def post(self):
"""Create an allowlist
POST /(?:v[0-9]/)?allowlists/{name}
body: {"tpm_policy": {..}, "vtpm_policy": {..}
"""
rest_params = config.get_restful_params(self.request.uri)
if rest_params is None or 'allowlists' not in rest_params:
config.echo_json_response(self, 400, "Invalid URL")
return
allowlist_name = rest_params['allowlists']
if allowlist_name is None:
config.echo_json_response(self, 400, "Invalid URL")
return
content_length = len(self.request.body)
if content_length == 0:
config.echo_json_response(
self, 400, "Expected non zero content length")
logger.warning(
'POST returning 400 response. Expected non zero content length.')
return
allowlist = {}
json_body = json.loads(self.request.body)
allowlist['name'] = allowlist_name
tpm_policy = json_body.get('tpm_policy')
if tpm_policy:
allowlist['tpm_policy'] = tpm_policy
vtpm_policy = json_body.get('vtpm_policy')
if vtpm_policy:
allowlist['vtpm_policy'] = vtpm_policy
ima_policy = json_body.get('ima_policy')
if ima_policy:
allowlist['ima_policy'] = ima_policy
session = get_session()
# don't allow overwritting
try:
al_count = session.query(
VerifierAllowlist).filter_by(name=allowlist_name).count()
if al_count > 0:
config.echo_json_response(
self, 409, "Allowlist with name %s already exists" % allowlist_name)
logger.warning(
"Allowlist with name %s already exists" % allowlist_name)
return
except SQLAlchemyError as e:
logger.error(f'SQLAlchemy Error: {e}')
raise
try:
# Add the agent and data
session.add(VerifierAllowlist(**allowlist))
session.commit()
except SQLAlchemyError as e:
logger.error(f'SQLAlchemy Error: {e}')
raise
config.echo_json_response(self, 201)
logger.info('POST returning 201')
def populate_allowlist(self):
self.session.add(VerifierAllowlist(**test_allowlist_data))
self.session.commit()
def populate_tables(self):
allowlist = VerifierAllowlist(**test_allowlist_data)
self.session.add(allowlist)
self.session.add(VerfierMain(**test_data, ima_policy=allowlist))
self.session.commit()