예제 #1
0
파일: service.py 프로젝트: rhoml/lemur
def render(args):
    """
    Helper function that allows use to render our REST Api.

    :param args:
    :return:
    """
    query = database.session_query(Certificate)

    time_range = args.pop("time_range")
    destination_id = args.pop("destination_id")
    notification_id = args.pop("notification_id", None)
    show = args.pop("show")
    # owner = args.pop('owner')
    # creator = args.pop('creator')  # TODO we should enabling filtering by owner

    filt = args.pop("filter")

    if filt:
        terms = filt.split(";")
        if "issuer" in terms:
            # we can't rely on issuer being correct in the cert directly so we combine queries
            sub_query = (
                database.session_query(Authority.id).filter(Authority.name.ilike("%{0}%".format(terms[1]))).subquery()
            )

            query = query.filter(
                or_(Certificate.issuer.ilike("%{0}%".format(terms[1])), Certificate.authority_id.in_(sub_query))
            )
            return database.sort_and_page(query, Certificate, args)

        if "destination" in terms:
            query = query.filter(Certificate.destinations.any(Destination.id == terms[1]))
        elif "active" in filt:  # this is really weird but strcmp seems to not work here??
            query = query.filter(Certificate.active == terms[1])
        else:
            query = database.filter(query, Certificate, terms)

    if show:
        sub_query = database.session_query(Role.name).filter(Role.user_id == g.user.id).subquery()
        query = query.filter(or_(Certificate.user_id == g.user.id, Certificate.owner.in_(sub_query)))

    if destination_id:
        query = query.filter(Certificate.destinations.any(Destination.id == destination_id))

    if notification_id:
        query = query.filter(Certificate.notifications.any(Notification.id == notification_id))

    if time_range:
        to = arrow.now().replace(weeks=+time_range).format("YYYY-MM-DD")
        now = arrow.now().format("YYYY-MM-DD")
        query = query.filter(Certificate.not_after <= to).filter(Certificate.not_after >= now)

    return database.sort_and_page(query, Certificate, args)
예제 #2
0
파일: service.py 프로젝트: Netflix/lemur
def render(args):
    """
    Helper that helps us render the REST Api responses.
    :param args:
    :return:
    """
    query = database.session_query(Authority)
    filt = args.pop('filter')

    if filt:
        terms = filt.split(';')
        if 'active' in filt:
            query = query.filter(Authority.active == truthiness(terms[1]))
        elif 'cn' in filt:
            term = '%{0}%'.format(terms[1])
            sub_query = database.session_query(Certificate.root_authority_id) \
                .filter(Certificate.cn.ilike(term)) \
                .subquery()

            query = query.filter(Authority.id.in_(sub_query))
        else:
            query = database.filter(query, Authority, terms)

    # we make sure that a user can only use an authority they either own are a member of - admins can see all
    if not args['user'].is_admin:
        authority_ids = []
        for authority in args['user'].authorities:
            authority_ids.append(authority.id)

        for role in args['user'].roles:
            for authority in role.authorities:
                authority_ids.append(authority.id)
        query = query.filter(Authority.id.in_(authority_ids))

    return database.sort_and_page(query, Authority, args)
예제 #3
0
def render(args):
    """
    Helper that filters subsets of roles depending on the parameters
    passed to the REST Api

    :param args:
    :return:
    """
    query = database.session_query(Role)
    filt = args.pop('filter')
    user_id = args.pop('user_id', None)
    authority_id = args.pop('authority_id', None)

    if user_id:
        query = query.filter(Role.users.any(User.id == user_id))

    if authority_id:
        query = query.filter(Role.authority_id == authority_id)

    # we make sure that user can see the role - admins can see all
    if not g.current_user.is_admin:
        ids = []
        for role in g.current_user.roles:
            ids.append(role.id)
        query = query.filter(Role.id.in_(ids))

    if filt:
        terms = filt.split(';')
        query = database.filter(query, Role, terms)

    return database.sort_and_page(query, Role, args)
예제 #4
0
def render(args):
    """
    Helper that helps us render the REST Api responses.
    :param args:
    :return:
    """
    query = database.session_query(Endpoint)
    filt = args.pop('filter')

    if filt:
        terms = filt.split(';')
        if 'active' in filt:  # this is really weird but strcmp seems to not work here??
            query = query.filter(Endpoint.active == terms[1])
        elif 'port' in filt:
            if terms[1] != 'null':  # ng-table adds 'null' if a number is removed
                query = query.filter(Endpoint.port == terms[1])
        elif 'ciphers' in filt:
            query = query.filter(
                Cipher.name == terms[1]
            )
        else:
            query = database.filter(query, Endpoint, terms)

    # we make sure that a user can only use an endpoint they either own are are a member of - admins can see all
    if not g.current_user.is_admin:
        endpoint_ids = []
        for role in g.current_user.roles:
            for endpoint in role.endpoints:
                endpoint_ids.append(endpoint.id)
        query = query.filter(Endpoint.id.in_(endpoint_ids))

    return database.sort_and_page(query, Endpoint, args)
예제 #5
0
파일: service.py 프로젝트: harmw/lemur
def render(args):
    """
    Helper that paginates and filters data when requested
    through the REST Api

