def post(self, kid): notes = request.get_json().get("notes", "") try: key = pre_oci_model.approve_service_key( kid, ServiceKeyApprovalType.SUPERUSER, notes=notes ) # Log the approval of the service key. key_log_metadata = { "kid": kid, "service": key.service, "name": key.name, "expiration_date": key.expiration_date, } # Note: this may not actually be the current person modifying the config, but if they're in the config tool, # they have full access to the DB and could pretend to be any user, so pulling any superuser is likely fine super_user = app.config.get("SUPER_USERS", [None])[0] log_action("service_key_approve", super_user, key_log_metadata) except ServiceKeyDoesNotExist: raise NotFound() except ServiceKeyAlreadyApproved: pass return make_response("", 201)
def post(self): body = request.get_json() # Ensure we have a valid expiration date if specified. expiration_date = body.get("expiration", None) if expiration_date is not None: try: expiration_date = datetime.utcfromtimestamp( float(expiration_date)) except ValueError as ve: raise InvalidRequest("Invalid expiration date: %s" % ve) if expiration_date <= datetime.now(): raise InvalidRequest("Expiration date cannot be in the past") # Create the metadata for the key. metadata = body.get("metadata", {}) metadata.update({ "created_by": "Quay Superuser Panel", "ip": request.remote_addr, }) # Generate a key with a private key that we *never save*. (private_key, key_id) = pre_oci_model.generate_service_key( body["service"], expiration_date, metadata=metadata, name=body.get("name", "")) # Auto-approve the service key. pre_oci_model.approve_service_key(key_id, ServiceKeyApprovalType.SUPERUSER, notes=body.get("notes", "")) # Log the creation and auto-approval of the service key. key_log_metadata = { "kid": key_id, "preshared": True, "service": body["service"], "name": body.get("name", ""), "expiration_date": expiration_date, "auto_approved": True, } log_action("service_key_create", None, key_log_metadata) log_action("service_key_approve", None, key_log_metadata) return jsonify({ "kid": key_id, "name": body.get("name", ""), "service": body["service"], "public_key": private_key.publickey().exportKey("PEM"), "private_key": private_key.exportKey("PEM"), })
def post(self): body = request.get_json() # Ensure we have a valid expiration date if specified. expiration_date = body.get('expiration', None) if expiration_date is not None: try: expiration_date = datetime.utcfromtimestamp(float(expiration_date)) except ValueError as ve: raise InvalidRequest('Invalid expiration date: %s' % ve) if expiration_date <= datetime.now(): raise InvalidRequest('Expiration date cannot be in the past') # Create the metadata for the key. metadata = body.get('metadata', {}) metadata.update({ 'created_by': 'Quay Superuser Panel', 'ip': request.remote_addr, }) # Generate a key with a private key that we *never save*. (private_key, key_id) = pre_oci_model.generate_service_key(body['service'], expiration_date, metadata=metadata, name=body.get('name', '')) # Auto-approve the service key. pre_oci_model.approve_service_key(key_id, ServiceKeyApprovalType.SUPERUSER, notes=body.get('notes', '')) # Log the creation and auto-approval of the service key. key_log_metadata = { 'kid': key_id, 'preshared': True, 'service': body['service'], 'name': body.get('name', ''), 'expiration_date': expiration_date, 'auto_approved': True, } log_action('service_key_create', None, key_log_metadata) log_action('service_key_approve', None, key_log_metadata) return jsonify({ 'kid': key_id, 'name': body.get('name', ''), 'service': body['service'], 'public_key': private_key.publickey().exportKey('PEM'), 'private_key': private_key.exportKey('PEM'), })