def create_secret(data, tenant, crypto_manager,
secret_repo, tenant_secret_repo, datum_repo, kek_repo,
ok_to_generate=False):
"""Common business logic to create a secret."""
time_keeper = utils.TimeKeeper('Create Secret Resource')
new_secret = models.Secret(data)
time_keeper.mark('after Secret model create')
new_datum = None
content_type = data.get('payload_content_type',
'application/octet-stream')
if 'payload' in data:
payload = data.get('payload')
content_encoding = data.get('payload_content_encoding')
LOG.debug('Encrypting payload...')
new_datum = crypto_manager.encrypt(payload,
content_type,
content_encoding,
new_secret,
tenant,
kek_repo,
enforce_text_only=True)
time_keeper.mark('after encrypt')
elif ok_to_generate:
LOG.debug('Generating new secret...')
new_datum = crypto_manager.generate_data_encryption_key(new_secret,
content_type,
tenant,
kek_repo)
time_keeper.mark('after secret generate')
else:
LOG.debug('Creating metadata only for the new secret. '
'A subsequent PUT is required')
# Create Secret entities in datastore.
secret_repo.create_from(new_secret)
time_keeper.mark('after Secret datastore create')
new_assoc = models.TenantSecret()
time_keeper.mark('after TenantSecret model create')
new_assoc.tenant_id = tenant.id
new_assoc.secret_id = new_secret.id
new_assoc.role = "admin"
new_assoc.status = models.States.ACTIVE
tenant_secret_repo.create_from(new_assoc)
time_keeper.mark('after TenantSecret datastore create')
if new_datum:
new_datum.secret_id = new_secret.id
datum_repo.create_from(new_datum)
time_keeper.mark('after Datum datastore create')
time_keeper.dump()
return new_secret
def create_secret(data,
tenant,
crypto_manager,
secret_repo,
tenant_secret_repo,
datum_repo,
ok_to_generate=False):
"""
Common business logic to create a secret.
"""
new_secret = models.Secret(data)
new_datum = None
if 'plain_text' in data:
plain_text = data['plain_text']
if not plain_text:
raise exception.NoDataToProcess()
LOG.debug('Encrypting plain_text secret...')
new_datum = crypto_manager.encrypt(data['plain_text'], new_secret,
tenant)
elif ok_to_generate:
LOG.debug('Generating new secret...')
# TODO: Generate a good key
new_datum = crypto_manager.generate_data_encryption_key(
new_secret, tenant)
else:
LOG.debug('Creating metadata only for the new secret. '
'A subsequent PUT is required')
crypto_manager.supports(new_secret, tenant)
# Create Secret entities in datastore.
secret_repo.create_from(new_secret)
new_assoc = models.TenantSecret()
new_assoc.tenant_id = tenant.id
new_assoc.secret_id = new_secret.id
new_assoc.role = "admin"
new_assoc.status = models.States.ACTIVE
tenant_secret_repo.create_from(new_assoc)
if new_datum:
new_datum.secret_id = new_secret.id
datum_repo.create_from(new_datum)
return new_secret
def create_encrypted_datum(secret, plain_text, tenant, crypto_manager,
tenant_secret_repo, datum_repo):
"""
Modifies the secret to add the plain_text secret information.
:param secret: the secret entity to associate the secret data to
:param plain_text: plain-text of the secret data to store
:param tenant: the tenant (entity) who owns the secret
:param crypto_manager: the crypto plugin manager
:param tenant_secret_repo: the tenant/secret association repository
:param datum_repo: the encrypted datum repository
:retval The response body, None if N/A
"""
if not plain_text:
raise exception.NoDataToProcess()
if validators.secret_too_big(plain_text):
raise exception.LimitExceeded()
if secret.encrypted_data:
raise ValueError('Secret already has encrypted data stored for it.')
fields = secret.to_dict_fields()
fields['plain_text'] = plain_text
# Encrypt plain_text
LOG.debug('Encrypting plain_text secret')
new_datum = crypto_manager.encrypt(plain_text, secret, tenant)
datum_repo.create_from(new_datum)
# Create Tenant/Secret entity.
new_assoc = models.TenantSecret()
new_assoc.tenant_id = tenant.id
new_assoc.secret_id = secret.id
new_assoc.role = "admin"
new_assoc.status = models.States.ACTIVE
tenant_secret_repo.create_from(new_assoc)
return new_datum
def _do_create_instance(self):
return models.TenantSecret()