    :param args:
    :return:
    """
    query = database.session_query(Log)

    filt = args.pop('filter')

    if filt:
        terms = filt.split(';')

        if 'certificate.name' in terms:
            sub_query = database.session_query(Certificate.id)\
                .filter(Certificate.name.ilike('%{0}%'.format(terms[1])))

            query = query.filter(Log.certificate_id.in_(sub_query))

        elif 'user.email' in terms:
            sub_query = database.session_query(User.id)\
                .filter(User.email.ilike('%{0}%'.format(terms[1])))

            query = query.filter(Log.user_id.in_(sub_query))

        else:
            query = database.filter(query, Log, terms)

    return database.sort_and_page(query, Log, args)
예제 #6
0
파일: service.py 프로젝트: yiluzhu/lemur
def render(args):
    """
    Helper that paginates and filters data when requested
    through the REST Api

    :param args:
    :return:
    """
    query = database.session_query(Log)

    filt = args.pop("filter")

    if filt:
        terms = filt.split(";")

        if "certificate.name" in terms:
            sub_query = database.session_query(Certificate.id).filter(
                Certificate.name.ilike("%{0}%".format(terms[1])))

            query = query.filter(Log.certificate_id.in_(sub_query))

        elif "user.email" in terms:
            sub_query = database.session_query(User.id).filter(
                User.email.ilike("%{0}%".format(terms[1])))

            query = query.filter(Log.user_id.in_(sub_query))

        else:
            query = database.filter(query, Log, terms)

    return database.sort_and_page(query, Log, args)
예제 #7
0
def render(args):
    """
    Helper that helps us render the REST Api responses.
    :param args:
    :return:
    """
    query = database.session_query(Authority)
    filt = args.pop('filter')

    if filt:
        terms = filt.split(';')
        if 'active' in filt:  # this is really weird but strcmp seems to not work here??
            query = query.filter(Authority.active == terms[1])
        else:
            query = database.filter(query, Authority, terms)

    # we make sure that a user can only use an authority they either own are are a member of - admins can see all
    if not g.current_user.is_admin:
        authority_ids = []
        for authority in g.current_user.authorities:
            authority_ids.append(authority.id)

        for role in g.current_user.roles:
            for authority in role.authorities:
                authority_ids.append(authority.id)
        query = query.filter(Authority.id.in_(authority_ids))

    return database.sort_and_page(query, Authority, args)
예제 #8
0
파일: service.py 프로젝트: scriptsrc/lemur
def render(args):
    """
    Helper that helps us render the REST Api responses.
    :param args:
    :return:
    """
    query = database.session_query(Authority)
    filt = args.pop('filter')

    if filt:
        terms = filt.split(';')
        if 'active' in filt:  # this is really weird but strcmp seems to not work here??
            query = query.filter(Authority.active == terms[1])
        else:
            query = database.filter(query, Authority, terms)

    # we make sure that a user can only use an authority they either own are a member of - admins can see all
    if not args['user'].is_admin:
        authority_ids = []
        for authority in args['user'].authorities:
            authority_ids.append(authority.id)

        for role in args['user'].roles:
            for authority in role.authorities:
                authority_ids.append(authority.id)
        query = query.filter(Authority.id.in_(authority_ids))

    return database.sort_and_page(query, Authority, args)
예제 #9
0
def render(args):
    """
    Helper that helps us render the REST Api responses.
    :param args:
    :return:
    """
    query = database.session_query(Authority)
    filt = args.pop('filter')

    if filt:
        terms = filt.split(';')
        if 'active' in filt:
            query = query.filter(Authority.active == truthiness(terms[1]))
        elif 'cn' in filt:
            term = '%{0}%'.format(terms[1])
            sub_query = database.session_query(Certificate.root_authority_id) \
                .filter(Certificate.cn.ilike(term)) \
                .subquery()

            query = query.filter(Authority.id.in_(sub_query))
        else:
            query = database.filter(query, Authority, terms)

    # we make sure that a user can only use an authority they either own are a member of - admins can see all
    if not args['user'].is_admin:
        authority_ids = []
        for authority in args['user'].authorities:
            authority_ids.append(authority.id)

        for role in args['user'].roles:
            for authority in role.authorities:
                authority_ids.append(authority.id)
        query = query.filter(Authority.id.in_(authority_ids))

    return database.sort_and_page(query, Authority, args)
예제 #10
0
def render(args):
    """
    Helper that helps us render the REST Api responses.
    :param args:
    :return:
    """
    query = database.session_query(Endpoint)\
        .options(joinedload(Endpoint.certificate))\
        .options(joinedload(Endpoint.source))
    filt = args.pop("filter")

    if filt:
        terms = filt.split(";")
        term = "%{0}%".format(terms[1])
        if "active" in filt:  # this is really weird but strcmp seems to not work here??
            query = query.filter(Endpoint.active == truthiness(terms[1]))
        elif "port" in filt:
            if terms[1] != "null":  # ng-table adds 'null' if a number is removed
                query = query.filter(Endpoint.port == terms[1])
        elif "ciphers" in filt:
            query = query.filter(Cipher.name == terms[1])
        elif "source" in filt:
            query = query.filter(Endpoint.source.has(Source.label.like(term.lower())))
        else:
            query = database.filter(query, Endpoint, terms)

        if terms[0] == "name":
            alias_query = Endpoint.query.filter(
                Endpoint.aliases.any(EndpointDnsAlias.alias.ilike(f"%{terms[1]}%")))
            query = query.union(alias_query)

    return database.sort_and_page(query, Endpoint, args)
예제 #11
0
def render(args):
    """
    Helper that helps us render the REST Api responses.
    :param args:
    :return:
    """
    query = database.session_query(DnsProvider)

    return database.sort_and_page(query, DnsProvider, args)
예제 #12
0
def query_name(certificate_name, args):
    """
    Helper function that queries for a certificate by name

