# Copyright 2016 IBM Corp. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. """API over the barbican service. """ from barbicanclient import client as barbican_client from django.conf import settings from django.views import generic from keystoneclient.auth.identity import v2 as auth_v2 from keystoneclient.auth.identity import v3 as auth_v3 from keystoneclient import session from horizon.utils.memoized import memoized # noqa from openstack_dashboard.api import base from openstack_dashboard.api import keystone from openstack_dashboard.api.rest import urls from openstack_dashboard.api.rest import utils as rest_utils @memoized def barbicanclient(request): project_id = request.user.project_id region = request.user.services_region endpoint = base.url_for(request, 'key-manager') if keystone.get_version() < 3: auth = auth_v2.Token(settings.OPENSTACK_KEYSTONE_URL, request.user.token.id, tenant_id=project_id) else: domain_id = request.session.get('domain_context') auth = auth_v3.Token(settings.OPENSTACK_KEYSTONE_URL, request.user.token.id, project_id=project_id, project_domain_id=domain_id) insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False) cacert = getattr(settings, 'OPENSTACK_SSL_CACERT', None) # If 'insecure' is True, 'verify' is False in all cases; otherwise # pass the cacert path if it is present, or True if no cacert. verify = not insecure and (cacert or True) return barbican_client.Client(session=session.Session(auth=auth, verify=verify), endpoint=endpoint, region_name=region) @urls.register class SSLCertificates(generic.View): """API for working with SSL certificate containers. """ url_regex = r'barbican/certificates/$' @rest_utils.ajax() def get(self, request): """List certificate containers. The listing result is an object with property "items". """ limit = getattr(settings, 'API_RESULT_LIMIT', 1000) containers = barbicanclient(request).containers params = {'limit': limit, 'type': 'certificate'} result = containers._api.get('containers', params=params) return {'items': result.get('containers')} @urls.register class Secrets(generic.View): """API for working with secrets. """ url_regex = r'barbican/secrets/$' @rest_utils.ajax() def get(self, request): """List secrets. The listing result is an object with property "items". """ limit = getattr(settings, 'API_RESULT_LIMIT', 1000) secrets = barbicanclient(request).secrets params = {'limit': limit} result = secrets._api.get('secrets', params=params) return {'items': result.get('secrets')}