def __init__(self, ca):
LOG.debug('=== Creating CertificateAuthorityController ===')
self.ca = ca
self.ca_repo = repo.get_ca_repository()
self.project_ca_repo = repo.get_project_ca_repository()
self.preferred_ca_repo = repo.get_preferred_ca_repository()
self.project_repo = repo.get_project_repository()
def create_preferred_cert_authority(cert_authority, session=None):
preferred_cert_authority = models.PreferredCertificateAuthority(
ca_id=cert_authority.id,
project_id=cert_authority.project_id)
preferred_ca_repo = repositories.get_preferred_ca_repository()
preferred_ca_repo.create_from(preferred_cert_authority, session=session)
return preferred_cert_authority
def __init__(self, ca):
LOG.debug('=== Creating CertificateAuthorityController ===')
self.ca = ca
self.ca_repo = repo.get_ca_repository()
self.project_ca_repo = repo.get_project_ca_repository()
self.preferred_ca_repo = repo.get_preferred_ca_repository()
self.project_repo = repo.get_project_repository()
def __init__(self):
LOG.debug('Creating CertificateAuthoritiesController')
self.ca_repo = repo.get_ca_repository()
self.project_ca_repo = repo.get_project_ca_repository()
self.preferred_ca_repo = repo.get_preferred_ca_repository()
self.project_repo = repo.get_project_repository()
self.validator = None
def __init__(self):
LOG.debug('Creating CertificateAuthoritiesController')
self.ca_repo = repo.get_ca_repository()
self.project_ca_repo = repo.get_project_ca_repository()
self.preferred_ca_repo = repo.get_preferred_ca_repository()
self.project_repo = repo.get_project_repository()
self.validator = None
def get_global_preferred_ca():
project = res.get_or_create_global_preferred_project()
preferred_ca_repository = repos.get_preferred_ca_repository()
cas = preferred_ca_repository.get_project_entities(project.id)
if not cas:
return None
else:
return cas[0]
def __init__(self):
LOG.debug('Creating CertificateAuthoritiesController')
self.ca_repo = repo.get_ca_repository()
self.project_ca_repo = repo.get_project_ca_repository()
self.preferred_ca_repo = repo.get_preferred_ca_repository()
self.project_repo = repo.get_project_repository()
self.validator = validators.NewCAValidator()
self.quota_enforcer = quota.QuotaEnforcer('cas', self.ca_repo)
# Populate the CA table at start up
cert_resources.refresh_certificate_resources()
def __init__(self):
LOG.debug('Creating CertificateAuthoritiesController')
self.ca_repo = repo.get_ca_repository()
self.project_ca_repo = repo.get_project_ca_repository()
self.preferred_ca_repo = repo.get_preferred_ca_repository()
self.project_repo = repo.get_project_repository()
self.validator = validators.NewCAValidator()
self.quota_enforcer = quota.QuotaEnforcer('cas', self.ca_repo)
# Populate the CA table at start up
cert_resources.refresh_certificate_resources()
def delete_subordinate_ca(external_project_id, ca):
"""Deletes a subordinate CA and any related artifacts
:param external_project_id: external project ID
:param ca: class:`models.CertificateAuthority` to be deleted
:return: None
"""
# TODO(alee) See if the checks below can be moved to the RBAC code
# Check that this CA is a subCA
if ca.project_id is None:
raise excep.CannotDeleteBaseCA()
# Check that the user's project owns this subCA
project = res.get_or_create_project(external_project_id)
if ca.project_id != project.id:
raise excep.UnauthorizedSubCA()
project_ca_repo = repos.get_project_ca_repository()
(project_cas, _, _,
_) = project_ca_repo.get_by_create_date(project_id=project.id,
ca_id=ca.id,
suppress_exception=True)
preferred_ca_repo = repos.get_preferred_ca_repository()
(preferred_cas, _, _,
_) = preferred_ca_repo.get_by_create_date(project_id=project.id,
ca_id=ca.id,
suppress_exception=True)