    :param args:
    :return:
    """
    query = database.session_query(Certificate)
    query = query.filter(Certificate.name == certificate_name)
    result = database.sort_and_page(query, Certificate, args)
    return result
예제 #13
0
def render(args):
    filt = args.pop('filter')
    certificate_id = args.pop('certificate_id', None)

    if certificate_id:
        query = database.session_query(Source).join(Certificate, Source.certificate)
        query = query.filter(Certificate.id == certificate_id)
    else:
        query = database.session_query(Source)

    if filt:
        terms = filt.split(';')
        query = database.filter(query, Source, terms)

    return database.sort_and_page(query, Source, args)
예제 #14
0
def render(args):
    filt = args.pop('filter')
    certificate_id = args.pop('certificate_id', None)

    if certificate_id:
        query = database.session_query(Source).join(Certificate, Source.certificate)
        query = query.filter(Certificate.id == certificate_id)
    else:
        query = database.session_query(Source)

    if filt:
        terms = filt.split(';')
        query = database.filter(query, Source, terms)

    return database.sort_and_page(query, Source, args)
예제 #15
0
def render(args):
    filt = args.pop("filter")
    certificate_id = args.pop("certificate_id", None)

    if certificate_id:
        query = database.session_query(Destination).join(
            Certificate, Destination.certificate)
        query = query.filter(Certificate.id == certificate_id)
    else:
        query = database.session_query(Destination)

    if filt:
        terms = filt.split(";")
        query = database.filter(query, Destination, terms)

    return database.sort_and_page(query, Destination, args)
예제 #16
0
def render(args):
    """
    Helper that paginates and filters data when requested
    through the REST Api

    :param args:
    :return:
    """
    query = database.session_query(Log)

    filt = args.pop('filter')

    if filt:
        terms = filt.split(';')
        query = database.filter(query, Log, terms)

    return database.sort_and_page(query, Log, args)
예제 #17
0
파일: service.py 프로젝트: harmw/lemur
def render(args):
    """
    Helper that paginates and filters data when requested
    through the REST Api

    :param args:
    :return:
    """
    query = database.session_query(User)

    filt = args.pop('filter')

    if filt:
        terms = filt.split(';')
        query = database.filter(query, User, terms)

    return database.sort_and_page(query, User, args)
예제 #18
0
def render(args):
    """
    Helper to parse REST Api requests

    :param args:
    :return:
    """
    query = database.session_query(Domain).join(Certificate, Domain.certificate)
    filt = args.pop('filter')
    certificate_id = args.pop('certificate_id', None)

    if filt:
        terms = filt.split(';')
        query = database.filter(query, Domain, terms)

    if certificate_id:
        query = query.filter(Certificate.id == certificate_id)

    return database.sort_and_page(query, Domain, args)
예제 #19
0
def render(args):
    filt = args.pop('filter')
    certificate_id = args.pop('certificate_id', None)

    if certificate_id:
        query = database.session_query(Notification).join(
            Certificate, Notification.certificate)
        query = query.filter(Certificate.id == certificate_id)
    else:
        query = database.session_query(Notification)

    if filt:
        terms = filt.split(';')
        if terms[0] == 'active':
            query = query.filter(Notification.active == truthiness(terms[1]))
        else:
            query = database.filter(query, Notification, terms)

    return database.sort_and_page(query, Notification, args)
예제 #20
0
def render(args):
    """
    Helper to parse REST Api requests

    :param args:
    :return:
    """
    query = database.session_query(Domain)
    filt = args.pop('filter')
    certificate_id = args.pop('certificate_id', None)

    if filt:
        terms = filt.split(';')
        query = database.filter(query, Domain, terms)

    if certificate_id:
        query = query.join(Certificate, Domain.certificates)
        query = query.filter(Certificate.id == certificate_id)

    return database.sort_and_page(query, Domain, args)
예제 #21
0
def render(args):
    filt = args.pop('filter')
    certificate_id = args.pop('certificate_id', None)

    if certificate_id:
        query = database.session_query(Notification).join(Certificate, Notification.certificate)
        query = query.filter(Certificate.id == certificate_id)
    else:
        query = database.session_query(Notification)

    if filt:
        terms = filt.split(';')
        if terms[0] == 'active' and terms[1] == 'false':
            query = query.filter(Notification.active == False)  # noqa
        elif terms[0] == 'active' and terms[1] == 'true':
            query = query.filter(Notification.active == True)  # noqa
        else:
            query = database.filter(query, Notification, terms)

