This repository has been archived on 2020-03-24. You can view files and clone it, but cannot push or open issues or pull requests.
quay/data/model/service_keys.py
2016-04-29 13:38:25 -04:00

99 lines
3 KiB
Python

from datetime import datetime, timedelta
from app import app
from data.database import db_for_update, User, ServiceKey, ServiceKeyApproval
from data.model import ServiceKeyDoesNotExist, ServiceKeyAlreadyApproved, db_transaction
from data.model.notification import create_notification
UNAPPROVED_TTL = timedelta(seconds=app.config['UNAPPROVED_SERVICE_KEY_TTL_SEC'])
def _gc_expired(service):
expired_keys = ((ServiceKey.service == service) &
(ServiceKey.expiration_date <= datetime.utcnow()))
stale_unapproved_keys = ((ServiceKey.service >> service) &
(ServiceKey.approval >> None) &
(ServiceKey.created_date + UNAPPROVED_TTL) >= datetime.utcnow())
ServiceKey.delete().where(expired_keys | stale_unapproved_keys).execute()
# TODO ACTION_LOGS for keys
def create_service_key(name, kid, service, jwk, metadata, expiration_date):
_gc_expired(service)
sk = ServiceKey.create(name=name, kid=kid, service=service, jwk=jwk, metadata=metadata,
expiration_date=expiration_date)
superusers = User.select().where(User.username << app.config['SUPER_USERS'])
for superuser in superusers:
# TODO(jzelinskie): create notification type in the database migration
# I already put it in initdb
create_notification('service_key_submitted', superuser, {
'name': name,
'kid': kid,
'service': service,
'jwk': jwk,
'metadata': metadata,
'created_date': sk.created_date,
'expiration_date': expiration_date,
})
def update_service_key(name, kid, metadata, expiration_date):
_gc_expired(service)
try:
with db_transaction():
key = db_for_update(ServiceKey.select().where(ServiceKey.kid == kid)).get()
key.name = name
key.metadata.update(metadata)
key.expiration_date = expiration_date
key.save()
except ServiceKey.DoesNotExist:
raise ServiceKeyDoesNotExist
def get_service_keys(approved_only, kid=None, service=None):
_gc_expired(service)
query = ServiceKey.select()
if service is not None:
query = query.where(ServiceKey.service == service)
if kid is not None:
query.where(ServiceKey.kid == kid)
if approved_only:
query = query.where(~(ServiceKey.approval >> None))
return query
def delete_service_key(service, kid):
_gc_expired(service)
try:
ServiceKey.delete().where(ServiceKey.service == service,
ServiceKey.kid == kid).execute()
except ServiceKey.DoesNotExist:
raise ServiceKeyDoesNotExist()
def approve_service_key(kid, approver, approval_type):
try:
with db_transaction():
key = db_for_update(ServiceKey.select().where(ServiceKey.kid == kid)).get()
if key.approval is not None:
raise ServiceKeyAlreadyApproved
approval = ServiceKeyApproval.create(approver=approver, approval_type=approval_type)
key.approval = approval
key.save()
except ServiceKey.DoesNotExist:
raise ServiceKeyDoesNotExist