refactor approval service key to not need approver

2018-08-13 11:40:50 -04:00 · 2018-08-13 11:40:50 -04:00 · cc9bedbeb9
commit cc9bedbeb9
parent 7edf679670
11 changed files with 331 additions and 13 deletions
--- a/config_app/config_endpoints/api/superuser.py
+++ b/config_app/config_endpoints/api/superuser.py
@ -3,15 +3,17 @@ import pathvalidate
 import os
 import subprocess

-from flask import request, jsonify
+from flask import request, jsonify, make_response

+from data.database import ServiceKeyApprovalType
+from data.model import ServiceKeyDoesNotExist
 from util.config.validator import EXTRA_CA_DIRECTORY

 from config_app.config_endpoints.exception import InvalidRequest
 from config_app.config_endpoints.api import resource, ApiResource, nickname
 from config_app.config_endpoints.api.superuser_models_pre_oci import pre_oci_model
 from config_app.config_util.ssl import load_certificate, CertInvalidException
-from config_app.c_app import config_provider, INIT_SCRIPTS_LOCATION
+from config_app.c_app import app, config_provider, INIT_SCRIPTS_LOCATION


 logger = logging.getLogger(__name__)
@ -146,4 +148,44 @@ class SuperUserServiceKeyManagement(ApiResource):
            'keys': [key.to_dict() for key in keys],
        })

+@resource('/v1/superuser/approvedkeys/<kid>')
+class SuperUserServiceKeyApproval(ApiResource):
+    """ Resource for approving service keys. """

+    schemas = {
+        'ApproveServiceKey': {
+            'id': 'ApproveServiceKey',
+            'type': 'object',
+            'description': 'Information for approving service keys',
+            'properties': {
+                'notes': {
+                    'type': 'string',
+                    'description': 'Optional approval notes',
+                },
+            },
+        },
+    }
+
+    @nickname('approveServiceKey')
+    @validate_json_request('ApproveServiceKey')
+    def post(self, kid):
+        notes = request.get_json().get('notes', '')
+        approver = app.config.get('SUPER_USERS', [])[0] # get the first superuser created in the config tool
+        try:
+            key = pre_oci_model.approve_service_key(kid, ServiceKeyApprovalType.SUPERUSER, notes=notes)
+
+            # Log the approval of the service key.
+            key_log_metadata = {
+                'kid': kid,
+                'service': key.service,
+                'name': key.name,
+                'expiration_date': key.expiration_date,
+            }
+
+            log_action('service_key_approve', None, key_log_metadata)
+        except ServiceKeyDoesNotExist:
+            raise NotFound()
+        except ServiceKeyAlreadyApproved:
+            pass
+
+        return make_response('', 201)