Exemple #1
0
def get_archive_credential_revisions(id):
    try:
        cred = Credential.get(id)
    except Credential.DoesNotExist:
        return jsonify({}), 404
    if (cred.data_type != 'credential' and
            cred.data_type != 'archive-credential'):
        return jsonify({}), 404
    revisions = []
    _range = range(1, cred.revision + 1)
    ids = []
    for i in _range:
        ids.append("{0}-{1}".format(id, i))
    for revision in Credential.batch_get(ids):
        revisions.append({
            'id': revision.id,
            'name': revision.name,
            'revision': revision.revision,
            'enabled': revision.enabled,
            'modified_date': revision.modified_date,
            'modified_by': revision.modified_by
        })
    return jsonify({
        'revisions': sorted(
            revisions,
            key=lambda k: k['revision'],
            reverse=True
        )
    })
Exemple #2
0
 def run(self, days, force, ids):
     if not settings.DYNAMODB_TABLE_ARCHIVE:
         logger.error('DYNAMODB_TABLE_ARCHIVE is not configured, exiting.')
         return 1
     if days and ids:
         logger.error('--days and --ids options are mutually exclusive')
         return 1
     if not days and not ids:
         logger.error('Either --days or --ids options are required')
         return 1
     credentials = []
     if ids:
         # filter strips an empty string
         _ids = [_id.strip() for _id in list(filter(None, ids.split(',')))]
         if not _ids:
             logger.error('Passed in --ids argument is empty')
             return 1
         for credential in Credential.batch_get(_ids):
             if credential.enabled:
                 logger.warning('Skipping enabled credential {}'.format(
                     credential.id))
                 continue
             credentials.append(credential)
     else:
         for credential in Credential.data_type_date_index.query(
                 'credential'):
             tz = credential.modified_date.tzinfo
             now = datetime.now(tz)
             delta = now - credential.modified_date
             if not credential.enabled and delta.days > days:
                 credentials.append(credential)
     self.archive(credentials, force=force)
Exemple #3
0
def get_archive_credential_revisions(id):
    try:
        cred = Credential.get(id)
    except DoesNotExist:
        logging.warning('Item with id {0} does not exist.'.format(id))
        return jsonify({}), 404
    if (cred.data_type != 'credential'
            and cred.data_type != 'archive-credential'):
        return jsonify({}), 404
    revisions = []
    _range = range(1, cred.revision + 1)
    ids = []
    for i in _range:
        ids.append("{0}-{1}".format(id, i))
    for revision in Credential.batch_get(ids):
        revisions.append({
            'id': revision.id,
            'name': revision.name,
            'revision': revision.revision,
            'enabled': revision.enabled,
            'modified_date': revision.modified_date,
            'modified_by': revision.modified_by,
            'documentation': revision.documentation
        })
    return jsonify({
        'revisions':
        sorted(revisions, key=lambda k: k['revision'], reverse=True)
    })
Exemple #4
0
def _get_credentials(credential_ids):
    credentials = []
    with stats.timer('service_batch_get_credentials'):
        for cred in Credential.batch_get(credential_ids):
            data_key = keymanager.decrypt_key(
                cred.data_key, encryption_context={'id': cred.id})
            cipher_version = cred.cipher_version
            cipher = CipherManager(data_key, cipher_version)
            _credential_pairs = cipher.decrypt(cred.credential_pairs)
            _credential_pairs = json.loads(_credential_pairs)
            credentials.append({
                'id': cred.id,
                'name': cred.name,
                'enabled': cred.enabled,
                'revision': cred.revision,
                'credential_pairs': _credential_pairs
            })
    return credentials
Exemple #5
0
def _get_credentials(credential_ids):
    credentials = []
    with stats.timer('service_batch_get_credentials'):
        for cred in Credential.batch_get(credential_ids):
            data_key = keymanager.decrypt_key(
                cred.data_key,
                encryption_context={'id': cred.id}
            )
            cipher_version = cred.cipher_version
            cipher = CipherManager(data_key, cipher_version)
            _credential_pairs = cipher.decrypt(cred.credential_pairs)
            _credential_pairs = json.loads(_credential_pairs)
            credentials.append({
                'id': cred.id,
                'name': cred.name,
                'enabled': cred.enabled,
                'revision': cred.revision,
                'credential_pairs': _credential_pairs
            })
    return credentials
Exemple #6
0
def get_archive_credential_revisions(id):
    if not acl_module_check(
            resource_type='credential', action='metadata', resource_id=id):
        msg = "{} does not have access to credential {} revisions".format(
            authnz.get_logged_in_user(), id)
        error_msg = {'error': msg}
        return jsonify(error_msg), 403

