def _init_memory_db_setup(self): # using in-memory sqlalchemy database, sqlite, instead of simulating # data via mocks to verify transaction behavior (like rollback when # error occurs in middle of delete project entities logic). This also # helps in verifying that project_entities related query is defined # correctly. self.opt_in_group(None, sql_connection=self.IN_MEM_DB_CONN_STRING) self.project_id1 = uuid.uuid4().hex self.project_id2 = uuid.uuid4().hex rep._MAKER = None rep._ENGINE = None rep.configure_db() self.repos = rep.Repositories( tenant_repo=None, tenant_secret_repo=None, secret_repo=None, datum_repo=None, kek_repo=None, secret_meta_repo=None, order_repo=None, order_plugin_meta_repo=None, transport_key_repo=None, container_repo=None, container_secret_repo=None) self.project1_data = c_resources.get_or_create_tenant( self.project_id1, self.repos.tenant_repo) self.assertIsNotNone(self.project1_data) self.engine = rep.get_engine() self.project2_data = c_resources.get_or_create_tenant( self.project_id2, self.repos.tenant_repo) self.assertIsNotNone(self.project2_data)
def on_post(self, req, resp, keystone_id): tenant = res.get_or_create_tenant(keystone_id, self.tenant_repo) body = api.load_body(req, resp, self.validator) LOG.debug('Start on_post...{0}'.format(body)) if 'secret' not in body: _secret_not_in_order(req, resp) secret_info = body['secret'] name = secret_info['name'] LOG.debug('Secret to create is {0}'.format(name)) new_order = models.Order() new_order.secret_name = secret_info['name'] new_order.secret_algorithm = secret_info.get('algorithm', None) new_order.secret_bit_length = secret_info.get('bit_length', None) new_order.secret_cypher_type = secret_info.get('cypher_type', None) new_order.secret_mime_type = secret_info['mime_type'] new_order.secret_expiration = secret_info.get('expiration', None) new_order.tenant_id = tenant.id self.order_repo.create_from(new_order) # Send to workers to process. self.queue.process_order(order_id=new_order.id, keystone_id=keystone_id) resp.status = falcon.HTTP_202 resp.set_header('Location', '/{0}/orders/{1}'.format(keystone_id, new_order.id)) url = convert_order_to_href(keystone_id, new_order.id) resp.body = json.dumps({'order_ref': url})
def on_post(self, req, resp, keystone_id): LOG.debug('Start on_post for tenant-ID {0}:...'.format(keystone_id)) data = api.load_body(req, resp, self.validator) tenant = res.get_or_create_tenant(keystone_id, self.tenant_repo) try: new_secret = res.create_secret(data, tenant, self.crypto_manager, self.secret_repo, self.tenant_secret_repo, self.datum_repo) except em.CryptoMimeTypeNotSupportedException as cmtnse: LOG.exception('Secret creation failed - mime-type not supported') _secret_mime_type_not_supported(cmtnse.mime_type, req, resp) except exception.NoDataToProcess: LOG.exception('No secret data to process') _secret_plain_text_empty(req, resp) except exception.LimitExceeded: LOG.exception('Secret data too big to process') _secret_data_too_large(req, resp) except Exception as e: LOG.exception('Secret creation failed - unknown') _general_failure('Secret creation failed - unknown', req, resp) resp.status = falcon.HTTP_201 resp.set_header('Location', '/{0}/secrets/{1}'.format(keystone_id, new_secret.id)) url = convert_secret_to_href(keystone_id, new_secret.id) LOG.debug('URI to secret is {0}'.format(url)) resp.body = json.dumps({'secret_ref': url})
def on_get(self, req, resp, keystone_id, secret_id): secret = self.repo.get(entity_id=secret_id, keystone_id=keystone_id, suppress_exception=True) if not secret: _secret_not_found(req, resp) resp.status = falcon.HTTP_200 if not req.accept or req.accept == 'application/json' \ or req.accept == '*/*': # Metadata-only response, no decryption necessary. resp.set_header('Content-Type', 'application/json') secret_fields = augment_fields_with_content_types(secret) resp.body = json.dumps(convert_to_hrefs(keystone_id, secret_fields), default=json_handler) else: tenant = res.get_or_create_tenant(keystone_id, self.tenant_repo) resp.set_header('Content-Type', req.accept) try: resp.body = self.crypto_manager.decrypt( req.accept, secret, tenant) except em.CryptoAcceptNotSupportedException as canse: LOG.exception('Secret decryption failed - ' 'accept not supported') _get_accept_not_supported(canse.accept, req, resp) except em.CryptoNoSecretOrDataException as cnsode: LOG.exception('Secret information of type {0} not ' 'found for decryption.'.format(cnsode.mime_type)) _get_secret_info_not_found(cnsode.mime_type, req, resp) except Exception as e: LOG.exception('Secret decryption failed - unknown') _failed_to_decrypt_data(req, resp)
