service keys: do all the right stuff
This commit is contained in:
Jimmy Zelinskie
Jimmy Zelinskie
parent
6ecff950ab
commit
4079dba167
7 changed files with 149 additions and 41 deletions
|
|
@ -5,19 +5,20 @@ import logging
|
|||
import os
|
||||
|
||||
from random import SystemRandom
|
||||
from flask import request
|
||||
from flask import request, make_response
|
||||
|
||||
import features
|
||||
|
||||
from app import app, avatar, superusers, authentication, config_provider
|
||||
from auth import scopes
|
||||
from auth.auth_context import get_authenticated_user
|
||||
from auth.permissions import SuperUserPermission
|
||||
from endpoints.api import (ApiResource, nickname, resource, validate_json_request,
|
||||
internal_only, require_scope, show_if, parse_args,
|
||||
query_param, abort, require_fresh_login, path_param, verify_not_prod,
|
||||
page_support)
|
||||
from endpoints.api.logs import get_logs, get_aggregate_logs
|
||||
from data import model
|
||||
from auth.permissions import SuperUserPermission
|
||||
from auth import scopes
|
||||
from util.useremails import send_confirmation_email, send_recovery_email
|
||||
|
||||
|
||||
|
|
@ -467,3 +468,39 @@ class SuperUserOrganizationManagement(ApiResource):
|
|||
return org_view(org)
|
||||
|
||||
abort(403)
|
||||
|
||||
@resource('/v1/superuser/services/<service>/keys/<kid>')
|
||||
@path_param('service', 'The service using the key')
|
||||
@path_param('kid', 'The unique identifier for a service key')
|
||||
@show_if(features.SUPER_USERS)
|
||||
class SuperUserServiceKeyManagement(ApiResource):
|
||||
""" Resource for managing service keys. """
|
||||
schemas = {
|
||||
'ApproveServiceKey': {
|
||||
'id': 'ApproveServiceKey',
|
||||
'type': 'object',
|
||||
'description': 'Description of approved keys for a service',
|
||||
'properties': {
|
||||
'kid': {
|
||||
'type': 'string',
|
||||
'description': 'The key being approved for service authentication usage.',
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
@verify_not_prod
|
||||
@nickname('approveServiceKey')
|
||||
@validate_json_request('ApproveServiceKey')
|
||||
@require_scope(scopes.SUPERUSER)
|
||||
def put(self, service, kid):
|
||||
if SuperUserPermission().can():
|
||||
approver = get_authenticated_user()
|
||||
try:
|
||||
model.service_keys.approve_service_key(service, kid, approver, 'Quay SuperUser API')
|
||||
except model.ServiceKeyDoesNotExist:
|
||||
abort(404)
|
||||
except model.ServiceKeyAlreadyApproved:
|
||||
pass
|
||||
|
||||
make_response('', 200)
|
||||
|
|
|
|||
Reference in a new issue