class SecretStoreMetadatum(base.BarbicanObject, base.BarbicanPersistentObject, object_base.VersionedObjectDictCompat): fields = { 'key': fields.StringField(), 'value': fields.StringField(), 'secret_id': fields.StringField() } db_model = models.SecretStoreMetadatum db_repo = repo.get_secret_meta_repository() def _validate_fields(self, change_fields): msg = u._("Must supply non-None {0} argument " "for SecretStoreMetadatum entry.") if change_fields.get('key') is None: raise exception.MissingArgumentError(msg.format('key')) if change_fields.get('value') is None: raise exception.MissingArgumentError(msg.format('value')) @classmethod def save(cls, metadata, secret_obj): """Saves the specified metadata for the secret.""" now = timeutils.utcnow() for k, v in metadata.items(): meta_obj = cls(key=k, value=v) meta_obj.updated_at = now meta_obj.secret_id = secret_obj.id meta_obj.create() @classmethod def get_metadata_for_secret(cls, secret_id): return cls.db_repo.get_metadata_for_secret(secret_id)
class SecretStores(base.BarbicanObject, base.BarbicanPersistentObject, object_base.VersionedObjectDictCompat): fields = { 'store_plugin': fields.StringField(), 'crypto_plugin': fields.StringField(nullable=True), 'global_default': fields.BooleanField(default=False), 'name': fields.StringField(), 'status': fields.StringField(nullable=True, default=base.States.ACTIVE) } db_model = models.SecretStores db_repo = repos.get_secret_stores_repository() def _validate_fields(self, change_fields): msg = u._("Must supply non-Blank {0} argument for SecretStores entry.") if not change_fields.get('name'): raise exception.MissingArgumentError(msg.format("name")) if not change_fields.get('store_plugin'): raise exception.MissingArgumentError(msg.format("store_plugin")) @classmethod def get_all(cls, session=None): secret_stores_db = cls.db_repo.get_all(session) secret_stores_obj = [cls()._from_db_object(secret_store_db) for secret_store_db in secret_stores_db] return secret_stores_obj
class OrderRetryTask(base.BarbicanObject, base.BarbicanPersistentObject, object_base.VersionedObjectDictCompat): fields = { 'id': fields.StringField(default=utils.generate_uuid()), 'order_id': fields.StringField(), 'retry_task': fields.StringField(), 'retry_at': fields.DateTimeField(nullable=True, default=None), 'retry_args': fields.JsonField(), 'retry_kwargs': fields.JsonField(), 'retry_count': fields.IntegerField(default=0) } db_model = models.OrderRetryTask db_repo = repos.get_order_retry_tasks_repository() @classmethod def get_by_create_date(cls, only_at_or_before_this_date=None, offset_arg=None, limit_arg=None, suppress_exception=False, session=None): entities_db, offset, limit, total = cls.db_repo.get_by_create_date( only_at_or_before_this_date, offset_arg, limit_arg, suppress_exception, session) entities = [cls()._from_db_object(entity_db) for entity_db in entities_db] return entities, offset, limit, total
class SecretUserMetadatum(base.BarbicanObject, base.BarbicanPersistentObject, object_base.VersionedObjectDictCompat): fields = { 'key': fields.StringField(), 'value': fields.StringField(), 'secret_id': fields.StringField(), } db_model = models.SecretStoreMetadatum db_repo = repo.get_secret_user_meta_repository() @classmethod def create_replace_user_metadata(cls, secret_id, metadata): cls.db_repo.create_replace_user_metadata(secret_id, metadata) @classmethod def get_metadata_for_secret(cls, secret_id): return cls.db_repo.get_metadata_for_secret(secret_id) @classmethod def create_replace_user_metadatum(cls, secret_id, key, value): cls.db_repo.create_replace_user_metadatum(secret_id, key, value) @classmethod def delete_metadatum(cls, secret_id, key): cls.db_repo.delete_metadatum(secret_id, key)
class BarbicanPersistentObject(object): fields = { 'id': fields.StringField(nullable=True, default=None), 'created_at': fields.DateTimeField(nullable=True, tzinfo_aware=False), 'updated_at': fields.DateTimeField(nullable=True, tzinfo_aware=False), 'deleted_at': fields.DateTimeField(nullable=True, tzinfo_aware=False), 'deleted': fields.BooleanField(nullable=True), 'status': fields.StringField(nullable=True, default=States.PENDING) }
