class SecretStoreMetadatum(base.BarbicanObject, base.BarbicanPersistentObject,
object_base.VersionedObjectDictCompat):
fields = {
'key': fields.StringField(),
'value': fields.StringField(),
'secret_id': fields.StringField()
}
db_model = models.SecretStoreMetadatum
db_repo = repo.get_secret_meta_repository()
def _validate_fields(self, change_fields):
msg = u._("Must supply non-None {0} argument "
"for SecretStoreMetadatum entry.")
if change_fields.get('key') is None:
raise exception.MissingArgumentError(msg.format('key'))
if change_fields.get('value') is None:
raise exception.MissingArgumentError(msg.format('value'))
@classmethod
def save(cls, metadata, secret_obj):
"""Saves the specified metadata for the secret."""
now = timeutils.utcnow()
for k, v in metadata.items():
meta_obj = cls(key=k, value=v)
meta_obj.updated_at = now
meta_obj.secret_id = secret_obj.id
meta_obj.create()
@classmethod
def get_metadata_for_secret(cls, secret_id):
return cls.db_repo.get_metadata_for_secret(secret_id)
class SecretStores(base.BarbicanObject, base.BarbicanPersistentObject,
object_base.VersionedObjectDictCompat):
fields = {
'store_plugin': fields.StringField(),
'crypto_plugin': fields.StringField(nullable=True),
'global_default': fields.BooleanField(default=False),
'name': fields.StringField(),
'status': fields.StringField(nullable=True, default=base.States.ACTIVE)
}
db_model = models.SecretStores
db_repo = repos.get_secret_stores_repository()
def _validate_fields(self, change_fields):
msg = u._("Must supply non-Blank {0} argument for SecretStores entry.")
if not change_fields.get('name'):
raise exception.MissingArgumentError(msg.format("name"))
if not change_fields.get('store_plugin'):
raise exception.MissingArgumentError(msg.format("store_plugin"))
@classmethod
def get_all(cls, session=None):
secret_stores_db = cls.db_repo.get_all(session)
secret_stores_obj = [cls()._from_db_object(secret_store_db) for
secret_store_db in secret_stores_db]
return secret_stores_obj
class OrderRetryTask(base.BarbicanObject, base.BarbicanPersistentObject,
object_base.VersionedObjectDictCompat):
fields = {
'id': fields.StringField(default=utils.generate_uuid()),
'order_id': fields.StringField(),
'retry_task': fields.StringField(),
'retry_at': fields.DateTimeField(nullable=True, default=None),
'retry_args': fields.JsonField(),
'retry_kwargs': fields.JsonField(),
'retry_count': fields.IntegerField(default=0)
}
db_model = models.OrderRetryTask
db_repo = repos.get_order_retry_tasks_repository()
@classmethod
def get_by_create_date(cls, only_at_or_before_this_date=None,
offset_arg=None, limit_arg=None,
suppress_exception=False,
session=None):
entities_db, offset, limit, total = cls.db_repo.get_by_create_date(
only_at_or_before_this_date, offset_arg, limit_arg,
suppress_exception, session)
entities = [cls()._from_db_object(entity_db)
for entity_db in entities_db]
return entities, offset, limit, total
class SecretUserMetadatum(base.BarbicanObject, base.BarbicanPersistentObject,
object_base.VersionedObjectDictCompat):
fields = {
'key': fields.StringField(),
'value': fields.StringField(),
'secret_id': fields.StringField(),
}
db_model = models.SecretStoreMetadatum
db_repo = repo.get_secret_user_meta_repository()
@classmethod
def create_replace_user_metadata(cls, secret_id, metadata):
cls.db_repo.create_replace_user_metadata(secret_id, metadata)
@classmethod
def get_metadata_for_secret(cls, secret_id):
return cls.db_repo.get_metadata_for_secret(secret_id)
@classmethod
def create_replace_user_metadatum(cls, secret_id, key, value):
cls.db_repo.create_replace_user_metadatum(secret_id, key, value)
@classmethod
def delete_metadatum(cls, secret_id, key):
cls.db_repo.delete_metadatum(secret_id, key)
class BarbicanPersistentObject(object):
fields = {
'id': fields.StringField(nullable=True, default=None),
'created_at': fields.DateTimeField(nullable=True, tzinfo_aware=False),
'updated_at': fields.DateTimeField(nullable=True, tzinfo_aware=False),
'deleted_at': fields.DateTimeField(nullable=True, tzinfo_aware=False),
'deleted': fields.BooleanField(nullable=True),
'status': fields.StringField(nullable=True, default=States.PENDING)
}
class ProjectSecretStore(base.BarbicanObject, base.BarbicanPersistentObject,
object_base.VersionedObjectDictCompat):
fields = {
'secret_store_id':
fields.StringField(nullable=True, default=None),
'project_id':
fields.StringField(nullable=True, default=None),
'secret_store':
fields.ObjectField('SecretStores', nullable=True, default=None),
'project':
fields.ObjectField('Project', nullable=True, default=None),
'status':
fields.StringField(nullable=True, default=base.States.ACTIVE)
}
db_model = models.ProjectSecretStore
db_repo = repos.get_project_secret_store_repository()
synthetic_fields = ['secret_store', 'project']
def _validate_fields(self, change_fields):
msg = u._("Must supply non-None {0} argument for ProjectSecretStore "
" entry.")
