Add Public and Private Key Panels
Change-Id: I2c9a1c6562bb3111c558a6a46a2f90b63d048366
This commit is contained in:
parent
2cbad27df7
commit
32c35f6f20
|
@ -55,6 +55,8 @@ And enable it in Horizon::
|
||||||
|
|
||||||
ln -s ../castellan-ui/castellan_ui/enabled/_90_project_key_manager_panelgroup.py openstack_dashboard/local/enabled
|
ln -s ../castellan-ui/castellan_ui/enabled/_90_project_key_manager_panelgroup.py openstack_dashboard/local/enabled
|
||||||
ln -s ../castellan-ui/castellan_ui/enabled/_91_project_key_manager_x509_certificates_panel.py openstack_dashboard/local/enabled
|
ln -s ../castellan-ui/castellan_ui/enabled/_91_project_key_manager_x509_certificates_panel.py openstack_dashboard/local/enabled
|
||||||
|
ln -s ../castellan-ui/castellan_ui/enabled/_92_project_key_manager_private_key_panel.py openstack_dashboard/local/enabled
|
||||||
|
ln -s ../castellan-ui/castellan_ui/enabled/_93_project_key_manager_public_key_panel.py openstack_dashboard/local/enabled
|
||||||
|
|
||||||
To run horizon with the newly enabled Castellan UI plugin run::
|
To run horizon with the newly enabled Castellan UI plugin run::
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,47 @@
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
|
||||||
|
import base64
|
||||||
|
from django.utils.translation import ugettext_lazy as _
|
||||||
|
|
||||||
|
from castellan.common.objects import private_key
|
||||||
|
from cryptography.hazmat.backends import default_backend
|
||||||
|
from cryptography.hazmat.primitives import serialization
|
||||||
|
from cryptography.hazmat.primitives.serialization import load_pem_private_key
|
||||||
|
|
||||||
|
from castellan_ui.content import shared_forms
|
||||||
|
|
||||||
|
|
||||||
|
class ImportPrivateKey(shared_forms.ImportKey):
|
||||||
|
|
||||||
|
def __init__(self, request, *args, **kwargs):
|
||||||
|
super(ImportPrivateKey, self).__init__(
|
||||||
|
request, *args, algorithms=shared_forms.KEY_PAIR_ALGORITHMS,
|
||||||
|
**kwargs)
|
||||||
|
self.fields['direct_input'].help_text = _(
|
||||||
|
"PEM formatted private key.")
|
||||||
|
self.fields['key_file'].help_text = _(
|
||||||
|
"PEM formatted private key file.")
|
||||||
|
|
||||||
|
def clean_key_data(self, key_data):
|
||||||
|
key_obj = load_pem_private_key(
|
||||||
|
key_data.encode('utf-8'), password=None, backend=default_backend())
|
||||||
|
key_der = key_obj.private_bytes(
|
||||||
|
encoding=serialization.Encoding.DER,
|
||||||
|
format=serialization.PrivateFormat.PKCS8,
|
||||||
|
encryption_algorithm=serialization.NoEncryption())
|
||||||
|
return base64.b64encode(key_der)
|
||||||
|
|
||||||
|
def handle(self, request, data):
|
||||||
|
return super(ImportPrivateKey, self).handle(
|
||||||
|
request, data, private_key.PrivateKey)
