def get_role( channel: str, type: str = None, auth: authorization.Rules = Depends(get_rules), ): auth.assert_channel_roles(channel, ["owner", "maintainer", "member"]) with get_db_manager() as db: query = (db.query(db_models.ContentTrustRole).filter( db_models.ContentTrustRole.channel == channel).all()) return {q.delegation.keys for q in query}
def post_role( channel: str, type: str, file: UploadFile = File(...), force: bool = False, auth: authorization.Rules = Depends(get_rules), ): auth.assert_channel_roles(channel, ["owner"]) with get_db_manager() as db: existing_role_count = (db.query(db_models.ContentTrustRole).filter( db_models.ContentTrustRole.channel == channel, db_models.ContentTrustRole.type == type, ).count()) if not force and existing_role_count: raise HTTPException( status_code=status.HTTP_409_CONFLICT, detail=f"Content trust role '{type}' already exists " f"for channel '{channel}'", ) def get_self_delegation(nullable: bool = False): query = (db.query(db_models.RoleDelegation).filter( db_models.RoleDelegation.type == type, db_models.RoleDelegation.channel == channel, ).one_or_none()) if not query and not nullable: raise HTTPException( status_code=status.HTTP_400_BAD_REQUEST, detail=f"'{type}' keys not yet delegated", ) return query self_delegation = get_self_delegation(nullable=type == "root") ct_role = post_role_file(file, channel, role_builder(channel, type, self_delegation)) db_role = db_models.ContentTrustRole( type=ct_role.type, channel=channel, version=ct_role.version, timestamp=ct_role.timestamp, expiration=ct_role.expires, ) # add delegations for role_type, role_keys in ct_role.all_keys().items(): keys = [ db.merge(db_models.SigningKey(public_key=key_id)) for key_id in role_keys.keys ] delegated_db_role = db_models.RoleDelegation( type=role_type, channel=channel, threshold=role_keys.threshold, keys=keys, ) db_role.delegations.append(delegated_db_role) # set self_delegation if the role is 'root' if type == "root": # Error handling (missing 'root' delegation, etc.) is done by # mamba API when loading the root role from file self_delegation = [ r for r in db_role.delegations if r.type == "root" ][0] # db_role.delegation = self_delegation self_delegation.consumers.append(db_role) db.add(db_role) db.commit()