Infra
/
lemur
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Copy subject details for non-CAB-compliant authorities

This commit is contained in:
sayali 2020-10-13 19:40:01 -07:00
parent 5aa37b48d3
commit b677e6e325
3 changed files with 40 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
lemur/authorities/models.py
View File

@ -6,6 +6,8 @@
:license: Apache, see LICENSE for more details. :license: Apache, see LICENSE for more details.
.. moduleauthor:: Kevin Glisson <kglisson@netflix.com> .. moduleauthor:: Kevin Glisson <kglisson@netflix.com>
""" """
import json
from sqlalchemy.orm import relationship from sqlalchemy.orm import relationship
from sqlalchemy import ( from sqlalchemy import (
Column, Column,
@ -80,5 +82,20 @@ class Authority(db.Model):
def plugin(self): def plugin(self):
return plugins.get(self.plugin_name) return plugins.get(self.plugin_name)
@property
def is_cab_compliant(self):
"""
Parse the options to find whether authority is CAB Compliant. Returns None if
option is not available
"""
if not self.options:
return None
for option in json.loads(self.options):
if option["name"] == 'cab_compliant':
return option["value"]
return None
def __repr__(self): def __repr__(self):
return "Authority(name={name})".format(name=self.name) return "Authority(name={name})".format(name=self.name)

1
lemur/authorities/schemas.py
View File

@ -139,6 +139,7 @@ class AuthorityNestedOutputSchema(LemurOutputSchema):
plugin = fields.Nested(PluginOutputSchema) plugin = fields.Nested(PluginOutputSchema)
active = fields.Boolean() active = fields.Boolean()
authority_certificate = fields.Nested(RootAuthorityCertificateOutputSchema, only=["max_issuance_days", "default_validity_days"]) authority_certificate = fields.Nested(RootAuthorityCertificateOutputSchema, only=["max_issuance_days", "default_validity_days"])
is_cab_compliant = fields.Boolean()
authority_update_schema = AuthorityUpdateSchema() authority_update_schema = AuthorityUpdateSchema()

23
lemur/certificates/schemas.py
View File

@ -8,7 +8,7 @@
from flask import current_app from flask import current_app
from flask_restful import inputs from flask_restful import inputs
from flask_restful.reqparse import RequestParser from flask_restful.reqparse import RequestParser
from marshmallow import fields, validate, validates_schema, post_load, pre_load from marshmallow import fields, validate, validates_schema, post_load, pre_load, post_dump
from marshmallow.exceptions import ValidationError from marshmallow.exceptions import ValidationError
from lemur.authorities.schemas import AuthorityNestedOutputSchema from lemur.authorities.schemas import AuthorityNestedOutputSchema
@ -332,6 +332,27 @@ class CertificateOutputSchema(LemurOutputSchema):
) )
rotation_policy = fields.Nested(RotationPolicyNestedOutputSchema) rotation_policy = fields.Nested(RotationPolicyNestedOutputSchema)
country = fields.String()
location = fields.String()
state = fields.String()
organization = fields.String()
organizational_unit = fields.String()
@post_dump
def handle_subject_details(self, data):
# Remove subject details if authority is CAB compliant. The code will use default set of values in that case.
# If CAB compliance of an authority is unknown (None), it is safe to fallback to default values. Thus below
# condition checks for 'not False' ==> 'True or None'
if data.get("authority"):
is_cab_compliant = data.get("authority").get("isCabCompliant")
if is_cab_compliant is not False:
data.pop("country", None)
data.pop("state", None)
data.pop("location", None)
data.pop("organization", None)
data.pop("organizational_unit", None)
class CertificateShortOutputSchema(LemurOutputSchema): class CertificateShortOutputSchema(LemurOutputSchema):
id = fields.Integer() id = fields.Integer()