class ProjectSecretStore(base.BarbicanObject, base.BarbicanPersistentObject, object_base.VersionedObjectDictCompat): fields = { 'secret_store_id': fields.StringField(nullable=True, default=None), 'project_id': fields.StringField(nullable=True, default=None), 'secret_store': fields.ObjectField('SecretStores', nullable=True, default=None), 'project': fields.ObjectField('Project', nullable=True, default=None), 'status': fields.StringField(nullable=True, default=base.States.ACTIVE) } db_model = models.ProjectSecretStore db_repo = repos.get_project_secret_store_repository() synthetic_fields = ['secret_store', 'project'] def _validate_fields(self, change_fields): msg = u._("Must supply non-None {0} argument for ProjectSecretStore " " entry.") if not change_fields.get('project_id'): raise exception.MissingArgumentError(msg.format("project_id")) if not change_fields.get('secret_store_id'): raise exception.MissingArgumentError(msg.format("secret_store_id")) @classmethod def get_secret_store_for_project(cls, project_id, external_project_id, suppress_exception=False, session=None): pss_db = cls.db_repo.get_secret_store_for_project( project_id, external_project_id, suppress_exception, session) return cls()._from_db_object(pss_db) @classmethod def create_or_update_for_project(cls, project_id, secret_store_id, session=None): pss_db = cls.db_repo.create_or_update_for_project( project_id, secret_store_id, session) return cls()._from_db_object(pss_db) @classmethod def get_count_by_secret_store(cls, secret_store_id, session=None): number_pss = cls.db_repo.get_count_by_secret_store( secret_store_id, session) return number_pss
class OrderPluginMetadatum(base.BarbicanObject, base.BarbicanPersistentObject, object_base.VersionedObjectDictCompat): """This class represents OrderPluginMetadatum object""" fields = { 'order_id': fields.StringField(), 'key': fields.StringField(), 'value': fields.StringField() } db_model = models.OrderPluginMetadatum db_repo = repos.get_order_plugin_meta_repository()
class ContainerSecret(base.BarbicanObject, base.BarbicanPersistentObject, object_base.VersionedObjectDictCompat): fields = { 'name': fields.StringField(nullable=True, default=None), 'container_id': fields.StringField(), 'secret_id': fields.StringField(), } db_model = models.ContainerSecret db_repo = repos.get_container_secret_repository() def create(self, session=None): change_fields = self._get_changed_persistent_fields() self._validate_fields(change_fields) db_entity = self._get_db_entity() db_entity.update(change_fields) db_entity = self.db_repo.create_from(db_entity, session=session) return self._from_db_object(db_entity)
class TransportKey(base.BarbicanObject, base.BarbicanPersistentObject, object_base.VersionedObjectDictCompat): fields = { 'plugin_name': fields.StringField(), 'transport_key': fields.StringField(), 'status': fields.StringField(nullable=True, default=base.States.ACTIVE) } db_model = models.TransportKey db_repo = repo.get_transport_key_repository() def _validate_fields(self, change_fields): msg = u._("Must supply non-None {0} argument for TransportKey entry.") if change_fields.get('plugin_name') is None: raise exception.MissingArgumentError(msg.format("plugin_name")) if change_fields.get('transport_key') is None: raise exception.MissingArgumentError(msg.format("transport_key")) @classmethod def get_by_create_date(cls, plugin_name=None, offset_arg=None, limit_arg=None, suppress_exception=False, session=None): transport_keys_db, offset, limit, total = \ cls.db_repo.get_by_create_date(plugin_name, offset_arg, limit_arg, suppress_exception, session) transport_keys_obj = [ cls()._from_db_object(transport_key) for transport_key in transport_keys_db ] return transport_keys_obj, offset, limit, total @classmethod def get_latest_transport_key(cls, plugin_name, suppress_exception=False, session=None): transport_key_db = cls.db_repo.get_latest_transport_key( plugin_name, suppress_exception, session) return cls()._from_db_object(transport_key_db)
class ProjectSecretStore(base.BarbicanObject, base.BarbicanPersistentObject, object_base.VersionedObjectDictCompat): fields = { 'secret_store_id': fields.StringField(), 'project_id': fields.StringField(), 'secret_store': fields.ObjectField('SecretStores', nullable=True, default=None), 'project': fields.ObjectField('Project', nullable=True, default=None), 'status': fields.StringField(nullable=True, default=base.States.ACTIVE) } db_model = models.ProjectSecretStore db_repo = repos.get_project_secret_store_repository() synthetic_fields = ['secret_store', 'project'] @classmethod def get_secret_store_for_project(cls, project_id, external_project_id, suppress_exception=False, session=None): pss_db = cls.db_repo.get_secret_store_for_project( project_id, external_project_id, suppress_exception, session) return cls()._from_db_object(pss_db) @classmethod def create_or_update_for_project(cls, project_id, secret_store_id, session=None): pss_db = cls.db_repo.create_or_update_for_project( project_id, secret_store_id, session) return cls()._from_db_object(pss_db) @classmethod def get_count_by_secret_store(cls, secret_store_id, session=None): number_pss = cls.db_repo.get_count_by_secret_store( secret_store_id, session) return number_pss
