示例#1
0
文件: env.py 项目: mbestavros/keylime 
def run_migrations_offline():
    """Run migrations in 'offline' mode.

    This configures the context with just a URL
    and not an Engine, though an Engine is acceptable
    here as well.  By skipping the Engine creation
    we don't even need a DBAPI to be available.

    Calls to context.execute() here emit the given string to the
    script output.

    """
    # for the --sql use case, run migrations for each URL into
    # individual files.

    for name in re.split(r",\s*", db_names):

        logger.info("Migrating database %s", name)
        file_ = f"{name}.sql"
        logger.info("Writing output to %s", file_)

        with open(file_, "w", encoding="utf-8") as buffer:
            engine = DBEngineManager().make_engine(name)
            connection = engine.connect()
            context.configure(
                connection=connection,
                output_buffer=buffer,
                target_metadata=target_metadata.get(name),
                literal_binds=True,
                dialect_opts={"paramstyle": "named"},
                version_table="alembic_version_" + name,
            )
            with context.begin_transaction():
                context.run_migrations(engine_name=name)
示例#2
0
文件: env.py 项目: mbestavros/keylime 
def run_migrations_online():
    """Run migrations in 'online' mode.

    In this scenario we need to create an Engine
    and associate a connection with the context.

    """

    # for the direct-to-DB use case, start a transaction on all
    # engines, then run all migrations, then commit all transactions.

    engines = {}
    for name in re.split(r",\s*", db_names):
        engines[name] = rec = {}
        rec["engine"] = DBEngineManager().make_engine(name)

    for name, rec in engines.items():
        engine = rec["engine"]
        rec["connection"] = conn = engine.connect()

        if USE_TWOPHASE:
            rec["transaction"] = conn.begin_twophase()
        else:
            rec["transaction"] = conn.begin()

    try:
        for name, rec in engines.items():
            logger.info("Migrating database %s", name)
            context.configure(
                connection=rec["connection"],
                upgrade_token=f"{name}_upgrades",
                downgrade_token=f"{name}_downgrades",
                target_metadata=target_metadata.get(name),
                version_table=f"alembic_version_{name}",
            )
            context.run_migrations(engine_name=name)

        if USE_TWOPHASE:
            for rec in engines.values():
                rec["transaction"].prepare()

        for rec in engines.values():
            rec["transaction"].commit()
    except Exception:
        for rec in engines.values():
            rec["transaction"].rollback()
        raise
    finally:
        for rec in engines.values():
            rec["connection"].close()
示例#3
0
from keylime import config
from keylime.common import states
from keylime.db.verifier_db import VerfierMain
from keylime.db.verifier_db import VerifierAllowlist
from keylime.db.keylime_db import DBEngineManager, SessionManager
from keylime import keylime_logging
from keylime import cloud_verifier_common
from keylime import revocation_notifier
import keylime.tornado_requests as tornado_requests


logger = keylime_logging.init_logging('cloudverifier')


try:
    engine = DBEngineManager().make_engine('cloud_verifier')
except SQLAlchemyError as e:
    logger.error('Error creating SQL engine or session: %s', e)
    sys.exit(1)


def get_session():
    return SessionManager().make_session(engine)


# The "exclude_db" dict values are removed from the response before adding the dict to the DB
# This is because we want these values to remain ephemeral and not stored in the database.
exclude_db = {
    'registrar_keys': '',
    'nonce': '',
    'b64_encrypted_V': '',
示例#4
0
from cryptography.x509 import load_der_x509_certificate
import simplejson as json

from keylime.db.registrar_db import RegistrarMain
from keylime.db.keylime_db import DBEngineManager, SessionManager
from keylime import cloud_verifier_common
from keylime import config
from keylime import crypto
from keylime.tpm import tpm2_objects
from keylime import keylime_logging
from keylime.tpm.tpm_main import tpm

logger = keylime_logging.init_logging('registrar')

try:
    engine = DBEngineManager().make_engine('registrar')
except SQLAlchemyError as e:
    logger.error('Error creating SQL engine: %s', e)
    sys.exit(1)


class ProtectedHandler(BaseHTTPRequestHandler, SessionManager):
    def do_HEAD(self):
        """HEAD not supported"""
        config.echo_json_response(self, 405, "HEAD not supported")

    def do_PATCH(self):
        """PATCH not supported"""
        config.echo_json_response(self, 405, "PATCH not supported")

    def do_GET(self):
示例#5
0
from cryptography.x509 import load_der_x509_certificate
from sqlalchemy.exc import SQLAlchemyError
from sqlalchemy.orm.exc import NoResultFound

from keylime import api_version as keylime_api_version
from keylime import crypto, json, keylime_logging, web_util
from keylime.common import validators
from keylime.db.keylime_db import DBEngineManager, SessionManager
from keylime.db.registrar_db import RegistrarMain
from keylime.tpm import tpm2_objects
from keylime.tpm.tpm_main import tpm

logger = keylime_logging.init_logging("registrar")

try:
    engine = DBEngineManager().make_engine("registrar")
except SQLAlchemyError as err:
    logger.error("Error creating SQL engine: %s", err)
    sys.exit(1)


class ProtectedHandler(BaseHTTPRequestHandler, SessionManager):
    def do_HEAD(self):
        """HEAD not supported"""
        web_util.echo_json_response(self, 405, "HEAD not supported")

    def do_PATCH(self):
        """PATCH not supported"""
        web_util.echo_json_response(self, 405, "PATCH not supported")

    def do_GET(self):