# Can not delete a project preferred CA, if other project CAs exist. One
# of those needs to be designated as the preferred CA first.
if project_cas and preferred_cas and not is_last_project_ca(project.id):
raise excep.CannotDeletePreferredCA()
# Remove the CA as preferred
if preferred_cas:
preferred_ca_repo.delete_entity_by_id(preferred_cas[0].id,
external_project_id)
# Remove the CA from project list
if project_cas:
project_ca_repo.delete_entity_by_id(project_cas[0].id,
external_project_id)
# Delete the CA entry from plugin
cert_plugin = cert.CertificatePluginManager().get_plugin_by_name(
ca.plugin_name)
cert_plugin.delete_ca(ca.plugin_ca_id)
# Finally, delete the CA entity from the CA repository
ca_repo = repos.get_ca_repository()
ca_repo.delete_entity_by_id(entity_id=ca.id,
external_project_id=external_project_id)
def delete_subordinate_ca(external_project_id, ca):
"""Deletes a subordinate CA and any related artifacts
:param external_project_id: external project ID
:param ca: class:`models.CertificateAuthority` to be deleted
:return: None
"""
# TODO(alee) See if the checks below can be moved to the RBAC code
# Check that this CA is a subCA
if ca.project_id is None:
raise excep.CannotDeleteBaseCA()
# Check that the user's project owns this subCA
project = res.get_or_create_project(external_project_id)
if ca.project_id != project.id:
raise excep.UnauthorizedSubCA()
project_ca_repo = repos.get_project_ca_repository()
(project_cas, _, _, _) = project_ca_repo.get_by_create_date(
project_id=project.id, ca_id=ca.id,
suppress_exception=True)
preferred_ca_repo = repos.get_preferred_ca_repository()
(preferred_cas, _, _, _) = preferred_ca_repo.get_by_create_date(
project_id=project.id, ca_id=ca.id, suppress_exception=True)
# Can not delete a project preferred CA, if other project CAs exist. One
# of those needs to be designated as the preferred CA first.
if project_cas and preferred_cas and not is_last_project_ca(project.id):
raise excep.CannotDeletePreferredCA()
# Remove the CA as preferred
if preferred_cas:
preferred_ca_repo.delete_entity_by_id(preferred_cas[0].id,
external_project_id)
# Remove the CA from project list
if project_cas:
project_ca_repo.delete_entity_by_id(project_cas[0].id,
external_project_id)
# Delete the CA entry from plugin
cert_plugin = cert.CertificatePluginManager().get_plugin_by_name(
ca.plugin_name)
cert_plugin.delete_ca(ca.plugin_ca_id)
# Finally, delete the CA entity from the CA repository
ca_repo = repos.get_ca_repository()
ca_repo.delete_entity_by_id(
entity_id=ca.id,
external_project_id=external_project_id)
def get_project_preferred_ca_id(project_id):
"""Compute the preferred CA ID for a project
First priority: a preferred CA is defined for the project
Second priority: a preferred CA is defined globally
Else: None
"""
preferred_ca_repository = repos.get_preferred_ca_repository()
cas, offset, limit, total = preferred_ca_repository.get_by_create_date(
project_id=project_id, suppress_exception=True)
if total > 0:
return cas[0].ca_id
global_ca = get_global_preferred_ca()
if global_ca:
return global_ca.ca_id
def _get_ca_id(order_meta, project_id):
ca_id = order_meta.get(cert.CA_ID)
if ca_id:
return ca_id
preferred_ca_repository = repos.get_preferred_ca_repository()
cas, offset, limit, total = preferred_ca_repository.get_by_create_date(
project_id=project_id, suppress_exception=True)
if total > 0:
return cas[0].ca_id
global_ca = preferred_ca_repository.get_global_preferred_ca()
if global_ca:
return global_ca.ca_id
return None
def _get_ca_id(order_meta, project_id):
ca_id = order_meta.get(cert.CA_ID)
if ca_id:
return ca_id
preferred_ca_repository = repos.get_preferred_ca_repository()
cas, offset, limit, total = preferred_ca_repository.get_by_create_date(
project_id=project_id, suppress_exception=True)
if total > 0:
return cas[0].ca_id
global_ca = preferred_ca_repository.get_global_preferred_ca()
if global_ca:
return global_ca.ca_id
return None
# See the License for the specific language governing permissions and
# limitations under the License.
import mock
from six import moves
from barbican.common import exception
from barbican.common import hrefs
from barbican.common import resources as res
from barbican.model import models
from barbican.model import repositories
from barbican.tests import utils
project_repo = repositories.get_project_repository()
ca_repo = repositories.get_ca_repository()
project_ca_repo = repositories.get_project_repository()
preferred_ca_repo = repositories.get_preferred_ca_repository()
def create_ca(parsed_ca, id_ref="id"):
"""Generate a CA entity instance."""
ca = models.CertificateAuthority(parsed_ca)
ca.id = id_ref
return ca
class WhenTestingCAsResource(utils.BarbicanAPIBaseTestCase):
def test_should_get_list_certificate_authorities(self):
self.app.extra_environ = {
'barbican.context': self._build_context(self.project_id,
user="******")
def create_preferred_cert_authority(cert_authority, session=None):
preferred_cert_authority = models.PreferredCertificateAuthority(
ca_id=cert_authority.id, project_id=cert_authority.project_id)
preferred_ca_repo = repositories.get_preferred_ca_repository()
preferred_ca_repo.create_from(preferred_cert_authority, session=session)
return preferred_cert_authority
