lemur/lemur/certificates/schemas.py

"""
.. module: lemur.certificates.schemas
    :platform: unix
    :copyright: (c) 2015 by Netflix Inc., see AUTHORS for more
    :license: Apache, see LICENSE for more details.
.. moduleauthor:: Kevin Glisson <kglisson@netflix.com>
"""
from flask import current_app
from marshmallow import fields, validates_schema, post_load
from marshmallow.exceptions import ValidationError

from lemur.schemas import AssociatedAuthoritySchema, AssociatedDestinationSchema, AssociatedCertificateSchema, \
    AssociatedNotificationSchema, PluginInputSchema, ExtensionSchema, AssociatedRoleSchema

from lemur.authorities.schemas import AuthorityNestedOutputSchema
from lemur.destinations.schemas import DestinationNestedOutputSchema
from lemur.notifications.schemas import NotificationNestedOutputSchema
from lemur.roles.schemas import RoleNestedOutputSchema
from lemur.domains.schemas import DomainNestedOutputSchema
from lemur.users.schemas import UserNestedOutputSchema

from lemur.common.schema import LemurInputSchema, LemurOutputSchema
from lemur.common import validators
from lemur.notifications import service as notification_service


class CertificateSchema(LemurInputSchema):
    owner = fields.Email(required=True)
    description = fields.String()

    @post_load
    def default_notifications(self, data):
        if not data['notifications']:
            notification_name = "DEFAULT_{0}".format(data['owner'].split('@')[0].upper())
            data['notifications'] += notification_service.create_default_expiration_notifications(notification_name, [data['owner']])

        notification_name = 'DEFAULT_SECURITY'
        data['notifications'] += notification_service.create_default_expiration_notifications(notification_name, current_app.config.get('LEMUR_SECURITY_TEAM_EMAIL'))
        return data


class CertificateInputSchema(CertificateSchema):
    name = fields.String()
    common_name = fields.String(required=True, validate=validators.sensitive_domain)
    authority = fields.Nested(AssociatedAuthoritySchema, required=True)

    validity_start = fields.DateTime()
    validity_end = fields.DateTime()
    validity_years = fields.Integer()

    destinations = fields.Nested(AssociatedDestinationSchema, missing=[], many=True)
    notifications = fields.Nested(AssociatedNotificationSchema, missing=[], many=True)
    replacements = fields.Nested(AssociatedCertificateSchema, missing=[], many=True)
    roles = fields.Nested(AssociatedRoleSchema, missing=[], many=True)

    csr = fields.String(validate=validators.csr)

    # certificate body fields
    organizational_unit = fields.String(missing=lambda: current_app.config.get('LEMUR_DEFAULT_ORGANIZATIONAL_UNIT'))
    organization = fields.String(missing=lambda: current_app.config.get('LEMUR_DEFAULT_ORGANIZATION'))
    location = fields.String(missing=lambda: current_app.config.get('LEMUR_DEFAULT_LOCATION'))
    country = fields.String(missing=lambda: current_app.config.get('LEMUR_DEFAULT_COUNTRY'))
    state = fields.String(missing=lambda: current_app.config.get('LEMUR_DEFAULT_STATE'))

    extensions = fields.Nested(ExtensionSchema)

    @validates_schema
    def validate_dates(self, data):
        validators.dates(data)


class CertificateEditInputSchema(CertificateSchema):
    active = fields.Boolean()
    destinations = fields.Nested(AssociatedDestinationSchema, missing=[], many=True)
    notifications = fields.Nested(AssociatedNotificationSchema, missing=[], many=True)
    replacements = fields.Nested(AssociatedCertificateSchema, missing=[], many=True)
    roles = fields.Nested(AssociatedRoleSchema, missing=[], many=True)


