def get_archive_credential_revisions(id): try: cred = Credential.get(id) except Credential.DoesNotExist: return jsonify({}), 404 if (cred.data_type != 'credential' and cred.data_type != 'archive-credential'): return jsonify({}), 404 revisions = [] _range = range(1, cred.revision + 1) ids = [] for i in _range: ids.append("{0}-{1}".format(id, i)) for revision in Credential.batch_get(ids): revisions.append({ 'id': revision.id, 'name': revision.name, 'revision': revision.revision, 'enabled': revision.enabled, 'modified_date': revision.modified_date, 'modified_by': revision.modified_by }) return jsonify({ 'revisions': sorted( revisions, key=lambda k: k['revision'], reverse=True ) })
def run(self, days, force, ids): if not settings.DYNAMODB_TABLE_ARCHIVE: logger.error('DYNAMODB_TABLE_ARCHIVE is not configured, exiting.') return 1 if days and ids: logger.error('--days and --ids options are mutually exclusive') return 1 if not days and not ids: logger.error('Either --days or --ids options are required') return 1 credentials = [] if ids: # filter strips an empty string _ids = [_id.strip() for _id in list(filter(None, ids.split(',')))] if not _ids: logger.error('Passed in --ids argument is empty') return 1 for credential in Credential.batch_get(_ids): if credential.enabled: logger.warning('Skipping enabled credential {}'.format( credential.id)) continue credentials.append(credential) else: for credential in Credential.data_type_date_index.query( 'credential'): tz = credential.modified_date.tzinfo now = datetime.now(tz) delta = now - credential.modified_date if not credential.enabled and delta.days > days: credentials.append(credential) self.archive(credentials, force=force)
def get_archive_credential_revisions(id): try: cred = Credential.get(id) except DoesNotExist: logging.warning('Item with id {0} does not exist.'.format(id)) return jsonify({}), 404 if (cred.data_type != 'credential' and cred.data_type != 'archive-credential'): return jsonify({}), 404 revisions = [] _range = range(1, cred.revision + 1) ids = [] for i in _range: ids.append("{0}-{1}".format(id, i)) for revision in Credential.batch_get(ids): revisions.append({ 'id': revision.id, 'name': revision.name, 'revision': revision.revision, 'enabled': revision.enabled, 'modified_date': revision.modified_date, 'modified_by': revision.modified_by, 'documentation': revision.documentation }) return jsonify({ 'revisions': sorted(revisions, key=lambda k: k['revision'], reverse=True) })
def _get_credentials(credential_ids): credentials = [] with stats.timer('service_batch_get_credentials'): for cred in Credential.batch_get(credential_ids): data_key = keymanager.decrypt_key( cred.data_key, encryption_context={'id': cred.id}) cipher_version = cred.cipher_version cipher = CipherManager(data_key, cipher_version) _credential_pairs = cipher.decrypt(cred.credential_pairs) _credential_pairs = json.loads(_credential_pairs) credentials.append({ 'id': cred.id, 'name': cred.name, 'enabled': cred.enabled, 'revision': cred.revision, 'credential_pairs': _credential_pairs }) return credentials
def _get_credentials(credential_ids): credentials = [] with stats.timer('service_batch_get_credentials'): for cred in Credential.batch_get(credential_ids): data_key = keymanager.decrypt_key( cred.data_key, encryption_context={'id': cred.id} ) cipher_version = cred.cipher_version cipher = CipherManager(data_key, cipher_version) _credential_pairs = cipher.decrypt(cred.credential_pairs) _credential_pairs = json.loads(_credential_pairs) credentials.append({ 'id': cred.id, 'name': cred.name, 'enabled': cred.enabled, 'revision': cred.revision, 'credential_pairs': _credential_pairs }) return credentials
def get_archive_credential_revisions(id): if not acl_module_check( resource_type='credential', action='metadata', resource_id=id): msg = "{} does not have access to credential {} revisions".format( authnz.get_logged_in_user(), id) error_msg = {'error': msg} return jsonify(error_msg), 403 try: cred = Credential.get(id) except DoesNotExist: logging.warning('Item with id {0} does not exist.'.format(id)) return jsonify({}), 404 if (cred.data_type != 'credential' and cred.data_type != 'archive-credential'): return jsonify({}), 404 _range = range(1, cred.revision + 1) ids = [] for i in _range: ids.append("{0}-{1}".format(id, i)) revisions_response = RevisionsResponse.from_credentials( Credential.batch_get(ids)) return revisions_response_schema.dumps(revisions_response)
def archive(self, credentials, force): services = list(Service.data_type_date_index.query('service')) for credential in credentials: if self.credential_in_service(credential.id, services): msg = ('Skipping archival of disabled credential {}, as it' ' is still mapped to a service.') logger.warning(msg.format(credential.id)) continue saves = [] deletes = [] # save the current record. archive_credential = CredentialArchive.from_credential( credential, ) saves.append(archive_credential) # fetch and save every revision revisions = Credential.batch_get( credentialmanager.get_revision_ids_for_credential(credential)) for revision in revisions: archive_revision = CredentialArchive.from_credential( revision, ) saves.append(archive_revision) deletes.append(revision) deletes.append(credential) try: self.save(saves, force=force) except Exception: logger.exception( 'Failed to batch save {}, skipping deletion.'.format( credential.id)) stats.incr('archive.save.failure') continue try: self.delete(deletes, force=force) except Exception: logger.exception('Failed to batch delete {}'.format( credential.id)) stats.incr('archive.delete.failure')
def get_credentials(credential_ids): with stats.timer('service_batch_get_credentials'): _credential_ids = copy.deepcopy(credential_ids) return [cred for cred in Credential.batch_get(_credential_ids)]
def get_archive_credential_revisions(id): """ Returns a list of the metadata of all the revisions of the provided credential. .. :quickref: Credential Revisions; Get a list of the metadata of all the revisions of the provided credential. **Example request**: .. sourcecode:: http GET /v1/archive/credentials/abcd12345bf4f1cafe8e722d3860404 :query string next_page: If paged results were returned in a call, this query string can be used to fetch the next page. **Example response**: .. sourcecode:: http HTTP/1.1 200 OK Content-Type: application/json { "revisions": [ { "id": "abcd12345bf4f1cafe8e722d3860404-1", "name": "Example Credential", "credential_keys": [], "credential_pairs": {}, "metadata": { "example_metadata_key": "example_value" }, "revision": 1, "enabled": true, "documentation": "Example documentation", "modified_date": "2019-12-16T23:16:11.413299+00:00", "modified_by": "*****@*****.**", "permissions": {} }, ... ], next_page: null } :resheader Content-Type: application/json :statuscode 200: Success :statuscode 403: Client does not have permissions to get credential metadata for the provided credential ID. :statuscode 404: The provided credential ID does not exist. """ if not acl_module_check( resource_type='credential', action='metadata', resource_id=id): msg = "{} does not have access to credential {} revisions".format( authnz.get_logged_in_user(), id) error_msg = {'error': msg} return jsonify(error_msg), 403 try: cred = Credential.get(id) except DoesNotExist: logger.warning('Item with id {0} does not exist.'.format(id)) return jsonify({}), 404 if (cred.data_type != 'credential' and cred.data_type != 'archive-credential'): return jsonify({}), 404 revisions_response = RevisionsResponse.from_credentials( Credential.batch_get( credentialmanager.get_revision_ids_for_credential(cred))) return revisions_response_schema.dumps(revisions_response)