class SecretStores(base.BarbicanObject, base.BarbicanPersistentObject, object_base.VersionedObjectDictCompat): fields = { 'store_plugin': fields.StringField(), 'crypto_plugin': fields.StringField(nullable=True), 'global_default': fields.BooleanField(default=False), 'name': fields.StringField(), 'status': fields.StringField(nullable=True, default=base.States.ACTIVE) } db_model = models.SecretStores db_repo = repos.get_secret_stores_repository() @classmethod def get_all(cls, session=None): secret_stores_db = cls.db_repo.get_all(session) secret_stores_obj = [ cls()._from_db_object(secret_store_db) for secret_store_db in secret_stores_db ] return secret_stores_obj
class KEKDatum(base.BarbicanObject, base.BarbicanPersistentObject, object_base.VersionedObjectDictCompat): fields = { 'plugin_name': fields.StringField(nullable=True, default=None), 'kek_label': fields.StringField(nullable=True, default=None), 'project_id': fields.StringField(nullable=True, default=None), 'active': fields.BooleanField(default=True), 'bind_completed': fields.BooleanField(default=False), 'algorithm': fields.StringField(nullable=True, default=None), 'bit_length': fields.IntegerField(nullable=True, default=None), 'mode': fields.StringField(nullable=True, default=None), 'plugin_meta': fields.StringField(nullable=True, default=None) } db_model = models.KEKDatum db_repo = repo.get_kek_datum_repository() @classmethod def find_or_create_kek_datum(cls, project, plugin_name, suppress_exception=False, session=None): kek_datum_db = cls.db_repo.find_or_create_kek_datum( project, plugin_name, suppress_exception, session) return cls()._from_db_object(kek_datum_db)
class ContainerACLUser(base.BarbicanObject, base.BarbicanPersistentObject, object_base.VersionedObjectDictCompat): fields = { 'acl_id': fields.StringField(), 'user_id': fields.StringField(), 'status': fields.StringField(nullable=True, default=base.States.ACTIVE) } db_model = models.ContainerACLUser db_repo = repos.get_container_acl_user_repository() def _validate_fields(self, change_fields): if change_fields.get('user_id') is None: msg = u._("Must supply non-None {0} argument for ContainerACLUser " "entry.") raise exception.MissingArgumentError(msg.format("user_id")) def delete(self, session): entity_id = self.id self.db_repo.delete_entity_by_id(entity_id=entity_id, external_project_id=None, session=session)
class Project(base.BarbicanObject, base.BarbicanPersistentObject, object_base.VersionedObjectDictCompat): fields = { 'external_id': fields.StringField(nullable=True, default=None), } db_model = models.Project db_repo = repo.get_project_repository() @classmethod def find_by_external_project_id(cls, external_project_id, suppress_exception=False, session=None): project_db = cls.db_repo.find_by_external_project_id( external_project_id, suppress_exception, session) return cls()._from_db_object(project_db)
class EncryptedDatum(base.BarbicanObject, base.BarbicanPersistentObject, object_base.VersionedObjectDictCompat): fields = { 'content_type': fields.StringField(nullable=True, default=None), 'secret_id': fields.StringField(), 'kek_id': fields.StringField(), 'cypher_text': fields.StringField(nullable=True, default=None), 'kek_meta_extended': fields.StringField(nullable=True, default=None), 'kek_meta_project': fields.ObjectField('KEKDatum', nullable=True, default=None), 'status': fields.StringField(nullable=True, default=base.States.ACTIVE) } db_model = models.EncryptedDatum db_repo = repo.get_encrypted_datum_repository() synthetic_fields = ['kek_meta_project']
