def post(self, namespace=None, key_name=None, key=None):
if not namespace:
return api_base.error(400, 'no namespace specified')
with db.get_lock('namespace', None, 'all', op='Namespace update'):
rec = db.get_namespace(namespace)
if not rec:
rec = {'name': namespace, 'keys': {}}
# Allow shortcut of creating key at same time as the namespace
if key_name:
if not key:
return api_base.error(400, 'no key specified')
if not isinstance(key, str):
# Must be a string to encode()
return api_base.error(400, 'key is not a string')
if key_name == 'service_key':
return api_base.error(403, 'illegal key name')
encoded = str(
base64.b64encode(
bcrypt.hashpw(key.encode('utf-8'), bcrypt.gensalt())),
'utf-8')
rec['keys'][key_name] = encoded
# Initialise metadata
db.persist_metadata('namespace', namespace, {})
db.persist_namespace(namespace, rec)
return namespace
def get_api_token(base_url, namespace='system'):
with db.get_lock('namespace', None, namespace):
auth_url = base_url + '/auth'
logutil.info(None,
'Fetching %s auth token from %s' % (namespace, auth_url))
ns = db.get_namespace(namespace)
if 'service_key' in ns:
key = ns['service_key']
else:
key = ''.join(
random.choice(string.ascii_lowercase) for i in range(50))
ns['service_key'] = key
db.persist_namespace(namespace, ns)
r = requests.request('POST',
auth_url,
data=json.dumps({
'namespace': namespace,
'key': key
}),
headers={
'Content-Type': 'application/json',
'User-Agent': get_user_agent()
})
if r.status_code != 200:
raise Exception('Unauthorized')
return 'Bearer %s' % r.json()['access_token']
def create_namespace(self, namespace, key_name, key):
encoded = str(
base64.b64encode(
bcrypt.hashpw(key.encode('utf-8'), bcrypt.gensalt())), 'utf-8')
rec = {'name': namespace, 'keys': {key_name: encoded}}
db.persist_metadata('namespace', namespace, {})
db.persist_namespace(namespace, rec)
def delete(self, namespace, key_name):
if not namespace:
return error(400, 'no namespace specified')
if not key_name:
return error(400, 'no key name specified')
with db.get_lock('namespace', None, namespace):
ns = db.get_namespace(namespace)
if ns.get('keys') and key_name in ns['keys']:
del ns['keys'][key_name]
else:
return error(404, 'key name not found in namespace')
db.persist_namespace(namespace, ns)
def main():
print('Creating key %s' % sys.argv[1])
encoded = str(
base64.b64encode(
bcrypt.hashpw(sys.argv[2].encode('utf-8'), bcrypt.gensalt())),
'utf-8')
db.persist_namespace('system', {
'name': 'system',
'keys': {
sys.argv[1]: encoded
}
})
def bootstrap_system_key(keyname, key):
click.echo('Creating key %s' % keyname)
encoded = str(
base64.b64encode(bcrypt.hashpw(key.encode('utf-8'), bcrypt.gensalt())),
'utf-8')
db.persist_namespace('system', {
'name': 'system',
'keys': {
keyname: encoded
}
})
click.echo('Done')
def _namespace_keys_putpost(namespace=None, key_name=None, key=None):
if not namespace:
return api_base.error(400, 'no namespace specified')
if not key_name:
return api_base.error(400, 'no key name specified')
if not key:
return api_base.error(400, 'no key specified')
if key_name == 'service_key':
return api_base.error(403, 'illegal key name')
with db.get_lock('namespace', None, 'all', op='Namespace key update'):
rec = db.get_namespace(namespace)
if not rec:
return api_base.error(404, 'namespace does not exist')
encoded = str(
base64.b64encode(
bcrypt.hashpw(key.encode('utf-8'), bcrypt.gensalt())), 'utf-8')
rec['keys'][key_name] = encoded
db.persist_namespace(namespace, rec)
return key_name