    return database.sort_and_page(query, Notification, args)
예제 #22
0
def render(args):
    """
    Helper that helps us render the REST Api responses.
    :param args:
    :return:
    """
    query = database.session_query(Endpoint)
    filt = args.pop('filter')

    if filt:
        terms = filt.split(';')
        if 'active' in filt:  # this is really weird but strcmp seems to not work here??
            query = query.filter(Endpoint.active == truthiness(terms[1]))
        elif 'port' in filt:
            if terms[1] != 'null':  # ng-table adds 'null' if a number is removed
                query = query.filter(Endpoint.port == terms[1])
        elif 'ciphers' in filt:
            query = query.filter(Cipher.name == terms[1])
        else:
            query = database.filter(query, Endpoint, terms)

    return database.sort_and_page(query, Endpoint, args)
예제 #23
0
파일: service.py 프로젝트: yiluzhu/lemur
def render(args):
    """
    Helper to parse REST Api requests

    :param args:
    :return:
    """
    query = database.session_query(ApiKey)
    user_id = args.pop("user_id", None)
    aid = args.pop("id", None)
    has_permission = args.pop("has_permission", False)
    requesting_user_id = args.pop("requesting_user_id")

    if user_id:
        query = query.filter(ApiKey.user_id == user_id)

    if aid:
        query = query.filter(ApiKey.id == aid)

    if not has_permission:
        query = query.filter(ApiKey.user_id == requesting_user_id)

    return database.sort_and_page(query, ApiKey, args)
예제 #24
0
파일: service.py 프로젝트: harmw/lemur
def render(args):
    """
    Helper that filters subsets of roles depending on the parameters
    passed to the REST Api

    :param args:
    :return:
    """
    query = database.session_query(Role)
    filt = args.pop('filter')
    user_id = args.pop('user_id', None)
    authority_id = args.pop('authority_id', None)

    if user_id:
        query = query.filter(Role.users.any(User.id == user_id))

    if authority_id:
        query = query.filter(Role.authority_id == authority_id)

    if filt:
        terms = filt.split(';')
        query = database.filter(query, Role, terms)

    return database.sort_and_page(query, Role, args)
예제 #25
0
파일: service.py 프로젝트: Netflix/lemur
def render(args):
    """
    Helper that helps us render the REST Api responses.
    :param args:
    :return:
    """
    query = database.session_query(Endpoint)
    filt = args.pop('filter')

    if filt:
        terms = filt.split(';')
        if 'active' in filt:  # this is really weird but strcmp seems to not work here??
            query = query.filter(Endpoint.active == truthiness(terms[1]))
        elif 'port' in filt:
            if terms[1] != 'null':  # ng-table adds 'null' if a number is removed
                query = query.filter(Endpoint.port == terms[1])
        elif 'ciphers' in filt:
            query = query.filter(
                Cipher.name == terms[1]
            )
        else:
            query = database.filter(query, Endpoint, terms)

    return database.sort_and_page(query, Endpoint, args)
예제 #26
0
def render(args):
    """
    Helper that filters subsets of roles depending on the parameters
    passed to the REST Api

    :param args:
    :return:
    """
    query = database.session_query(Role)
    filt = args.pop("filter")
    user_id = args.pop("user_id", None)
    authority_id = args.pop("authority_id", None)

    if user_id:
        query = query.filter(Role.users.any(User.id == user_id))

    if authority_id:
        query = query.filter(Role.authority_id == authority_id)

    if filt:
        terms = filt.split(";")
        query = database.filter(query, Role, terms)

    return database.sort_and_page(query, Role, args)
예제 #27
0
파일: service.py 프로젝트: harmw/lemur
def render(args):
    """
    Helper function that allows use to render our REST Api.

    :param args:
    :return:
    """
    query = database.session_query(Certificate)

    time_range = args.pop('time_range')
    destination_id = args.pop('destination_id')
    notification_id = args.pop('notification_id', None)
    show = args.pop('show')
    # owner = args.pop('owner')
    # creator = args.pop('creator')  # TODO we should enabling filtering by owner

    filt = args.pop('filter')

    if filt:
        terms = filt.split(';')

        if 'issuer' in terms:
            # we can't rely on issuer being correct in the cert directly so we combine queries
            sub_query = database.session_query(Authority.id)\
                .filter(Authority.name.ilike('%{0}%'.format(terms[1])))\
                .subquery()

            query = query.filter(
                or_(
                    Certificate.issuer.ilike('%{0}%'.format(terms[1])),
                    Certificate.authority_id.in_(sub_query)
                )
            )
            return database.sort_and_page(query, Certificate, args)

        elif 'destination' in terms:
            query = query.filter(Certificate.destinations.any(Destination.id == terms[1]))
        elif 'notify' in filt:
            query = query.filter(Certificate.notify == cast(terms[1], Boolean))
        elif 'active' in filt:
            query = query.filter(Certificate.active == terms[1])
        elif 'cn' in terms:
            query = query.filter(
                or_(
                    Certificate.cn.ilike('%{0}%'.format(terms[1])),
                    Certificate.domains.any(Domain.name.ilike('%{0}%'.format(terms[1])))
                )
            )
        elif 'id' in terms:
            query = query.filter(Certificate.id == cast(terms[1], Integer))
        else:
            query = database.filter(query, Certificate, terms)

    if show:
        sub_query = database.session_query(Role.name).filter(Role.user_id == args['user'].id).subquery()
        query = query.filter(
            or_(
                Certificate.user_id == args['user'].id,
                Certificate.owner.in_(sub_query)
            )
        )

    if destination_id:
        query = query.filter(Certificate.destinations.any(Destination.id == destination_id))

    if notification_id:
        query = query.filter(Certificate.notifications.any(Notification.id == notification_id))

    if time_range:
        to = arrow.now().replace(weeks=+time_range).format('YYYY-MM-DD')
        now = arrow.now().format('YYYY-MM-DD')
        query = query.filter(Certificate.not_after <= to).filter(Certificate.not_after >= now)

    return database.sort_and_page(query, Certificate, args)
예제 #28
0
파일: service.py 프로젝트: terinjokes/lemur
def render(args):
    """
    Helper function that allows use to render our REST Api.

    :param args:
    :return:
    """
    query = database.session_query(Certificate)

    time_range = args.pop('time_range')
    destination_id = args.pop('destination_id')
    notification_id = args.pop('notification_id', None)
    show = args.pop('show')
    # owner = args.pop('owner')
    # creator = args.pop('creator')  # TODO we should enabling filtering by owner

    filt = args.pop('filter')

    if filt:
        terms = filt.split(';')

        if 'issuer' in terms:
            # we can't rely on issuer being correct in the cert directly so we combine queries
            sub_query = database.session_query(Authority.id)\
                .filter(Authority.name.ilike('%{0}%'.format(terms[1])))\
                .subquery()

            query = query.filter(
                or_(
                    Certificate.issuer.ilike('%{0}%'.format(terms[1])),
                    Certificate.authority_id.in_(sub_query)
                )
            )
            return database.sort_and_page(query, Certificate, args)

        elif 'destination' in terms:
            query = query.filter(Certificate.destinations.any(Destination.id == terms[1]))
        elif 'active' in filt:  # this is really weird but strcmp seems to not work here??
            query = query.filter(Certificate.active == terms[1])
        elif 'cn' in terms:
            query = query.filter(
                or_(
                    Certificate.cn.ilike('%{0}%'.format(terms[1])),
                    Certificate.domains.any(Domain.name.ilike('%{0}%'.format(terms[1])))
                )
            )
        else:
            query = database.filter(query, Certificate, terms)

    if show:
        sub_query = database.session_query(Role.name).filter(Role.user_id == g.user.id).subquery()
        query = query.filter(
            or_(
                Certificate.user_id == g.user.id,
                Certificate.owner.in_(sub_query)
            )
        )

    if destination_id:
        query = query.filter(Certificate.destinations.any(Destination.id == destination_id))

    if notification_id:
        query = query.filter(Certificate.notifications.any(Notification.id == notification_id))

    if time_range:
        to = arrow.now().replace(weeks=+time_range).format('YYYY-MM-DD')
        now = arrow.now().format('YYYY-MM-DD')
        query = query.filter(Certificate.not_after <= to).filter(Certificate.not_after >= now)

    return database.sort_and_page(query, Certificate, args)
예제 #29
0
파일: service.py 프로젝트: Netflix/lemur
def render(args):
    """
    Helper function that allows use to render our REST Api.

    :param args:
    :return:
    """
    query = database.session_query(Certificate)

    time_range = args.pop('time_range')
    destination_id = args.pop('destination_id')
    notification_id = args.pop('notification_id', None)
    show = args.pop('show')
    # owner = args.pop('owner')
    # creator = args.pop('creator')  # TODO we should enabling filtering by owner

    filt = args.pop('filter')

    if filt:
        terms = filt.split(';')
        term = '%{0}%'.format(terms[1])
        # Exact matches for quotes. Only applies to name, issuer, and cn
        if terms[1].startswith('"') and terms[1].endswith('"'):
            term = terms[1][1:-1]

        if 'issuer' in terms:
            # we can't rely on issuer being correct in the cert directly so we combine queries
            sub_query = database.session_query(Authority.id) \
                .filter(Authority.name.ilike(term)) \
                .subquery()

            query = query.filter(
                or_(
                    Certificate.issuer.ilike(term),
                    Certificate.authority_id.in_(sub_query)
                )
            )

        elif 'destination' in terms:
            query = query.filter(Certificate.destinations.any(Destination.id == terms[1]))
        elif 'notify' in filt:
            query = query.filter(Certificate.notify == truthiness(terms[1]))
        elif 'active' in filt:
            query = query.filter(Certificate.active == truthiness(terms[1]))
        elif 'cn' in terms:
            query = query.filter(
                or_(
                    Certificate.cn.ilike(term),
                    Certificate.domains.any(Domain.name.ilike(term))
                )
            )
        elif 'id' in terms:
            query = query.filter(Certificate.id == cast(terms[1], Integer))
        elif 'name' in terms:
            query = query.filter(
                or_(
                    Certificate.name.ilike(term),
                    Certificate.domains.any(Domain.name.ilike(term)),
                    Certificate.cn.ilike(term),
                )
            )
        else:
            query = database.filter(query, Certificate, terms)

