def __init__(self, ca): LOG.debug('=== Creating CertificateAuthorityController ===') self.ca = ca self.ca_repo = repo.get_ca_repository() self.project_ca_repo = repo.get_project_ca_repository() self.preferred_ca_repo = repo.get_preferred_ca_repository() self.project_repo = repo.get_project_repository()
def create_preferred_cert_authority(cert_authority, session=None): preferred_cert_authority = models.PreferredCertificateAuthority( ca_id=cert_authority.id, project_id=cert_authority.project_id) preferred_ca_repo = repositories.get_preferred_ca_repository() preferred_ca_repo.create_from(preferred_cert_authority, session=session) return preferred_cert_authority
def __init__(self): LOG.debug('Creating CertificateAuthoritiesController') self.ca_repo = repo.get_ca_repository() self.project_ca_repo = repo.get_project_ca_repository() self.preferred_ca_repo = repo.get_preferred_ca_repository() self.project_repo = repo.get_project_repository() self.validator = None
def get_global_preferred_ca(): project = res.get_or_create_global_preferred_project() preferred_ca_repository = repos.get_preferred_ca_repository() cas = preferred_ca_repository.get_project_entities(project.id) if not cas: return None else: return cas[0]
def __init__(self): LOG.debug('Creating CertificateAuthoritiesController') self.ca_repo = repo.get_ca_repository() self.project_ca_repo = repo.get_project_ca_repository() self.preferred_ca_repo = repo.get_preferred_ca_repository() self.project_repo = repo.get_project_repository() self.validator = validators.NewCAValidator() self.quota_enforcer = quota.QuotaEnforcer('cas', self.ca_repo) # Populate the CA table at start up cert_resources.refresh_certificate_resources()
def delete_subordinate_ca(external_project_id, ca): """Deletes a subordinate CA and any related artifacts :param external_project_id: external project ID :param ca: class:`models.CertificateAuthority` to be deleted :return: None """ # TODO(alee) See if the checks below can be moved to the RBAC code # Check that this CA is a subCA if ca.project_id is None: raise excep.CannotDeleteBaseCA() # Check that the user's project owns this subCA project = res.get_or_create_project(external_project_id) if ca.project_id != project.id: raise excep.UnauthorizedSubCA() project_ca_repo = repos.get_project_ca_repository() (project_cas, _, _, _) = project_ca_repo.get_by_create_date(project_id=project.id, ca_id=ca.id, suppress_exception=True) preferred_ca_repo = repos.get_preferred_ca_repository() (preferred_cas, _, _, _) = preferred_ca_repo.get_by_create_date(project_id=project.id, ca_id=ca.id, suppress_exception=True) # Can not delete a project preferred CA, if other project CAs exist. One # of those needs to be designated as the preferred CA first. if project_cas and preferred_cas and not is_last_project_ca(project.id): raise excep.CannotDeletePreferredCA() # Remove the CA as preferred if preferred_cas: preferred_ca_repo.delete_entity_by_id(preferred_cas[0].id, external_project_id) # Remove the CA from project list if project_cas: project_ca_repo.delete_entity_by_id(project_cas[0].id, external_project_id) # Delete the CA entry from plugin cert_plugin = cert.CertificatePluginManager().get_plugin_by_name( ca.plugin_name) cert_plugin.delete_ca(ca.plugin_ca_id) # Finally, delete the CA entity from the CA repository ca_repo = repos.get_ca_repository() ca_repo.delete_entity_by_id(entity_id=ca.id, external_project_id=external_project_id)
def delete_subordinate_ca(external_project_id, ca): """Deletes a subordinate CA and any related artifacts :param external_project_id: external project ID :param ca: class:`models.CertificateAuthority` to be deleted :return: None """ # TODO(alee) See if the checks below can be moved to the RBAC code # Check that this CA is a subCA if ca.project_id is None: raise excep.CannotDeleteBaseCA() # Check that the user's project owns this subCA project = res.get_or_create_project(external_project_id) if ca.project_id != project.id: raise excep.UnauthorizedSubCA() project_ca_repo = repos.get_project_ca_repository() (project_cas, _, _, _) = project_ca_repo.get_by_create_date( project_id=project.id, ca_id=ca.id, suppress_exception=True) preferred_ca_repo = repos.get_preferred_ca_repository() (preferred_cas, _, _, _) = preferred_ca_repo.get_by_create_date( project_id=project.id, ca_id=ca.id, suppress_exception=True) # Can not delete a project preferred CA, if other project CAs exist. One # of those needs to be designated as the preferred CA first. if project_cas and preferred_cas and not is_last_project_ca(project.id): raise excep.CannotDeletePreferredCA() # Remove the CA as preferred if preferred_cas: preferred_ca_repo.delete_entity_by_id(preferred_cas[0].id, external_project_id) # Remove the CA from project list if project_cas: project_ca_repo.delete_entity_by_id(project_cas[0].id, external_project_id) # Delete the CA entry from plugin cert_plugin = cert.CertificatePluginManager().get_plugin_by_name( ca.plugin_name) cert_plugin.delete_ca(ca.plugin_ca_id) # Finally, delete the CA entity from the CA repository ca_repo = repos.get_ca_repository() ca_repo.delete_entity_by_id( entity_id=ca.id, external_project_id=external_project_id)
def get_project_preferred_ca_id(project_id): """Compute the preferred CA ID for a project First priority: a preferred CA is defined for the project Second priority: a preferred CA is defined globally Else: None """ preferred_ca_repository = repos.get_preferred_ca_repository() cas, offset, limit, total = preferred_ca_repository.get_by_create_date( project_id=project_id, suppress_exception=True) if total > 0: return cas[0].ca_id global_ca = get_global_preferred_ca() if global_ca: return global_ca.ca_id
def _get_ca_id(order_meta, project_id): ca_id = order_meta.get(cert.CA_ID) if ca_id: return ca_id preferred_ca_repository = repos.get_preferred_ca_repository() cas, offset, limit, total = preferred_ca_repository.get_by_create_date( project_id=project_id, suppress_exception=True) if total > 0: return cas[0].ca_id global_ca = preferred_ca_repository.get_global_preferred_ca() if global_ca: return global_ca.ca_id return None
# See the License for the specific language governing permissions and # limitations under the License. import mock from six import moves from barbican.common import exception from barbican.common import hrefs from barbican.common import resources as res from barbican.model import models from barbican.model import repositories from barbican.tests import utils project_repo = repositories.get_project_repository() ca_repo = repositories.get_ca_repository() project_ca_repo = repositories.get_project_repository() preferred_ca_repo = repositories.get_preferred_ca_repository() def create_ca(parsed_ca, id_ref="id"): """Generate a CA entity instance.""" ca = models.CertificateAuthority(parsed_ca) ca.id = id_ref return ca class WhenTestingCAsResource(utils.BarbicanAPIBaseTestCase): def test_should_get_list_certificate_authorities(self): self.app.extra_environ = { 'barbican.context': self._build_context(self.project_id, user="******")