class CertificateNestedOutputSchema(LemurOutputSchema):
    __envelope__ = False
    id = fields.Integer()
    active = fields.Boolean()
    bits = fields.Integer()
    body = fields.String()
    chain = fields.String()
    description = fields.String()
    name = fields.String()
    cn = fields.String()
    not_after = fields.DateTime()
    not_before = fields.DateTime()
    owner = fields.Email()
    status = fields.Boolean()
    creator = fields.Nested(UserNestedOutputSchema)
    issuer = fields.Nested(AuthorityNestedOutputSchema)


class CertificateOutputSchema(LemurOutputSchema):
    id = fields.Integer()
    active = fields.Boolean()
    bits = fields.Integer()
    body = fields.String()
    chain = fields.String()
    deleted = fields.Boolean(default=False)
    description = fields.String()
    issuer = fields.String()
    name = fields.String()
    cn = fields.String()
    not_after = fields.DateTime()
    not_before = fields.DateTime()
    owner = fields.Email()
    san = fields.Boolean()
    serial = fields.String()
    signing_algorithm = fields.String()
    status = fields.Boolean()
    user = fields.Nested(UserNestedOutputSchema)
    domains = fields.Nested(DomainNestedOutputSchema, many=True)
    destinations = fields.Nested(DestinationNestedOutputSchema, many=True)
    notifications = fields.Nested(NotificationNestedOutputSchema, many=True)
    replaces = fields.Nested(CertificateNestedOutputSchema, many=True)
    authority = fields.Nested(AuthorityNestedOutputSchema)
    roles = fields.Nested(RoleNestedOutputSchema, many=True)
    endpoints = fields.List(fields.Dict(), missing=[])


class CertificateUploadInputSchema(CertificateSchema):
    name = fields.String()
    active = fields.Boolean(missing=True)

    private_key = fields.String(validate=validators.private_key)
    body = fields.String(required=True, validate=validators.public_certificate)
    chain = fields.String(validate=validators.public_certificate)  # TODO this could be multiple certificates

    destinations = fields.Nested(AssociatedDestinationSchema, missing=[], many=True)
    notifications = fields.Nested(AssociatedNotificationSchema, missing=[], many=True)
    replacements = fields.Nested(AssociatedCertificateSchema, missing=[], many=True)
    roles = fields.Nested(AssociatedRoleSchema, missing=[], many=True)

    @validates_schema
    def keys(self, data):
        if data.get('destinations'):
            if not data.get('private_key'):
                raise ValidationError('Destinations require private key.')


class CertificateExportInputSchema(LemurInputSchema):
    plugin = fields.Nested(PluginInputSchema)


certificate_input_schema = CertificateInputSchema()
certificate_output_schema = CertificateOutputSchema()
certificates_output_schema = CertificateOutputSchema(many=True)
certificate_upload_input_schema = CertificateUploadInputSchema()
certificate_export_input_schema = CertificateExportInputSchema()
certificate_edit_input_schema = CertificateEditInputSchema()
Closes #278 and #199, Starting transition to marshmallow (#299) * Closes #278 and #199, Starting transition to marshmallow 2016-05-05 21:52:08 +02:00			`"""`
			`.. module: lemur.certificates.schemas`
			`:platform: unix`
			`:copyright: (c) 2015 by Netflix Inc., see AUTHORS for more`
			`:license: Apache, see LICENSE for more details.`
			`.. moduleauthor:: Kevin Glisson <kglisson@netflix.com>`
			`"""`
			`from flask import current_app`
Fixing a few things, adding tests. (#326) 2016-05-20 18:03:34 +02:00			`from marshmallow import fields, validates_schema, post_load`
Closes #278 and #199, Starting transition to marshmallow (#299) * Closes #278 and #199, Starting transition to marshmallow 2016-05-05 21:52:08 +02:00			`from marshmallow.exceptions import ValidationError`