class ContainerACL(base.BarbicanObject, base.BarbicanPersistentObject, object_base.VersionedObjectDictCompat): fields = { 'container_id': fields.StringField(), 'operation': fields.StringField(), 'project_access': fields.BooleanField(default=True), 'acl_users': fields.ListOfObjectsField('ContainerACLUser', default=list()), 'status': fields.StringField(nullable=True, default=base.States.ACTIVE) } db_model = models.ContainerACL db_repo = repo.get_container_acl_repository() synthetic_fields = ['acl_users'] def _validate_fields(self, change_fields): msg = u._("Must supply non-None {0} argument for ContainerACL entry.") if change_fields.get('container_id') is None: raise exception.MissingArgumentError(msg.format("container_id")) if change_fields.get('operation') is None: raise exception.MissingArgumentError(msg.format("operation")) def _get_db_entity(self, user_ids=None): return self.db_model(user_ids=user_ids, check_exc=False) def create(self, session=None, user_ids=None): change_fields = self._get_changed_persistent_fields() self._validate_fields(change_fields) db_entity = self._get_db_entity(user_ids=user_ids) db_entity.update(change_fields) db_entity = self.db_repo.create_from(db_entity, session=session) self._from_db_object(db_entity) def delete(self, session): entity_id = self.id self.db_repo.delete_entity_by_id(entity_id=entity_id, external_project_id=None, session=session) @classmethod def get_by_container_id(cls, container_id, session=None): entities_db = cls.db_repo.get_by_container_id(container_id, session) entities = [ cls()._from_db_object(entity_db) for entity_db in entities_db ] return entities @classmethod def create_or_replace_from(cls, container, container_acl, user_ids=None, session=None): """Create or replace Secret and SecretACL :param container: an instance of Container object :param container_acl: an instance of ContainerACL object :param user_ids: :param session: a session to connect with database """ session = cls.get_session(session) container.updated_at = timeutils.utcnow() container.save(session=session) container_acl.updated_at = timeutils.utcnow() if container_acl.id is None: container_acl.create(session=session, user_ids=user_ids) else: container_acl.save(session=session) cls._create_or_replace_acl_users(container_acl=container_acl, user_ids=user_ids, session=session) @classmethod def create_or_replace_from_model(cls, container, container_acl, user_ids=None, session=None): """Create or replace Secret and SecretACL :param container: an instance of Container model :param container_acl: an instance of ContainerACL object :param user_ids: :param session: a session to connect with database It is used during converting from model to OVO. It will be removed after Container resource is implemented OVO. """ session = cls.get_session(session) container.updated_at = timeutils.utcnow() container.save(session=session) now = timeutils.utcnow() container_acl.updated_at = now if container_acl.id is None: container_acl.create(session=session, user_ids=user_ids) else: container_acl.save(session=session) cls._create_or_replace_acl_users(container_acl=container_acl, user_ids=user_ids, session=session) @classmethod def _create_or_replace_acl_users(cls, container_acl, user_ids, session=None): if user_ids is None: return user_ids = set(user_ids) now = timeutils.utcnow() session = session or cls.get_session(session) container_acl.updated_at = now for acl_user in container_acl.acl_users: if acl_user.user_id in user_ids: # input user_id already exists acl_user.updated_at = now acl_user.save(session=session) user_ids.remove(acl_user.user_id) else: acl_user.delete(session=session) for user_id in user_ids: acl_user = container_acl_user.ContainerACLUser( acl_id=container_acl.id, user_id=user_id) acl_user.create(session=session) if container_acl.id: container_acl.save(session=session) else: container_acl.create(session=session) @classmethod def get_count(cls, container_id, session=None): query = cls.db_repo.get_count(container_id, session) return query @classmethod def delete_acls_for_container(cls, container, session=None): # TODO(namnh) # After Container resource is implemented, This function # will be updated source code being used. session = cls.get_session(session=session) for entity in container.container_acls: entity.delete(session=session) @classmethod def delete_acls_for_container_model(cls, container, session=None): """Delete ACLs in Container Used during converting Model to OVO, it will be removed in near future. :param container: instance of Container model :param session: connection to database """ cls.db_repo.delete_acls_for_container(container, session)
