def _failed_to_create_encrypted_datum(req, resp): """ Throw exception we could not create an EncryptedDatum record for the secret. """ api.abort(falcon.HTTP_400, _("Could not add secret data to Barbican."), req, resp)
def on_put(self, req, resp, keystone_id, secret_id): if not req.content_type or req.content_type == 'application/json': _put_accept_incorrect(req.content_type, req, resp) secret = self.repo.get(entity_id=secret_id, keystone_id=keystone_id, suppress_exception=True) if not secret: _secret_not_found(req, resp) if secret.encrypted_data: _secret_already_has_data(req, resp) tenant = res.get_or_create_tenant(keystone_id, self.tenant_repo) payload = None content_type = req.content_type content_encoding = req.get_header('Content-Encoding') try: payload = req.stream.read(api.MAX_BYTES_REQUEST_INPUT_ACCEPTED) except IOError: api.abort(falcon.HTTP_500, 'Read Error') res.create_encrypted_datum(secret, payload, content_type, content_encoding, tenant, self.crypto_manager, self.datum_repo, self.kek_repo) resp.status = falcon.HTTP_200
def on_post(self, req, resp, keystone_id): tenant = res.get_or_create_tenant(keystone_id, self.tenant_repo) data = api.load_body(req, resp, self.validator) LOG.debug('Start on_post...{0}'.format(data)) new_container = models.Container(data) new_container.tenant_id = tenant.id #TODO: (hgedikli) performance optimizations for secret_ref in new_container.container_secrets: secret = self.secret_repo.get(entity_id=secret_ref.secret_id, keystone_id=keystone_id, suppress_exception=True) if not secret: api.abort(falcon.HTTP_404, u._("Secret provided for '%s'" " doesn't exist." % secret_ref.name), req, resp) self.container_repo.create_from(new_container) resp.status = falcon.HTTP_202 resp.set_header('Location', '/{0}/containers/{1}'.format(keystone_id, new_container.id)) url = convert_container_to_href(keystone_id, new_container.id) resp.body = json.dumps({'container_ref': url})
def on_put(self, req, resp, tenant_id, secret_id): if not req.content_type or req.content_type == 'application/json': _put_accept_incorrect(req.content_type) secret = self.repo.get(entity_id=secret_id, suppress_exception=True) if not secret: _secret_not_found() if secret.mime_type != req.content_type: _client_content_mismatch_to_secret() if secret.encrypted_data: _secret_already_has_data() try: plain_text = req.stream.read() except IOError: abort(falcon.HTTP_500, 'Read Error') resp.status = falcon.HTTP_200 try: create_encrypted_datum(secret, plain_text, tenant_id, self.tenant_secret_repo, self.datum_repo) except ValueError: LOG.error('Problem creating an encrypted datum for the secret.', exc_info=True) _failed_to_create_encrypted_datum()
def _client_content_mismatch_to_secret(expected, actual, req, res): """ Throw exception indicating client content-type doesn't match secret's mime-type. """ api.abort(falcon.HTTP_400, _("Request content-type of '{0}' doesn't match " "secret's of '{1}'.").format(actual, expected), req, res)
def _client_content_mismatch_to_secret(expected, actual, req, res): """ Throw exception indicating client content-type doesn't match secret's mime-type. """ api.abort( falcon.HTTP_400, _("Request content-type of '{0}' doesn't match " "secret's of '{1}'.").format(actual, expected), req, res)
def handler(inst, req, resp, *args, **kwargs): try: fn(inst, req, resp, *args, **kwargs) except falcon.HTTPError as f: LOG.exception('Falcon error seen') raise f # Already converted to Falcon exception, just reraise except Exception as e: status, message = api.generate_safe_exception_message( operation_name, e) LOG.exception(message) api.abort(status, message, req, resp)
def on_put(self, req, resp, keystone_id, secret_id): if not req.content_type or req.content_type == 'application/json': _put_accept_incorrect(req.content_type, req, resp) secret = self.repo.get(entity_id=secret_id, keystone_id=keystone_id, suppress_exception=True) if not secret: _secret_not_found(req, resp) if secret.mime_type != req.content_type: _client_content_mismatch_to_secret(secret.mime_type, req.content_type, req, resp) if secret.encrypted_data: _secret_already_has_data(req, resp) tenant = res.get_or_create_tenant(keystone_id, self.tenant_repo) try: plain_text = req.stream.read(api.MAX_BYTES_REQUEST_INPUT_ACCEPTED) except IOError: api.abort(falcon.HTTP_500, 'Read Error') resp.status = falcon.HTTP_200 try: res.create_encrypted_datum(secret, plain_text, tenant, self.crypto_manager, self.tenant_secret_repo, self.datum_repo) except em.CryptoMimeTypeNotSupportedException as cmtnse: LOG.exception('Secret creation failed - mime-type not supported') _secret_mime_type_not_supported(cmtnse.mime_type, req, resp) except exception.NoDataToProcess: LOG.exception('No secret data to process') _secret_plain_text_empty(req, resp) except exception.LimitExceeded: LOG.exception('Secret data too big to process') _secret_data_too_large(req, resp) except Exception as e: LOG.exception('Secret creation failed - unknown') _failed_to_create_encrypted_datum(req, resp)
def _verification_not_found(req, resp): """Throw exception indicating verification not found.""" api.abort(falcon.HTTP_404, u._('Not Found. Sorry but your verification ' 'result is in ' 'another castle.'), req, resp)
