service keys: add rotation_duration field
This commit is contained in:
Jimmy Zelinskie
Jimmy Zelinskie
parent
6577ac3e62
commit
370ac3ecd0
5 changed files with 21 additions and 46 deletions
|
|
@ -898,6 +898,7 @@ class ServiceKey(BaseModel):
|
|||
metadata = JSONField()
|
||||
created_date = DateTimeField(default=datetime.utcnow)
|
||||
expiration_date = DateTimeField(null=True)
|
||||
rotation_duration = IntegerField(null=True)
|
||||
approval = ForeignKeyField(ServiceKeyApproval, index=True, null=True)
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -31,14 +31,13 @@ def upgrade(tables):
|
|||
[{'name':'service_key_submitted'}],
|
||||
)
|
||||
|
||||
op.bulk_insert(tables.logentrykind,
|
||||
[
|
||||
{'name':'service_key_create'},
|
||||
{'name':'service_key_approve'},
|
||||
{'name':'service_key_delete'},
|
||||
{'name':'service_key_modify'},
|
||||
{'name':'service_key_extend'},
|
||||
{'name':'service_key_rotate'},
|
||||
op.bulk_insert(tables.logentrykind, [
|
||||
{'name':'service_key_create'},
|
||||
{'name':'service_key_approve'},
|
||||
{'name':'service_key_delete'},
|
||||
{'name':'service_key_modify'},
|
||||
{'name':'service_key_extend'},
|
||||
{'name':'service_key_rotate'},
|
||||
])
|
||||
|
||||
op.create_index('servicekeyapproval_approval_type', 'servicekeyapproval', ['approval_type'], unique=False)
|
||||
|
|
@ -53,6 +52,7 @@ def upgrade(tables):
|
|||
sa.Column('metadata', UTF8LongText(), nullable=False),
|
||||
sa.Column('created_date', sa.DateTime(), nullable=False),
|
||||
sa.Column('expiration_date', sa.DateTime(), nullable=True),
|
||||
sa.Column('rotation_duration', sa.Integer(), nullable=True),
|
||||
sa.Column('approval_id', sa.Integer(), nullable=True),
|
||||
sa.ForeignKeyConstraint(['approval_id'], ['servicekeyapproval.id'],
|
||||
name=op.f('fk_servicekey_approval_id_servicekeyapproval')),
|
||||
|
|
@ -70,35 +70,12 @@ def upgrade(tables):
|
|||
|
||||
|
||||
def downgrade(tables):
|
||||
op.execute(
|
||||
(tables.logentrykind.delete()
|
||||
.where(tables.logentrykind.c.name == op.inline_literal('service_key_create')))
|
||||
)
|
||||
|
||||
op.execute(
|
||||
(tables.logentrykind.delete()
|
||||
.where(tables.logentrykind.c.name == op.inline_literal('service_key_approve')))
|
||||
)
|
||||
|
||||
op.execute(
|
||||
(tables.logentrykind.delete()
|
||||
.where(tables.logentrykind.c.name == op.inline_literal('service_key_delete')))
|
||||
)
|
||||
|
||||
op.execute(
|
||||
(tables.logentrykind.delete()
|
||||
.where(tables.logentrykind.c.name == op.inline_literal('service_key_modify')))
|
||||
)
|
||||
|
||||
op.execute(
|
||||
(tables.logentrykind.delete()
|
||||
.where(tables.logentrykind.c.name == op.inline_literal('service_key_extend')))
|
||||
)
|
||||
|
||||
op.execute(
|
||||
(tables.logentrykind.delete()
|
||||
.where(tables.logentrykind.c.name == op.inline_literal('service_key_rotate')))
|
||||
)
|
||||
op.execute(tables.logentrykind.delete().where(tables.logentrykind.c.name == op.inline_literal('service_key_create')))
|
||||
op.execute(tables.logentrykind.delete().where(tables.logentrykind.c.name == op.inline_literal('service_key_approve')))
|
||||
op.execute(tables.logentrykind.delete().where(tables.logentrykind.c.name == op.inline_literal('service_key_delete')))
|
||||
op.execute(tables.logentrykind.delete().where(tables.logentrykind.c.name == op.inline_literal('service_key_modify')))
|
||||
op.execute(tables.logentrykind.delete().where(tables.logentrykind.c.name == op.inline_literal('service_key_extend')))
|
||||
op.execute(tables.logentrykind.delete().where(tables.logentrykind.c.name == op.inline_literal('service_key_rotate')))
|
||||
|
||||
op.drop_column(u'notification', 'lookup_path')
|
||||
op.drop_table('servicekey')
|
||||
|
|
|
|||
|
|
@ -47,9 +47,9 @@ def _notify_superusers(key):
|
|||
lookup_path='/service_key_approval/{0}/{1}'.format(key.kid, superuser.id))
|
||||
|
||||
|
||||
def create_service_key(name, kid, service, jwk, metadata, expiration_date):
|
||||
def create_service_key(name, kid, service, jwk, metadata, expiration_date, rotation_duration=None):
|
||||
key = ServiceKey.create(name=name, kid=kid, service=service, jwk=jwk, metadata=metadata,
|
||||
expiration_date=expiration_date)
|
||||
expiration_date=expiration_date, rotation_duration=rotation_duration)
|
||||
|
||||
_notify_superusers(key)
|
||||
_gc_expired(service)
|
||||
|
|
@ -75,7 +75,7 @@ def replace_service_key(old_kid, kid, jwk, metadata, expiration_date):
|
|||
|
||||
ServiceKey.create(name=key.name, kid=kid, service=key.service, jwk=jwk,
|
||||
metadata=key.metadata, expiration_date=expiration_date,
|
||||
approval=key.approval)
|
||||
rotation_duration=key.rotation_duration, approval=key.approval)
|
||||
key.delete_instance()
|
||||
except ServiceKey.DoesNotExist:
|
||||
raise ServiceKeyDoesNotExist
|
||||
|
|
|
|||
Reference in a new issue