class ContainerConsumerMetadatum(base.BarbicanObject, base.BarbicanPersistentObject, object_base.VersionedObjectDictCompat): fields = { 'container_id': fields.StringField(nullable=False), 'project_id': fields.StringField(nullable=True, default=None), 'name': fields.StringField(nullable=True, default=None), 'URL': fields.StringField(nullable=True, default=None), 'data_hash': fields.StringField(nullable=True, default=None) } db_model = models.ContainerConsumerMetadatum db_repo = repos.get_container_consumer_repository() @classmethod def get_by_container_id(cls, container_id, offset_arg=None, limit_arg=None, suppress_exception=False, session=None): entities_db, offset, limit, total = \ cls.db_repo.get_by_container_id( container_id, offset_arg, limit_arg, suppress_exception, session) entities = [cls()._from_db_object(entity_db) for entity_db in entities_db] return entities, offset, limit, total @classmethod def get_by_values(cls, container_id, name, URL, suppress_exception=False, show_deleted=False, session=None): consumer_db = cls.db_repo.get_by_values(container_id, name, URL, suppress_exception, show_deleted, session) return cls()._from_db_object(consumer_db) @classmethod def create_or_update_from_model(cls, new_consumer, container, session=None): """Create or update container :param new_consumer: a instance of ContainerConsumerMetadatum model :param container: a instance of Container OVO :param session: a session to connect with database :return: None It is used during converting from model to OVO. It will be removed after Container resource is implemented OVO. """ session = cls.get_session(session=session) try: container.updated_at = timeutils.utcnow() container.save(session=session) new_consumer.save(session=session) except db_exc.DBDuplicateEntry: session.rollback() # We know consumer already exists. # This operation is idempotent, so log this and move on LOG.debug("Consumer %s with URL %s already exists for " "container %s, continuing...", new_consumer.name, new_consumer.URL, new_consumer.container_id) # Get the existing entry and reuse it by clearing the deleted flags existing_consumer = cls.get_by_values( new_consumer.container_id, new_consumer.name, new_consumer.URL, show_deleted=True) existing_consumer.deleted = False existing_consumer.deleted_at = None # We are not concerned about timing here -- set only, no reads existing_consumer.save(session=session) @classmethod def create_or_update_from(cls, new_consumer, container, session=None): """Create or update container :param new_consumer: a instance of ContainerConsumerMetadatum OVO :param container: a instance of Container OVO :param session: a session to connect with database :return: None """ session = cls.get_session(session=session) try: container.updated_at = timeutils.utcnow() container.consumers.append(new_consumer) container.save(session=session) except db_exc.DBDuplicateEntry: session.rollback() # We know consumer already exists. # This operation is idempotent, so log this and move on LOG.debug("Consumer %s with URL %s already exists for " "container %s, continuing...", new_consumer.name, new_consumer.URL, new_consumer.container_id) # Get the existing entry and reuse it by clearing the deleted flags existing_consumer = cls.get_by_values( new_consumer.container_id, new_consumer.name, new_consumer.URL, show_deleted=True) existing_consumer.deleted = False existing_consumer.deleted_at = None # We are not concerned about timing here -- set only, no reads existing_consumer.save(session=session)
class SecretACL(base.BarbicanObject, base.BarbicanPersistentObject, object_base.VersionedObjectDictCompat): fields = { 'secret_id': fields.StringField(), 'operation': fields.StringField(), 'project_access': fields.BooleanField(default=True), 'acl_users': fields.ListOfObjectsField('SecretACLUser', default=list()), 'status': fields.StringField(nullable=True, default=base.States.ACTIVE) } db_model = models.SecretACL db_repo = repos.get_secret_acl_repository() synthetic_fields = ['acl_users'] def _validate_fields(self, change_fields): msg = u._("Must supply non-None {0} argument for SecretACL entry.") if change_fields.get('secret_id') is None: raise exception.MissingArgumentError(msg.format("secret_id")) if change_fields.get('operation') is None: raise exception.MissingArgumentError(msg.format("operation")) def _get_db_entity(self, user_ids=None): return self.db_model(user_ids=user_ids, check_exc=False) def create(self, session=None, user_ids=None): change_fields = self._get_changed_persistent_fields() self._validate_fields(change_fields) db_entity = self._get_db_entity(user_ids=user_ids) db_entity.update(change_fields) db_entity = self.db_repo.create_from(db_entity, session=session) self._from_db_object(db_entity) def delete(self, session): entity_id = self.id self.db_repo.delete_entity_by_id(entity_id=entity_id, external_project_id=None, session=session) @classmethod def get_by_secret_id(cls, secret_id, session=None): secret_acls_db = cls.db_repo.get_by_secret_id(secret_id, session=session) secret_acls_obj = [ cls()._from_db_object(secret_acl_db) for secret_acl_db in secret_acls_db ] return secret_acls_obj @classmethod def create_or_replace_from_model(cls, secret, secret_acl, user_ids=None, session=None): """Create or replace Secret and SecretACL :param secret: an instance of Secret model :param secret_acl: an instance of SecretACL object :param user_ids: :param session: a session to connect with database It is used during converting from model to OVO. It will be removed after Secret resource is implemented OVO. """ secret.updated_at = timeutils.utcnow() secret_acl.updated_at = timeutils.utcnow() secret.save(session=session) if secret_acl.id: secret_acl.save(session=session) else: secret_acl.create(session=session) cls._create_or_replace_acl_users(secret_acl=secret_acl, user_ids=user_ids, session=session) @classmethod def _create_or_replace_acl_users(cls, secret_acl, user_ids, session=None): """Create or replace acl_user :param secret_acl: an instance of OVO :param user_ids: id of users :param session: a session to connect with database """ if user_ids is None: return user_ids = set(user_ids) now = timeutils.utcnow() secret_acl.updated_at = now for acl_user in secret_acl.acl_users: if acl_user.user_id in user_ids: # input user_id already exists acl_user.updated_at = now acl_user.save(session=session) user_ids.remove(acl_user.user_id) else: acl_user.delete(session=session) for user_id in user_ids: acl_user = secret_acl_user.SecretACLUser(acl_id=secret_acl.id, user_id=user_id) acl_user.create(session=session) if secret_acl.id: secret_acl.save(session=session) else: secret_acl.create(session=session) @classmethod def create_or_replace_from(cls, secret, secret_acl, user_ids=None): # TODO(namnh): # I will update this function after Secret resource is implemented. pass @classmethod def delete_acls_for_secret_model(cls, secret, session=None): """Delete acl in Secret :param secret: an instance of Secret model :param session: a session to connect with database Used during converting Model to OVO. It will be removed in the near future. """ cls.db_repo.delete_acls_for_secret(secret, session) @classmethod def delete_acls_for_secret(cls, secret, session=None): """Delete acl in a secret. :param secret: an instance of Secret OVO :param session: a session to connect with database This function will be using after Secret resource is implemented OVO. """ session = cls.get_session(session=session) for entity in secret.secret_acls: entity.delete(session=session) @classmethod def get_count(cls, secret_id, session=None): return cls.db_repo.get_count(secret_id, session=session)
class Container(base.BarbicanObject, base.BarbicanPersistentObject, object_base.VersionedObjectDictCompat): fields = { 'name': fields.StringField(nullable=True, default=None), 'type': fields.EnumField(nullable=True, valid_values=TYPE_VALUE), 'project_id': fields.StringField(nullable=True, default=None), 'creator_id': fields.StringField(nullable=True, default=None), 'consumers': fields.ListOfObjectsField('ContainerConsumerMetadatum', default=list()), 'container_secrets': fields.ListOfObjectsField('ContainerSecret', default=list()), 'container_acls': fields.ListOfObjectsField('ContainerACL', default=list()), 'project': fields.ObjectField('Project', nullable=True, default=None) } db_model = models.Container db_repo = repos.get_container_repository() synthetic_fields = [ 'consumers', 'container_secrets', 'container_acls', 'project' ] def __init__(self, context=None, parsed_request=None, **kwargs): super(Container, self).