API Support For Policies

Post examples/policy.json to /<tenant>/policies. GET on that URI should return the policy.

barbican_api.py

@@ -15,7 +15,7 @@ import uuid
 import datetime
 from dateutil.parser import parse
 from flask import Blueprint, request, jsonify, Response, json
-from models import Event, Tenant, Key, Agent
+from models import Event, Tenant, Key, Agent, Policy
 from database import db_session
 
 api = Blueprint('api', __name__, url_prefix="/api")
@@ -26,6 +26,35 @@ def root():
     return jsonify(hello='World')
 
 
+@api.route('/<int:tenant_id>/policies/', methods=['GET', 'POST'])
+def policies(tenant_id):
+    if request.method == 'POST':
+        for policy in request.json['policies']:
+            keys = []
+            for k in policy['keys']:
+                key = Key(uuid=k['uuid'], filename=k['filename'], mime_type=k['mime_type'],
+                          expiration=parse(k['expiration']), secret=k['secret'], owner=k['owner'],
+                          group=k['group'], cacheable=k['cacheable'])
+                keys.append(key)
+
+            policy = Policy(uuid=policy['uuid'], name=policy['name'], tenant_id=tenant_id,
+                            directory_name=policy['directory_name'],
+                            max_key_accesses=policy['max_key_accesses'],
+                            time_available_after_reboot=policy['time_available_after_reboot'])
+            policy.keys.extend(keys)
+            db_session.add(policy)
+        db_session.commit()
+
+        return Response(status=200)
+    else:
+        policy = Policy.query.filter_by(tenant_id=tenant_id).first()
+
+        if policy is None:
+            return Response('No policies defined for tenant', status=404)
+
+        return jsonify(policy.as_dict())
+
+
 @api.route('/<int:tenant_id>/agents/', methods=['GET', 'POST'])
 def agents(tenant_id):
     if request.method == 'POST':

examples/policy.json

@@ -0,0 +1,23 @@
+{
+    "policies": [
+        {
+            "uuid": "01fb57ff-058c-4d68-85e9-d81844dd0089",
+            "name": "Available after reboot",
+            "directory_name": "my-app-key",
+            "max_key_accesses": 1,
+            "time_available_after_reboot": 10,
+            "keys": [
+                {
+                    "uuid": "e2b633c7-fda5-4be8-b42c-9a2c9280284d",
+                    "filename": "configuration_key",
+                    "mime_type": "application/aes-256-cbc",
+                    "expiration": "2014-02-28T19:14:44.180394",
+                    "secret": "b7990b786ee9659b43e6b1cd6136de07d9c5aa06513afe5d091c04bde981b280",
+                    "owner": "myapp",
+                    "group": "myapp",
+                    "cacheable": false
+                }
+            ]
+        }
+    ]
+}

models.py

@@ -65,19 +65,47 @@ class Key(Base):
     uuid = Column(String(36), unique=True)
     filename = Column(String(128))
     mime_type = Column(String(128))
-    expires = Column(DateTime)
+    expiration = Column(DateTime)
     secret = Column(Text)
+    owner = Column(String(33))
+    group = Column(String(33))
+    cacheable = Column(Boolean)
 
-    tenant_id = Column(Integer, ForeignKey('tenants.id'))
-    tenant = relationship("Tenant", backref=backref('keys', order_by=id))
+    policy_id = Column(Integer, ForeignKey('policies.id'))
+    policy = relationship("Policy", backref=backref('keys'))
 
-    def __init__(self, uuid=None):
+    def __init__(self, uuid=None, filename=None, mime_type=None, expiration=None, secret=None,
+                 owner=None, group=None, cacheable=None, policy_id=None):
         if uuid is None:
             self.uuid = str(uuid4())
+        else:
+            self.uuid = uuid
+
+        self.filename = filename
+        self.mime_type = mime_type
+        self.expiration = expiration
+        self.secret = secret
+        self.owner = owner
+        self.group = group
+        self.cacheable = cacheable
+        self.policy_id = policy_id
 
     def __repr__(self):
         return '<Key %s>' % self.uuid
 
+    def as_dict(self):
+        json = {
+            'uuid': self.uuid,
+            'filename': self.filename,
+            'mime_type': self.mime_type,
+            'expiration': self.expiration.isoformat(),
+            'secret': self.secret,
+            'owner': self.owner,
+            'group': self.group,
+            'cachecable': self.cacheable
+        }
+        return json
+
 
 class Agent(Base):
     __tablename__ = 'agents'
@@ -109,17 +137,44 @@ class Policy(Base):
     __tablename__ = 'policies'
     id = Column(Integer, primary_key=True)
     uuid = Column(String(36), unique=True)
+    name = Column(String(100))
+    directory_name = Column(String(254))
+    max_key_accesses = Column(Integer)
+    time_available_after_reboot = Column(Integer)
 
     tenant_id = Column(Integer, ForeignKey('tenants.id'))
     tenant = relationship("Tenant", backref=backref('policies', order_by=id))
 
-    def __init__(self, uuid=None):
+    def __init__(self, uuid=None, name=None, directory_name=None, max_key_accesses=None,
+                 time_available_after_reboot=None, tenant_id=None):
         if uuid is None:
             self.uuid = str(uuid4())
+        else:
+            self.uuid = uuid
+
+        self.name = name
+        self.directory_name = directory_name
+        self.max_key_accesses = max_key_accesses
+        self.time_available_after_reboot = time_available_after_reboot
+        self.tenant_id = tenant_id
 
     def __repr__(self):
         return '<Policy %s >' % self.uuid
 
+    def as_dict(self):
+        keys = map(Key.as_dict, self.keys)
+
+        json = {
+            'uuid': self.uuid,
+            'name': self.name,
+            'directory_name': self.directory_name,
+            'max_key_accesses': self.max_key_accesses,
+            'time_available_after_reboot': self.time_available_after_reboot,
+            'tenant_id': self.tenant_id,
+            'keys': keys
+        }
+        return json
+
 
 class Event(Base):
     __tablename__ = 'events'