if not change_fields.get('project_id'):
raise exception.MissingArgumentError(msg.format("project_id"))
if not change_fields.get('secret_store_id'):
raise exception.MissingArgumentError(msg.format("secret_store_id"))
@classmethod
def get_secret_store_for_project(cls,
project_id,
external_project_id,
suppress_exception=False,
session=None):
pss_db = cls.db_repo.get_secret_store_for_project(
project_id, external_project_id, suppress_exception, session)
return cls()._from_db_object(pss_db)
@classmethod
def create_or_update_for_project(cls,
project_id,
secret_store_id,
session=None):
pss_db = cls.db_repo.create_or_update_for_project(
project_id, secret_store_id, session)
return cls()._from_db_object(pss_db)
@classmethod
def get_count_by_secret_store(cls, secret_store_id, session=None):
number_pss = cls.db_repo.get_count_by_secret_store(
secret_store_id, session)
return number_pss
class OrderPluginMetadatum(base.BarbicanObject, base.BarbicanPersistentObject,
object_base.VersionedObjectDictCompat):
"""This class represents OrderPluginMetadatum object"""
fields = {
'order_id': fields.StringField(),
'key': fields.StringField(),
'value': fields.StringField()
}
db_model = models.OrderPluginMetadatum
db_repo = repos.get_order_plugin_meta_repository()
class ContainerSecret(base.BarbicanObject, base.BarbicanPersistentObject,
object_base.VersionedObjectDictCompat):
fields = {
'name': fields.StringField(nullable=True, default=None),
'container_id': fields.StringField(),
'secret_id': fields.StringField(),
}
db_model = models.ContainerSecret
db_repo = repos.get_container_secret_repository()
def create(self, session=None):
change_fields = self._get_changed_persistent_fields()
self._validate_fields(change_fields)
db_entity = self._get_db_entity()
db_entity.update(change_fields)
db_entity = self.db_repo.create_from(db_entity, session=session)
return self._from_db_object(db_entity)
class TransportKey(base.BarbicanObject, base.BarbicanPersistentObject,
object_base.VersionedObjectDictCompat):
fields = {
'plugin_name': fields.StringField(),
'transport_key': fields.StringField(),
'status': fields.StringField(nullable=True, default=base.States.ACTIVE)
}
db_model = models.TransportKey
db_repo = repo.get_transport_key_repository()
def _validate_fields(self, change_fields):
msg = u._("Must supply non-None {0} argument for TransportKey entry.")
if change_fields.get('plugin_name') is None:
raise exception.MissingArgumentError(msg.format("plugin_name"))
if change_fields.get('transport_key') is None:
raise exception.MissingArgumentError(msg.format("transport_key"))
@classmethod
def get_by_create_date(cls,
plugin_name=None,
offset_arg=None,
limit_arg=None,
suppress_exception=False,
session=None):
transport_keys_db, offset, limit, total = \
cls.db_repo.get_by_create_date(plugin_name, offset_arg, limit_arg,
suppress_exception, session)
transport_keys_obj = [
cls()._from_db_object(transport_key)
for transport_key in transport_keys_db
]
return transport_keys_obj, offset, limit, total
@classmethod
def get_latest_transport_key(cls,
plugin_name,
suppress_exception=False,
session=None):
transport_key_db = cls.db_repo.get_latest_transport_key(
plugin_name, suppress_exception, session)
return cls()._from_db_object(transport_key_db)
class ProjectSecretStore(base.BarbicanObject, base.BarbicanPersistentObject,
object_base.VersionedObjectDictCompat):
fields = {
'secret_store_id':
fields.StringField(),
'project_id':
fields.StringField(),
'secret_store':
fields.ObjectField('SecretStores', nullable=True, default=None),
'project':
fields.ObjectField('Project', nullable=True, default=None),
'status':
fields.StringField(nullable=True, default=base.States.ACTIVE)
}
db_model = models.ProjectSecretStore
db_repo = repos.get_project_secret_store_repository()
synthetic_fields = ['secret_store', 'project']
@classmethod
def get_secret_store_for_project(cls,
project_id,
external_project_id,
suppress_exception=False,
session=None):
pss_db = cls.db_repo.get_secret_store_for_project(
project_id, external_project_id, suppress_exception, session)
return cls()._from_db_object(pss_db)
@classmethod
def create_or_update_for_project(cls,
project_id,
secret_store_id,
session=None):
pss_db = cls.db_repo.create_or_update_for_project(
project_id, secret_store_id, session)
return cls()._from_db_object(pss_db)
@classmethod
def get_count_by_secret_store(cls, secret_store_id, session=None):
number_pss = cls.db_repo.get_count_by_secret_store(
secret_store_id, session)
return number_pss
class SecretStores(base.BarbicanObject, base.BarbicanPersistentObject,
object_base.VersionedObjectDictCompat):
fields = {
'store_plugin': fields.StringField(),
'crypto_plugin': fields.StringField(nullable=True),
'global_default': fields.BooleanField(default=False),
'name': fields.StringField(),
'status': fields.StringField(nullable=True, default=base.States.ACTIVE)
}
db_model = models.SecretStores
db_repo = repos.get_secret_stores_repository()
@classmethod
def get_all(cls, session=None):
secret_stores_db = cls.db_repo.get_all(session)
secret_stores_obj = [
cls()._from_db_object(secret_store_db)
for secret_store_db in secret_stores_db
]
return secret_stores_obj
class KEKDatum(base.BarbicanObject, base.BarbicanPersistentObject,
object_base.VersionedObjectDictCompat):
fields = {
'plugin_name': fields.StringField(nullable=True, default=None),
'kek_label': fields.StringField(nullable=True, default=None),
'project_id': fields.StringField(nullable=True, default=None),
'active': fields.BooleanField(default=True),
'bind_completed': fields.BooleanField(default=False),
'algorithm': fields.StringField(nullable=True, default=None),
'bit_length': fields.IntegerField(nullable=True, default=None),
'mode': fields.StringField(nullable=True, default=None),
'plugin_meta': fields.StringField(nullable=True, default=None)
}
db_model = models.KEKDatum
db_repo = repo.get_kek_datum_repository()
@classmethod
def find_or_create_kek_datum(cls,
project,
plugin_name,
suppress_exception=False,
session=None):
kek_datum_db = cls.db_repo.find_or_create_kek_datum(
project, plugin_name, suppress_exception, session)
return cls()._from_db_object(kek_datum_db)
class ContainerACLUser(base.BarbicanObject, base.BarbicanPersistentObject,
object_base.VersionedObjectDictCompat):
fields = {
'acl_id': fields.StringField(),
'user_id': fields.StringField(),
'status': fields.StringField(nullable=True, default=base.States.ACTIVE)
}
db_model = models.ContainerACLUser
db_repo = repos.get_container_acl_user_repository()
def _validate_fields(self, change_fields):
if change_fields.get('user_id') is None:
msg = u._("Must supply non-None {0} argument for ContainerACLUser "
"entry.")
raise exception.MissingArgumentError(msg.format("user_id"))
def delete(self, session):
entity_id = self.id
self.db_repo.delete_entity_by_id(entity_id=entity_id,
external_project_id=None,
session=session)
class Project(base.BarbicanObject, base.BarbicanPersistentObject,
object_base.VersionedObjectDictCompat):
fields = {
'external_id': fields.StringField(nullable=True, default=None),
}
db_model = models.Project
db_repo = repo.get_project_repository()
@classmethod
def find_by_external_project_id(cls, external_project_id,
suppress_exception=False, session=None):
project_db = cls.db_repo.find_by_external_project_id(
external_project_id, suppress_exception, session)
return cls()._from_db_object(project_db)
class EncryptedDatum(base.BarbicanObject, base.BarbicanPersistentObject,
object_base.VersionedObjectDictCompat):
fields = {
'content_type': fields.StringField(nullable=True, default=None),
'secret_id': fields.StringField(),
'kek_id': fields.StringField(),
'cypher_text': fields.StringField(nullable=True, default=None),
'kek_meta_extended': fields.StringField(nullable=True, default=None),
'kek_meta_project': fields.ObjectField('KEKDatum',
nullable=True, default=None),
'status': fields.StringField(nullable=True, default=base.States.ACTIVE)
}
db_model = models.EncryptedDatum
db_repo = repo.get_encrypted_datum_repository()
synthetic_fields = ['kek_meta_project']
class ContainerACL(base.BarbicanObject, base.BarbicanPersistentObject,
object_base.VersionedObjectDictCompat):
fields = {
'container_id': fields.StringField(),
'operation': fields.StringField(),
'project_access': fields.BooleanField(default=True),
'acl_users': fields.ListOfObjectsField('ContainerACLUser',
default=list()),
'status': fields.StringField(nullable=True, default=base.States.ACTIVE)
}
db_model = models.ContainerACL
db_repo = repo.get_container_acl_repository()
synthetic_fields = ['acl_users']
def _validate_fields(self, change_fields):
msg = u._("Must supply non-None {0} argument for ContainerACL entry.")
