Add components for generating sec keys
This commit is contained in:
Sam Chow
parent
cc9bedbeb9
commit
0bc22d810a
25 changed files with 955 additions and 8 deletions
|
|
@ -3,6 +3,7 @@ import logging
|
|||
from flask import Blueprint, request, abort
|
||||
from flask_restful import Resource, Api
|
||||
from flask_restful.utils.cors import crossdomain
|
||||
from data import model
|
||||
from email.utils import formatdate
|
||||
from calendar import timegm
|
||||
from functools import partial, wraps
|
||||
|
|
@ -29,6 +30,14 @@ api = ApiExceptionHandlingApi()
|
|||
|
||||
api.init_app(api_bp)
|
||||
|
||||
def log_action(kind, user_or_orgname, metadata=None, repo=None, repo_name=None):
|
||||
if not metadata:
|
||||
metadata = {}
|
||||
|
||||
if repo:
|
||||
repo_name = repo.name
|
||||
|
||||
model.log.log_action(kind, user_or_orgname, repo_name, user_or_orgname, request.remote_addr, metadata)
|
||||
|
||||
def format_date(date):
|
||||
""" Output an RFC822 date format. """
|
||||
|
|
|
|||
|
|
@ -5,12 +5,13 @@ import subprocess
|
|||
|
||||
from flask import request, jsonify, make_response
|
||||
|
||||
from endpoints.exception import NotFound
|
||||
from data.database import ServiceKeyApprovalType
|
||||
from data.model import ServiceKeyDoesNotExist
|
||||
from util.config.validator import EXTRA_CA_DIRECTORY
|
||||
|
||||
from config_app.config_endpoints.exception import InvalidRequest
|
||||
from config_app.config_endpoints.api import resource, ApiResource, nickname
|
||||
from config_app.config_endpoints.api import resource, ApiResource, nickname, log_action, validate_json_request
|
||||
from config_app.config_endpoints.api.superuser_models_pre_oci import pre_oci_model
|
||||
from config_app.config_util.ssl import load_certificate, CertInvalidException
|
||||
from config_app.c_app import app, config_provider, INIT_SCRIPTS_LOCATION
|
||||
|
|
@ -170,7 +171,6 @@ class SuperUserServiceKeyApproval(ApiResource):
|
|||
@validate_json_request('ApproveServiceKey')
|
||||
def post(self, kid):
|
||||
notes = request.get_json().get('notes', '')
|
||||
approver = app.config.get('SUPER_USERS', [])[0] # get the first superuser created in the config tool
|
||||
try:
|
||||
key = pre_oci_model.approve_service_key(kid, ServiceKeyApprovalType.SUPERUSER, notes=notes)
|
||||
|
||||
|
|
@ -182,7 +182,10 @@ class SuperUserServiceKeyApproval(ApiResource):
|
|||
'expiration_date': key.expiration_date,
|
||||
}
|
||||
|
||||
log_action('service_key_approve', None, key_log_metadata)
|
||||
# Note: this may not actually be the current person modifying the config, but if they're in the config tool,
|
||||
# they have full access to the DB and could pretend to be any user, so pulling any superuser is likely fine
|
||||
super_user = app.config.get('SUPER_USERS', [None])[0]
|
||||
log_action('service_key_approve', super_user, key_log_metadata)
|
||||
except ServiceKeyDoesNotExist:
|
||||
raise NotFound()
|
||||
except ServiceKeyAlreadyApproved:
|
||||
|
|
|
|||
Reference in a new issue