|
|
@ -0,0 +1,23 @@
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
from django.utils.translation import ugettext_lazy as _
|
||||||
|
import horizon
|
||||||
|
|
||||||
|
# This panel will be loaded from horizon, because specified in enabled file.
|
||||||
|
# To register REST api, import below here.
|
||||||
|
from castellan_ui.api import client # noqa: F401
|
||||||
|
|
||||||
|
|
||||||
|
class PrivateKeys(horizon.Panel):
|
||||||
|
name = _("Private Keys")
|
||||||
|
slug = "private_keys"
|
|
@ -0,0 +1,98 @@
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
|
||||||
|
from castellan_ui.content import filters
|
||||||
|
from django.core.urlresolvers import reverse
|
||||||
|
from django.utils.translation import ugettext_lazy as _
|
||||||
|
from django.utils.translation import ungettext_lazy
|
||||||
|
|
||||||
|
from castellan_ui.api import client
|
||||||
|
from horizon import tables
|
||||||
|
|
||||||
|
|
||||||
|
class GeneratePrivateKey(tables.LinkAction):
|
||||||
|
name = "generate_private_key"
|
||||||
|
verbose_name = _("Generate Key Pair")
|
||||||
|
url = "horizon:project:private_keys:generate"
|
||||||
|
classes = ("ajax-modal",)
|
||||||
|
icon = "plus"
|
||||||
|
policy_rules = ()
|
||||||
|
|
||||||
|
|
||||||
|
class ImportPrivateKey(tables.LinkAction):
|
||||||
|
name = "import_private_key"
|
||||||
|
verbose_name = _("Import Private Key")
|
||||||
|
url = "horizon:project:private_keys:import"
|
||||||
|
classes = ("ajax-modal",)
|
||||||
|
icon = "upload"
|
||||||
|
policy_rules = ()
|
||||||
|
|
||||||
|
|
||||||
|
class DownloadKey(tables.LinkAction):
|
||||||
|
name = "download"
|
||||||
|
verbose_name = _("Download Key")
|
||||||
|
url = "horizon:project:private_keys:download"
|
||||||
|
classes = ("btn-download",)
|
||||||
|
policy_rules = ()
|
||||||
|
|
||||||
|
def get_link_url(self, datum):
|
||||||
|
return reverse(self.url,
|
||||||
|
kwargs={'object_id': datum.id})
|
||||||
|
|
||||||
|
|
||||||
|
class DeletePrivateKey(tables.DeleteAction):
|
||||||
|
policy_rules = ()
|
||||||
|
help_text = _("You should not delete a private key unless you are "
|
||||||
|
"certain it is not being used anywhere. If there was a "
|
||||||
|
"public key generated with this private key, it will not "
|
||||||
|
"be deleted.")
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def action_present(count):
|
||||||
|
return ungettext_lazy(
|
||||||
|
u"Delete Private Key",
|
||||||
|
u"Delete Private Keys",
|
||||||
|
count
|
||||||
|
)
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def action_past(count):
|
||||||
|
return ungettext_lazy(
|
||||||
|
u"Deleted Private Key",
|
||||||
|
u"Deleted Private Keys",
|
||||||
|
count
|
||||||
|
)
|
||||||
|
|
||||||
|
def delete(self, request, obj_id):
|
||||||
|
client.delete(request, obj_id)
|
||||||
|
|
||||||
|
|
||||||
|
class PrivateKeyTable(tables.DataTable):
|
||||||
|
detail_link = "horizon:project:private_keys:detail"
|
||||||
|
uuid = tables.Column("id", verbose_name=_("Key ID"), link=detail_link)
|
||||||
|
name = tables.Column("name", verbose_name=_("Name"))
|
||||||
|
algorithm = tables.Column("algorithm", verbose_name=_("Algorithm"))
|
||||||
|
bit_length = tables.Column("bit_length", verbose_name=_("Bit Length"))
|
||||||
|
created_date = tables.Column("created",
|
||||||
|
verbose_name=_("Created Date"),
|
||||||
|
filters=(filters.timestamp_to_iso,))
|
||||||
|
|
||||||
|
def get_object_display(self, datum):
|
||||||
|
return datum.name if datum.name else datum.id
|
||||||
|
|
||||||
|
class Meta(object):
|
||||||
|
name = "private_key"
|
||||||
|
table_actions = (GeneratePrivateKey,
|
||||||
|
ImportPrivateKey,
|
||||||
|
DeletePrivateKey,)
|
||||||
|
row_actions = (DownloadKey, DeletePrivateKey)
|
|
@ -0,0 +1,27 @@
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
from castellan_ui.content.private_keys import views
|
||||||
|
from django.conf.urls import url
|
||||||
|
|
||||||
|
urlpatterns = [
|
||||||
|
url(r'^$', views.IndexView.as_view(), name='index'),
|
||||||
|
url(r'^import/$', views.ImportView.as_view(), name='import'),
|
||||||
|
url(r'^generate/$', views.GenerateView.as_view(), name='generate'),
|
||||||
|
url(r'^(?P<object_id>[^/]+)/$',
|
||||||
|
views.DetailView.as_view(),
|
||||||
|
name='detail'),
|
||||||
|
url(r'^download/$', views.download_key, name='download'),
|
||||||
|
url(r'^(?P<object_id>[^/]+)/download$',
|
||||||
|
views.download_key,
|
||||||
|
name='download'),
|
||||||
|
]
|
|
@ -0,0 +1,150 @@
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
from django.core.urlresolvers import reverse
|
||||||
|
from django.core.urlresolvers import reverse_lazy
|
||||||
|
from django.http import HttpResponse
|
||||||
|
from django.utils.translation import ugettext_lazy as _
|
||||||
|
|
||||||
|
from cryptography.hazmat import backends
|
||||||
|
from cryptography.hazmat.primitives import serialization
|
||||||
|
from cryptography.hazmat.primitives.serialization import load_der_private_key
|
||||||
|
|
||||||
|
from castellan.common.objects import private_key
