def put(self, kid):
if SuperUserPermission().can():
body = request.get_json()
try:
key = pre_oci_model.get_service_key(kid,
approved_only=False,
alive_only=False)
except ServiceKeyDoesNotExist:
raise NotFound()
key_log_metadata = {
'kid': key.kid,
'service': key.service,
'name': body.get('name', key.name),
'expiration_date': key.expiration_date,
}
if 'expiration' in body:
expiration_date = body['expiration']
if expiration_date is not None and expiration_date != '':
try:
expiration_date = datetime.utcfromtimestamp(
float(expiration_date))
except ValueError as ve:
raise InvalidRequest('Invalid expiration date: %s' %
ve)
if expiration_date <= datetime.now():
raise InvalidRequest(
'Cannot have an expiration date in the past')
key_log_metadata.update({
'old_expiration_date': key.expiration_date,
'expiration_date': expiration_date,
})
log_action('service_key_extend', None, key_log_metadata)
pre_oci_model.set_key_expiration(kid, expiration_date)
if 'name' in body or 'metadata' in body:
key_name = body.get('name')
if not validate_service_key_name(key_name):
raise InvalidRequest(
'Invalid service key friendly name: %s' % key_name)
pre_oci_model.update_service_key(kid, key_name,
body.get('metadata'))
log_action('service_key_modify', None, key_log_metadata)
updated_key = pre_oci_model.get_service_key(kid,
approved_only=False,
alive_only=False)
return jsonify(updated_key.to_dict())
raise Unauthorized()
def put(self, kid):
if SuperUserPermission().can():
body = request.get_json()
try:
key = pre_oci_model.get_service_key(kid,
approved_only=False,
alive_only=False)
except ServiceKeyDoesNotExist:
raise NotFound()
key_log_metadata = {
"kid": key.kid,
"service": key.service,
"name": body.get("name", key.name),
"expiration_date": key.expiration_date,
}
if "expiration" in body:
expiration_date = body["expiration"]
if expiration_date is not None and expiration_date != "":
try:
expiration_date = datetime.utcfromtimestamp(
float(expiration_date))
except ValueError as ve:
raise InvalidRequest("Invalid expiration date: %s" %
ve)
if expiration_date <= datetime.now():
raise InvalidRequest(
"Cannot have an expiration date in the past")
key_log_metadata.update({
"old_expiration_date": key.expiration_date,
"expiration_date": expiration_date,
})
log_action("service_key_extend", None, key_log_metadata)
pre_oci_model.set_key_expiration(kid, expiration_date)
if "name" in body or "metadata" in body:
key_name = body.get("name")
if not validate_service_key_name(key_name):
raise InvalidRequest(
"Invalid service key friendly name: %s" % key_name)
pre_oci_model.update_service_key(kid, key_name,
body.get("metadata"))
log_action("service_key_modify", None, key_log_metadata)
updated_key = pre_oci_model.get_service_key(kid,
approved_only=False,
alive_only=False)
return jsonify(updated_key.to_dict())
raise Unauthorized()
def post(self):
if SuperUserPermission().can():
body = request.get_json()
key_name = body.get("name", "")
if not validate_service_key_name(key_name):
raise InvalidRequest("Invalid service key friendly name: %s" % key_name)
# Ensure we have a valid expiration date if specified.
expiration_date = body.get("expiration", None)
if expiration_date is not None:
try:
expiration_date = datetime.utcfromtimestamp(float(expiration_date))
except ValueError as ve:
raise InvalidRequest("Invalid expiration date: %s" % ve)
if expiration_date <= datetime.now():
raise InvalidRequest("Expiration date cannot be in the past")
# Create the metadata for the key.
user = get_authenticated_user()
metadata = body.get("metadata", {})
metadata.update(
{
"created_by": "Quay Superuser Panel",
"creator": user.username,
"ip": get_request_ip(),
}
)
# Generate a key with a private key that we *never save*.
(private_key, key_id) = pre_oci_model.generate_service_key(
body["service"], expiration_date, metadata=metadata, name=key_name
)
# Auto-approve the service key.
pre_oci_model.approve_service_key(
key_id, user, ServiceKeyApprovalType.SUPERUSER, notes=body.get("notes", "")
)
# Log the creation and auto-approval of the service key.
key_log_metadata = {
"kid": key_id,
"preshared": True,
"service": body["service"],
"name": key_name,
"expiration_date": expiration_date,
"auto_approved": True,
}
log_action("service_key_create", None, key_log_metadata)
log_action("service_key_approve", None, key_log_metadata)
return jsonify(
{
"kid": key_id,
"name": key_name,
"service": body["service"],
"public_key": private_key.publickey().exportKey("PEM").decode("ascii"),
"private_key": private_key.exportKey("PEM").decode("ascii"),
}
)
raise Unauthorized()
def post(self):
if SuperUserPermission().can():
body = request.get_json()
key_name = body.get('name', '')
if not validate_service_key_name(key_name):
raise InvalidRequest('Invalid service key friendly name: %s' %
key_name)
# Ensure we have a valid expiration date if specified.
expiration_date = body.get('expiration', None)
if expiration_date is not None:
try:
expiration_date = datetime.utcfromtimestamp(
float(expiration_date))
except ValueError as ve:
raise InvalidRequest('Invalid expiration date: %s' % ve)
if expiration_date <= datetime.now():
raise InvalidRequest(
'Expiration date cannot be in the past')
# Create the metadata for the key.
user = get_authenticated_user()
metadata = body.get('metadata', {})
metadata.update({
'created_by': 'Quay Superuser Panel',
'creator': user.username,
'ip': get_request_ip(),
})
# Generate a key with a private key that we *never save*.
(private_key,
key_id) = pre_oci_model.generate_service_key(body['service'],
expiration_date,
metadata=metadata,
name=key_name)
# Auto-approve the service key.
pre_oci_model.approve_service_key(key_id,
user,
ServiceKeyApprovalType.SUPERUSER,
notes=body.get('notes', ''))
# Log the creation and auto-approval of the service key.
key_log_metadata = {
'kid': key_id,
'preshared': True,
'service': body['service'],
'name': key_name,
'expiration_date': expiration_date,
'auto_approved': True,
}
log_action('service_key_create', None, key_log_metadata)
log_action('service_key_approve', None, key_log_metadata)
return jsonify({
'kid':
key_id,
'name':
key_name,
'service':
body['service'],
'public_key':
private_key.publickey().exportKey('PEM'),
'private_key':
private_key.exportKey('PEM'),
})
raise Unauthorized()