			`from lemur.schemas import AssociatedAuthoritySchema, AssociatedDestinationSchema, AssociatedCertificateSchema, \`
Making roles more apparent for certificates and authorities. (#327) 2016-05-20 21:48:12 +02:00			`AssociatedNotificationSchema, PluginInputSchema, ExtensionSchema, AssociatedRoleSchema`
Fixing various issues. (#318) * Fixing various issues. * Fixing tests 2016-05-16 20:09:50 +02:00
			`from lemur.authorities.schemas import AuthorityNestedOutputSchema`
			`from lemur.destinations.schemas import DestinationNestedOutputSchema`
			`from lemur.notifications.schemas import NotificationNestedOutputSchema`
Making roles more apparent for certificates and authorities. (#327) 2016-05-20 21:48:12 +02:00			`from lemur.roles.schemas import RoleNestedOutputSchema`
Closes #147 (#328) * Closes #147 * Fixing tests * Ensuring we can validate max dates. 2016-05-23 20:28:25 +02:00			`from lemur.domains.schemas import DomainNestedOutputSchema`
Fixing various issues. (#318) * Fixing various issues. * Fixing tests 2016-05-16 20:09:50 +02:00			`from lemur.users.schemas import UserNestedOutputSchema`

Authorities marshmallow addition (#303) 2016-05-09 20:00:16 +02:00			`from lemur.common.schema import LemurInputSchema, LemurOutputSchema`
			`from lemur.common import validators`
Fixing a few things, adding tests. (#326) 2016-05-20 18:03:34 +02:00			`from lemur.notifications import service as notification_service`
Closes #278 and #199, Starting transition to marshmallow (#299) * Closes #278 and #199, Starting transition to marshmallow 2016-05-05 21:52:08 +02:00

Fixing a few things, adding tests. (#326) 2016-05-20 18:03:34 +02:00			`class CertificateSchema(LemurInputSchema):`
Closes #278 and #199, Starting transition to marshmallow (#299) * Closes #278 and #199, Starting transition to marshmallow 2016-05-05 21:52:08 +02:00			`owner = fields.Email(required=True)`
			`description = fields.String()`
Fixing a few things, adding tests. (#326) 2016-05-20 18:03:34 +02:00
			`@post_load`
			`def default_notifications(self, data):`
			`if not data['notifications']:`
			`notification_name = "DEFAULT_{0}".format(data['owner'].split('@')[0].upper())`
			`data['notifications'] += notification_service.create_default_expiration_notifications(notification_name, [data['owner']])`

			`notification_name = 'DEFAULT_SECURITY'`
			`data['notifications'] += notification_service.create_default_expiration_notifications(notification_name, current_app.config.get('LEMUR_SECURITY_TEAM_EMAIL'))`
			`return data`


			`class CertificateInputSchema(CertificateSchema):`
			`name = fields.String()`
Authorities marshmallow addition (#303) 2016-05-09 20:00:16 +02:00			`common_name = fields.String(required=True, validate=validators.sensitive_domain)`
Closes #278 and #199, Starting transition to marshmallow (#299) * Closes #278 and #199, Starting transition to marshmallow 2016-05-05 21:52:08 +02:00			`authority = fields.Nested(AssociatedAuthoritySchema, required=True)`

			`validity_start = fields.DateTime()`
			`validity_end = fields.DateTime()`
			`validity_years = fields.Integer()`

			`destinations = fields.Nested(AssociatedDestinationSchema, missing=[], many=True)`
			`notifications = fields.Nested(AssociatedNotificationSchema, missing=[], many=True)`
			`replacements = fields.Nested(AssociatedCertificateSchema, missing=[], many=True)`
Making roles more apparent for certificates and authorities. (#327) 2016-05-20 21:48:12 +02:00			`roles = fields.Nested(AssociatedRoleSchema, missing=[], many=True)`
Closes #278 and #199, Starting transition to marshmallow (#299) * Closes #278 and #199, Starting transition to marshmallow 2016-05-05 21:52:08 +02:00
Authorities marshmallow addition (#303) 2016-05-09 20:00:16 +02:00			`csr = fields.String(validate=validators.csr)`
Closes #278 and #199, Starting transition to marshmallow (#299) * Closes #278 and #199, Starting transition to marshmallow 2016-05-05 21:52:08 +02:00
			`# certificate body fields`
			`organizational_unit = fields.String(missing=lambda: current_app.config.get('LEMUR_DEFAULT_ORGANIZATIONAL_UNIT'))`
			`organization = fields.String(missing=lambda: current_app.config.get('LEMUR_DEFAULT_ORGANIZATION'))`
			`location = fields.String(missing=lambda: current_app.config.get('LEMUR_DEFAULT_LOCATION'))`
			`country = fields.String(missing=lambda: current_app.config.get('LEMUR_DEFAULT_COUNTRY'))`
			`state = fields.String(missing=lambda: current_app.config.get('LEMUR_DEFAULT_STATE'))`

