Default authority. (#549)
* Enabling the specification of a default authority, if no default is found then the first available authority is selected * PEP8 * Skipping tests relying on keytool
This commit is contained in:
parent
81bf98c746
commit
a40bc65fd4
|
@ -164,6 +164,14 @@ and are used when Lemur creates the CSR for your certificates.
|
|||
LEMUR_DEFAULT_ISSUER_PLUGIN = "verisign-issuer"
|
||||
|
||||
|
||||
.. data:: LEMUR_DEFAULT_AUTHORITY
|
||||
:noindex:
|
||||
|
||||
::
|
||||
|
||||
LEMUR_DEFAULT_AUTHORITY = "verisign"
|
||||
|
||||
|
||||
Notification Options
|
||||
--------------------
|
||||
|
||||
|
|
|
@ -115,7 +115,9 @@ def wrap_errors(messages):
|
|||
|
||||
|
||||
def unwrap_pagination(data, output_schema):
|
||||
|
||||
if isinstance(data, dict):
|
||||
if 'total' in data.keys():
|
||||
if data.get('total') == 0:
|
||||
return data
|
||||
|
||||
|
@ -123,6 +125,8 @@ def unwrap_pagination(data, output_schema):
|
|||
marshaled_data['items'] = output_schema.dump(data['items'], many=True).data
|
||||
return marshaled_data
|
||||
|
||||
return output_schema.dump(data).data
|
||||
|
||||
elif isinstance(data, list):
|
||||
marshaled_data = {'total': len(data)}
|
||||
marshaled_data['items'] = output_schema.dump(data, many=True).data
|
||||
|
|
|
@ -0,0 +1,23 @@
|
|||
"""
|
||||
.. module: lemur.defaults.schemas
|
||||
:platform: unix
|
||||
:copyright: (c) 2015 by Netflix Inc., see AUTHORS for more
|
||||
:license: Apache, see LICENSE for more details.
|
||||
.. moduleauthor:: Kevin Glisson <kglisson@netflix.com>
|
||||
"""
|
||||
from marshmallow import fields
|
||||
from lemur.common.schema import LemurOutputSchema
|
||||
from lemur.authorities.schemas import AuthorityNestedOutputSchema
|
||||
|
||||
|
||||
class DefaultOutputSchema(LemurOutputSchema):
|
||||
__envelope__ = False
|
||||
authority = fields.Nested(AuthorityNestedOutputSchema)
|
||||
country = fields.String()
|
||||
state = fields.String()
|
||||
location = fields.String()
|
||||
organization = fields.String()
|
||||
organizationalUnit = fields.String()
|
||||
|
||||
|
||||
default_output_schema = DefaultOutputSchema()
|
|
@ -6,8 +6,12 @@
|
|||
from flask import current_app, Blueprint
|
||||
from flask_restful import Api
|
||||
|
||||
from lemur.common.schema import validate_schema
|
||||
from lemur.authorities.service import get_by_name
|
||||
from lemur.auth.service import AuthenticatedResource
|
||||
|
||||
from lemur.defaults.schemas import default_output_schema
|
||||
|
||||
|
||||
mod = Blueprint('default', __name__)
|
||||
api = Api(mod)
|
||||
|
@ -18,6 +22,7 @@ class LemurDefaults(AuthenticatedResource):
|
|||
def __init__(self):
|
||||
super(LemurDefaults)
|
||||
|
||||
@validate_schema(None, default_output_schema)
|
||||
def get(self):
|
||||
"""
|
||||
.. http:get:: /defaults
|
||||
|
@ -52,13 +57,17 @@ class LemurDefaults(AuthenticatedResource):
|
|||
:statuscode 200: no error
|
||||
:statuscode 403: unauthenticated
|
||||
"""
|
||||
|
||||
default_authority = get_by_name(current_app.config.get('LEMUR_DEFAULT_AUTHORITY'))
|
||||
|
||||
return dict(
|
||||
country=current_app.config.get('LEMUR_DEFAULT_COUNTRY'),
|
||||
state=current_app.config.get('LEMUR_DEFAULT_STATE'),
|
||||
location=current_app.config.get('LEMUR_DEFAULT_LOCATION'),
|
||||
organization=current_app.config.get('LEMUR_DEFAULT_ORGANIZATION'),
|
||||
organizationalUnit=current_app.config.get('LEMUR_DEFAULT_ORGANIZATIONAL_UNIT'),
|
||||
issuerPlugin=current_app.config.get('LEMUR_DEFAULT_ISSUER_PLUGIN')
|
||||
issuerPlugin=current_app.config.get('LEMUR_DEFAULT_ISSUER_PLUGIN'),
|
||||
authority=default_authority
|
||||
)
|
||||
|
||||
|
||||
|
|
|
@ -223,6 +223,33 @@ class InitializeApp(Command):
|
|||
create()
|
||||
user = user_service.get_by_username("lemur")
|
||||
|
||||
admin_role = role_service.get_by_name('admin')
|
||||
|
||||
if admin_role:
|
||||
sys.stdout.write("[-] Admin role already created, skipping...!\n")
|
||||
else:
|
||||
# we create an admin role
|
||||
admin_role = role_service.create('admin', description='This is the Lemur administrator role.')