def on_post(self, keystone_id, **kwargs): tenant = res.get_or_create_tenant(keystone_id, self.tenant_repo) body = api.load_body(pecan.request, validator=self.validator) LOG.debug('Start on_post...{0}'.format(body)) if 'secret' not in body: _secret_not_in_order() secret_info = body['secret'] name = secret_info.get('name') LOG.debug('Secret to create is {0}'.format(name)) new_order = models.Order() new_order.secret_name = secret_info.get('name') new_order.secret_algorithm = secret_info.get('algorithm') new_order.secret_bit_length = secret_info.get('bit_length', 0) new_order.secret_mode = secret_info.get('mode') new_order.secret_payload_content_type = secret_info.get( 'payload_content_type') new_order.secret_expiration = secret_info.get('expiration') new_order.tenant_id = tenant.id self.order_repo.create_from(new_order) # Send to workers to process. self.queue.process_order(order_id=new_order.id, keystone_id=keystone_id) pecan.response.status = 202 pecan.response.headers['Location'] = '/{0}/orders/{1}'.format( keystone_id, new_order.id ) url = hrefs.convert_order_to_href(keystone_id, new_order.id) return {'order_ref': url}
def on_post(self, req, resp, keystone_id): tenant = res.get_or_create_tenant(keystone_id, self.tenant_repo) data = api.load_body(req, resp, self.validator) LOG.debug('Start on_post...{0}'.format(data)) new_container = models.Container(data) new_container.tenant_id = tenant.id #TODO: (hgedikli) performance optimizations for secret_ref in new_container.container_secrets: secret = self.secret_repo.get(entity_id=secret_ref.secret_id, keystone_id=keystone_id, suppress_exception=True) if not secret: api.abort(falcon.HTTP_404, u._("Secret provided for '%s'" " doesn't exist." % secret_ref.name), req, resp) self.container_repo.create_from(new_container) resp.status = falcon.HTTP_202 resp.set_header('Location', '/{0}/containers/{1}'.format(keystone_id, new_container.id)) url = convert_container_to_href(keystone_id, new_container.id) resp.body = json.dumps({'container_ref': url})
def on_put(self, req, resp, keystone_id, secret_id): if not req.content_type or req.content_type == 'application/json': _put_accept_incorrect(req.content_type, req, resp) secret = self.repo.get(entity_id=secret_id, keystone_id=keystone_id, suppress_exception=True) if not secret: _secret_not_found(req, resp) if secret.encrypted_data: _secret_already_has_data(req, resp) tenant = res.get_or_create_tenant(keystone_id, self.tenant_repo) payload = None content_type = req.content_type content_encoding = req.get_header('Content-Encoding') try: payload = req.stream.read(api.MAX_BYTES_REQUEST_INPUT_ACCEPTED) except IOError: api.abort(falcon.HTTP_500, 'Read Error') res.create_encrypted_datum(secret, payload, content_type, content_encoding, tenant, self.crypto_manager, self.datum_repo, self.kek_repo) resp.status = falcon.HTTP_200
def on_get(self, req, resp, keystone_id, secret_id): secret = self.repo.get(entity_id=secret_id, keystone_id=keystone_id, suppress_exception=True) if not secret: _secret_not_found(req, resp) resp.status = falcon.HTTP_200 if is_json_request_accept(req): # Metadata-only response, no decryption necessary. resp.set_header('Content-Type', 'application/json') secret_fields = mime_types.augment_fields_with_content_types( secret) resp.body = json.dumps(convert_to_hrefs(keystone_id, secret_fields), default=json_handler) else: tenant = res.get_or_create_tenant(keystone_id, self.tenant_repo) resp.set_header('Content-Type', req.accept) resp.body = self.crypto_manager \ .decrypt(req.accept, secret, tenant)
def on_put(self, keystone_id, **kwargs): if not pecan.request.content_type or \ pecan.request.content_type == 'application/json': pecan.abort( 415, u._("Content-Type of '{0}' is not supported for PUT.").format( pecan.request.content_type ) ) payload = pecan.request.body if not payload: raise exception.NoDataToProcess() if validators.secret_too_big(payload): raise exception.LimitExceeded() secret_model = self.repos.secret_repo.get(entity_id=self.secret_id, keystone_id=keystone_id, suppress_exception=True) if not secret_model: _secret_not_found() if secret_model.encrypted_data: _secret_already_has_data() tenant_model = res.get_or_create_tenant(keystone_id, self.repos.tenant_repo) content_type = pecan.request.content_type content_encoding = pecan.request.headers.get('Content-Encoding') plugin.store_secret(payload, content_type, content_encoding, secret_model.to_dict_fields, secret_model, tenant_model, self.repos)
def on_post(self, keystone_id): tenant = res.get_or_create_tenant(keystone_id, self.tenant_repo) data = api.load_body(pecan.request, validator=self.validator) LOG.debug('Start on_post...{0}'.format(data)) new_container = models.Container(data) new_container.tenant_id = tenant.id #TODO(hgedikli): performance optimizations for secret_ref in new_container.container_secrets: secret = self.secret_repo.get(entity_id=secret_ref.secret_id, keystone_id=keystone_id, suppress_exception=True) if not secret: # This only partially localizes the error message and # doesn't localize secret_ref.name. pecan.abort( 404, u._("Secret provided for '{0}' doesn't" " exist.").format(secret_ref.name)) self.container_repo.create_from(new_container) pecan.response.status = 202 pecan.response.headers['Location'] = '/{0}/containers/{1}'.format( keystone_id, new_container.id) url = controllers.hrefs.convert_container_to_href( keystone_id, new_container.id) return {'container_ref': url}
def on_post(self, keystone_id): tenant = res.get_or_create_tenant(keystone_id, self.tenant_repo) body = api.load_body(pecan.request, validator=self.validator) LOG.debug('Start on_post...{0}'.format(body)) if 'secret' not in body: _secret_not_in_order() secret_info = body['secret'] name = secret_info.get('name') LOG.debug('Secret to create is {0}'.format(name)) new_order = models.Order() new_order.secret_name = secret_info.get('name') new_order.secret_algorithm = secret_info.get('algorithm') new_order.secret_bit_length = secret_info.get('bit_length', 0) new_order.secret_mode = secret_info.get('mode') new_order.secret_payload_content_type = secret_info.get( 'payload_content_type') new_order.secret_expiration = secret_info.get('expiration') new_order.tenant_id = tenant.id self.order_repo.create_from(new_order) # Send to workers to process. self.queue.process_order(order_id=new_order.id, keystone_id=keystone_id) pecan.response.status = 202 pecan.response.headers['Location'] = '/{0}/orders/{1}'.format( keystone_id, new_order.id) url = hrefs.convert_order_to_href(keystone_id, new_order.id) return {'order_ref': url}
def on_post(self, keystone_id, **kwargs): LOG.debug('Start on_post for tenant-ID %s:...', keystone_id) data = api.load_body(pecan.request, validator=self.validator) tenant = res.get_or_create_tenant(keystone_id, self.repos.tenant_repo) transport_key_needed = data.get('transport_key_needed', 'false').lower() == 'true' new_secret, transport_key_model = plugin.store_secret( data.get('payload'), data.get('payload_content_type', 'application/octet-stream'), data.get('payload_content_encoding'), data, None, tenant, self.repos, transport_key_needed=transport_key_needed, transport_key_id=data.get('transport_key_id')) pecan.response.status = 201 pecan.response.headers['Location'] = '/secrets/{0}'.format( new_secret.id ) url = hrefs.convert_secret_to_href(new_secret.id) LOG.debug('URI to secret is %s', url) if transport_key_model is not None: tkey_url = hrefs.convert_transport_key_to_href( transport_key_model.id) return {'secret_ref': url, 'transport_key_ref': tkey_url} else: return {'secret_ref': url}
def on_get(self, req, resp, keystone_id, secret_id): secret = self.repo.get(entity_id=secret_id, keystone_id=keystone_id, suppress_exception=True) if not secret: _secret_not_found(req, resp) resp.status = falcon.HTTP_200 if not req.accept or req.accept == 'application/json' \ or req.accept == '*/*': # Metadata-only response, no decryption necessary. resp.set_header('Content-Type', 'application/json') secret_fields = augment_fields_with_content_types(secret) resp.body = json.dumps(convert_to_hrefs(keystone_id, secret_fields), default=json_handler) else: tenant = res.get_or_create_tenant(keystone_id, self.tenant_repo) resp.set_header('Content-Type', req.accept) try: resp.body = self.crypto_manager.decrypt(req.accept, secret, tenant) except em.CryptoAcceptNotSupportedException as canse: LOG.exception('Secret decryption failed - ' 'accept not supported') _get_accept_not_supported(canse.accept, req, resp) except em.CryptoNoSecretOrDataException as cnsode: LOG.exception('Secret information of type {0} not ' 'found for decryption.'.format(cnsode.mime_type)) _get_secret_info_not_found(cnsode.mime_type, req, resp) except Exception as e: LOG.exception('Secret decryption failed - unknown') _failed_to_decrypt_data(req, resp)
def on_put(self, keystone_id): if not pecan.request.content_type or \ pecan.request.content_type == 'application/json': pecan.abort( 415, u._("Content-Type of '{0}' is not supported for PUT.").format( pecan.request.content_type ) ) secret = self.repo.get(entity_id=self.secret_id, keystone_id=keystone_id, suppress_exception=True) if not secret: _secret_not_found() if secret.encrypted_data: _secret_already_has_data() tenant = res.get_or_create_tenant(keystone_id, self.tenant_repo) content_type = pecan.request.content_type content_encoding = pecan.request.headers.get('Content-Encoding') res.create_encrypted_datum(secret, pecan.request.body, content_type, content_encoding, tenant, self.crypto_manager, self.datum_repo, self.kek_repo)
def on_post(self, req, resp, keystone_id): tenant = res.get_or_create_tenant(keystone_id, self.tenant_repo) body = api.load_body(req, resp, self.validator) LOG.debug('Start on_post...{0}'.format(body)) if 'secret' not in body: _secret_not_in_order(req, resp) secret_info = body['secret'] name = secret_info.get('name') LOG.debug('Secret to create is {0}'.format(name)) new_order = models.Order() new_order.secret_name = secret_info.get('name') new_order.secret_algorithm = secret_info.get('algorithm') new_order.secret_bit_length = secret_info.get('bit_length', 0) new_order.secret_mode = secret_info.get('mode') new_order.secret_payload_content_type = secret_info.get( 'payload_content_type') new_order.secret_expiration = secret_info.get('expiration') new_order.tenant_id = tenant.id self.order_repo.create_from(new_order) # Send to workers to process. self.queue.process_order(order_id=new_order.id, keystone_id=keystone_id) resp.status = falcon.HTTP_202 resp.set_header('Location', '/{0}/orders/{1}'.format(keystone_id, new_order.id)) url = convert_order_to_href(keystone_id, new_order.id) resp.body = json.dumps({'order_ref': url})
def on_post(self, keystone_id, **kwargs): tenant = res.get_or_create_tenant(keystone_id, self.tenant_repo) data = api.load_body(pecan.request, validator=self.validator) LOG.debug('Start on_post...%s', data) new_container = models.Container(data) new_container.tenant_id = tenant.id #TODO(hgedikli): performance optimizations for secret_ref in new_container.container_secrets: secret = self.secret_repo.get(entity_id=secret_ref.secret_id, keystone_id=keystone_id, suppress_exception=True) if not secret: # This only partially localizes the error message and # doesn't localize secret_ref.name. pecan.abort(404, u._("Secret provided for '{0}' doesn't" " exist.").format(secret_ref.name)) self.container_repo.create_from(new_container) pecan.response.status = 201 pecan.response.headers['Location'] = '/{0}/containers/{1}'.format( keystone_id, new_container.id ) url = controllers.hrefs.convert_container_to_href(new_container.id) return {'container_ref': url}
def on_put(self, keystone_id, **kwargs): if not pecan.request.content_type or \ pecan.request.content_type == 'application/json': pecan.abort( 415, u._("Content-Type of '{0}' is not supported for PUT.").format( pecan.request.content_type ) ) secret = self.repo.get(entity_id=self.secret_id, keystone_id=keystone_id, suppress_exception=True) if not secret: _secret_not_found() if secret.encrypted_data: _secret_already_has_data() tenant = res.get_or_create_tenant(keystone_id, self.tenant_repo) content_type = pecan.request.content_type content_encoding = pecan.request.headers.get('Content-Encoding') res.create_encrypted_datum(secret, pecan.request.body, content_type, content_encoding, tenant, self.crypto_manager, self.datum_repo, self.kek_repo)
def on_post(self, req, resp, tenant_id): LOG.debug('Start on_post for tenant-ID {0}:'.format(tenant_id)) data = load_body(req) tenant = get_or_create_tenant(tenant_id, self.tenant_repo) new_secret = create_secret(data, tenant, self.crypto_manager, self.secret_repo, self.tenant_secret_repo, self.datum_repo) resp.status = falcon.HTTP_202 resp.set_header('Location', '/{0}/secrets/{1}'.format(tenant_id, new_secret.id)) url = convert_secret_to_href(tenant_id, new_secret.id) LOG.debug('URI to secret is {0}'.format(url)) resp.body = json.dumps({'secret_ref': url})
def on_get(self, req, resp, tenant_id, secret_id): secret = self.repo.get(entity_id=secret_id, suppress_exception=True) if not secret: _secret_not_found() resp.status = falcon.HTTP_200 if not req.accept or req.accept == 'application/json': # Metadata-only response, no decryption necessary. resp.set_header('Content-Type', 'application/json') resp.body = json.dumps(augment_fields_with_content_types(secret), default=json_handler) else: tenant = get_or_create_tenant(tenant_id, self.tenant_repo) resp.set_header('Content-Type', req.accept) resp.body = self.crypto_manager.decrypt(req.accept, secret, tenant)
def on_post(self, req, resp, keystone_id): LOG.debug('Start on_post for tenant-ID {0}:...'.format(keystone_id)) data = api.load_body(req, resp, self.validator) tenant = res.get_or_create_tenant(keystone_id, self.tenant_repo) new_secret = res.create_secret(data, tenant, self.crypto_manager, self.secret_repo, self.tenant_secret_repo, self.datum_repo, self.kek_repo) resp.status = falcon.HTTP_201 resp.set_header('Location', '/{0}/secrets/{1}'.format(keystone_id, new_secret.id)) url = convert_secret_to_href(keystone_id, new_secret.id) LOG.debug('URI to secret is {0}'.format(url)) resp.body = json.dumps({'secret_ref': url})
def on_post(self, keystone_id, **kwargs): LOG.debug('Start on_post for tenant-ID {0}:...'.format(keystone_id)) data = api.load_body(pecan.request, validator=self.validator) tenant = res.get_or_create_tenant(keystone_id, self.tenant_repo) new_secret = res.create_secret(data, tenant, self.crypto_manager, self.secret_repo, self.tenant_secret_repo, self.datum_repo, self.kek_repo) pecan.response.status = 201 pecan.response.headers['Location'] = '/{0}/secrets/{1}'.format( keystone_id, new_secret.id ) url = hrefs.convert_secret_to_href(keystone_id, new_secret.id) LOG.debug('URI to secret is {0}'.format(url)) return {'secret_ref': url}
def on_post(self, keystone_id): LOG.debug('Start on_post for tenant-ID {0}:...'.format(keystone_id)) data = api.load_body(pecan.request, validator=self.validator) tenant = res.get_or_create_tenant(keystone_id, self.tenant_repo) new_secret = res.create_secret(data, tenant, self.crypto_manager, self.secret_repo, self.tenant_secret_repo, self.datum_repo, self.kek_repo) pecan.response.status = 201 pecan.response.headers['Location'] = '/{0}/secrets/{1}'.format( keystone_id, new_secret.id ) url = hrefs.convert_secret_to_href(keystone_id, new_secret.id) LOG.debug('URI to secret is {0}'.format(url)) return {'secret_ref': url}
def on_put(self, req, resp, keystone_id, secret_id): if not req.content_type or req.content_type == 'application/json': _put_accept_incorrect(req.content_type, req, resp) secret = self.repo.get(entity_id=secret_id, keystone_id=keystone_id, suppress_exception=True) if not secret: _secret_not_found(req, resp) if secret.mime_type != req.content_type: _client_content_mismatch_to_secret(secret.mime_type, req.content_type, req, resp) if secret.encrypted_data: _secret_already_has_data(req, resp) tenant = res.get_or_create_tenant(keystone_id, self.tenant_repo) try: plain_text = req.stream.read(api.MAX_BYTES_REQUEST_INPUT_ACCEPTED) except IOError: api.abort(falcon.HTTP_500, 'Read Error') resp.status = falcon.HTTP_200 try: res.create_encrypted_datum(secret, plain_text, tenant, self.crypto_manager, self.tenant_secret_repo, self.datum_repo) except em.CryptoMimeTypeNotSupportedException as cmtnse: LOG.exception('Secret creation failed - mime-type not supported') _secret_mime_type_not_supported(cmtnse.mime_type, req, resp) except exception.NoDataToProcess: LOG.exception('No secret data to process') _secret_plain_text_empty(req, resp) except exception.LimitExceeded: LOG.exception('Secret data too big to process') _secret_data_too_large(req, resp) except Exception as e: LOG.exception('Secret creation failed - unknown') _failed_to_create_encrypted_datum(req, resp)