|
||||||
|
from castellan_ui.api import client
|
||||||
|
from castellan_ui.content.private_keys import forms as private_key_forms
|
||||||
|
from castellan_ui.content.private_keys import tables
|
||||||
|
from castellan_ui.content import shared_forms
|
||||||
|
from datetime import datetime
|
||||||
|
from horizon import exceptions
|
||||||
|
from horizon import forms
|
||||||
|
from horizon.tables import views as tables_views
|
||||||
|
from horizon.utils import memoized
|
||||||
|
from horizon import views
|
||||||
|
|
||||||
|
|
||||||
|
def download_key(request, object_id):
|
||||||
|
try:
|
||||||
|
obj = client.get(request, object_id)
|
||||||
|
data = obj.get_encoded()
|
||||||
|
key_obj = load_der_private_key(
|
||||||
|
data, password=None, backend=backends.default_backend())
|
||||||
|
key_pem = key_obj.private_bytes(
|
||||||
|
encoding=serialization.Encoding.PEM,
|
||||||
|
format=serialization.PrivateFormat.PKCS8,
|
||||||
|
encryption_algorithm=serialization.NoEncryption())
|
||||||
|
response = HttpResponse()
|
||||||
|
response.write(key_pem)
|
||||||
|
response['Content-Disposition'] = ('attachment; '
|
||||||
|
'filename="%s.key"' % object_id)
|
||||||
|
response['Content-Length'] = str(len(response.content))
|
||||||
|
return response
|
||||||
|
|
||||||
|
except Exception:
|
||||||
|
redirect = reverse('horizon:project:private_keys:index')
|
||||||
|
msg = _('Unable to download private_key "%s".')\
|
||||||
|
% (object_id)
|
||||||
|
exceptions.handle(request, msg, redirect=redirect)
|
||||||
|
|
||||||
|
|
||||||
|
class IndexView(tables_views.MultiTableView):
|
||||||
|
table_classes = [
|
||||||
|
tables.PrivateKeyTable
|
||||||
|
]
|
||||||
|
template_name = 'private_keys.html'
|
||||||
|
|
||||||
|
def get_private_key_data(self):
|
||||||
|
try:
|
||||||
|
return client.list(
|
||||||
|
self.request, object_type=private_key.PrivateKey)
|
||||||
|
except Exception as e:
|
||||||
|
msg = _('Unable to list private keys: "%s".') % (e.message)
|
||||||
|
exceptions.handle(self.request, msg)
|
||||||
|
return []
|
||||||
|
|
||||||
|
|
||||||
|
class GenerateView(forms.ModalFormView):
|
||||||
|
form_class = shared_forms.GenerateKeyPair
|
||||||
|
template_name = 'private_key_generate.html'
|
||||||
|
submit_url = reverse_lazy(
|
||||||
|
"horizon:project:private_keys:generate")
|
||||||
|
success_url = reverse_lazy('horizon:project:private_keys:index')
|
||||||
|
submit_label = page_title = _("Generate Key Pair")
|
||||||
|
|
||||||
|
|
||||||
|
class ImportView(forms.ModalFormView):
|
||||||
|
form_class = private_key_forms.ImportPrivateKey
|
||||||
|
template_name = 'private_key_import.html'
|
||||||
|
submit_url = reverse_lazy(
|
||||||
|
"horizon:project:private_keys:import")
|
||||||
|
success_url = reverse_lazy('horizon:project:private_keys:index')
|
||||||
|
submit_label = page_title = _("Import Private Key")
|
||||||
|
|
||||||
|
def get_object_id(self, key_uuid):
|
||||||
|
return key_uuid
|
||||||
|
|
||||||
|
|
||||||
|
class DetailView(views.HorizonTemplateView):
|
||||||
|
template_name = 'private_key_detail.html'
|
||||||
|
page_title = _("Private Key Details")
|
||||||
|
|
||||||
|
@memoized.memoized_method
|
||||||
|
def _get_data(self):
|
||||||
|
try:
|
||||||
|
obj = client.get(self.request, self.kwargs['object_id'])
|
||||||
|
except Exception:
|
||||||
|
redirect = reverse('horizon:project:private_keys:index')
|
||||||
|
msg = _('Unable to retrieve details for private_key "%s".')\
|
||||||
|
% (self.kwargs['object_id'])
|
||||||
|
exceptions.handle(self.request, msg,
|
||||||
|
redirect=redirect)
|
||||||
|
return obj
|
||||||
|
|
||||||
|
@memoized.memoized_method
|
||||||
|
def _get_data_created_date(self, obj):
|
||||||
|
try:
|
||||||
|
created_date = datetime.utcfromtimestamp(obj.created).isoformat()
|
||||||
|
except Exception:
|
||||||
|
redirect = reverse('horizon:project:private_keys:index')
|
||||||
|
msg = _('Unable to retrieve details for private_key "%s".')\
|
||||||
|
% (self.kwargs['object_id'])
|
||||||
|
exceptions.handle(self.request, msg,
|
||||||
|
redirect=redirect)
|
||||||
|
return created_date
|
||||||
|
|
||||||
|
@memoized.memoized_method
|
||||||
|
def _get_data_bytes(self, obj):
|
||||||
|
try:
|
||||||
|
key = serialization.load_der_private_key(
|
||||||
|
obj.get_encoded(),
|
||||||
|
backend=backends.default_backend(),
|
||||||
|
password=None)
|
||||||
|
data_bytes = key.private_bytes(
|
||||||
|
encoding=serialization.Encoding.PEM,
|
||||||
|
format=serialization.PrivateFormat.PKCS8,
|
||||||
|
encryption_algorithm=serialization.NoEncryption())
|
||||||
|
except Exception:
|
||||||
|
redirect = reverse('horizon:project:private_keys:index')
|
||||||
|
msg = _('Unable to retrieve details for private_key "%s".')\
|
||||||
|
% (self.kwargs['object_id'])
|
||||||
|
exceptions.handle(self.request, msg,
|
||||||
|
redirect=redirect)
|
||||||
|
return data_bytes
|
||||||
|
|
||||||
|
def get_context_data(self, **kwargs):
|
||||||
|
"""Gets the context data for key."""