    if show:
        sub_query = database.session_query(Role.name).filter(Role.user_id == args['user'].id).subquery()
        query = query.filter(
            or_(
                Certificate.user_id == args['user'].id,
                Certificate.owner.in_(sub_query)
            )
        )

    if destination_id:
        query = query.filter(Certificate.destinations.any(Destination.id == destination_id))

    if notification_id:
        query = query.filter(Certificate.notifications.any(Notification.id == notification_id))

    if time_range:
        to = arrow.now().replace(weeks=+time_range).format('YYYY-MM-DD')
        now = arrow.now().format('YYYY-MM-DD')
        query = query.filter(Certificate.not_after <= to).filter(Certificate.not_after >= now)

    if current_app.config.get('ALLOW_CERT_DELETION', False):
        query = query.filter(Certificate.deleted == False)  # noqa

    result = database.sort_and_page(query, Certificate, args)
    return result
예제 #30
0
def render(args):
    """
    Helper function that allows use to render our REST Api.

    :param args:
    :return:
    """
    query = database.session_query(Certificate)

    show_expired = args.pop("showExpired")
    if show_expired != 1:
        one_month_old = (
            arrow.now()
            .shift(months=current_app.config.get("HIDE_EXPIRED_CERTS_AFTER_MONTHS", -1))
            .format("YYYY-MM-DD")
        )
        query = query.filter(Certificate.not_after > one_month_old)

    time_range = args.pop("time_range")

    destination_id = args.pop("destination_id")
    notification_id = args.pop("notification_id", None)
    serial_number = args.pop("serial", None)
    show = args.pop("show")
    # owner = args.pop('owner')
    # creator = args.pop('creator')  # TODO we should enabling filtering by owner

    filt = args.pop("filter")

    if filt:
        terms = filt.split(";")
        term = "%{0}%".format(terms[1])
        # Exact matches for quotes. Only applies to name, issuer, and cn
        if terms[1].startswith('"') and terms[1].endswith('"'):
            term = terms[1][1:-1]

        if "issuer" in terms:
            # we can't rely on issuer being correct in the cert directly so we combine queries
            sub_query = (
                database.session_query(Authority.id)
                .filter(Authority.name.ilike(term))
                .subquery()
            )

            query = query.filter(
                or_(
                    Certificate.issuer.ilike(term),
                    Certificate.authority_id.in_(sub_query),
                )
            )

        elif "destination" in terms:
            query = query.filter(
                Certificate.destinations.any(Destination.id == terms[1])
            )
        elif "notify" in filt:
            query = query.filter(Certificate.notify == truthiness(terms[1]))
        elif "rotation" in filt:
            query = query.filter(Certificate.rotation == truthiness(terms[1]))
        elif "active" in filt:
            query = query.filter(Certificate.active == truthiness(terms[1]))
        elif "cn" in terms:
            query = query.filter(
                or_(
                    func.lower(Certificate.cn).like(term.lower()),
                    Certificate.id.in_(like_domain_query(term)),
                )
            )
        elif "id" in terms:
            query = query.filter(Certificate.id == cast(terms[1], Integer))
        elif "name" in terms:
            query = query.filter(
                or_(
                    func.lower(Certificate.name).like(term.lower()),
                    Certificate.id.in_(like_domain_query(term)),
                    func.lower(Certificate.cn).like(term.lower()),
                )
            )
        elif "fixedName" in terms:
            # only what matches the fixed name directly if a fixedname is provided
            query = query.filter(Certificate.name == terms[1])
        else:
            query = database.filter(query, Certificate, terms)

    if show:
        sub_query = (
            database.session_query(Role.name)
            .filter(Role.user_id == args["user"].id)
            .subquery()
        )
        query = query.filter(
            or_(
                Certificate.user_id == args["user"].id, Certificate.owner.in_(sub_query)
            )
        )

    if destination_id:
        query = query.filter(
            Certificate.destinations.any(Destination.id == destination_id)
        )

    if notification_id:
        query = query.filter(
            Certificate.notifications.any(Notification.id == notification_id)
        )

    if time_range:
        to = arrow.now().shift(weeks=+time_range).format("YYYY-MM-DD")
        now = arrow.now().format("YYYY-MM-DD")
        query = query.filter(Certificate.not_after <= to).filter(
            Certificate.not_after >= now
        )

    if current_app.config.get("ALLOW_CERT_DELETION", False):
        query = query.filter(Certificate.deleted == false())

    if serial_number:
        if serial_number.lower().startswith('0x'):
            serial_number = str(int(serial_number[2:], 16))
        elif ":" in serial_number:
            serial_number = str(int(serial_number.replace(':', ''), 16))

        query = query.filter(Certificate.serial == serial_number)

    result = database.sort_and_page(query, Certificate, args)
    return result
예제 #31
0
def render(args):
    query = database.session_query(PendingCertificate)
    time_range = args.pop('time_range')
    destination_id = args.pop('destination_id')
    notification_id = args.pop('notification_id', None)
    show = args.pop('show')
    # owner = args.pop('owner')
    # creator = args.pop('creator')  # TODO we should enabling filtering by owner

    filt = args.pop('filter')

    if filt:
        terms = filt.split(';')