if change_fields.get('container_id') is None:
raise exception.MissingArgumentError(msg.format("container_id"))
if change_fields.get('operation') is None:
raise exception.MissingArgumentError(msg.format("operation"))
def _get_db_entity(self, user_ids=None):
return self.db_model(user_ids=user_ids, check_exc=False)
def create(self, session=None, user_ids=None):
change_fields = self._get_changed_persistent_fields()
self._validate_fields(change_fields)
db_entity = self._get_db_entity(user_ids=user_ids)
db_entity.update(change_fields)
db_entity = self.db_repo.create_from(db_entity, session=session)
self._from_db_object(db_entity)
def delete(self, session):
entity_id = self.id
self.db_repo.delete_entity_by_id(entity_id=entity_id,
external_project_id=None,
session=session)
@classmethod
def get_by_container_id(cls, container_id, session=None):
entities_db = cls.db_repo.get_by_container_id(container_id, session)
entities = [
cls()._from_db_object(entity_db) for entity_db in entities_db
]
return entities
@classmethod
def create_or_replace_from(cls,
container,
container_acl,
user_ids=None,
session=None):
"""Create or replace Secret and SecretACL
:param container: an instance of Container object
:param container_acl: an instance of ContainerACL object
:param user_ids:
:param session: a session to connect with database
"""
session = cls.get_session(session)
container.updated_at = timeutils.utcnow()
container.save(session=session)
container_acl.updated_at = timeutils.utcnow()
if container_acl.id is None:
container_acl.create(session=session, user_ids=user_ids)
else:
container_acl.save(session=session)
cls._create_or_replace_acl_users(container_acl=container_acl,
user_ids=user_ids,
session=session)
@classmethod
def create_or_replace_from_model(cls,
container,
container_acl,
user_ids=None,
session=None):
"""Create or replace Secret and SecretACL
:param container: an instance of Container model
:param container_acl: an instance of ContainerACL object
:param user_ids:
:param session: a session to connect with database
It is used during converting from model to OVO. It will be removed
after Container resource is implemented OVO.
"""
session = cls.get_session(session)
container.updated_at = timeutils.utcnow()
container.save(session=session)
now = timeutils.utcnow()
container_acl.updated_at = now
if container_acl.id is None:
container_acl.create(session=session, user_ids=user_ids)
else:
container_acl.save(session=session)
cls._create_or_replace_acl_users(container_acl=container_acl,
user_ids=user_ids,
session=session)
@classmethod
def _create_or_replace_acl_users(cls,
container_acl,
user_ids,
session=None):
if user_ids is None:
return
user_ids = set(user_ids)
now = timeutils.utcnow()
session = session or cls.get_session(session)
container_acl.updated_at = now
for acl_user in container_acl.acl_users:
if acl_user.user_id in user_ids: # input user_id already exists
acl_user.updated_at = now
acl_user.save(session=session)
user_ids.remove(acl_user.user_id)
else:
acl_user.delete(session=session)
for user_id in user_ids:
acl_user = container_acl_user.ContainerACLUser(
acl_id=container_acl.id, user_id=user_id)
acl_user.create(session=session)
if container_acl.id:
container_acl.save(session=session)
else:
container_acl.create(session=session)
@classmethod
def get_count(cls, container_id, session=None):
query = cls.db_repo.get_count(container_id, session)
return query
@classmethod
def delete_acls_for_container(cls, container, session=None):
# TODO(namnh)
# After Container resource is implemented, This function
# will be updated source code being used.
session = cls.get_session(session=session)
for entity in container.container_acls:
entity.delete(session=session)
@classmethod
def delete_acls_for_container_model(cls, container, session=None):
"""Delete ACLs in Container
Used during converting Model to OVO, it will be removed in near future.