|
||||||
|
context = super(DetailView, self).get_context_data(**kwargs)
|
||||||
|
obj = self._get_data()
|
||||||
|
context['object'] = obj
|
||||||
|
context['object_created_date'] = self._get_data_created_date(obj)
|
||||||
|
context['object_bytes'] = self._get_data_bytes(obj)
|
||||||
|
return context
|
|
@ -0,0 +1,46 @@
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
|
||||||
|
import base64
|
||||||
|
from django.utils.translation import ugettext_lazy as _
|
||||||
|
|
||||||
|
from castellan.common.objects import public_key
|
||||||
|
from cryptography.hazmat.backends import default_backend
|
||||||
|
from cryptography.hazmat.primitives import serialization
|
||||||
|
from cryptography.hazmat.primitives.serialization import load_pem_public_key
|
||||||
|
|
||||||
|
from castellan_ui.content import shared_forms
|
||||||
|
|
||||||
|
|
||||||
|
class ImportPublicKey(shared_forms.ImportKey):
|
||||||
|
|
||||||
|
def __init__(self, request, *args, **kwargs):
|
||||||
|
super(ImportPublicKey, self).__init__(
|
||||||
|
request, *args, algorithms=shared_forms.KEY_PAIR_ALGORITHMS,
|
||||||
|
**kwargs)
|
||||||
|
self.fields['direct_input'].help_text = _(
|
||||||
|
"PEM formatted public key.")
|
||||||
|
self.fields['key_file'].help_text = _(
|
||||||
|
"PEM formatted public key file.")
|
||||||
|
|
||||||
|
def clean_key_data(self, key_data):
|
||||||
|
key_obj = load_pem_public_key(
|
||||||
|
key_data.encode('utf-8'), backend=default_backend())
|
||||||
|
key_der = key_obj.public_bytes(
|
||||||
|
encoding=serialization.Encoding.DER,
|
||||||
|
format=serialization.PublicFormat.SubjectPublicKeyInfo)
|
||||||
|
return base64.b64encode(key_der)
|
||||||
|
|
||||||
|
def handle(self, request, data):
|
||||||
|
return super(ImportPublicKey, self).handle(
|
||||||
|
request, data, public_key.PublicKey)
