_secret_model: # create container_secret for intermediate certs new_consec_assoc = models.ContainerSecret() new_consec_assoc.name = 'intermediates' new_consec_assoc.container_id = container_model.id new_consec_assoc.secret_id = intermediates_secret_model.id repos.container_secret_repo.create_from(new_consec_assoc) return container_model
def on_put(self, external_project_id, **kwargs): if (not pecan.request.content_type or pecan.request.content_type == 'application/json'): pecan.abort( 415, u._("Content-Type of '{content_type}' is not supported for " "PUT.").format(content_type=pecan.request.content_type)) transport_key_id = kwargs.get('transport_key_id') payload = pecan.request.body if not payload: raise exception.NoDataToProcess() if validators.secret_too_big(payload): raise exception.LimitExceeded() secret_model = self.repos.secret_repo.get( entity_id=self.secret_id, external_project_id=external_project_id, suppress_exception=True) if not secret_model: _secret_not_found() if secret_model.encrypted_data: _secret_already_has_data() project_model = res.get_or_create_project(external_project_id, self.repos.project_repo) content_type = pecan.request.content_type content_encoding = pecan.request.headers.get('Content-Encoding') plugin.store_secret(payload, content_type, content_encoding, secret_model.to_dict_fields(), secret_model, project_model, self.repos, transport_key_id=transport_key_id)
def on_post(self, keystone_id, **kwargs): LOG.debug('Start on_post for tenant-ID {0}:...'.format(keystone_id)) data = api.load_body(pecan.request, validator=self.validator) tenant = res.get_or_create_tenant(keystone_id, self.repos.tenant_repo) new_secret = plugin.store_secret(data.get('payload'), data.get('payload_content_type', 'application/octet-stream'), data.get('payload_content_encoding'), data, None, tenant, self.repos) pecan.response.status = 201 pecan.response.headers['Location'] = '/{0}/secrets/{1}'.format( keystone_id, new_secret.id ) url = hrefs.convert_secret_to_href(keystone_id, new_secret.id) LOG.debug('URI to secret is {0}'.format(url)) return {'secret_ref': url}
def on_post(self, external_project_id, **kwargs): LOG.debug('Start on_post for project-ID %s:...', external_project_id) data = api.load_body(pecan.request, validator=self.validator) project = res.get_or_create_project(external_project_id) self.quota_enforcer.enforce(project) transport_key_needed = data.get('transport_key_needed', 'false').lower() == 'true' ctxt = controllers._get_barbican_context(pecan.request) if ctxt: # in authenticated pipleline case, always use auth token user data['creator_id'] = ctxt.user secret_model = models.Secret(data) new_secret, transport_key_model = plugin.store_secret( unencrypted_raw=data.get('payload'), content_type_raw=data.get('payload_content_type', 'application/octet-stream'), content_encoding=data.get('payload_content_encoding'), secret_model=secret_model, project_model=project, transport_key_needed=transport_key_needed, transport_key_id=data.get('transport_key_id')) url = hrefs.convert_secret_to_href(new_secret.id) LOG.debug('URI to secret is %s', url) pecan.response.status = 201 pecan.response.headers['Location'] = url LOG.info('Created a secret for project: %s', external_project_id) if transport_key_model is not None: tkey_url = hrefs.convert_transport_key_to_href( transport_key_model.id) return {'secret_ref': url, 'transport_key_ref': tkey_url} else: return {'secret_ref': url}