        if 'issuer' in terms:
            # we can't rely on issuer being correct in the cert directly so we combine queries
            sub_query = database.session_query(Authority.id) \
                .filter(Authority.name.ilike('%{0}%'.format(terms[1]))) \
                .subquery()

            query = query.filter(
                or_(PendingCertificate.issuer.ilike('%{0}%'.format(terms[1])),
                    PendingCertificate.authority_id.in_(sub_query)))

        elif 'destination' in terms:
            query = query.filter(
                PendingCertificate.destinations.any(
                    Destination.id == terms[1]))
        elif 'notify' in filt:
            query = query.filter(
                PendingCertificate.notify == truthiness(terms[1]))
        elif 'active' in filt:
            query = query.filter(
                PendingCertificate.active == truthiness(terms[1]))
        elif 'cn' in terms:
            query = query.filter(
                or_(
                    PendingCertificate.cn.ilike('%{0}%'.format(terms[1])),
                    PendingCertificate.domains.any(
                        Domain.name.ilike('%{0}%'.format(terms[1])))))
        elif 'id' in terms:
            query = query.filter(
                PendingCertificate.id == cast(terms[1], Integer))
        else:
            query = database.filter(query, PendingCertificate, terms)

    if show:
        sub_query = database.session_query(
            Role.name).filter(Role.user_id == args['user'].id).subquery()
        query = query.filter(
            or_(PendingCertificate.user_id == args['user'].id,
                PendingCertificate.owner.in_(sub_query)))

    if destination_id:
        query = query.filter(
            PendingCertificate.destinations.any(
                Destination.id == destination_id))

    if notification_id:
        query = query.filter(
            PendingCertificate.notifications.any(
                Notification.id == notification_id))

    if time_range:
        to = arrow.now().replace(weeks=+time_range).format('YYYY-MM-DD')
        now = arrow.now().format('YYYY-MM-DD')
        query = query.filter(PendingCertificate.not_after <= to).filter(
            PendingCertificate.not_after >= now)

    # Only show unresolved certificates in the UI
    query = query.filter(PendingCertificate.resolved.is_(False))
    return database.sort_and_page(query, PendingCertificate, args)
예제 #32
0
def render(args):
    query = database.session_query(PendingCertificate)
    time_range = args.pop("time_range")
    destination_id = args.pop("destination_id")
    notification_id = args.pop("notification_id", None)
    show = args.pop("show")
    # owner = args.pop('owner')
    # creator = args.pop('creator')  # TODO we should enabling filtering by owner

    filt = args.pop("filter")

    if filt:
        terms = filt.split(";")

        if "issuer" in terms:
            # we can't rely on issuer being correct in the cert directly so we combine queries
            sub_query = (database.session_query(Authority.id).filter(
                Authority.name.ilike("%{0}%".format(terms[1]))).subquery())

            query = query.filter(
                or_(
                    PendingCertificate.issuer.ilike("%{0}%".format(terms[1])),
                    PendingCertificate.authority_id.in_(sub_query),
                ))

        elif "destination" in terms:
            query = query.filter(
                PendingCertificate.destinations.any(
                    Destination.id == terms[1]))
        elif "notify" in filt:
            query = query.filter(
                PendingCertificate.notify == truthiness(terms[1]))
        elif "active" in filt:
            query = query.filter(
                PendingCertificate.active == truthiness(terms[1]))
        elif "cn" in terms:
            query = query.filter(
                or_(
                    PendingCertificate.cn.ilike("%{0}%".format(terms[1])),
                    PendingCertificate.domains.any(
                        Domain.name.ilike("%{0}%".format(terms[1]))),
                ))
        elif "id" in terms:
            query = query.filter(
                PendingCertificate.id == cast(terms[1], Integer))
        else:
            query = database.filter(query, PendingCertificate, terms)

    if show:
        sub_query = (database.session_query(
            Role.name).filter(Role.user_id == args["user"].id).subquery())
        query = query.filter(
            or_(
                PendingCertificate.user_id == args["user"].id,
                PendingCertificate.owner.in_(sub_query),
            ))

    if destination_id:
        query = query.filter(
            PendingCertificate.destinations.any(
                Destination.id == destination_id))

    if notification_id:
        query = query.filter(
            PendingCertificate.notifications.any(
                Notification.id == notification_id))

    if time_range:
        to = arrow.now().shift(weeks=+time_range).format("YYYY-MM-DD")
        now = arrow.now().format("YYYY-MM-DD")
        query = query.filter(PendingCertificate.not_after <= to).filter(
            PendingCertificate.not_after >= now)

    # Only show unresolved certificates in the UI
    query = query.filter(PendingCertificate.resolved.is_(False))
    return database.sort_and_page(query, PendingCertificate, args)
예제 #33
0
def render(args):
    """
    Helper function that allows use to render our REST Api.