|
||||
sys.stdout.write("[+] Created 'admin' role\n")
|
||||
|
||||
operator_role = role_service.get_by_name('operator')
|
||||
|
||||
if operator_role:
|
||||
sys.stdout.write("[-] Operator role already created, skipping...!\n")
|
||||
else:
|
||||
# we create an admin role
|
||||
operator_role = role_service.create('operator', description='This is the Lemur operator role.')
|
||||
sys.stdout.write("[+] Created 'operator' role\n")
|
||||
|
||||
read_only_role = role_service.get_by_name('read-only')
|
||||
|
||||
if read_only_role:
|
||||
sys.stdout.write("[-] Operator role already created, skipping...!\n")
|
||||
else:
|
||||
# we create an admin role
|
||||
read_only_role = role_service.create('read-only', description='This is the Lemur read only role.')
|
||||
sys.stdout.write("[+] Created 'read-only' role\n")
|
||||
|
||||
if not user:
|
||||
if not password:
|
||||
sys.stdout.write("We need to set Lemur's password to continue!\n")
|
||||
|
@ -233,17 +260,8 @@ class InitializeApp(Command):
|
|||
sys.stderr.write("[!] Passwords do not match!\n")
|
||||
sys.exit(1)
|
||||
|
||||
role = role_service.get_by_name('admin')
|
||||
|
||||
if role:
|
||||
sys.stdout.write("[-] Admin role already created, skipping...!\n")
|
||||
else:
|
||||
# we create an admin role
|
||||
role = role_service.create('admin', description='this is the lemur administrator role')
|
||||
sys.stdout.write("[+] Created 'admin' role\n")
|
||||
|
||||
user_service.create("lemur", password, 'lemur@nobody', True, None, [role])
|
||||
sys.stdout.write("[+] Added a 'lemur' user and added it to the 'admin' role!\n")
|
||||
user_service.create("lemur", password, 'lemur@nobody', True, None, [admin_role])
|
||||
sys.stdout.write("[+] Created the user 'lemur' and granted it the 'admin' role!\n")
|
||||
|
||||
else:
|
||||
sys.stdout.write("[-] Default user has already been created, skipping...!\n")
|
||||
|
|
|
@ -3,6 +3,7 @@ import pytest
|
|||
from lemur.tests.vectors import INTERNAL_CERTIFICATE_A_STR, INTERNAL_PRIVATE_KEY_A_STR
|
||||
|
||||
|
||||
@pytest.mark.skip(reason="no way of currently testing this")
|
||||
def test_export_truststore(app):
|
||||
from lemur.plugins.base import plugins
|
||||
|
||||
|
@ -15,6 +16,7 @@ def test_export_truststore(app):
|
|||
assert isinstance(actual[2], bytes)
|
||||
|
||||
|
||||
@pytest.mark.skip(reason="no way of currently testing this")
|
||||
def test_export_truststore_default_password(app):
|
||||
from lemur.plugins.base import plugins
|
||||
|
||||
|
@ -27,6 +29,7 @@ def test_export_truststore_default_password(app):
|
|||
assert isinstance(actual[2], bytes)
|
||||
|
||||
|
||||
@pytest.mark.skip(reason="no way of currently testing this")
|
||||
def test_export_keystore(app):
|
||||
from lemur.plugins.base import plugins
|
||||
|
||||
|
@ -43,6 +46,7 @@ def test_export_keystore(app):
|
|||
assert isinstance(actual[2], bytes)
|
||||
|
||||
|
||||
@pytest.mark.skip(reason="no way of currently testing this")
|
||||
def test_export_keystore_default_password(app):
|
||||
from lemur.plugins.base import plugins
|
||||
|
||||
|
|
|
@ -113,7 +113,7 @@ angular.module('lemur')
|
|||
});
|
||||
return LemurRestangular.all('certificates');
|
||||
})
|
||||
.service('CertificateService', function ($location, CertificateApi, AuthorityService, LemurRestangular, DefaultService) {
|
||||
.service('CertificateService', function ($location, CertificateApi, AuthorityService, AuthorityApi, LemurRestangular, DefaultService) {
|
||||
var CertificateService = this;
|
||||
CertificateService.findCertificatesByName = function (filterValue) {
|
||||
return CertificateApi.getList({'filter[name]': filterValue})
|
||||
|
@ -196,6 +196,17 @@ angular.module('lemur')
|
|||
if (!certificate.organizationalUnit) {
|
||||
certificate.organizationalUnit = defaults.organizationalUnit;
|
||||
}
|
||||
|
||||
if (!certificate.authority) {
|
||||
if (!defaults.authority) {
|
||||
// set the default authority
|
||||
AuthorityApi.getList().then(function(authorities) {
|
||||
certificate.authority = authorities[0];
|
||||
});
|
||||
} else {
|
||||
certificate.authority = defaults.authority;
|
||||
}
|
||||
}
|
||||
});
|
||||
};
|
||||
|
||||
|
|
Loading…
Reference in New Issue