initdb: add unapproved service key
This commit is contained in:
Jimmy Zelinskie
Jimmy Zelinskie
parent
fb1dca4e94
commit
b0dac1d27e
2 changed files with 24 additions and 20 deletions
44
initdb.py
44
initdb.py
|
|
@ -156,30 +156,31 @@ def __create_subtree(with_storage, repo, structure, creator_username, parent, ta
|
||||||
__create_subtree(with_storage, repo, subtree, creator_username, new_image, tag_map)
|
__create_subtree(with_storage, repo, subtree, creator_username, new_image, tag_map)
|
||||||
|
|
||||||
|
|
||||||
def __generate_service_key(name, user, timestamp, approval_type, expiration=None, metadata=None):
|
def __generate_service_key(kid, name, user, timestamp, approval_type, expiration=None,
|
||||||
|
metadata=None):
|
||||||
private_key = RSA.generate(1024)
|
private_key = RSA.generate(1024)
|
||||||
jwk = RSAKey(key=private_key.publickey()).serialize()
|
jwk = RSAKey(key=private_key.publickey()).serialize()
|
||||||
kid = sha256(json.dumps(canonicalize(jwk), separators=(',', ':'))).hexdigest()
|
|
||||||
|
|
||||||
metadata = metadata or {}
|
metadata = metadata or {}
|
||||||
model.service_keys.create_service_key(name, kid, 'sample_service', jwk, metadata, expiration)
|
model.service_keys.create_service_key(name, kid, 'sample_service', jwk, metadata, expiration)
|
||||||
model.service_keys.approve_service_key(kid, user, approval_type,
|
if approval_type is not None:
|
||||||
notes='The **test** apporval')
|
model.service_keys.approve_service_key(kid, user, approval_type,
|
||||||
|
notes='The **test** apporval')
|
||||||
|
|
||||||
key_metadata = {
|
key_metadata = {
|
||||||
'kid': kid,
|
'kid': kid,
|
||||||
'preshared': True,
|
'preshared': True,
|
||||||
'service': 'sample_service',
|
'service': 'sample_service',
|
||||||
'name': name,
|
'name': name,
|
||||||
'expiration_date': expiration,
|
'expiration_date': expiration,
|
||||||
'auto_approved': True
|
'auto_approved': True
|
||||||
}
|
}
|
||||||
|
|
||||||
model.log.log_action('service_key_approve', None, performer=user,
|
model.log.log_action('service_key_approve', None, performer=user,
|
||||||
timestamp=timestamp, metadata=key_metadata)
|
timestamp=timestamp, metadata=key_metadata)
|
||||||
|
|
||||||
model.log.log_action('service_key_create', None, performer=user,
|
model.log.log_action('service_key_create', None, performer=user,
|
||||||
timestamp=timestamp, metadata=key_metadata)
|
timestamp=timestamp, metadata=key_metadata)
|
||||||
|
|
||||||
|
|
||||||
def __generate_repository(with_storage, user_obj, name, description, is_public, permissions, structure):
|
def __generate_repository(with_storage, user_obj, name, description, is_public, permissions, structure):
|
||||||
|
|
@ -653,11 +654,14 @@ def populate_database(minimal=False, with_storage=False):
|
||||||
six_ago = today - timedelta(5)
|
six_ago = today - timedelta(5)
|
||||||
four_ago = today - timedelta(4)
|
four_ago = today - timedelta(4)
|
||||||
|
|
||||||
__generate_service_key('somesamplekey', new_user_1, today, ServiceKeyApprovalType.SUPERUSER)
|
__generate_service_key('kid1', 'somesamplekey', new_user_1, today,
|
||||||
__generate_service_key('someexpiringkey', new_user_1, week_ago, ServiceKeyApprovalType.SUPERUSER,
|
ServiceKeyApprovalType.SUPERUSER)
|
||||||
today + timedelta(14))
|
__generate_service_key('kid2', 'someexpiringkey', new_user_1, week_ago,
|
||||||
|
ServiceKeyApprovalType.SUPERUSER, today + timedelta(14))
|
||||||
|
|
||||||
__generate_service_key('autorotatingkey', new_user_1, six_ago,
|
__generate_service_key('kid3', 'unapprovedkey', new_user_1, today, None)
|
||||||
|
|
||||||
|
__generate_service_key('kid4', 'autorotatingkey', new_user_1, six_ago,
|
||||||
ServiceKeyApprovalType.KEY_ROTATION, today + timedelta(1),
|
ServiceKeyApprovalType.KEY_ROTATION, today + timedelta(1),
|
||||||
dict(rotation_ttl=timedelta(hours=12).total_seconds()))
|
dict(rotation_ttl=timedelta(hours=12).total_seconds()))
|
||||||
|
|
||||||
|
|
|
||||||
Binary file not shown.
Reference in a new issue