def test_create_authority(issuer_plugin, logged_in_admin): from lemur.authorities.service import create authority = create(plugin={ 'plugin_object': issuer_plugin, 'slug': issuer_plugin.slug }, owner='*****@*****.**', type='root') assert authority.authority_certificate
def test_create_authority(issuer_plugin, user): from lemur.authorities.service import create authority = create( plugin={"plugin_object": issuer_plugin, "slug": issuer_plugin.slug}, owner="*****@*****.**", type="root", creator=user["user"], ) assert authority.authority_certificate
def test_create_authority(issuer_plugin, user): from lemur.authorities.service import create from lemur.tests.factories import RoleFactory authority = create( plugin={ "plugin_object": issuer_plugin, "slug": issuer_plugin.slug }, owner=user["user"].email, type="root", name="example authority", creator=user["user"], roles=[RoleFactory(name="new-role-test_create_authority")]) assert authority.authority_certificate assert authority.owner == user["user"].email assert len(authority.roles) == 3 for role in authority.roles: assert role.name in [ user["user"].email, "test_example_authority_admin", "new-role-test_create_authority" ] assert "test_example_authority_admin" not in user["user"].roles assert "new-role-test_create_authority" not in user["user"].roles
def post(self, data=None): """ .. http:post:: /authorities Create an authority **Example request**: .. sourcecode:: http POST /authorities HTTP/1.1 Host: example.com Accept: application/json, text/javascript { "country": "US", "state": "California", "location": "Los Gatos", "organization": "Netflix", "organizationalUnit": "Operations", "type": "root", "signingAlgorithm": "sha256WithRSA", "sensitivity": "medium", "keyType": "RSA2048", "plugin": { "slug": "cloudca-issuer" }, "name": "TimeTestAuthority5", "owner": "*****@*****.**", "description": "test", "commonName": "AcommonName", "validityYears": "20", "extensions": { "subAltNames": { "names": [] }, "custom": [] } } **Example response**: .. sourcecode:: http HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "name": "TestAuthority", "roles": [{ "id": 123, "name": "*****@*****.**" }, { "id": 564, "name": "TestAuthority_admin" }, { "id": 565, "name": "TestAuthority_operator" }], "options": null, "active": true, "authorityCertificate": { "body": "-----BEGIN CERTIFICATE-----IyMzU5MTVaMHk...", "status": true, "cn": "AcommonName", "description": "This is the ROOT certificate for the TestAuthority certificate authority.", "chain": "", "notBefore": "2016-06-02T00:00:15+00:00", "notAfter": "2023-06-02T23:59:15+00:00", "owner": "*****@*****.**", "user": { "username": "******", "active": true, "email": "*****@*****.**", "id": 3 }, "active": true, "bits": 2048, "id": 2235, "name": "TestAuthority" }, "owner": "*****@*****.**", "id": 43, "description": "This is the ROOT certificate for the TestAuthority certificate authority." } :arg name: authority's name :arg description: a sensible description about what the CA with be used for :arg owner: the team or person who 'owns' this authority :arg validityStart: when this authority should start issuing certificates :arg validityEnd: when this authority should stop issuing certificates :arg validityYears: starting from `now` how many years into the future the authority should be valid :arg extensions: certificate extensions :arg plugin: name of the plugin to create the authority :arg type: the type of authority (root/subca) :arg parent: the parent authority if this is to be a subca :arg signingAlgorithm: algorithm used to sign the authority :arg keyType: key type :arg sensitivity: the sensitivity of the root key, for CloudCA this determines if the root keys are stored in an HSM :arg keyName: name of the key to store in the HSM (CloudCA) :arg serialNumber: serial number of the authority :arg firstSerial: specifies the starting serial number for certificates issued off of this authority :reqheader Authorization: OAuth token to authenticate :statuscode 403: unauthenticated :statuscode 200: no error """ data['creator'] = g.current_user return service.create(**data)
def test_create_authority(issuer_plugin, logged_in_admin): from lemur.authorities.service import create authority = create(plugin={'plugin_object': issuer_plugin, 'slug': issuer_plugin.slug}, owner='*****@*****.**', type='root') assert authority.authority_certificate