__init__(context=context, **kwargs) if parsed_request: self.name = parsed_request.get('name') self.type = parsed_request.get('type') self.status = base.States.ACTIVE self.creator_id = parsed_request.get('creator_id') secret_refs = parsed_request.get('secret_refs') if secret_refs: for secret_ref in parsed_request.get('secret_refs'): container_secret = con_se.ContainerSecret() container_secret.name = secret_ref.get('name') secret_id = secret_ref.get('secret_ref') if secret_id.endswith('/'): secret_id = secret_id.rsplit('/', 2)[1] elif '/' in secret_id: secret_id = secret_id.rsplit('/', 1)[1] else: secret_id = secret_id container_secret.secret_id = secret_id self.container_secrets.append(container_secret) def _get_db_entity(self, data=None): return self.db_model(parsed_request=data, check_exc=False) def _attach_container_secret(self, container_secrets, container_id, session): if container_secrets: for container_secret in container_secrets: container_secret.container_id = container_id if container_secret.id is None: self.container_secrets.append( container_secret.create(session=session)) else: self.container_secrets.append( container_secret.save(session=session)) def _attach_consumers(self, consumers, container_id, session): if consumers: for consumer in consumers: consumer.container_id = container_id if consumer.id is None: self.consumers.append(consumer.create(session=session)) else: self.consumers.append(consumer.save(session=session)) def create(self, session=None): fields = self.obj_get_changes() super(Container, self).create(session=session) if 'container_secrets' in fields: self._attach_container_secret(fields['container_secrets'], container_id=self.id, session=session) if 'consumers' in fields: self._attach_consumers(fields['consumers'], container_id=self.id, session=session) def save(self, session=None): fields = self.obj_get_changes() super(Container, self).save(session=session) if 'consumers' in fields: self._attach_consumers(fields['consumers'], container_id=self.id, session=session) @classmethod def get_by_create_date(cls, external_project_id, offset_arg=None, limit_arg=None, name_arg=None, suppress_exception=False, session=None): entities_db, offset, limit, total = cls.db_repo.get_by_create_date( external_project_id, offset_arg, limit_arg, name_arg, suppress_exception, session) entities_obj = [ cls()._from_db_object(entity_db) for entity_db in entities_db ] return entities_obj, offset, limit, total @classmethod def get_container_by_id(cls, entity_id, suppress_exception=False, session=None): entity_db = cls.db_repo.get_container_by_id(entity_id, suppress_exception, session) return cls()._from_db_object(entity_db)
class Order(base.BarbicanObject, base.BarbicanPersistentObject, object_base.VersionedObjectDictCompat): """This class represents Order object""" fields = { 'type': fields.StringField(default='key'), 'project_id': fields.StringField(), 'error_status_code': fields.StringField(nullable=True, default=None), 'error_reason': fields.StringField(nullable=True, default=None), 'meta': fields.JsonField(nullable=True, default=None), 'secret_id': fields.StringField(nullable=True, default=None), 'container_id': fields.StringField(nullable=True, default=None), 'sub_status': fields.StringField(nullable=True, default=None), 'sub_status_message': fields.StringField(nullable=True, default=None), 'creator_id': fields.StringField(nullable=True, default=None), 'order_plugin_metadata': fields.DictOfObjectsField('OrderPluginMetadatum', nullable=True, default=dict()), 'order_barbican_metadata': fields.DictOfObjectsField('OrderBarbicanMetadatum', nullable=True, default=dict()) } db_model = models.Order db_repo = repos.get_order_repository() synthetic_fields = ['order_plugin_metadata', 'order_barbican_metadata'] @classmethod def get_by_create_date(cls, external_project_id, offset_arg=None, limit_arg=None, meta_arg=None, suppress_exception=False, session=None): """Returns a list of orders The list is ordered by the date they were created at and paged based on the offset and limit fields. :param external_project_id: The keystone id for the project. :param offset_arg: The entity number where the query result should start. :param limit_arg: The maximum amount of entities in the result set. :param meta_arg: Optional meta field used to filter results. :param suppress_exception: Whether NoResultFound exceptions should be suppressed. :param session: SQLAlchemy session object. :returns: Tuple consisting of (list_of_entities, offset, limit, total). """ entities_db, offset, limit, total = cls.db_repo.get_by_create_date( external_project_id, offset_arg=offset_arg, limit_arg=limit_arg, meta_arg=meta_arg, suppress_exception=suppress_exception, session=session) entities = [ cls()._from_db_object(entity_db) for entity_db in entities_db ] return entities, offset, limit, total