def _get_secret_info_not_found(mime_type, req, resp): """Throw exception indicating request's accept is not supported.""" api.abort(falcon.HTTP_404, _("Secret information of type '{0}' not available for " "decryption.").format(mime_type), req, resp)
def _order_not_found(req, resp): """Throw exception indicating order not found.""" api.abort(falcon.HTTP_404, _('Unable to locate order.'), req, resp)
def _secret_create_failed(req, resp): """ Throw exception that secret creation attempt failed. """ api.abort(falcon.HTTP_500, _("Unabled to create secret."), req, resp)
def _container_not_found(req, resp): """Throw exception indicating container not found.""" api.abort(falcon.HTTP_404, u._('Not Found. Sorry but your container ' 'is in ' 'another castle.'), req, resp)
def _get_accept_not_supported(accept, req, resp): """Throw exception indicating request's accept is not supported.""" api.abort(falcon.HTTP_406, _("Accept of '{0}' is not supported.").format(accept), req, resp)
def _put_accept_incorrect(ct, req, resp): """Throw exception indicating request content-type is not supported.""" api.abort(falcon.HTTP_415, _("Content-Type of '{0}' is not supported.").format(ct), req, resp)
def _secret_not_found(req, resp): """Throw exception indicating secret not found.""" api.abort(falcon.HTTP_404, _('Unable to locate secret.'), req, resp)
def _general_failure(message, req, resp): """Throw exception a general processing failure.""" api.abort(falcon.HTTP_500, _(message), req, resp)
def _secret_plain_text_empty(req, resp): """Throw exception indicating empty plain-text was supplied.""" api.abort(falcon.HTTP_400, _("Could not add secret with empty 'plain_text'"), req, resp)
def _get_secret_info_not_found(mime_type, req, resp): """Throw exception indicating request's accept is not supported.""" api.abort( falcon.HTTP_404, _("Secret information of type '{0}' not available for " "decryption.").format(mime_type), req, resp)
def _secret_not_found(req, resp): """Throw exception indicating secret not found.""" api.abort(falcon.HTTP_404, u._('Not Found. Sorry but your secret is in ' 'another castle.'), req, resp)
def _secret_mime_type_not_supported(mt, req, resp): """Throw exception indicating secret mime-type is not supported.""" api.abort(falcon.HTTP_400, _("Mime-type of '{0}' is not supported.").format(mt), req, resp)
def _secret_already_has_data(req, resp): """ Throw exception that the secret already has data. """ api.abort(falcon.HTTP_409, _("Secret already has data, cannot modify it."), req, resp)
def _failed_to_decrypt_data(req, resp): """Throw exception if failed to decrypt secret information.""" api.abort(falcon.HTTP_500, _("Problem decrypting secret information."), req, resp)
def _secret_data_too_large(req, resp): """Throw exception indicating plain-text was too big.""" api.abort(falcon.HTTP_413, _("Could not add secret data as it was too large"), req, resp)
def _order_not_found(req, resp): """Throw exception indicating order not found.""" api.abort(falcon.HTTP_404, u._('Not Found. Sorry but your order is in ' 'another castle.'), req, resp)
def _secret_already_has_data(req, resp): """Throw exception that the secret already has data.""" api.abort(falcon.HTTP_409, u._("Secret already has data, cannot modify it."), req, resp)
def _authorization_failed(message, req, resp): """Throw exception that authorization failed.""" api.abort(falcon.HTTP_401, message, req, resp)
def _not_allowed(message, req, resp): """Throw exception for forbidden resource.""" api.abort(falcon.HTTP_403, message, req, resp)
def _secret_already_has_data(): """ Throw exception that the secret already has data. """ abort(falcon.HTTP_409, _("Secret already has data, cannot modify it."))
def _secret_not_in_order(): """ Throw exception that secret information is not available in the order. """ abort(falcon.HTTP_400, _("Secret metadata expected but not received."))
def _secret_not_in_order(req, resp): """ Throw exception that secret information is not available in the order. """ api.abort(falcon.HTTP_400, _("Secret metadata expected but not received."), req, resp)
def _secret_not_found(): """Throw exception indicating secret not found.""" abort(falcon.HTTP_400, _('Unable to locate secret profile.'))
def _put_accept_incorrect(ct, req, resp): """Throw exception indicating request content-type is not supported.""" api.abort(falcon.HTTP_415, u._("Content-Type of '{0}' is not " "supported for PUT.").format(ct), req, resp)
def _put_accept_incorrect(ct): """Throw exception indicating request content-type is not supported.""" abort(falcon.HTTP_415, _("Content-Type of '{0}' " "is not supported.").format(ct))
def _secret_not_in_order(req, resp): """Throw exception that secret info is not available in the order.""" api.abort(falcon.HTTP_400, u._("Secret metadata expected but not received."), req, resp)
def _client_content_mismatch_to_secret(): """ Throw exception indicating client content-type doesn't match secret's mime-type. """ abort(falcon.HTTP_400, _("Request content-type doesn't match secret's."))