def _sync_metadata(model, cursor=None, total_updated=0):
"""Sync metadata from Inventory Service."""
query = model.all().filter('active =', True)
if cursor:
query.with_cursor(cursor)
entities = query.fetch(limit=_BATCH_SIZE)
if not entities:
logging.info('Total updated %s %d', model.ESCROW_TYPE_NAME, total_updated)
return
inventory_service = service_factory.GetInventoryService()
for e in entities:
changes = inventory_service.GetMetadataUpdates(e)
updated = False
if 'owners' in changes:
if e.ChangeOwners(changes['owners']):
updated = True
if 'hostname' in changes and changes['hostname'] != e.hostname:
logging.info('targetid %s old hostname %s -> %s',
e.target_id, e.hostname, changes['hostname'])
e.UpdateMutableProperty('hostname', changes['hostname'])
updated = True
if updated:
total_updated += 1
if entities:
deferred.defer(
_sync_metadata, model, cursor=query.cursor(), _countdown=_DELAY,
_name=_deferred_name(model), total_updated=total_updated,
_queue=_QUEUE_NAME)
def setUp(self):
super(AppleFirmwareHandlerTest, self).setUp()
self.testapp = webtest.TestApp(gae_main.app)
inventory = service_factory.GetInventoryService()
inventory.GetAssetTagsFromUploadRequest = mock.Mock(return_value=['111'])
inventory.GetMetadataUpdates = mock.Mock(return_value={})
def PutNewSecret(self, owner, target_id, secret, metadata):
"""Puts a new BasePassphrase entity to Datastore.
Args:
owner: str, email address of the key pair's owner.
target_id: str, target id associated with this passphrase.
secret: str, secret data to escrow.
metadata: dict, dict of str metadata with keys matching
model's property names.
"""
if not target_id:
raise errors.AccessError('target_id is required')
entity = self._CreateNewSecretEntity(owner, target_id, secret)
for prop_name in entity.properties():
value = metadata.get(prop_name)
if value:
setattr(entity, prop_name, self.SanitizeEntityValue(prop_name, value))
inventory = service_factory.GetInventoryService()
inventory.FillInventoryServicePropertiesDuringEscrow(
entity, self.request)
for k, v in inventory.GetMetadataUpdates(entity).items():
setattr(entity, k, v)
try:
entity.put()
except errors.DuplicateEntity:
logging.info('Same data already in datastore.')
else:
self.AUDIT_LOG_MODEL.Log(
entity=entity, message='PUT', request=self.request)
self.response.out.write('Secret successfully escrowed!')
def get(self, serials):
base_handler.VerifyPermissions(permissions.RETRIEVE,
base.GetCurrentUser(),
permissions.TYPE_APPLE_FIRMWARE)
inventory_service = service_factory.GetInventoryService()
res = {
'active': [],
'retired': [],
}
for serial in serials.split(','):
if not inventory_service.IsRetiredMac(serial):
res['active'].append(serial)
continue
entity = firmware.AppleFirmwarePassword.GetLatestForTarget(serial)
if entity:
firmware.AppleFirmwarePasswordAccessLog.Log(
message='GET', entity=entity, request=self.request)
res['retired'].append({
'serial': serial,
'password': entity.password
})
else:
res['retired'].append({'serial': serial, 'password': '******'})
self.response.write(util.ToSafeJson(res))
def _CreateNewSecretEntity(self, owner, target_id, secret):
entity = self.SECRET_MODEL(owner=owner,
serial=target_id,
password=str(secret))
inventory = service_factory.GetInventoryService()
entity.asset_tags = inventory.GetAssetTagsFromUploadRequest(
entity, self.request)
return entity
def _CreateNewSecretEntity(self, owner, target_id, secret):
entity = self.SECRET_MODEL(
owner=owner,
serial=target_id,
password=str(secret))
secret_len = len(str(secret))
if secret_len < 5:
logging.info('Firmware password < 5 letters escrowed. '
'Length of secret: %d', secret_len)
inventory = service_factory.GetInventoryService()
entity.asset_tags = inventory.GetAssetTagsFromUploadRequest(
entity, self.request)
return entity