			`extensions = fields.Nested(ExtensionSchema)`

			`@validates_schema`
			`def validate_dates(self, data):`
Authorities marshmallow addition (#303) 2016-05-09 20:00:16 +02:00			`validators.dates(data)`
Closes #278 and #199, Starting transition to marshmallow (#299) * Closes #278 and #199, Starting transition to marshmallow 2016-05-05 21:52:08 +02:00

Fixing a few things, adding tests. (#326) 2016-05-20 18:03:34 +02:00			`class CertificateEditInputSchema(CertificateSchema):`
Fixing various issues. (#318) * Fixing various issues. * Fixing tests 2016-05-16 20:09:50 +02:00			`active = fields.Boolean()`
			`destinations = fields.Nested(AssociatedDestinationSchema, missing=[], many=True)`
			`notifications = fields.Nested(AssociatedNotificationSchema, missing=[], many=True)`
			`replacements = fields.Nested(AssociatedCertificateSchema, missing=[], many=True)`
Making roles more apparent for certificates and authorities. (#327) 2016-05-20 21:48:12 +02:00			`roles = fields.Nested(AssociatedRoleSchema, missing=[], many=True)`
Fixing various issues. (#318) * Fixing various issues. * Fixing tests 2016-05-16 20:09:50 +02:00

			`class CertificateNestedOutputSchema(LemurOutputSchema):`
			`__envelope__ = False`
			`id = fields.Integer()`
			`active = fields.Boolean()`
			`bits = fields.Integer()`
			`body = fields.String()`
			`chain = fields.String()`
			`description = fields.String()`
			`name = fields.String()`
			`cn = fields.String()`
			`not_after = fields.DateTime()`
			`not_before = fields.DateTime()`
			`owner = fields.Email()`
			`status = fields.Boolean()`
			`creator = fields.Nested(UserNestedOutputSchema)`
			`issuer = fields.Nested(AuthorityNestedOutputSchema)`


Closes #278 and #199, Starting transition to marshmallow (#299) * Closes #278 and #199, Starting transition to marshmallow 2016-05-05 21:52:08 +02:00			`class CertificateOutputSchema(LemurOutputSchema):`
			`id = fields.Integer()`
			`active = fields.Boolean()`
			`bits = fields.Integer()`
			`body = fields.String()`
			`chain = fields.String()`
			`deleted = fields.Boolean(default=False)`
			`description = fields.String()`
			`issuer = fields.String()`
			`name = fields.String()`
Fixing various issues. (#318) * Fixing various issues. * Fixing tests 2016-05-16 20:09:50 +02:00			`cn = fields.String()`
Closes #278 and #199, Starting transition to marshmallow (#299) * Closes #278 and #199, Starting transition to marshmallow 2016-05-05 21:52:08 +02:00			`not_after = fields.DateTime()`
			`not_before = fields.DateTime()`
			`owner = fields.Email()`
			`san = fields.Boolean()`
			`serial = fields.String()`
			`signing_algorithm = fields.String()`
			`status = fields.Boolean()`
Fixing various issues. (#318) * Fixing various issues. * Fixing tests 2016-05-16 20:09:50 +02:00			`user = fields.Nested(UserNestedOutputSchema)`
Fixes (#332) * Ensuring domains are returned correctly. * Ensuring certificates receive owner role 2016-05-25 02:10:19 +02:00			`domains = fields.Nested(DomainNestedOutputSchema, many=True)`
Fixing various issues. (#318) * Fixing various issues. * Fixing tests 2016-05-16 20:09:50 +02:00			`destinations = fields.Nested(DestinationNestedOutputSchema, many=True)`
			`notifications = fields.Nested(NotificationNestedOutputSchema, many=True)`
			`replaces = fields.Nested(CertificateNestedOutputSchema, many=True)`
			`authority = fields.Nested(AuthorityNestedOutputSchema)`
Making roles more apparent for certificates and authorities. (#327) 2016-05-20 21:48:12 +02:00			`roles = fields.Nested(RoleNestedOutputSchema, many=True)`
Fixes (#329) * Modifying the way roles are assigned. * Adding migration scripts. * Adding endpoints field for future use. * Fixing dropdowns. 2016-05-24 03:38:04 +02:00			`endpoints = fields.List(fields.Dict(), missing=[])`
Closes #278 and #199, Starting transition to marshmallow (#299) * Closes #278 and #199, Starting transition to marshmallow 2016-05-05 21:52:08 +02:00