def index(self, keystone_id, **kwargs): secret = self.repos.secret_repo.get(entity_id=self.secret_id, keystone_id=keystone_id, suppress_exception=True) if not secret: _secret_not_found() if controllers.is_json_request_accept(pecan.request): # Metadata-only response, no secret retrieval is necessary. pecan.override_template('json', 'application/json') secret_fields = putil.mime_types.augment_fields_with_content_types( secret) transport_key_needed = kwargs.get('transport_key_needed', 'false').lower() == 'true' if transport_key_needed: transport_key_id = plugin.get_transport_key_id_for_retrieval( secret) if transport_key_id is not None: secret_fields['transport_key_id'] = transport_key_id return hrefs.convert_to_hrefs(secret_fields) else: tenant = res.get_or_create_tenant(keystone_id, self.repos.tenant_repo) pecan.override_template('', pecan.request.accept.header_value) transport_key = None twsk = kwargs.get('trans_wrapped_session_key', None) if twsk is not None: transport_key_id = kwargs.get('transport_key_id', None) if transport_key_id is None: _request_has_twsk_but_no_transport_key_id() transport_key_model = self.repos.transport_key_repo.get( entity_id=transport_key_id, suppress_exception=True) transport_key = transport_key_model.transport_key return plugin.get_secret(pecan.request.accept.header_value, secret, tenant, self.repos, twsk, transport_key)
def on_post(self, keystone_id, **kwargs): LOG.debug('Start on_post for tenant-ID {0}:...'.format(keystone_id)) data = api.load_body(pecan.request, validator=self.validator) tenant = res.get_or_create_tenant(keystone_id, self.repos.tenant_repo) new_secret = plugin.store_secret(data.get('payload'), data.get('payload_content_type', 'application/octet-stream'), data.get('payload_content_encoding'), data, None, tenant, self.repos) pecan.response.status = 201 pecan.response.headers['Location'] = '/{0}/secrets/{1}'.format( keystone_id, new_secret.id ) url = hrefs.convert_secret_to_href(keystone_id, new_secret.id) LOG.debug('URI to secret is {0}'.format(url)) return {'secret_ref': url}
def on_post(self, keystone_id, **kwargs): tenant = res.get_or_create_tenant(keystone_id, self.tenant_repo) data = api.load_body(pecan.request, validator=self.validator) LOG.debug('Start on_post...%s', data) try: self.container_repo.get(self.container_id, keystone_id) except exception.NotFound: controllers.containers.container_not_found() new_consumer = models.ContainerConsumerMetadatum(self.container_id, data) new_consumer.tenant_id = tenant.id self.consumer_repo.create_from(new_consumer) pecan.response.headers['Location'] = '/{0}/containers/{1}/consumers' \ .format(keystone_id, new_consumer.container_id) return self._return_container_data(self.container_id, keystone_id)
def on_post(self, req, resp, keystone_id): LOG.debug('Start on_post for tenant-ID {0}:...'.format(keystone_id)) data = api.load_body(req, resp, self.validator) tenant = res.get_or_create_tenant(keystone_id, self.tenant_repo) new_verification = models.Verification(data) new_verification.tenant_id = tenant.id self.verification_repo.create_from(new_verification) # Send to workers to process. self.queue.process_verification(verification_id=new_verification.id, keystone_id=keystone_id) resp.status = falcon.HTTP_202 resp.set_header('Location', '/{0}/verifications/{1}'.format(keystone_id, new_verification.id)) url = convert_verification_to_href(keystone_id, new_verification.id) LOG.debug('URI to verification is {0}'.format(url)) resp.body = json.dumps({'verification_ref': url})
def _handle_order(self, order): """ Either creates a secret item here, or else begins the extended process of creating a secret (such as for SSL certificate generation. """ LOG.debug("Handling order for secret type of {0}..." .format(order.secret_mime_type)) order_info = order.to_dict_fields() secret_info = order_info['secret'] # Create Secret tenant = get_or_create_tenant(order.tenant_id, self.tenant_repo) new_secret = create_secret(secret_info, tenant, self.crypto_manager, self.secret_repo, self.tenant_secret_repo, self.datum_repo, ok_to_generate=True) order.secret_id = new_secret.id LOG.debug("...done creating order's secret.")