|
|
@ -0,0 +1,23 @@
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
from django.utils.translation import ugettext_lazy as _
|
||||||
|
import horizon
|
||||||
|
|
||||||
|
# This panel will be loaded from horizon, because specified in enabled file.
|
||||||
|
# To register REST api, import below here.
|
||||||
|
from castellan_ui.api import client # noqa: F401
|
||||||
|
|
||||||
|
|
||||||
|
class PublicKeys(horizon.Panel):
|
||||||
|
name = _("Public Keys")
|
||||||
|
slug = "public_keys"
|
|
@ -0,0 +1,98 @@
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
|
||||||
|
from castellan_ui.content import filters
|
||||||
|
from django.core.urlresolvers import reverse
|
||||||
|
from django.utils.translation import ugettext_lazy as _
|
||||||
|
from django.utils.translation import ungettext_lazy
|
||||||
|
|
||||||
|
from castellan_ui.api import client
|
||||||
|
from horizon import tables
|
||||||
|
|
||||||
|
|
||||||
|
class GeneratePublicKey(tables.LinkAction):
|
||||||
|
name = "generate_public_key"
|
||||||
|
verbose_name = _("Generate Key Pair")
|
||||||
|
url = "horizon:project:public_keys:generate"
|
||||||
|
classes = ("ajax-modal",)
|
||||||
|
icon = "plus"
|
||||||
|
policy_rules = ()
|
||||||
|
|
||||||
|
|
||||||
|
class ImportPublicKey(tables.LinkAction):
|
||||||
|
name = "import_public_key"
|
||||||
|
verbose_name = _("Import Public Key")
|
||||||
|
url = "horizon:project:public_keys:import"
|
||||||
|
classes = ("ajax-modal",)
|
||||||
|
icon = "upload"
|
||||||
|
policy_rules = ()
|
||||||
|
|
||||||
|
|
||||||
|
class DownloadKey(tables.LinkAction):
|
||||||
|
name = "download"
|
||||||
|
verbose_name = _("Download Key")
|
||||||
|
url = "horizon:project:public_keys:download"
|
||||||
|
classes = ("btn-download",)
|
||||||
|
policy_rules = ()
|
||||||
|
|
||||||
|
def get_link_url(self, datum):
|
||||||
|
return reverse(self.url,
|
||||||
|
kwargs={'object_id': datum.id})
|
||||||
|
|
||||||
|
|
||||||
|
class DeletePublicKey(tables.DeleteAction):
|
||||||
|
policy_rules = ()
|
||||||
|
help_text = _("You should not delete a public key unless you are "
|
||||||
|
"certain it is not being used anywhere. If there was a "
|
||||||
|
"private key generated with this public key, it will not "
|
||||||
|
"be deleted.")
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def action_present(count):
|
||||||
|
return ungettext_lazy(
|
||||||
|
u"Delete Public Key",
|
||||||
|
u"Delete Public Keys",
|
||||||
|
count
|
||||||
|
)
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def action_past(count):
|
||||||
|
return ungettext_lazy(
|
||||||
|
u"Deleted Public Key",
|
||||||
|
u"Deleted Public Keys",
|
||||||
|
count
|
||||||
|
)
|
||||||
|
|
||||||
|
def delete(self, request, obj_id):
|
||||||
|
client.delete(request, obj_id)
|
||||||
|
|
||||||
|
|
||||||
|
class PublicKeyTable(tables.DataTable):
|
||||||
|
detail_link = "horizon:project:public_keys:detail"
|
||||||
|
uuid = tables.Column("id", verbose_name=_("Key ID"), link=detail_link)
|
||||||
|
name = tables.Column("name", verbose_name=_("Name"))
|
||||||
|
algorithm = tables.Column("algorithm", verbose_name=_("Algorithm"))
|
||||||
|
bit_length = tables.Column("bit_length", verbose_name=_("Bit Length"))
|
||||||
|
created_date = tables.Column("created",
|
||||||
|
verbose_name=_("Created Date"),
|
||||||
|
filters=(filters.timestamp_to_iso,))
|
||||||
|
|
||||||
|
def get_object_display(self, datum):
|
||||||
|
return datum.name if datum.name else datum.id
|
||||||
|
|
||||||
|
class Meta(object):
|
||||||
|
name = "public_key"
|
||||||
|
table_actions = (GeneratePublicKey,
|
||||||
|
ImportPublicKey,
|
||||||
|
DeletePublicKey,)
|
||||||
|
row_actions = (DownloadKey, DeletePublicKey)
|
|
@ -0,0 +1,27 @@
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
from castellan_ui.content.public_keys import views
|
||||||
|
from django.conf.urls import url
|
||||||
|
|
||||||
|
urlpatterns = [
|
||||||
|
url(r'^$', views.IndexView.as_view(), name='index'),
|
||||||
|
url(r'^import/$', views.ImportView.as_view(), name='import'),
|
||||||
|
url(r'^generate/$', views.GenerateView.as_view(), name='generate'),
|
||||||
|
url(r'^(?P<object_id>[^/]+)/$',
|
||||||
|
views.DetailView.as_view(),
|
||||||
|
name='detail'),
|
||||||
|
url(r'^download/$', views.download_key, name='download'),
|
||||||
|
url(r'^(?P<object_id>[^/]+)/download$',
|
||||||
|
views.download_key,
|
||||||
|
name='download'),
|
||||||
|
]
|
|
@ -0,0 +1,147 @@
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
from django.core.urlresolvers import reverse
|
||||||
|
from django.core.urlresolvers import reverse_lazy
|
||||||
|
from django.http import HttpResponse
|
||||||
|
from django.utils.translation import ugettext_lazy as _
|
||||||
|
|
||||||
|
from cryptography.hazmat import backends
|
||||||
|
from cryptography.hazmat.primitives import serialization
|
||||||
|
|
||||||
|