:param container: instance of Container model
:param session: connection to database
"""
cls.db_repo.delete_acls_for_container(container, session)
class ContainerConsumerMetadatum(base.BarbicanObject,
base.BarbicanPersistentObject,
object_base.VersionedObjectDictCompat):
fields = {
'container_id': fields.StringField(nullable=False),
'project_id': fields.StringField(nullable=True, default=None),
'name': fields.StringField(nullable=True, default=None),
'URL': fields.StringField(nullable=True, default=None),
'data_hash': fields.StringField(nullable=True, default=None)
}
db_model = models.ContainerConsumerMetadatum
db_repo = repos.get_container_consumer_repository()
@classmethod
def get_by_container_id(cls, container_id, offset_arg=None, limit_arg=None,
suppress_exception=False, session=None):
entities_db, offset, limit, total = \
cls.db_repo.get_by_container_id(
container_id, offset_arg, limit_arg,
suppress_exception, session)
entities = [cls()._from_db_object(entity_db) for entity_db in
entities_db]
return entities, offset, limit, total
@classmethod
def get_by_values(cls, container_id, name, URL, suppress_exception=False,
show_deleted=False, session=None):
consumer_db = cls.db_repo.get_by_values(container_id, name,
URL,
suppress_exception,
show_deleted,
session)
return cls()._from_db_object(consumer_db)
@classmethod
def create_or_update_from_model(cls, new_consumer,
container, session=None):
"""Create or update container
:param new_consumer: a instance of ContainerConsumerMetadatum model
:param container: a instance of Container OVO
:param session: a session to connect with database
:return: None
It is used during converting from model to OVO. It will be removed
after Container resource is implemented OVO.
"""
session = cls.get_session(session=session)
try:
container.updated_at = timeutils.utcnow()
container.save(session=session)
new_consumer.save(session=session)
except db_exc.DBDuplicateEntry:
session.rollback() # We know consumer already exists.
# This operation is idempotent, so log this and move on
LOG.debug("Consumer %s with URL %s already exists for "
"container %s, continuing...", new_consumer.name,
new_consumer.URL, new_consumer.container_id)
# Get the existing entry and reuse it by clearing the deleted flags
existing_consumer = cls.get_by_values(
new_consumer.container_id, new_consumer.name, new_consumer.URL,
show_deleted=True)
existing_consumer.deleted = False
existing_consumer.deleted_at = None
# We are not concerned about timing here -- set only, no reads
existing_consumer.save(session=session)
@classmethod
def create_or_update_from(cls, new_consumer, container, session=None):
"""Create or update container
:param new_consumer: a instance of ContainerConsumerMetadatum OVO
:param container: a instance of Container OVO
:param session: a session to connect with database
:return: None
"""
session = cls.get_session(session=session)
try:
container.updated_at = timeutils.utcnow()
container.consumers.append(new_consumer)
container.save(session=session)
except db_exc.DBDuplicateEntry:
session.rollback() # We know consumer already exists.
# This operation is idempotent, so log this and move on
LOG.debug("Consumer %s with URL %s already exists for "
"container %s, continuing...", new_consumer.name,
new_consumer.URL, new_consumer.container_id)
# Get the existing entry and reuse it by clearing the deleted flags
existing_consumer = cls.get_by_values(
new_consumer.container_id, new_consumer.name, new_consumer.URL,
show_deleted=True)
existing_consumer.deleted = False
existing_consumer.deleted_at = None
# We are not concerned about timing here -- set only, no reads
existing_consumer.save(session=session)
class SecretACL(base.BarbicanObject, base.BarbicanPersistentObject,
object_base.VersionedObjectDictCompat):
fields = {
'secret_id': fields.StringField(),
'operation': fields.StringField(),
'project_access': fields.BooleanField(default=True),
'acl_users': fields.ListOfObjectsField('SecretACLUser',
default=list()),
'status': fields.StringField(nullable=True, default=base.States.ACTIVE)
}
db_model = models.SecretACL
db_repo = repos.get_secret_acl_repository()
synthetic_fields = ['acl_users']
def _validate_fields(self, change_fields):
msg = u._("Must supply non-None {0} argument for SecretACL entry.")