def index(self, keystone_id): secret = self.repo.get(entity_id=self.secret_id, keystone_id=keystone_id, suppress_exception=True) if not secret: _secret_not_found() if controllers.is_json_request_accept(pecan.request): # Metadata-only response, no decryption necessary. pecan.override_template('json', 'application/json') secret_fields = mime_types.augment_fields_with_content_types( secret) return hrefs.convert_to_hrefs(keystone_id, secret_fields) else: tenant = res.get_or_create_tenant(keystone_id, self.tenant_repo) pecan.override_template('', pecan.request.accept.header_value) return self.crypto_manager.decrypt( pecan.request.accept.header_value, secret, tenant )
def on_post(self, keystone_id, **kwargs): tenant = res.get_or_create_tenant(keystone_id, self.tenant_repo) body = api.load_body(pecan.request, validator=self.type_order_validator) order_type = body.get('type') LOG.debug('Processing order type %s', order_type) new_order = models.Order() new_order.meta = body.get('meta') new_order.type = order_type new_order.tenant_id = tenant.id self.order_repo.create_from(new_order) self.queue.process_type_order(order_id=new_order.id, keystone_id=keystone_id) pecan.response.status = 202 pecan.response.headers['Location'] = '/{0}/orders/{1}'.format( keystone_id, new_order.id ) url = hrefs.convert_order_to_href(new_order.id) return {'order_ref': url}
def on_post(self, keystone_id, **kwargs): tenant = res.get_or_create_tenant(keystone_id, self.tenant_repo) #Note(atiwari): trying to preserve backward compatibility #This will be removed as part of bug1335171 raw_body = pecan.request.body order_type = None if raw_body: order_type = json.loads(raw_body).get('type') if order_type: body = api.load_body(pecan.request, validator=self.type_order_validator) LOG.debug('Processing order type %s', order_type) new_order = models.Order() new_order.meta = body.get('meta') new_order.type = order_type #TODO(john-wood-w) These are required attributes currently, but # will eventually be removed once we drop the legacy orders # request. new_order.secret_name = 'N/A' new_order.secret_algorithm = 'N/A' new_order.secret_bit_length = 0 new_order.secret_mode = 'N/A' new_order.secret_payload_content_type = 'N/A' else: body = api.load_body(pecan.request, validator=self.validator) LOG.debug('Start on_post...%s', body) if 'secret' not in body: _secret_not_in_order() secret_info = body['secret'] name = secret_info.get('name') LOG.debug('Secret to create is %s', name) new_order = models.Order() new_order.secret_name = secret_info.get('name') new_order.secret_algorithm = secret_info.get('algorithm') new_order.secret_bit_length = secret_info.get('bit_length', 0) new_order.secret_mode = secret_info.get('mode') new_order.secret_payload_content_type = secret_info.get( 'payload_content_type') new_order.secret_expiration = secret_info.get('expiration') new_order.tenant_id = tenant.id self.order_repo.create_from(new_order) # Send to workers to process. #TODO(atiwari) - bug 1335171 if order_type: self.queue.process_type_order(order_id=new_order.id, keystone_id=keystone_id) else: self.queue.process_order(order_id=new_order.id, keystone_id=keystone_id) pecan.response.status = 202 pecan.response.headers['Location'] = '/{0}/orders/{1}'.format( keystone_id, new_order.id ) url = hrefs.convert_order_to_href(new_order.id) return {'order_ref': url}