class Secret(base.BarbicanObject, base.BarbicanPersistentObject, object_base.VersionedObjectDictCompat): """This class represents Secret object""" fields = { 'name': fields.StringField(nullable=True), 'secret_type': fields.StringField(nullable=True, default=utils.SECRET_TYPE_OPAQUE), 'expiration': fields.DateTimeField(nullable=True, default=None), 'algorithm': fields.StringField(nullable=True, default=None), 'bit_length': fields.IntegerField(nullable=True, default=None), 'mode': fields.StringField(nullable=True, default=None), 'creator_id': fields.StringField(nullable=True, default=None), 'project_id': fields.StringField(nullable=True, default=None), 'encrypted_data': fields.ListOfObjectsField('EncryptedDatum', default=list(), nullable=True), 'secret_acls': fields.ListOfObjectsField('SecretACL', default=list(), nullable=True), 'secret_store_metadata': fields.DictOfObjectsField('SecretStoreMetadatum', default=dict(), nullable=True), 'secret_user_metadata': fields.DictOfObjectsField('SecretUserMetadatum', default=dict(), nullable=True), 'consumers': fields.ListOfObjectsField('SecretConsumerMetadatum', default=list(), nullable=True), 'status': fields.StringField(nullable=True, default=base.States.ACTIVE) } db_model = models.Secret db_repo = repo.get_secret_repository() synthetic_fields = [ 'encrypted_data', 'secret_acls', 'secret_store_metadata', 'secret_user_metadata', 'consumers' ] @classmethod def get_secret_list(cls, external_project_id, offset_arg=None, limit_arg=None, name=None, alg=None, mode=None, bits=0, secret_type=None, suppress_exception=False, session=None, acl_only=None, user_id=None, created=None, updated=None, expiration=None, sort=None): secrets_db, offset, limit, total = cls.db_repo.get_secret_list( external_project_id, offset_arg, limit_arg, name, alg, mode, bits, secret_type, suppress_exception, session, acl_only, user_id, created, updated, expiration, sort) secrets_object = [ cls()._from_db_object(secret_db) for secret_db in secrets_db ] return secrets_object, offset, limit, total @classmethod def get_secret_by_id(cls, entity_id, suppress_exception=False, session=None): secret_db = cls.db_repo.get_secret_by_id(entity_id, suppress_exception, session) return cls()._from_db_object(secret_db)
class ProjectQuotas(base.BarbicanObject, base.BarbicanPersistentObject, object_base.VersionedObjectDictCompat): fields = { 'project_id': fields.StringField(nullable=True), 'secrets': fields.IntegerField(nullable=True, default=None), 'containers': fields.IntegerField(nullable=True, default=None), 'consumers': fields.IntegerField(nullable=True, default=None), 'orders': fields.IntegerField(nullable=True, default=None), 'cas': fields.IntegerField(nullable=True, default=None), 'project': fields.ObjectField('Project', nullable=True, default=None), } db_model = models.ProjectQuotas db_repo = repos.get_project_quotas_repository() synthetic_fields = ['project'] def _validate_fields(self, change_fields): msg = u._("Must supply non-None {0} argument for ProjectQuotas entry.") if change_fields.get('project_id') is None: raise exception.MissingArgumentError(msg.format("project_id")) def _get_db_entity(self, parsed_project_quotas=None): return self.db_model(parsed_project_quotas=parsed_project_quotas, check_exc=False) def create(self, session=None, parsed_project_quotas=None): change_fields = self._get_changed_persistent_fields() self._validate_fields(change_fields) db_entity = self._get_db_entity( parsed_project_quotas=parsed_project_quotas) db_entity.update(change_fields) db_entity = self.db_repo.create_from(db_entity, session=session) self._from_db_object(db_entity) @classmethod def get_by_create_date(cls, offset_arg=None, limit_arg=None, suppress_exception=False, session=None): entities_db, offset, limit, total = \ cls.db_repo.get_by_create_date(offset_arg, limit_arg, suppress_exception, session) entities = [ cls()._from_db_object(entity_db) for entity_db in entities_db ] return entities, offset, limit, total @classmethod def create_or_update_by_project_id(cls, project_id, parsed_project_quotas, session=None): cls.db_repo.create_or_update_by_project_id(project_id, parsed_project_quotas, session) @classmethod def get_by_external_project_id(cls, external_project_id, suppress_exception=False, session=None): entity_db = cls.db_repo. \ get_by_external_project_id(external_project_id, suppress_exception, session) return cls()._from_db_object(entity_db) @classmethod def delete_by_external_project_id(cls, external_project_id, suppress_exception=False, session=None): cls.db_repo.delete_by_external_project_id(external_project_id, suppress_exception, session)