    try:
        cred = Credential.get(id)
    except DoesNotExist:
        logging.warning('Item with id {0} does not exist.'.format(id))
        return jsonify({}), 404
    if (cred.data_type != 'credential'
            and cred.data_type != 'archive-credential'):
        return jsonify({}), 404
    _range = range(1, cred.revision + 1)
    ids = []
    for i in _range:
        ids.append("{0}-{1}".format(id, i))
    revisions_response = RevisionsResponse.from_credentials(
        Credential.batch_get(ids))
    return revisions_response_schema.dumps(revisions_response)
Exemple #7
0
 def archive(self, credentials, force):
     services = list(Service.data_type_date_index.query('service'))
     for credential in credentials:
         if self.credential_in_service(credential.id, services):
             msg = ('Skipping archival of disabled credential {}, as it'
                    ' is still mapped to a service.')
             logger.warning(msg.format(credential.id))
             continue
         saves = []
         deletes = []
         # save the current record.
         archive_credential = CredentialArchive.from_credential(
             credential, )
         saves.append(archive_credential)
         # fetch and save every revision
         revisions = Credential.batch_get(
             credentialmanager.get_revision_ids_for_credential(credential))
         for revision in revisions:
             archive_revision = CredentialArchive.from_credential(
                 revision, )
             saves.append(archive_revision)
             deletes.append(revision)
         deletes.append(credential)
         try:
             self.save(saves, force=force)
         except Exception:
             logger.exception(
                 'Failed to batch save {}, skipping deletion.'.format(
                     credential.id))
             stats.incr('archive.save.failure')
             continue
         try:
             self.delete(deletes, force=force)
         except Exception:
             logger.exception('Failed to batch delete {}'.format(
                 credential.id))
             stats.incr('archive.delete.failure')
Exemple #8
0
def get_credentials(credential_ids):
    with stats.timer('service_batch_get_credentials'):
        _credential_ids = copy.deepcopy(credential_ids)
        return [cred for cred in Credential.batch_get(_credential_ids)]
Exemple #9
0
def get_archive_credential_revisions(id):
    """
    Returns a list of the metadata of all the revisions of the provided
    credential.

    .. :quickref: Credential Revisions; Get a list of the metadata of all the
                  revisions of the provided credential.

    **Example request**:

    .. sourcecode:: http

       GET /v1/archive/credentials/abcd12345bf4f1cafe8e722d3860404

    :query string next_page: If paged results were returned in a call, this
                             query string can be used to fetch the next page.

    **Example response**:

    .. sourcecode:: http

       HTTP/1.1 200 OK
       Content-Type: application/json

       {
         "revisions": [
           {
             "id": "abcd12345bf4f1cafe8e722d3860404-1",
             "name": "Example Credential",
             "credential_keys": [],
             "credential_pairs": {},
             "metadata": {
               "example_metadata_key": "example_value"
             },
             "revision": 1,
             "enabled": true,
             "documentation": "Example documentation",
             "modified_date": "2019-12-16T23:16:11.413299+00:00",
             "modified_by": "*****@*****.**",
             "permissions": {}
           },
           ...
         ],
         next_page: null
       }

    :resheader Content-Type: application/json
    :statuscode 200: Success
    :statuscode 403: Client does not have permissions to get credential
                     metadata for the provided credential ID.
    :statuscode 404: The provided credential ID does not exist.
    """
    if not acl_module_check(
            resource_type='credential', action='metadata', resource_id=id):
        msg = "{} does not have access to credential {} revisions".format(
            authnz.get_logged_in_user(), id)
        error_msg = {'error': msg}
        return jsonify(error_msg), 403

    try:
        cred = Credential.get(id)
    except DoesNotExist:
        logger.warning('Item with id {0} does not exist.'.format(id))
        return jsonify({}), 404
    if (cred.data_type != 'credential'
            and cred.data_type != 'archive-credential'):
        return jsonify({}), 404
    revisions_response = RevisionsResponse.from_credentials(
        Credential.batch_get(
            credentialmanager.get_revision_ids_for_credential(cred)))
    return revisions_response_schema.dumps(revisions_response)