def put(self, kid): if SuperUserPermission().can(): body = request.get_json() try: key = pre_oci_model.get_service_key(kid, approved_only=False, alive_only=False) except ServiceKeyDoesNotExist: raise NotFound() key_log_metadata = { 'kid': key.kid, 'service': key.service, 'name': body.get('name', key.name), 'expiration_date': key.expiration_date, } if 'expiration' in body: expiration_date = body['expiration'] if expiration_date is not None and expiration_date != '': try: expiration_date = datetime.utcfromtimestamp( float(expiration_date)) except ValueError as ve: raise InvalidRequest('Invalid expiration date: %s' % ve) if expiration_date <= datetime.now(): raise InvalidRequest( 'Cannot have an expiration date in the past') key_log_metadata.update({ 'old_expiration_date': key.expiration_date, 'expiration_date': expiration_date, }) log_action('service_key_extend', None, key_log_metadata) pre_oci_model.set_key_expiration(kid, expiration_date) if 'name' in body or 'metadata' in body: key_name = body.get('name') if not validate_service_key_name(key_name): raise InvalidRequest( 'Invalid service key friendly name: %s' % key_name) pre_oci_model.update_service_key(kid, key_name, body.get('metadata')) log_action('service_key_modify', None, key_log_metadata) updated_key = pre_oci_model.get_service_key(kid, approved_only=False, alive_only=False) return jsonify(updated_key.to_dict()) raise Unauthorized()
def put(self, kid): if SuperUserPermission().can(): body = request.get_json() try: key = pre_oci_model.get_service_key(kid, approved_only=False, alive_only=False) except ServiceKeyDoesNotExist: raise NotFound() key_log_metadata = { "kid": key.kid, "service": key.service, "name": body.get("name", key.name), "expiration_date": key.expiration_date, } if "expiration" in body: expiration_date = body["expiration"] if expiration_date is not None and expiration_date != "": try: expiration_date = datetime.utcfromtimestamp( float(expiration_date)) except ValueError as ve: raise InvalidRequest("Invalid expiration date: %s" % ve) if expiration_date <= datetime.now(): raise InvalidRequest( "Cannot have an expiration date in the past") key_log_metadata.update({ "old_expiration_date": key.expiration_date, "expiration_date": expiration_date, }) log_action("service_key_extend", None, key_log_metadata) pre_oci_model.set_key_expiration(kid, expiration_date) if "name" in body or "metadata" in body: key_name = body.get("name") if not validate_service_key_name(key_name): raise InvalidRequest( "Invalid service key friendly name: %s" % key_name) pre_oci_model.update_service_key(kid, key_name, body.get("metadata")) log_action("service_key_modify", None, key_log_metadata) updated_key = pre_oci_model.get_service_key(kid, approved_only=False, alive_only=False) return jsonify(updated_key.to_dict()) raise Unauthorized()
def post(self): if SuperUserPermission().can(): body = request.get_json() key_name = body.get("name", "") if not validate_service_key_name(key_name): raise InvalidRequest("Invalid service key friendly name: %s" % key_name) # Ensure we have a valid expiration date if specified. expiration_date = body.get("expiration", None) if expiration_date is not None: try: expiration_date = datetime.utcfromtimestamp(float(expiration_date)) except ValueError as ve: raise InvalidRequest("Invalid expiration date: %s" % ve) if expiration_date <= datetime.now(): raise InvalidRequest("Expiration date cannot be in the past") # Create the metadata for the key. user = get_authenticated_user() metadata = body.get("metadata", {}) metadata.update( { "created_by": "Quay Superuser Panel", "creator": user.username, "ip": get_request_ip(), } ) # Generate a key with a private key that we *never save*. (private_key, key_id) = pre_oci_model.generate_service_key( body["service"], expiration_date, metadata=metadata, name=key_name ) # Auto-approve the service key. pre_oci_model.approve_service_key( key_id, user, ServiceKeyApprovalType.SUPERUSER, notes=body.get("notes", "") ) # Log the creation and auto-approval of the service key. key_log_metadata = { "kid": key_id, "preshared": True, "service": body["service"], "name": key_name, "expiration_date": expiration_date, "auto_approved": True, } log_action("service_key_create", None, key_log_metadata) log_action("service_key_approve", None, key_log_metadata) return jsonify( { "kid": key_id, "name": key_name, "service": body["service"], "public_key": private_key.publickey().exportKey("PEM").decode("ascii"), "private_key": private_key.exportKey("PEM").decode("ascii"), } ) raise Unauthorized()
def post(self): if SuperUserPermission().can(): body = request.get_json() key_name = body.get('name', '') if not validate_service_key_name(key_name): raise InvalidRequest('Invalid service key friendly name: %s' % key_name) # Ensure we have a valid expiration date if specified. expiration_date = body.get('expiration', None) if expiration_date is not None: try: expiration_date = datetime.utcfromtimestamp( float(expiration_date)) except ValueError as ve: raise InvalidRequest('Invalid expiration date: %s' % ve) if expiration_date <= datetime.now(): raise InvalidRequest( 'Expiration date cannot be in the past') # Create the metadata for the key. user = get_authenticated_user() metadata = body.get('metadata', {}) metadata.update({ 'created_by': 'Quay Superuser Panel', 'creator': user.username, 'ip': get_request_ip(), }) # Generate a key with a private key that we *never save*. (private_key, key_id) = pre_oci_model.generate_service_key(body['service'], expiration_date, metadata=metadata, name=key_name) # Auto-approve the service key. pre_oci_model.approve_service_key(key_id, user, ServiceKeyApprovalType.SUPERUSER, notes=body.get('notes', '')) # Log the creation and auto-approval of the service key. key_log_metadata = { 'kid': key_id, 'preshared': True, 'service': body['service'], 'name': key_name, 'expiration_date': expiration_date, 'auto_approved': True, } log_action('service_key_create', None, key_log_metadata) log_action('service_key_approve', None, key_log_metadata) return jsonify({ 'kid': key_id, 'name': key_name, 'service': body['service'], 'public_key': private_key.publickey().exportKey('PEM'), 'private_key': private_key.exportKey('PEM'), }) raise Unauthorized()