def on_put(self, external_project_id, **kwargs):
if (not pecan.request.content_type
or pecan.request.content_type == 'application/json'):
pecan.abort(
415,
u._("Content-Type of '{content_type}' is not supported for "
"PUT.").format(content_type=pecan.request.content_type))
transport_key_id = kwargs.get('transport_key_id')
payload = pecan.request.body
if not payload:
raise exception.NoDataToProcess()
if validators.secret_too_big(payload):
raise exception.LimitExceeded()
if self.secret.encrypted_data or self.secret.secret_store_metadata:
_secret_already_has_data()
project_model = res.get_or_create_project(external_project_id)
content_type = pecan.request.content_type
content_encoding = pecan.request.headers.get('Content-Encoding')
plugin.store_secret(unencrypted_raw=payload,
content_type_raw=content_type,
content_encoding=content_encoding,
secret_model=self.secret,
project_model=project_model,
transport_key_id=transport_key_id)
LOG.info('Updated secret for project: %s', external_project_id)
def create_encrypted_datum(secret, payload, content_type, content_encoding,
tenant, crypto_manager, datum_repo, kek_repo):
"""Modifies the secret to add the plain_text secret information.
:param secret: the secret entity to associate the secret data to
:param payload: secret data to store
:param content_type: payload content mime type
:param content_encoding: payload content encoding
:param tenant: the tenant (entity) who owns the secret
:param crypto_manager: the crypto plugin manager
:param datum_repo: the encrypted datum repository
:param kek_repo: the KEK metadata repository
:retval The response body, None if N/A
"""
if not payload:
raise exception.NoDataToProcess()
if validators.secret_too_big(payload):
raise exception.LimitExceeded()
if secret.encrypted_data:
raise ValueError('Secret already has encrypted data stored for it.')
# Encrypt payload
LOG.debug('Encrypting secret payload...')
new_datum = crypto_manager.encrypt(payload, content_type, content_encoding,
secret, tenant, kek_repo)
datum_repo.create_from(new_datum)
return new_datum
def on_put(self, external_project_id, **kwargs):
LOG.debug('=== ProjectQuotasController PUT ===')
if not pecan.request.body:
raise exception.NoDataToProcess()
api.load_body(pecan.request, validator=self.validator)
self.quota_driver.set_project_quotas(self.passed_project_id,
kwargs['project_quotas'])
LOG.info('Put Project Quotas')
pecan.response.status = 204
def create_secret(data,
tenant,
crypto_manager,
secret_repo,
tenant_secret_repo,
datum_repo,
ok_to_generate=False):
"""
Common business logic to create a secret.
"""
new_secret = models.Secret(data)
new_datum = None
if 'plain_text' in data:
plain_text = data['plain_text']
if not plain_text:
raise exception.NoDataToProcess()
LOG.debug('Encrypting plain_text secret...')
new_datum = crypto_manager.encrypt(data['plain_text'], new_secret,
tenant)
elif ok_to_generate:
LOG.debug('Generating new secret...')
# TODO: Generate a good key
new_datum = crypto_manager.generate_data_encryption_key(
new_secret, tenant)
else:
LOG.debug('Creating metadata only for the new secret. '
'A subsequent PUT is required')
crypto_manager.supports(new_secret, tenant)
# Create Secret entities in datastore.
secret_repo.create_from(new_secret)
new_assoc = models.TenantSecret()
new_assoc.tenant_id = tenant.id
new_assoc.secret_id = new_secret.id
new_assoc.role = "admin"
new_assoc.status = models.States.ACTIVE
tenant_secret_repo.create_from(new_assoc)
if new_datum:
new_datum.secret_id = new_secret.id
datum_repo.create_from(new_datum)
return new_secret
def on_put(self, external_project_id, **kwargs):
if (not pecan.request.content_type
or pecan.request.content_type == 'application/json'):
pecan.abort(
415,
u._("Content-Type of '{content_type}' is not supported for "
"PUT.").format(content_type=pecan.request.content_type))
transport_key_id = kwargs.get('transport_key_id')
payload = pecan.request.body
if not payload:
raise exception.NoDataToProcess()
if validators.secret_too_big(payload):
raise exception.LimitExceeded()
secret_model = self.repos.secret_repo.get(
entity_id=self.secret_id,
external_project_id=external_project_id,
suppress_exception=True)
if not secret_model:
_secret_not_found()
if secret_model.encrypted_data:
_secret_already_has_data()
project_model = res.get_or_create_project(external_project_id,
self.repos.project_repo)
content_type = pecan.request.content_type
content_encoding = pecan.request.headers.get('Content-Encoding')
plugin.store_secret(payload,
content_type,
content_encoding,
secret_model.to_dict_fields(),
secret_model,
project_model,
self.repos,
transport_key_id=transport_key_id)
def create_encrypted_datum(secret, plain_text, tenant, crypto_manager,
tenant_secret_repo, datum_repo):
"""
Modifies the secret to add the plain_text secret information.
:param secret: the secret entity to associate the secret data to
:param plain_text: plain-text of the secret data to store
:param tenant: the tenant (entity) who owns the secret
:param crypto_manager: the crypto plugin manager
:param tenant_secret_repo: the tenant/secret association repository
:param datum_repo: the encrypted datum repository
:retval The response body, None if N/A
"""
if not plain_text:
raise exception.NoDataToProcess()
if validators.secret_too_big(plain_text):
raise exception.LimitExceeded()
if secret.encrypted_data:
raise ValueError('Secret already has encrypted data stored for it.')
fields = secret.to_dict_fields()
fields['plain_text'] = plain_text
# Encrypt plain_text
LOG.debug('Encrypting plain_text secret')
new_datum = crypto_manager.encrypt(plain_text, secret, tenant)
datum_repo.create_from(new_datum)
# Create Tenant/Secret entity.
new_assoc = models.TenantSecret()
new_assoc.tenant_id = tenant.id
new_assoc.secret_id = secret.id
new_assoc.role = "admin"
new_assoc.status = models.States.ACTIVE
tenant_secret_repo.create_from(new_assoc)
return new_datum