from castellan.common.objects import public_key
|
||||||
|
from castellan_ui.api import client
|
||||||
|
from castellan_ui.content.public_keys import forms as public_key_forms
|
||||||
|
from castellan_ui.content.public_keys import tables
|
||||||
|
from castellan_ui.content import shared_forms
|
||||||
|
from datetime import datetime
|
||||||
|
from horizon import exceptions
|
||||||
|
from horizon import forms
|
||||||
|
from horizon.tables import views as tables_views
|
||||||
|
from horizon.utils import memoized
|
||||||
|
from horizon import views
|
||||||
|
|
||||||
|
|
||||||
|
def download_key(request, object_id):
|
||||||
|
try:
|
||||||
|
obj = client.get(request, object_id)
|
||||||
|
data = obj.get_encoded()
|
||||||
|
key_obj = serialization.load_der_public_key(
|
||||||
|
data, backend=backends.default_backend())
|
||||||
|
key_pem = key_obj.public_bytes(
|
||||||
|
encoding=serialization.Encoding.PEM,
|
||||||
|
format=serialization.PublicFormat.SubjectPublicKeyInfo)
|
||||||
|
|
||||||
|
response = HttpResponse()
|
||||||
|
response.write(key_pem)
|
||||||
|
response['Content-Disposition'] = ('attachment; '
|
||||||
|
'filename="%s.key"' % object_id)
|
||||||
|
response['Content-Length'] = str(len(response.content))
|
||||||
|
return response
|
||||||
|
|
||||||
|
except Exception:
|
||||||
|
redirect = reverse('horizon:project:public_keys:index')
|
||||||
|
msg = _('Unable to download public_key "%s".')\
|
||||||
|
% (object_id)
|
||||||
|
exceptions.handle(request, msg, redirect=redirect)
|
||||||
|
|
||||||
|
|
||||||
|
class IndexView(tables_views.MultiTableView):
|
||||||
|
table_classes = [
|
||||||
|
tables.PublicKeyTable
|
||||||
|
]
|
||||||
|
template_name = 'public_keys.html'
|
||||||
|
|
||||||
|
def get_public_key_data(self):
|
||||||
|
try:
|
||||||
|
return client.list(
|
||||||
|
self.request, object_type=public_key.PublicKey)
|
||||||
|
except Exception as e:
|
||||||
|
msg = _('Unable to list private keys: "%s".') % (e.message)
|
||||||
|
exceptions.handle(self.request, msg)
|
||||||
|
return []
|
||||||
|
|
||||||
|
|
||||||
|
class GenerateView(forms.ModalFormView):
|
||||||
|
form_class = shared_forms.GenerateKeyPair
|
||||||
|
template_name = 'public_key_generate.html'
|
||||||
|
submit_url = reverse_lazy(
|
||||||
|
"horizon:project:public_keys:generate")
|
||||||
|
success_url = reverse_lazy('horizon:project:public_keys:index')
|
||||||
|
submit_label = page_title = _("Generate Key Pair")
|
||||||
|
|
||||||
|
|
||||||
|
class ImportView(forms.ModalFormView):
|
||||||
|
form_class = public_key_forms.ImportPublicKey
|
||||||
|
template_name = 'public_key_import.html'
|
||||||
|
submit_url = reverse_lazy(
|
||||||
|
"horizon:project:public_keys:import")
|
||||||
|
success_url = reverse_lazy('horizon:project:public_keys:index')
|
||||||
|
submit_label = page_title = _("Import Public Key")
|
||||||
|
|
||||||
|
def get_object_id(self, key_uuid):
|
||||||
|
return key_uuid
|
||||||
|
|
||||||
|
|
||||||
|
class DetailView(views.HorizonTemplateView):
|
||||||
|
template_name = 'public_key_detail.html'
|
||||||
|
page_title = _("Public Key Details")
|
||||||
|
|
||||||
|
@memoized.memoized_method
|
||||||
|
def _get_data(self):
|
||||||
|
try:
|
||||||
|
obj = client.get(self.request, self.kwargs['object_id'])
|
||||||
|
except Exception:
|
||||||
|
redirect = reverse('horizon:project:public_keys:index')
|
||||||
|
msg = _('Unable to retrieve details for public_key "%s".')\
|
||||||
|
% (self.kwargs['object_id'])
|
||||||
|
exceptions.handle(self.request, msg,
|
||||||
|
redirect=redirect)
|
||||||
|
return obj
|
||||||
|
|
||||||
|
@memoized.memoized_method
|
||||||
|
def _get_data_created_date(self, obj):
|
||||||
|
try:
|
||||||
|
created_date = datetime.utcfromtimestamp(obj.created).isoformat()
|
||||||
|
except Exception:
|
||||||
|
redirect = reverse('horizon:project:public_keys:index')
|
||||||
|
msg = _('Unable to retrieve details for public_key "%s".')\
|
||||||
|
% (self.kwargs['object_id'])
|
||||||
|
exceptions.handle(self.request, msg,
|
||||||
|
redirect=redirect)
|
||||||
|
return created_date
|
||||||
|
|
||||||
|
@memoized.memoized_method
|
||||||
|
def _get_data_bytes(self, obj):
|
||||||
|
try:
|
||||||
|
key = serialization.load_der_public_key(
|
||||||
|
obj.get_encoded(),
|
||||||
|
backend=backends.default_backend())
|
||||||
|
data_bytes = key.public_bytes(
|
||||||
|
encoding=serialization.Encoding.PEM,
|
||||||
|
format=serialization.PublicFormat.SubjectPublicKeyInfo)
|
||||||
|
except Exception:
|
||||||
|
redirect = reverse('horizon:project:public_keys:index')
|
||||||
|
msg = _('Unable to retrieve details for public_key "%s".')\
|
||||||
|
% (self.kwargs['object_id'])
|
||||||
|
exceptions.handle(self.request, msg,
|
||||||
|
redirect=redirect)
|
||||||
|
return data_bytes
|
||||||
|
|
||||||
|
def get_context_data(self, **kwargs):
|
||||||
|
"""Gets the context data for key."""