    :param args:
    :return:
    """
    query = database.session_query(Certificate)

    time_range = args.pop("time_range")
    destination_id = args.pop("destination_id")
    notification_id = args.pop("notification_id", None)
    show = args.pop("show")
    # owner = args.pop('owner')
    # creator = args.pop('creator')  # TODO we should enabling filtering by owner

    filt = args.pop("filter")

    if filt:
        terms = filt.split(";")
        term = "%{0}%".format(terms[1])
        # Exact matches for quotes. Only applies to name, issuer, and cn
        if terms[1].startswith('"') and terms[1].endswith('"'):
            term = terms[1][1:-1]

        if "issuer" in terms:
            # we can't rely on issuer being correct in the cert directly so we combine queries
            sub_query = (database.session_query(Authority.id).filter(
                Authority.name.ilike(term)).subquery())

            query = query.filter(
                or_(
                    Certificate.issuer.ilike(term),
                    Certificate.authority_id.in_(sub_query),
                ))

        elif "destination" in terms:
            query = query.filter(
                Certificate.destinations.any(Destination.id == terms[1]))
        elif "notify" in filt:
            query = query.filter(Certificate.notify == truthiness(terms[1]))
        elif "active" in filt:
            query = query.filter(Certificate.active == truthiness(terms[1]))
        elif "cn" in terms:
            query = query.filter(
                or_(
                    Certificate.cn.ilike(term),
                    Certificate.domains.any(Domain.name.ilike(term)),
                ))
        elif "id" in terms:
            query = query.filter(Certificate.id == cast(terms[1], Integer))
        elif "name" in terms:
            query = query.filter(
                or_(
                    Certificate.name.ilike(term),
                    Certificate.domains.any(Domain.name.ilike(term)),
                    Certificate.cn.ilike(term),
                ))
        else:
            query = database.filter(query, Certificate, terms)

    if show:
        sub_query = (database.session_query(
            Role.name).filter(Role.user_id == args["user"].id).subquery())
        query = query.filter(
            or_(Certificate.user_id == args["user"].id,
                Certificate.owner.in_(sub_query)))

    if destination_id:
        query = query.filter(
            Certificate.destinations.any(Destination.id == destination_id))

    if notification_id:
        query = query.filter(
            Certificate.notifications.any(Notification.id == notification_id))

    if time_range:
        to = arrow.now().replace(weeks=+time_range).format("YYYY-MM-DD")
        now = arrow.now().format("YYYY-MM-DD")
        query = query.filter(Certificate.not_after <= to).filter(
            Certificate.not_after >= now)

    if current_app.config.get("ALLOW_CERT_DELETION", False):
        query = query.filter(Certificate.deleted == False)  # noqa

    result = database.sort_and_page(query, Certificate, args)
    return result
예제 #34
0
파일: service.py 프로젝트: syldej/lemur
def render(args):
    """
    Helper function that allows use to render our REST Api.

    :param args:
    :return:
    """
    query = database.session_query(Certificate)

    time_range = args.pop('time_range')
    destination_id = args.pop('destination_id')
    notification_id = args.pop('notification_id', None)
    show = args.pop('show')
    # owner = args.pop('owner')
    # creator = args.pop('creator')  # TODO we should enabling filtering by owner

    filt = args.pop('filter')

    if filt:
        terms = filt.split(';')
        term = '%{0}%'.format(terms[1])
        # Exact matches for quotes. Only applies to name, issuer, and cn
        if terms[1].startswith('"') and terms[1].endswith('"'):
            term = terms[1][1:-1]

        if 'issuer' in terms:
            # we can't rely on issuer being correct in the cert directly so we combine queries
            sub_query = database.session_query(Authority.id) \
                .filter(Authority.name.ilike(term)) \
                .subquery()

            query = query.filter(
                or_(Certificate.issuer.ilike(term),
                    Certificate.authority_id.in_(sub_query)))

        elif 'destination' in terms:
            query = query.filter(
                Certificate.destinations.any(Destination.id == terms[1]))
        elif 'notify' in filt:
            query = query.filter(Certificate.notify == truthiness(terms[1]))
        elif 'active' in filt:
            query = query.filter(Certificate.active == truthiness(terms[1]))
        elif 'cn' in terms:
            query = query.filter(
                or_(Certificate.cn.ilike(term),
                    Certificate.domains.any(Domain.name.ilike(term))))
        elif 'id' in terms:
            query = query.filter(Certificate.id == cast(terms[1], Integer))
        elif 'name' in terms:
            query = query.outerjoin(certificate_associations).outerjoin(
                Domain).filter(
                    or_(
                        Certificate.name.ilike(term),
                        Domain.name.ilike(term),
                        Certificate.cn.ilike(term),
                    )).group_by(Certificate.id)
        else:
            query = database.filter(query, Certificate, terms)

    if show:
        sub_query = database.session_query(
            Role.name).filter(Role.user_id == args['user'].id).subquery()
        query = query.filter(
            or_(Certificate.user_id == args['user'].id,
                Certificate.owner.in_(sub_query)))

    if destination_id:
        query = query.filter(
            Certificate.destinations.any(Destination.id == destination_id))

    if notification_id:
        query = query.filter(
            Certificate.notifications.any(Notification.id == notification_id))

    if time_range:
        to = arrow.now().replace(weeks=+time_range).format('YYYY-MM-DD')
        now = arrow.now().format('YYYY-MM-DD')
        query = query.filter(Certificate.not_after <= to).filter(
            Certificate.not_after >= now)

    result = database.sort_and_page(query, Certificate, args)
    return result