def create_secret(data, tenant, crypto_manager, secret_repo, tenant_secret_repo, datum_repo, kek_repo, ok_to_generate=False): """Common business logic to create a secret.""" time_keeper = utils.TimeKeeper('Create Secret Resource') new_secret = models.Secret(data) time_keeper.mark('after Secret model create') new_datum = None content_type = data.get('payload_content_type', 'application/octet-stream') if 'payload' in data: payload = data.get('payload') content_encoding = data.get('payload_content_encoding') LOG.debug('Encrypting payload...') new_datum = crypto_manager.encrypt(payload, content_type, content_encoding, new_secret, tenant, kek_repo, enforce_text_only=True) time_keeper.mark('after encrypt') elif ok_to_generate: LOG.debug('Generating new secret...') new_datum = crypto_manager.generate_data_encryption_key(new_secret, content_type, tenant, kek_repo) time_keeper.mark('after secret generate') else: LOG.debug('Creating metadata only for the new secret. ' 'A subsequent PUT is required') # Create Secret entities in datastore. secret_repo.create_from(new_secret) time_keeper.mark('after Secret datastore create') new_assoc = models.TenantSecret() time_keeper.mark('after TenantSecret model create') new_assoc.tenant_id = tenant.id new_assoc.secret_id = new_secret.id new_assoc.role = "admin" new_assoc.status = models.States.ACTIVE tenant_secret_repo.create_from(new_assoc) time_keeper.mark('after TenantSecret datastore create') if new_datum: new_datum.secret_id = new_secret.id datum_repo.create_from(new_datum) time_keeper.mark('after Datum datastore create') time_keeper.dump() return new_secret
def create_secret(data, tenant, crypto_manager, secret_repo, tenant_secret_repo, datum_repo, ok_to_generate=False): """ Common business logic to create a secret. """ new_secret = models.Secret(data) new_datum = None if 'plain_text' in data: plain_text = data['plain_text'] if not plain_text: raise exception.NoDataToProcess() LOG.debug('Encrypting plain_text secret...') new_datum = crypto_manager.encrypt(data['plain_text'], new_secret, tenant) elif ok_to_generate: LOG.debug('Generating new secret...') # TODO: Generate a good key new_datum = crypto_manager.generate_data_encryption_key( new_secret, tenant) else: LOG.debug('Creating metadata only for the new secret. ' 'A subsequent PUT is required') crypto_manager.supports(new_secret, tenant) # Create Secret entities in datastore. secret_repo.create_from(new_secret) new_assoc = models.TenantSecret() new_assoc.tenant_id = tenant.id new_assoc.secret_id = new_secret.id new_assoc.role = "admin" new_assoc.status = models.States.ACTIVE tenant_secret_repo.create_from(new_assoc) if new_datum: new_datum.secret_id = new_secret.id datum_repo.create_from(new_datum) return new_secret
def create_encrypted_datum(secret, plain_text, tenant, crypto_manager, tenant_secret_repo, datum_repo): """ Modifies the secret to add the plain_text secret information. :param secret: the secret entity to associate the secret data to :param plain_text: plain-text of the secret data to store :param tenant: the tenant (entity) who owns the secret :param crypto_manager: the crypto plugin manager :param tenant_secret_repo: the tenant/secret association repository :param datum_repo: the encrypted datum repository :retval The response body, None if N/A """ if not plain_text: raise exception.NoDataToProcess() if validators.secret_too_big(plain_text): raise exception.LimitExceeded() if secret.encrypted_data: raise ValueError('Secret already has encrypted data stored for it.') fields = secret.to_dict_fields() fields['plain_text'] = plain_text # Encrypt plain_text LOG.debug('Encrypting plain_text secret') new_datum = crypto_manager.encrypt(plain_text, secret, tenant) datum_repo.create_from(new_datum) # Create Tenant/Secret entity. new_assoc = models.TenantSecret() new_assoc.tenant_id = tenant.id new_assoc.secret_id = secret.id new_assoc.role = "admin" new_assoc.status = models.States.ACTIVE tenant_secret_repo.create_from(new_assoc) return new_datum
def _do_create_instance(self): return models.TenantSecret()