|
||||||
|
context = super(DetailView, self).get_context_data(**kwargs)
|
||||||
|
obj = self._get_data()
|
||||||
|
context['object'] = obj
|
||||||
|
context['object_created_date'] = self._get_data_created_date(obj)
|
||||||
|
context['object_bytes'] = self._get_data_bytes(obj)
|
||||||
|
return context
|
|
@ -0,0 +1,195 @@
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
|
||||||
|
import abc
|
||||||
|
import re
|
||||||
|
|
||||||
|
from django.utils.translation import ugettext_lazy as _
|
||||||
|
|
||||||
|
from horizon import exceptions
|
||||||
|
from horizon import forms
|
||||||
|
from horizon import messages
|
||||||
|
|
||||||
|
from castellan_ui.api import client
|
||||||
|
|
||||||
|
|
||||||
|
KEY_PAIR_ALGORITHMS = ('RSA', 'DSA')
|
||||||
|
|
||||||
|
NEW_LINES = re.compile(r"\r|\n")
|
||||||
|
|
||||||
|
NAME_REGEX = re.compile(r"^\w+(?:[- ]\w+)*$", re.UNICODE)
|
||||||
|
ERROR_MESSAGES = {
|
||||||
|
'invalid': _('Key name may only contain letters, '
|
||||||
|
'numbers, underscores, spaces, and hyphens '
|
||||||
|
'and may not be white space.')}
|
||||||
|
|
||||||
|
ALG_HELP_TEXT = _(
|
||||||
|
"Check which algorithms your key manager supports. "
|
||||||
|
"Some common algorithms are: %s") % ', '.join(KEY_PAIR_ALGORITHMS)
|
||||||
|
LENGTH_HELP_TEXT = _(
|
||||||
|
"Only certain bit lengths are valid for each algorithm. "
|
||||||
|
"Some common bit lengths are: 1024, 2048")
|
||||||
|
|
||||||
|
|
||||||
|
class ListTextWidget(forms.TextInput):
|
||||||
|
def __init__(self, data_list, name, *args, **kwargs):
|
||||||
|
super(ListTextWidget, self).__init__(*args, **kwargs)
|
||||||
|
self._name = name
|
||||||
|
self._list = data_list
|
||||||
|
self.attrs.update({'list': 'list__%s' % self._name})
|
||||||
|
|
||||||
|
def render(self, name, value, attrs=None):
|
||||||
|
text_html = super(ListTextWidget, self).render(name,
|
||||||
|
value,
|
||||||
|
attrs=attrs)
|
||||||
|
data_list = '<datalist id="list__%s">' % self._name
|
||||||
|
for item in self._list:
|
||||||
|
data_list += '<option value="%s">' % item
|
||||||
|
data_list += '</datalist>'
|
||||||
|
|
||||||
|
return (text_html + data_list)
|
||||||
|
|
||||||
|
|
||||||
|
class ImportKey(forms.SelfHandlingForm):
|
||||||
|
algorithm = forms.CharField(label=_("Algorithm"), help_text=ALG_HELP_TEXT)
|
||||||
|
bit_length = forms.IntegerField(
|
||||||
|
label=_("Bit Length"), min_value=0, help_text=LENGTH_HELP_TEXT)
|
||||||
|
name = forms.RegexField(required=False,
|
||||||
|
max_length=255,
|
||||||
|
label=_("Key Name"),
|
||||||
|
regex=NAME_REGEX,
|
||||||
|
error_messages=ERROR_MESSAGES)
|
||||||
|
source_type = forms.ChoiceField(
|
||||||
|
label=_('Source'),
|
||||||
|
required=False,
|
||||||
|
choices=[('file', _('Key File')),
|
||||||
|
('raw', _('Direct Input'))],
|
||||||
|
widget=forms.ThemableSelectWidget(
|
||||||
|
attrs={'class': 'switchable', 'data-slug': 'source'}))
|
||||||
|
key_file = forms.FileField(
|
||||||
|
label=_("Choose file"),
|
||||||
|
widget=forms.FileInput(
|
||||||
|
attrs={'class': 'switched', 'data-switch-on': 'source',
|
||||||
|
'data-source-file': _('Key File')}),
|
||||||
|
required=False)