def post(self, data=None): """ .. http:post:: /authorities Create an authority **Example request**: .. sourcecode:: http POST /authorities HTTP/1.1 Host: example.com Accept: application/json, text/javascript { "country": "US", "state": "California", "location": "Los Gatos", "organization": "Netflix", "organizationalUnit": "Operations", "type": "root", "signingAlgorithm": "sha256WithRSA", "sensitivity": "medium", "keyType": "RSA2048", "plugin": { "slug": "cloudca-issuer", }, "name": "TimeTestAuthority5", "owner": "*****@*****.**", "description": "test", "commonName": "AcommonName", "validityYears": "20", "extensions": { "subAltNames": { "names": [] }, "custom": [] } **Example response**: .. sourcecode:: http HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "name": "TestAuthority", "roles": [{ "id": 123, "name": "*****@*****.**" }, { "id": 564, "name": "TestAuthority_admin" }, { "id": 565, "name": "TestAuthority_operator" }], "options": null, "active": true, "authorityCertificate": { "body": "-----BEGIN CERTIFICATE-----IyMzU5MTVaMHk...", "status": true, "cn": "AcommonName", "description": "This is the ROOT certificate for the TestAuthority certificate authority.", "chain": "", "notBefore": "2016-06-02T00:00:15+00:00", "notAfter": "2023-06-02T23:59:15+00:00", "owner": "*****@*****.**", "user": { "username": "******", "active": true, "email": "*****@*****.**", "id": 3 }, "active": true, "bits": 2048, "id": 2235, "name": "TestAuthority" }, "owner": "*****@*****.**", "id": 43, "description": "This is the ROOT certificate for the TestAuthority certificate authority." } :arg name: authority's name :arg description: a sensible description about what the CA with be used for :arg owner: the team or person who 'owns' this authority :arg validityStart: when this authority should start issuing certificates :arg validityEnd: when this authority should stop issuing certificates :arg validityYears: starting from `now` how many years into the future the authority should be valid :arg extensions: certificate extensions :arg plugin: name of the plugin to create the authority :arg type: the type of authority (root/subca) :arg parent: the parent authority if this is to be a subca :arg signingAlgorithm: algorithm used to sign the authority :arg keyType: key type :arg sensitivity: the sensitivity of the root key, for CloudCA this determines if the root keys are stored in an HSM :arg keyName: name of the key to store in the HSM (CloudCA) :arg serialNumber: serial number of the authority :arg firstSerial: specifies the starting serial number for certificates issued off of this authority :reqheader Authorization: OAuth token to authenticate :statuscode 403: unauthenticated :statuscode 200: no error """ data['creator'] = g.current_user return service.create(**data)
def post(self, data=None): """ .. http:post:: /authorities Create an authority **Example request**: .. sourcecode:: http POST /authorities HTTP/1.1 Host: example.com Accept: application/json, text/javascript { "caDN": { "country": "US", "state": "CA", "location": "A Location", "organization": "ExampleInc", "organizationalUnit": "Operations", "commonName": "a common name" }, "caType": "root", "caSigningAlgo": "sha256WithRSA", "caSensitivity": "medium", "keyType": "RSA2048", "pluginName": "cloudca", "validityStart": "2015-06-11T07:00:00.000Z", "validityEnd": "2015-06-13T07:00:00.000Z", "caName": "DoctestCA", "ownerEmail": "*****@*****.**", "caDescription": "Example CA", "extensions": { "subAltNames": { "names": [] } }, } **Example response**: .. sourcecode:: http HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "id": 1, "name": "authority1", "description": "this is authority1", "pluginName": null, "chain": "-----Begin ...", "body": "-----Begin ...", "active": true, "notBefore": "2015-06-05T17:09:39", "notAfter": "2015-06-10T17:09:39" "options": null } :arg caName: authority's name :arg caDescription: a sensible description about what the CA with be used for :arg ownerEmail: the team or person who 'owns' this authority :arg validityStart: when this authority should start issuing certificates :arg validityEnd: when this authority should stop issuing certificates :arg extensions: certificate extensions :arg pluginName: name of the plugin to create the authority :arg caType: the type of authority (root/subca) :arg caParent: the parent authority if this is to be a subca :arg caSigningAlgo: algorithm used to sign the authority :arg keyType: key type :arg caSensitivity: the sensitivity of the root key, for CloudCA this determines if the root keys are stored in an HSM :arg caKeyName: name of the key to store in the HSM (CloudCA) :arg caSerialNumber: serial number of the authority :arg caFirstSerial: specifies the starting serial number for certificates issued off of this authority :reqheader Authorization: OAuth token to authenticate :statuscode 403: unauthenticated :statuscode 200: no error """ return service.create(data)
def post(self): """ .. http:post:: /authorities Create an authority **Example request**: .. sourcecode:: http POST /authorities HTTP/1.1 Host: example.com Accept: application/json, text/javascript { "caDN": { "country": "US", "state": "CA", "location": "A Location", "organization": "ExampleInc", "organizationalUnit": "Operations", "commonName": "a common name" }, "caType": "root", "caSigningAlgo": "sha256WithRSA", "caSensitivity": "medium", "keyType": "RSA2048", "pluginName": "cloudca", "validityStart": "2015-06-11T07:00:00.000Z", "validityEnd": "2015-06-13T07:00:00.000Z", "caName": "DoctestCA", "ownerEmail": "*****@*****.**", "caDescription": "Example CA", "extensions": { "subAltNames": { "names": [] } }, } **Example response**: .. sourcecode:: http HTTP/1.1 200 OK Vary: Accept Content-Type: text/javascript { "id": 1, "name": "authority1", "description": "this is authority1", "pluginName": null, "chain": "-----Begin ...", "body": "-----Begin ...", "active": true, "notBefore": "2015-06-05T17:09:39", "notAfter": "2015-06-10T17:09:39" "options": null } :arg caName: authority's name :arg caDescription: a sensible description about what the CA with be used for :arg ownerEmail: the team or person who 'owns' this authority :arg validityStart: when this authority should start issuing certificates :arg validityEnd: when this authority should stop issuing certificates :arg extensions: certificate extensions :arg pluginName: name of the plugin to create the authority :arg caType: the type of authority (root/subca) :arg caParent: the parent authority if this is to be a subca :arg caSigningAlgo: algorithm used to sign the authority :arg keyType: key type :arg caSensitivity: the sensitivity of the root key, for CloudCA this determines if the root keys are stored in an HSM :arg caKeyName: name of the key to store in the HSM (CloudCA) :arg caSerialNumber: serial number of the authority :arg caFirstSerial: specifies the starting serial number for certificates issued off of this authority :reqheader Authorization: OAuth token to authenticate :statuscode 403: unauthenticated :statuscode 200: no error """ self.reqparse.add_argument('caName', type=str, location='json', required=True) self.reqparse.add_argument('caDescription', type=str, location='json', required=False) self.reqparse.add_argument('ownerEmail', type=str, location='json', required=True) self.reqparse.add_argument('caDN', type=dict, location='json', required=False) self.reqparse.add_argument('validityStart', type=str, location='json', required=False) # TODO validate self.reqparse.add_argument('validityEnd', type=str, location='json', required=False) # TODO validate self.reqparse.add_argument('extensions', type=dict, location='json', required=False) self.reqparse.add_argument('pluginName', type=str, location='json', required=True) self.reqparse.add_argument('caType', type=str, location='json', required=False) self.reqparse.add_argument('caParent', type=str, location='json', required=False) self.reqparse.add_argument('caSigningAlgo', type=str, location='json', required=False) self.reqparse.add_argument('keyType', type=str, location='json', required=False) self.reqparse.add_argument('caSensitivity', type=str, location='json', required=False) self.reqparse.add_argument('caKeyName', type=str, location='json', required=False) self.reqparse.add_argument('caSerialNumber', type=int, location='json', required=False) self.reqparse.add_argument('caFirstSerial', type=int, location='json', required=False) args = self.reqparse.parse_args() return service.create(args)