Fixing a few things, adding tests. (#326) 2016-05-20 18:03:34 +02:00			`class CertificateUploadInputSchema(CertificateSchema):`
Closes #278 and #199, Starting transition to marshmallow (#299) * Closes #278 and #199, Starting transition to marshmallow 2016-05-05 21:52:08 +02:00			`name = fields.String()`
			`active = fields.Boolean(missing=True)`

Authorities marshmallow addition (#303) 2016-05-09 20:00:16 +02:00			`private_key = fields.String(validate=validators.private_key)`
Fixing a few things, adding tests. (#326) 2016-05-20 18:03:34 +02:00			`body = fields.String(required=True, validate=validators.public_certificate)`
Authorities marshmallow addition (#303) 2016-05-09 20:00:16 +02:00			`chain = fields.String(validate=validators.public_certificate) # TODO this could be multiple certificates`
Closes #278 and #199, Starting transition to marshmallow (#299) * Closes #278 and #199, Starting transition to marshmallow 2016-05-05 21:52:08 +02:00
			`destinations = fields.Nested(AssociatedDestinationSchema, missing=[], many=True)`
			`notifications = fields.Nested(AssociatedNotificationSchema, missing=[], many=True)`
			`replacements = fields.Nested(AssociatedCertificateSchema, missing=[], many=True)`
Making roles more apparent for certificates and authorities. (#327) 2016-05-20 21:48:12 +02:00			`roles = fields.Nested(AssociatedRoleSchema, missing=[], many=True)`
Closes #278 and #199, Starting transition to marshmallow (#299) * Closes #278 and #199, Starting transition to marshmallow 2016-05-05 21:52:08 +02:00
			`@validates_schema`
			`def keys(self, data):`
			`if data.get('destinations'):`
			`if not data.get('private_key'):`
			`raise ValidationError('Destinations require private key.')`


			`class CertificateExportInputSchema(LemurInputSchema):`
254 duplication certificate name (#319) 2016-05-17 00:59:40 +02:00			`plugin = fields.Nested(PluginInputSchema)`
Closes #278 and #199, Starting transition to marshmallow (#299) * Closes #278 and #199, Starting transition to marshmallow 2016-05-05 21:52:08 +02:00

			`certificate_input_schema = CertificateInputSchema()`
			`certificate_output_schema = CertificateOutputSchema()`
			`certificates_output_schema = CertificateOutputSchema(many=True)`
			`certificate_upload_input_schema = CertificateUploadInputSchema()`
			`certificate_export_input_schema = CertificateExportInputSchema()`
Fixing various issues. (#318) * Fixing various issues. * Fixing tests 2016-05-16 20:09:50 +02:00			`certificate_edit_input_schema = CertificateEditInputSchema()`