Infra/lemur
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Adds ability for domains to be marked as sensitive and only be allowed to be issued by an admin closes #5

Browse Source
This commit is contained in:
kevgliss
2015-12-30 15:11:08 -08:00
parent 96d253f0f9
commit 3f024c1ef4
9 changed files with 268 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
lemur/domains/models.py
View File

@ -7,7 +7,7 @@
.. moduleauthor:: Kevin Glisson <kglisson@netflix.com>
"""
from sqlalchemy import Column, Integer, String
from sqlalchemy import Column, Integer, String, Boolean
from lemur.database import db
@ -16,11 +16,4 @@ class Domain(db.Model):
__tablename__ = 'domains'
id = Column(Integer, primary_key=True)
name = Column(String(256))
def as_dict(self):
return {c.name: getattr(self, c.name) for c in self.__table__.columns}
def serialize(self):
blob = self.as_dict()
blob['certificates'] = [x.id for x in self.certificate]
return blob
sensitive = Column(Boolean, default=False)

37
lemur/domains/service.py
View File

@ -32,6 +32,43 @@ def get_all():
return database.find_all(query, Domain, {}).all()
def get_by_name(name):
"""
Fetches domain by it's name
:param name:
:return:
"""
return database.get_all(Domain, name, field="name").all()
def create(name, sensitive):
"""
Create a new domain
:param name:
:param sensitive:
:return:
"""
domain = Domain(name=name, sensitive=sensitive)
return database.create(domain)
def update(domain_id, name, sensitive):
"""
Update an existing domain
:param domain_id:
:param name:
:param sensitive:
:return:
"""
domain = get(domain_id)
domain.name = name
domain.sensitive = sensitive
database.update(domain)
def render(args):
"""
Helper to parse REST Api requests

104
lemur/domains/views.py
View File

@ -12,12 +12,14 @@ from flask.ext.restful import reqparse, Api, fields
from lemur.domains import service
from lemur.auth.service import AuthenticatedResource
from lemur.auth.permissions import SensitiveDomainPermission
from lemur.common.utils import paginated_parser, marshal_items
FIELDS = {
'id': fields.Integer,
'name': fields.String
'name': fields.String,
'sensitive': fields.Boolean
}
mod = Blueprint('domains', __name__)
@ -57,10 +59,12 @@ class DomainsList(AuthenticatedResource):
{
"id": 1,
"name": "www.example.com",
"sensitive": false
},
{
"id": 2,
"name": "www.example2.com",
"sensitive": false
}
]
"total": 2
@ -79,6 +83,54 @@ class DomainsList(AuthenticatedResource):
args = parser.parse_args()
return service.render(args)
@marshal_items(FIELDS)
def post(self):
"""
.. http:post:: /domains
The current domain list
**Example request**:
.. sourcecode:: http
GET /domains HTTP/1.1
Host: example.com
Accept: application/json, text/javascript
{
"name": "www.example.com",
"sensitive": false
}
**Example response**:
.. sourcecode:: http
HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript
{
"id": 1,
"name": "www.example.com",
"sensitive": false
}
:query sortBy: field to sort on
:query sortDir: acs or desc
:query page: int. default is 1
:query filter: key value pair. format is k=v;
:query limit: limit number. default is 10
:reqheader Authorization: OAuth token to authenticate
:statuscode 200: no error
:statuscode 403: unauthenticated
"""
self.reqparse.add_argument('name', type=str, location='json')
self.reqparse.add_argument('sensitive', type=bool, default=False, location='json')
args = self.reqparse.parse_args()
return service.create(args['name'], args['sensitive'])
class Domains(AuthenticatedResource):
def __init__(self):
@ -111,6 +163,7 @@ class Domains(AuthenticatedResource):
{
"id": 1,
"name": "www.example.com",
"sensitive": false
}
:reqheader Authorization: OAuth token to authenticate
@ -119,6 +172,53 @@ class Domains(AuthenticatedResource):
"""
return service.get(domain_id)
@marshal_items(FIELDS)
def put(self, domain_id):
"""
.. http:get:: /domains/1
update one domain
**Example request**:
.. sourcecode:: http
GET /domains HTTP/1.1
Host: example.com
Accept: application/json, text/javascript
{
"name": "www.example.com",
"sensitive": false
}
**Example response**:
.. sourcecode:: http
HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript
{
"id": 1,
"name": "www.example.com",
"sensitive": false
}
:reqheader Authorization: OAuth token to authenticate
:statuscode 200: no error
:statuscode 403: unauthenticated
"""
self.reqparse.add_argument('name', type=str, location='json')
self.reqparse.add_argument('sensitive', type=bool, default=False, location='json')
args = self.reqparse.parse_args()
if SensitiveDomainPermission().can():
return service.update(domain_id, args['name'], args['sensitive'])
return dict(message='You are not authorized to modify this domain'), 403
class CertificateDomains(AuthenticatedResource):
""" Defines the 'domains' endpoint """
@ -153,10 +253,12 @@ class CertificateDomains(AuthenticatedResource):
{
"id": 1,
"name": "www.example.com",
"sensitive": false
},
{
"id": 2,
"name": "www.example2.com",
"sensitive": false
}
]
"total": 2