vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Fix key server to not list expired keys

Browse source 
Fixes the key server to not list expire keys and by default not return expired or unapproved keys unless explicitly requested.

Fixes #1430
This commit is contained in:
Joseph Schorr 2016-05-03 14:01:33 -04:00
parent f0af2ca9c3
commit 6e2df3b339
4 changed files with 129 additions and 34 deletions
Download patch file Download diff file Expand all files Collapse all files

18
data/model/service_keys.py
View file

@ -137,7 +137,7 @@ def delete_service_key(kid):
def set_key_expiration(kid, expiration_date):
try:
service_key = get_service_key(kid)
service_key = get_service_key(kid, alive_only=False, approved_only=False)
except ServiceKey.DoesNotExist:
raise ServiceKeyDoesNotExist
@ -163,12 +163,17 @@ def approve_service_key(kid, approver, approval_type, notes=''):
return key
def _list_service_keys_query(kid=None, service=None, approved_only=False, approval_type=None):
def _list_service_keys_query(kid=None, service=None, approved_only=True, alive_only=True,
approval_type=None):
query = ServiceKey.select().join(ServiceKeyApproval, JOIN_LEFT_OUTER)
if approved_only:
query = query.where(~(ServiceKey.approval >> None))
if alive_only:
query = query.where((ServiceKey.expiration_date > datetime.utcnow()) |
(ServiceKey.expiration_date >> None))
if approval_type is not None:
query = query.where(ServiceKeyApproval.approval_type == approval_type)
@ -185,15 +190,16 @@ def _list_service_keys_query(kid=None, service=None, approved_only=False, approv
def list_all_keys():
return list(_list_service_keys_query())
return list(_list_service_keys_query(approved_only=False, alive_only=False))
def list_service_keys(service):
return list(_list_service_keys_query(service=service, approved_only=True))
return list(_list_service_keys_query(service=service))
def get_service_key(kid, service=None):
def get_service_key(kid, service=None, alive_only=True, approved_only=True):
try:
return _list_service_keys_query(kid=kid, service=service).get()
return _list_service_keys_query(kid=kid, service=service, approved_only=approved_only,
alive_only=alive_only).get()
except ServiceKey.DoesNotExist:
raise ServiceKeyDoesNotExist