keys ui WIP

initdb.py

@@ -12,18 +12,24 @@ from peewee import (SqliteDatabase, create_model_tables, drop_model_tables, save
 from itertools import count
 from uuid import UUID, uuid4
 from threading import Event
+from hashlib import sha256
+from Crypto.PublicKey import RSA
+from jwkest.jwk import RSAKey
 
 from email.utils import formatdate
 from data.database import (db, all_models, Role, TeamRole, Visibility, LoginService,
                            BuildTriggerService, AccessTokenKind, LogEntryKind, ImageStorageLocation,
                            ImageStorageTransformation, ImageStorageSignatureKind,
                            ExternalNotificationEvent, ExternalNotificationMethod, NotificationKind,
-                           QuayRegion, QuayService, UserRegion, OAuthAuthorizationCode)
+                           QuayRegion, QuayService, UserRegion, OAuthAuthorizationCode,
+                           ServiceKeyApprovalType)
 from data import model
 from data.queue import WorkQueue
 from app import app, storage as store, tf
 from storage.basestorage import StoragePaths
 from endpoints.v2.manifest import _generate_and_store_manifest
+from util import canonicalize
+
 
 from workers import repositoryactioncounter
 
@@ -150,6 +156,32 @@ def __create_subtree(with_storage, repo, structure, creator_username, parent, ta
     __create_subtree(with_storage, repo, subtree, creator_username, new_image, tag_map)
 
 
+def __generate_service_key(name, user, timestamp, approval_type, expiration=None, metadata=None):
+  private_key = RSA.generate(1024)
+  jwk = RSAKey(key=private_key.publickey()).serialize()
+  kid = sha256(json.dumps(canonicalize(jwk), separators=(',', ':'))).hexdigest()
+
+  metadata = metadata or {}
+  model.service_keys.create_service_key(name, kid, 'sample_service', jwk, metadata, expiration)
+  model.service_keys.approve_service_key(kid, user, approval_type,
+                                         notes='The **test** apporval')
+
+  key_metadata = {
+    'kid': kid,
+    'preshared': True,
+    'service': 'sample_service',
+    'name': name,
+    'expiration_date': expiration,
+    'auto_approved': True
+  }
+
+  model.log.log_action('service_key_approve', None, performer=user,
+                       timestamp=timestamp, metadata=key_metadata)
+
+  model.log.log_action('service_key_create', None, performer=user,
+                       timestamp=timestamp, metadata=key_metadata)
+
+
 def __generate_repository(with_storage, user_obj, name, description, is_public, permissions, structure):
   repo = model.repository.create_repository(user_obj.username, name, user_obj)
 
@@ -305,6 +337,13 @@ def initialize_database():
 
   LogEntryKind.create(name='repo_verb')
 
+  LogEntryKind.create(name='service_key_create')
+  LogEntryKind.create(name='service_key_approve')
+  LogEntryKind.create(name='service_key_delete')
+  LogEntryKind.create(name='service_key_modify')
+  LogEntryKind.create(name='service_key_extend')
+  LogEntryKind.create(name='service_key_rotate')
+
   ImageStorageLocation.create(name='local_eu')
   ImageStorageLocation.create(name='local_us')
 
@@ -614,6 +653,14 @@ def populate_database(minimal=False, with_storage=False):
   six_ago = today - timedelta(5)
   four_ago = today - timedelta(4)
 
+  __generate_service_key('somesamplekey', new_user_1, today, ServiceKeyApprovalType.SUPERUSER)
+  __generate_service_key('someexpiringkey', new_user_1, week_ago, ServiceKeyApprovalType.SUPERUSER,
+                         today + timedelta(14))
+
+  __generate_service_key('autorotatingkey', new_user_1, six_ago,
+                         ServiceKeyApprovalType.KEY_ROTATION, today + timedelta(1),
+                         dict(rotation_ttl=timedelta(hours=12).total_seconds()))
+
   model.log.log_action('org_create_team', org.username, performer=new_user_1,
                        timestamp=week_ago, metadata={'team': 'readers'})