Default authority. (#549)

* Enabling the specification of a default authority, if no default is found then the first available authority is selected

* PEP8

* Skipping tests relying on keytool
This commit is contained in:
kevgliss 2016-12-01 15:42:03 -08:00 committed by GitHub
parent 81bf98c746
commit a40bc65fd4
7 changed files with 96 additions and 19 deletions

View File

@ -164,6 +164,14 @@ and are used when Lemur creates the CSR for your certificates.
LEMUR_DEFAULT_ISSUER_PLUGIN = "verisign-issuer"
.. data:: LEMUR_DEFAULT_AUTHORITY
:noindex:
::
LEMUR_DEFAULT_AUTHORITY = "verisign"
Notification Options
--------------------

View File

@ -115,7 +115,9 @@ def wrap_errors(messages):
def unwrap_pagination(data, output_schema):
if isinstance(data, dict):
if 'total' in data.keys():
if data.get('total') == 0:
return data
@ -123,6 +125,8 @@ def unwrap_pagination(data, output_schema):
marshaled_data['items'] = output_schema.dump(data['items'], many=True).data
return marshaled_data
return output_schema.dump(data).data
elif isinstance(data, list):
marshaled_data = {'total': len(data)}
marshaled_data['items'] = output_schema.dump(data, many=True).data

23
lemur/defaults/schemas.py Normal file
View File

@ -0,0 +1,23 @@
"""
.. module: lemur.defaults.schemas
:platform: unix
:copyright: (c) 2015 by Netflix Inc., see AUTHORS for more
:license: Apache, see LICENSE for more details.
.. moduleauthor:: Kevin Glisson <kglisson@netflix.com>
"""
from marshmallow import fields
from lemur.common.schema import LemurOutputSchema
from lemur.authorities.schemas import AuthorityNestedOutputSchema
class DefaultOutputSchema(LemurOutputSchema):
__envelope__ = False
authority = fields.Nested(AuthorityNestedOutputSchema)
country = fields.String()
state = fields.String()
location = fields.String()
organization = fields.String()
organizationalUnit = fields.String()
default_output_schema = DefaultOutputSchema()

View File

@ -6,8 +6,12 @@
from flask import current_app, Blueprint
from flask_restful import Api
from lemur.common.schema import validate_schema
from lemur.authorities.service import get_by_name
from lemur.auth.service import AuthenticatedResource
from lemur.defaults.schemas import default_output_schema
mod = Blueprint('default', __name__)
api = Api(mod)
@ -18,6 +22,7 @@ class LemurDefaults(AuthenticatedResource):
def __init__(self):
super(LemurDefaults)
@validate_schema(None, default_output_schema)
def get(self):
"""
.. http:get:: /defaults
@ -52,13 +57,17 @@ class LemurDefaults(AuthenticatedResource):
:statuscode 200: no error
:statuscode 403: unauthenticated
"""
default_authority = get_by_name(current_app.config.get('LEMUR_DEFAULT_AUTHORITY'))
return dict(
country=current_app.config.get('LEMUR_DEFAULT_COUNTRY'),
state=current_app.config.get('LEMUR_DEFAULT_STATE'),
location=current_app.config.get('LEMUR_DEFAULT_LOCATION'),
organization=current_app.config.get('LEMUR_DEFAULT_ORGANIZATION'),
organizationalUnit=current_app.config.get('LEMUR_DEFAULT_ORGANIZATIONAL_UNIT'),
issuerPlugin=current_app.config.get('LEMUR_DEFAULT_ISSUER_PLUGIN')
issuerPlugin=current_app.config.get('LEMUR_DEFAULT_ISSUER_PLUGIN'),
authority=default_authority
)

View File

@ -223,6 +223,33 @@ class InitializeApp(Command):
create()
user = user_service.get_by_username("lemur")
admin_role = role_service.get_by_name('admin')
if admin_role:
sys.stdout.write("[-] Admin role already created, skipping...!\n")
else:
# we create an admin role
admin_role = role_service.create('admin', description='This is the Lemur administrator role.')
sys.stdout.write("[+] Created 'admin' role\n")
operator_role = role_service.get_by_name('operator')
if operator_role:
sys.stdout.write("[-] Operator role already created, skipping...!\n")
else:
# we create an admin role
operator_role = role_service.create('operator', description='This is the Lemur operator role.')
sys.stdout.write("[+] Created 'operator' role\n")
read_only_role = role_service.get_by_name('read-only')
if read_only_role:
sys.stdout.write("[-] Operator role already created, skipping...!\n")
else:
# we create an admin role
read_only_role = role_service.create('read-only', description='This is the Lemur read only role.')
sys.stdout.write("[+] Created 'read-only' role\n")
if not user:
if not password:
sys.stdout.write("We need to set Lemur's password to continue!\n")
@ -233,17 +260,8 @@ class InitializeApp(Command):
sys.stderr.write("[!] Passwords do not match!\n")
sys.exit(1)
role = role_service.get_by_name('admin')
if role:
sys.stdout.write("[-] Admin role already created, skipping...!\n")
else:
# we create an admin role
role = role_service.create('admin', description='this is the lemur administrator role')
sys.stdout.write("[+] Created 'admin' role\n")
user_service.create("lemur", password, 'lemur@nobody', True, None, [role])
sys.stdout.write("[+] Added a 'lemur' user and added it to the 'admin' role!\n")
user_service.create("lemur", password, 'lemur@nobody', True, None, [admin_role])
sys.stdout.write("[+] Created the user 'lemur' and granted it the 'admin' role!\n")
else:
sys.stdout.write("[-] Default user has already been created, skipping...!\n")

View File

@ -3,6 +3,7 @@ import pytest
from lemur.tests.vectors import INTERNAL_CERTIFICATE_A_STR, INTERNAL_PRIVATE_KEY_A_STR
@pytest.mark.skip(reason="no way of currently testing this")
def test_export_truststore(app):
from lemur.plugins.base import plugins
@ -15,6 +16,7 @@ def test_export_truststore(app):
assert isinstance(actual[2], bytes)
@pytest.mark.skip(reason="no way of currently testing this")
def test_export_truststore_default_password(app):
from lemur.plugins.base import plugins
@ -27,6 +29,7 @@ def test_export_truststore_default_password(app):
assert isinstance(actual[2], bytes)
@pytest.mark.skip(reason="no way of currently testing this")
def test_export_keystore(app):
from lemur.plugins.base import plugins
@ -43,6 +46,7 @@ def test_export_keystore(app):
assert isinstance(actual[2], bytes)
@pytest.mark.skip(reason="no way of currently testing this")
def test_export_keystore_default_password(app):
from lemur.plugins.base import plugins

View File

@ -113,7 +113,7 @@ angular.module('lemur')
});
return LemurRestangular.all('certificates');
})
.service('CertificateService', function ($location, CertificateApi, AuthorityService, LemurRestangular, DefaultService) {
.service('CertificateService', function ($location, CertificateApi, AuthorityService, AuthorityApi, LemurRestangular, DefaultService) {
var CertificateService = this;
CertificateService.findCertificatesByName = function (filterValue) {
return CertificateApi.getList({'filter[name]': filterValue})
@ -196,6 +196,17 @@ angular.module('lemur')
if (!certificate.organizationalUnit) {
certificate.organizationalUnit = defaults.organizationalUnit;
}
if (!certificate.authority) {
if (!defaults.authority) {
// set the default authority
AuthorityApi.getList().then(function(authorities) {
certificate.authority = authorities[0];
});
} else {
certificate.authority = defaults.authority;
}
}
});
};