vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

key server: misc fixes to make jwtproxy work

Browse source
This commit is contained in:
Jimmy Zelinskie 2016-04-01 15:48:31 -04:00 committed by Jimmy Zelinskie
parent 5cdc7812dc
commit 885a41e6f5
3 changed files with 8 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
data/model/service_keys.py
View file

@ -1,6 +1,8 @@
from calendar import timegm from calendar import timegm
from datetime import datetime, timedelta from datetime import datetime, timedelta
from peewee import JOIN_LEFT_OUTER
from app import app from app import app
from data.database import db_for_update, User, ServiceKey, ServiceKeyApproval from data.database import db_for_update, User, ServiceKey, ServiceKeyApproval
from data.model import ServiceKeyDoesNotExist, ServiceKeyAlreadyApproved, db_transaction from data.model import ServiceKeyDoesNotExist, ServiceKeyAlreadyApproved, db_transaction
@ -39,8 +41,6 @@ def _notify_superusers(key):
superusers = User.select().where(User.username << app.config['SUPER_USERS']) superusers = User.select().where(User.username << app.config['SUPER_USERS'])
for superuser in superusers: for superuser in superusers:
# TODO(jzelinskie): create notification type in the database migration
# I already put it in initdb
create_notification('service_key_submitted', superuser, metadata=notification_metadata, create_notification('service_key_submitted', superuser, metadata=notification_metadata,
lookup_path='/service_key_approval/{0}'.format(key.kid)) lookup_path='/service_key_approval/{0}'.format(key.kid))
@ -94,14 +94,15 @@ def delete_service_key(service, kid):
_gc_expired(service) _gc_expired(service)
def approve_service_key(kid, approver, approval_type): def approve_service_key(kid, approver, approval_type, notes=''):
try: try:
with db_transaction(): with db_transaction():
key = db_for_update(ServiceKey.select().where(ServiceKey.kid == kid)).get() key = db_for_update(ServiceKey.select().where(ServiceKey.kid == kid)).get()
if key.approval is not None: if key.approval is not None:
raise ServiceKeyAlreadyApproved raise ServiceKeyAlreadyApproved
approval = ServiceKeyApproval.create(approver=approver, approval_type=approval_type) approval = ServiceKeyApproval.create(approver=approver, approval_type=approval_type,
notes=notes)
key.approval = approval key.approval = approval
key.save() key.save()
except ServiceKey.DoesNotExist: except ServiceKey.DoesNotExist:
@ -112,7 +113,7 @@ def approve_service_key(kid, approver, approval_type):
def _list_service_keys_query(kid=None, service=None, approved_only=False): def _list_service_keys_query(kid=None, service=None, approved_only=False):
query = ServiceKey.select().join(ServiceKeyApproval) query = ServiceKey.select().join(ServiceKeyApproval, JOIN_LEFT_OUTER)
if approved_only: if approved_only:
query = query.where(~(ServiceKey.approval >> None)) query = query.where(~(ServiceKey.approval >> None))

3
endpoints/api/superuser.py
View file

@ -637,7 +637,6 @@ class SuperUserServiceKeyApproval(ApiResource):
@verify_not_prod @verify_not_prod
@nickname('approveServiceKey') @nickname('approveServiceKey')
@require_scope(scopes.SUPERUSER) @require_scope(scopes.SUPERUSER)
@validate_json_request('ApproveServiceKey')
def put(self, kid): def put(self, kid):
if SuperUserPermission().can(): if SuperUserPermission().can():
approver = get_authenticated_user() approver = get_authenticated_user()
@ -648,6 +647,6 @@ class SuperUserServiceKeyApproval(ApiResource):
except model.ServiceKeyAlreadyApproved: except model.ServiceKeyAlreadyApproved:
pass pass
make_response('', 200) return make_response('', 200)
abort(403) abort(403)

1
endpoints/key_server.py
View file

@ -83,6 +83,7 @@ def list_service_keys(service):
@key_server.route('/services/<service>/keys/<kid>', methods=['GET']) @key_server.route('/services/<service>/keys/<kid>', methods=['GET'])
def get_service_key(service, kid): def get_service_key(service, kid):
logger.debug(kid)
try: try:
key = data.model.service_keys.get_service_key(kid) key = data.model.service_keys.get_service_key(kid)
except data.model.ServiceKeyDoesNotExist: except data.model.ServiceKeyDoesNotExist: