x/tatu
Code Issues Proposed changes

Add method to get UserCert by serial number.

Browse Source
This commit is contained in:
Pino de Candia 2018-01-23 22:12:29 +00:00
parent a061c474c2
commit 252e740911
5 changed files with 15 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
files/tatu.conf
View File

@ -3,11 +3,11 @@
[tatu] [tatu]
use_barbican_key_manager = True use_barbican_key_manager = True
#use_pat_bastions = True #use_pat_bastions = True
#num_total_pats = 3 num_total_pats = 1
#num_pat_bastions_per_server = 2 num_pat_bastions_per_server = 1
#pat_dns_zone_name = tatuPAT.com. #pat_dns_zone_name = tatuPAT.com.
#pat_dns_zone_email = tatu@nono.nono #pat_dns_zone_email = tatu@nono.nono
sqlalchemy_engine = mysql+pymysql://root:pinot@127.0.0.1 sqlalchemy_engine = mysql+pymysql://root:pinot@127.0.0.1/tatu
auth_url = http://localhost/identity/v3 auth_url = http://localhost/identity/v3
user_id = fab01a1f2a7749b78a53dffe441a1879 user_id = fab01a1f2a7749b78a53dffe441a1879
password = pinot password = pinot

1
tatu/api/models.py
View File

@ -149,6 +149,7 @@ class UserCerts(object):
raise falcon.HTTPBadRequest(str(e)) raise falcon.HTTPBadRequest(str(e))
resp.status = falcon.HTTP_201 resp.status = falcon.HTTP_201
resp.location = '/usercerts/' + user.user_id + '/' + user.fingerprint resp.location = '/usercerts/' + user.user_id + '/' + user.fingerprint
resp.body = json.dumps(_userAsDict(user))
@falcon.before(validate) @falcon.before(validate)
def on_get(self, req, resp): def on_get(self, req, resp):

2
tatu/config.py
View File

@ -41,7 +41,7 @@ opts = [
default='tatu@nono.nono', default='tatu@nono.nono',
help='Email of admin for DNS zone for PAT bastions'), help='Email of admin for DNS zone for PAT bastions'),
cfg.StrOpt('sqlalchemy_engine', cfg.StrOpt('sqlalchemy_engine',
default='mysql+pymysql://root:pinot@127.0.0.1', default='mysql+pymysql://root:pinot@127.0.0.1/tatu',
help='SQLAlchemy database URL'), help='SQLAlchemy database URL'),
cfg.StrOpt('auth_url', cfg.StrOpt('auth_url',
default='http://localhost/identity/v3', default='http://localhost/identity/v3',

10
tatu/db/models.py
View File

@ -77,6 +77,10 @@ class UserCert(Base):
sa.Index('idx_user_finger', UserCert.user_id, UserCert.fingerprint, unique=True) sa.Index('idx_user_finger', UserCert.user_id, UserCert.fingerprint, unique=True)
def getUserCertBySerial(session, serial):
return session.query(UserCert).get(serial)
def getUserCert(session, user_id, fingerprint): def getUserCert(session, user_id, fingerprint):
return session.query(UserCert).filter( return session.query(UserCert).filter(
UserCert.user_id == user_id).filter( UserCert.user_id == user_id).filter(
@ -138,8 +142,10 @@ def revokeUserKey(session, auth_id, serial=None, key_id=None, cert=None):
ser = None ser = None
userCert = None userCert = None
if serial is not None: if serial is not None:
userCert = session.query(UserCert).filter( try:
UserCert.serial == serial).one() userCert = getUserCertBySerial(session, serial)
except Exception:
pass
if userCert is None: if userCert is None:
raise falcon.HTTPBadRequest( raise falcon.HTTPBadRequest(
"Can't find the certificate for serial # {}".format(serial)) "Can't find the certificate for serial # {}".format(serial))

4
tatu/db/persistence.py
View File

@ -24,8 +24,8 @@ class SQLAlchemySessionManager(object):
def __init__(self): def __init__(self):
LOG.info('Creating sqlalchemy engine {}'.format(config.CONF.tatu.sqlalchemy_engine)) LOG.info('Creating sqlalchemy engine {}'.format(config.CONF.tatu.sqlalchemy_engine))
self.engine = create_engine(config.CONF.tatu.sqlalchemy_engine) self.engine = create_engine(config.CONF.tatu.sqlalchemy_engine)
self.engine.execute("CREATE DATABASE IF NOT EXISTS tatu;") #self.engine.execute("CREATE DATABASE IF NOT EXISTS tatu;")
self.engine.execute("USE tatu;") #self.engine.execute("USE tatu;")
Base.metadata.create_all(self.engine) Base.metadata.create_all(self.engine)
self.Session = scoped_session(sessionmaker(self.engine)) self.Session = scoped_session(sessionmaker(self.engine))