if change_fields.get('secret_id') is None:
raise exception.MissingArgumentError(msg.format("secret_id"))
if change_fields.get('operation') is None:
raise exception.MissingArgumentError(msg.format("operation"))
def _get_db_entity(self, user_ids=None):
return self.db_model(user_ids=user_ids, check_exc=False)
def create(self, session=None, user_ids=None):
change_fields = self._get_changed_persistent_fields()
self._validate_fields(change_fields)
db_entity = self._get_db_entity(user_ids=user_ids)
db_entity.update(change_fields)
db_entity = self.db_repo.create_from(db_entity, session=session)
self._from_db_object(db_entity)
def delete(self, session):
entity_id = self.id
self.db_repo.delete_entity_by_id(entity_id=entity_id,
external_project_id=None,
session=session)
@classmethod
def get_by_secret_id(cls, secret_id, session=None):
secret_acls_db = cls.db_repo.get_by_secret_id(secret_id,
session=session)
secret_acls_obj = [
cls()._from_db_object(secret_acl_db)
for secret_acl_db in secret_acls_db
]
return secret_acls_obj
@classmethod
def create_or_replace_from_model(cls,
secret,
secret_acl,
user_ids=None,
session=None):
"""Create or replace Secret and SecretACL
:param secret: an instance of Secret model
:param secret_acl: an instance of SecretACL object
:param user_ids:
:param session: a session to connect with database
It is used during converting from model to OVO. It will be removed
after Secret resource is implemented OVO.
"""
secret.updated_at = timeutils.utcnow()
secret_acl.updated_at = timeutils.utcnow()
secret.save(session=session)
if secret_acl.id:
secret_acl.save(session=session)
else:
secret_acl.create(session=session)
cls._create_or_replace_acl_users(secret_acl=secret_acl,
user_ids=user_ids,
session=session)
@classmethod
def _create_or_replace_acl_users(cls, secret_acl, user_ids, session=None):
"""Create or replace acl_user
:param secret_acl: an instance of OVO
:param user_ids: id of users
:param session: a session to connect with database
"""
if user_ids is None:
return
user_ids = set(user_ids)
now = timeutils.utcnow()
secret_acl.updated_at = now
for acl_user in secret_acl.acl_users:
if acl_user.user_id in user_ids: # input user_id already exists
acl_user.updated_at = now
acl_user.save(session=session)
user_ids.remove(acl_user.user_id)
else:
acl_user.delete(session=session)
for user_id in user_ids:
acl_user = secret_acl_user.SecretACLUser(acl_id=secret_acl.id,
user_id=user_id)
acl_user.create(session=session)
if secret_acl.id:
secret_acl.save(session=session)
else:
secret_acl.create(session=session)
@classmethod
def create_or_replace_from(cls, secret, secret_acl, user_ids=None):
# TODO(namnh):
# I will update this function after Secret resource is implemented.
pass
@classmethod
def delete_acls_for_secret_model(cls, secret, session=None):
"""Delete acl in Secret
:param secret: an instance of Secret model
:param session: a session to connect with database
Used during converting Model to OVO. It will be removed in the near
future.
"""
cls.db_repo.delete_acls_for_secret(secret, session)
@classmethod
def delete_acls_for_secret(cls, secret, session=None):
"""Delete acl in a secret.
:param secret: an instance of Secret OVO
:param session: a session to connect with database
This function will be using after Secret resource is implemented OVO.
"""
session = cls.get_session(session=session)
for entity in secret.secret_acls:
entity.delete(session=session)
@classmethod
def get_count(cls, secret_id, session=None):
return cls.db_repo.get_count(secret_id, session=session)
class Container(base.BarbicanObject, base.BarbicanPersistentObject,
object_base.VersionedObjectDictCompat):
fields = {
'name':
fields.StringField(nullable=True, default=None),
'type':
fields.EnumField(nullable=True, valid_values=TYPE_VALUE),
'project_id':
fields.StringField(nullable=True, default=None),
'creator_id':
fields.StringField(nullable=True, default=None),
'consumers':
fields.ListOfObjectsField('ContainerConsumerMetadatum',
default=list()),
'container_secrets':
fields.ListOfObjectsField('ContainerSecret', default=list()),
'container_acls':
fields.ListOfObjectsField('ContainerACL', default=list()),
'project':
fields.ObjectField('Project', nullable=True, default=None)
}
db_model = models.Container
db_repo = repos.get_container_repository()
synthetic_fields = [
'consumers', 'container_secrets', 'container_acls', 'project'
]
def __init__(self, context=None, parsed_request=None, **kwargs):
super(Container, self).__init__(context=context, **kwargs)
if parsed_request:
self.name = parsed_request.get('name')
self.type = parsed_request.get('type')
self.status = base.States.ACTIVE
self.creator_id = parsed_request.get('creator_id')
secret_refs = parsed_request.get('secret_refs')
if secret_refs:
for secret_ref in parsed_request.get('secret_refs'):
container_secret = con_se.ContainerSecret()
container_secret.name = secret_ref.get('name')
secret_id = secret_ref.get('secret_ref')
if secret_id.endswith('/'):
secret_id = secret_id.rsplit('/', 2)[1]
elif '/' in secret_id:
secret_id = secret_id.rsplit('/', 1)[1]
else:
secret_id = secret_id
container_secret.secret_id = secret_id
self.container_secrets.append(container_secret)
def _get_db_entity(self, data=None):
return self.db_model(parsed_request=data, check_exc=False)
def _attach_container_secret(self, container_secrets, container_id,
session):
if container_secrets:
for container_secret in container_secrets:
container_secret.container_id = container_id
if container_secret.id is None:
self.container_secrets.append(
container_secret.create(session=session))
else:
self.container_secrets.append(
container_secret.save(session=session))
def _attach_consumers(self, consumers, container_id, session):
if consumers:
for consumer in consumers:
consumer.container_id = container_id
if consumer.id is None:
self.consumers.append(consumer.create(session=session))
else:
self.consumers.append(consumer.save(session=session))
def create(self, session=None):
fields = self.obj_get_changes()
super(Container, self).create(session=session)
if 'container_secrets' in fields:
self._attach_container_secret(fields['container_secrets'],
container_id=self.id,
session=session)
if 'consumers' in fields:
self._attach_consumers(fields['consumers'],
container_id=self.id,
session=session)
def save(self, session=None):
fields = self.obj_get_changes()
super(Container, self).save(session=session)
if 'consumers' in fields:
self._attach_consumers(fields['consumers'],
container_id=self.id,
session=session)
@classmethod
def get_by_create_date(cls,
external_project_id,
offset_arg=None,
limit_arg=None,
name_arg=None,
suppress_exception=False,
session=None):
entities_db, offset, limit, total = cls.db_repo.get_by_create_date(
external_project_id, offset_arg, limit_arg, name_arg,
suppress_exception, session)
entities_obj = [
cls()._from_db_object(entity_db) for entity_db in entities_db
]
return entities_obj, offset, limit, total
@classmethod
def get_container_by_id(cls,
entity_id,
suppress_exception=False,
session=None):
entity_db = cls.db_repo.get_container_by_id(entity_id,
suppress_exception,
session)
return cls()._from_db_object(entity_db)
class Order(base.BarbicanObject, base.BarbicanPersistentObject,
object_base.VersionedObjectDictCompat):
"""This class represents Order object"""
fields = {
'type':
fields.StringField(default='key'),
'project_id':
fields.StringField(),
'error_status_code':
fields.StringField(nullable=True, default=None),
'error_reason':
fields.StringField(nullable=True, default=None),
'meta':
fields.JsonField(nullable=True, default=None),
'secret_id':
fields.StringField(nullable=True, default=None),
'container_id':
fields.StringField(nullable=True, default=None),
'sub_status':
fields.StringField(nullable=True, default=None),
'sub_status_message':
fields.StringField(nullable=True, default=None),
'creator_id':
fields.StringField(nullable=True, default=None),
'order_plugin_metadata':
fields.DictOfObjectsField('OrderPluginMetadatum',
nullable=True,
default=dict()),
'order_barbican_metadata':
fields.DictOfObjectsField('OrderBarbicanMetadatum',
nullable=True,
default=dict())
}
db_model = models.Order
db_repo = repos.get_order_repository()
synthetic_fields = ['order_plugin_metadata', 'order_barbican_metadata']
@classmethod
def get_by_create_date(cls,
external_project_id,
offset_arg=None,
limit_arg=None,
meta_arg=None,
suppress_exception=False,
session=None):
"""Returns a list of orders
The list is ordered by the date they were created at and paged
based on the offset and limit fields.
:param external_project_id: The keystone id for the project.
:param offset_arg: The entity number where the query result should
start.
:param limit_arg: The maximum amount of entities in the result set.
:param meta_arg: Optional meta field used to filter results.
:param suppress_exception: Whether NoResultFound exceptions should be
suppressed.
:param session: SQLAlchemy session object.
:returns: Tuple consisting of
(list_of_entities, offset, limit, total).
"""
entities_db, offset, limit, total = cls.db_repo.get_by_create_date(
external_project_id,
offset_arg=offset_arg,
limit_arg=limit_arg,
meta_arg=meta_arg,
suppress_exception=suppress_exception,
session=session)
entities = [
cls()._from_db_object(entity_db) for entity_db in entities_db
]
return entities, offset, limit, total
class Secret(base.BarbicanObject, base.BarbicanPersistentObject,
object_base.VersionedObjectDictCompat):
"""This class represents Secret object"""
fields = {
'name':
fields.StringField(nullable=True),
'secret_type':
fields.StringField(nullable=True, default=utils.SECRET_TYPE_OPAQUE),
'expiration':
fields.DateTimeField(nullable=True, default=None),
'algorithm':
fields.StringField(nullable=True, default=None),
'bit_length':
fields.IntegerField(nullable=True, default=None),
'mode':
fields.StringField(nullable=True, default=None),
'creator_id':
fields.StringField(nullable=True, default=None),
'project_id':
fields.StringField(nullable=True, default=None),
'encrypted_data':
fields.ListOfObjectsField('EncryptedDatum',
default=list(),
nullable=True),
'secret_acls':
fields.ListOfObjectsField('SecretACL', default=list(), nullable=True),
'secret_store_metadata':
fields.DictOfObjectsField('SecretStoreMetadatum',
default=dict(),
nullable=True),
'secret_user_metadata':
fields.DictOfObjectsField('SecretUserMetadatum',
default=dict(),
nullable=True),
'consumers':
fields.ListOfObjectsField('SecretConsumerMetadatum',
default=list(),
nullable=True),
'status':
fields.StringField(nullable=True, default=base.States.ACTIVE)
}
db_model = models.Secret
db_repo = repo.get_secret_repository()
synthetic_fields = [
'encrypted_data', 'secret_acls', 'secret_store_metadata',
'secret_user_metadata', 'consumers'
]
@classmethod
def get_secret_list(cls,
external_project_id,
offset_arg=None,
limit_arg=None,
name=None,
alg=None,
mode=None,
bits=0,
secret_type=None,
suppress_exception=False,
session=None,
acl_only=None,
user_id=None,
created=None,
updated=None,
expiration=None,
sort=None):
secrets_db, offset, limit, total = cls.db_repo.get_secret_list(
external_project_id, offset_arg, limit_arg, name, alg, mode, bits,
secret_type, suppress_exception, session, acl_only, user_id,
created, updated, expiration, sort)
secrets_object = [
cls()._from_db_object(secret_db) for secret_db in secrets_db
]
return secrets_object, offset, limit, total
@classmethod
def get_secret_by_id(cls,
entity_id,
suppress_exception=False,
session=None):
secret_db = cls.db_repo.get_secret_by_id(entity_id, suppress_exception,
session)
return cls()._from_db_object(secret_db)
class ProjectQuotas(base.BarbicanObject, base.BarbicanPersistentObject,
object_base.VersionedObjectDictCompat):
fields = {
'project_id': fields.StringField(nullable=True),
'secrets': fields.IntegerField(nullable=True, default=None),
'containers': fields.IntegerField(nullable=True, default=None),
'consumers': fields.IntegerField(nullable=True, default=None),
'orders': fields.IntegerField(nullable=True, default=None),
'cas': fields.IntegerField(nullable=True, default=None),
'project': fields.ObjectField('Project', nullable=True, default=None),
}
db_model = models.ProjectQuotas
db_repo = repos.get_project_quotas_repository()
synthetic_fields = ['project']
def _validate_fields(self, change_fields):
msg = u._("Must supply non-None {0} argument for ProjectQuotas entry.")
if change_fields.get('project_id') is None:
raise exception.MissingArgumentError(msg.format("project_id"))
def _get_db_entity(self, parsed_project_quotas=None):
return self.db_model(parsed_project_quotas=parsed_project_quotas,
check_exc=False)
def create(self, session=None, parsed_project_quotas=None):
change_fields = self._get_changed_persistent_fields()
self._validate_fields(change_fields)
db_entity = self._get_db_entity(
parsed_project_quotas=parsed_project_quotas)
db_entity.update(change_fields)
db_entity = self.db_repo.create_from(db_entity, session=session)
self._from_db_object(db_entity)
@classmethod
def get_by_create_date(cls,
offset_arg=None,
limit_arg=None,
suppress_exception=False,
session=None):
entities_db, offset, limit, total = \
cls.db_repo.get_by_create_date(offset_arg, limit_arg,
suppress_exception, session)
entities = [
cls()._from_db_object(entity_db) for entity_db in entities_db
]
return entities, offset, limit, total
@classmethod
def create_or_update_by_project_id(cls,
project_id,
parsed_project_quotas,
session=None):
cls.db_repo.create_or_update_by_project_id(project_id,
parsed_project_quotas,
session)
@classmethod
def get_by_external_project_id(cls,
external_project_id,
suppress_exception=False,
session=None):
entity_db = cls.db_repo. \
get_by_external_project_id(external_project_id,
suppress_exception, session)
return cls()._from_db_object(entity_db)
@classmethod
def delete_by_external_project_id(cls,
external_project_id,
suppress_exception=False,
session=None):
cls.db_repo.delete_by_external_project_id(external_project_id,
suppress_exception, session)