|
||||||
|
direct_input = forms.CharField(
|
||||||
|
label=_('Key Value'),
|
||||||
|
widget=forms.widgets.Textarea(
|
||||||
|
attrs={'class': 'switched', 'data-switch-on': 'source',
|
||||||
|
'data-source-raw': _('Key Value')}),
|
||||||
|
required=False)
|
||||||
|
|
||||||
|
def __init__(self, request, *args, **kwargs):
|
||||||
|
algorithms = kwargs.pop('algorithms', None)
|
||||||
|
super(ImportKey, self).__init__(request, *args, **kwargs)
|
||||||
|
self.fields['algorithm'].widget = ListTextWidget(data_list=algorithms,
|
||||||
|
name='algorithms')
|
||||||
|
|
||||||
|
@abc.abstractmethod
|
||||||
|
def clean_key_data(self, key_pem):
|
||||||
|
"""This should be implemented for the specific key import form"""
|
||||||
|
return
|
||||||
|
|
||||||
|
def clean(self):
|
||||||
|
data = super(ImportKey, self).clean()
|
||||||
|
|
||||||
|
# The key can be missing based on particular upload
|
||||||
|
# conditions. Code defensively for it here...
|
||||||
|
key_file = data.get('key_file', None)
|
||||||
|
key_raw = data.get('direct_input', None)
|
||||||
|
|
||||||
|
if key_raw and key_file:
|
||||||
|
raise forms.ValidationError(
|
||||||
|
_("Cannot specify both file and direct input."))
|
||||||
|
if not key_raw and not key_file:
|
||||||
|
raise forms.ValidationError(
|
||||||
|
_("No input was provided for the key value."))
|
||||||
|
try:
|
||||||
|
if key_file:
|
||||||
|
key_pem = self.files['key_file'].read()
|
||||||
|
else:
|
||||||
|
key_pem = data['direct_input']
|
||||||
|
|
||||||
|
data['key_data'] = self.clean_key_data(key_pem)
|
||||||
|
|
||||||
|
except Exception as e:
|
||||||
|
msg = _('There was a problem loading the key: %s. '
|
||||||
|
'Is the key valid and in the correct format?') % e
|
||||||
|
raise forms.ValidationError(msg)
|
||||||
|
|
||||||
|
return data
|
||||||
|
|
||||||
|
def handle(self, request, data, key_type):
|
||||||
|
try:
|
||||||
|
key_uuid = client.import_object(
|
||||||
|
request,
|
||||||
|
algorithm=data['algorithm'],
|
||||||
|
bit_length=data['bit_length'],
|
||||||
|
key=data['key_data'],
|
||||||
|
name=data['name'],
|
||||||
|
object_type=key_type)
|
||||||
|
|
||||||
|
if data['name']:
|
||||||
|
key_identifier = data['name']
|
||||||
|
else:
|
||||||
|
key_identifier = key_uuid
|
||||||
|
messages.success(request,
|
||||||
|
_('Successfully imported key: %s')
|
||||||
|
% key_identifier)
|
||||||
|
return key_uuid
|
||||||
|
except Exception as e:
|
||||||
|
msg = _('Unable to import key: %s')
|
||||||
|
messages.error(request, msg % e)
|
||||||
|
exceptions.handle(request, ignore=True)
|
||||||
|
self.api_error(_('Unable to import key.'))
|
||||||
|
return False
|
||||||
|
|
||||||
|
|
||||||
|
class GenerateKeyPair(forms.SelfHandlingForm):
|
||||||
|
algorithm = forms.CharField(
|
||||||
|
label=_("Algorithm"),
|
||||||
|
help_text=ALG_HELP_TEXT,
|
||||||
|
widget=ListTextWidget(
|
||||||
|
data_list=KEY_PAIR_ALGORITHMS, name='algorithm-list'))
|
||||||
|
length = forms.IntegerField(
|
||||||
|
label=_("Bit Length"),
|
||||||
|
min_value=0,
|
||||||
|
help_text=LENGTH_HELP_TEXT)
|
||||||
|
name = forms.RegexField(required=False,
|
||||||
|
max_length=255,
|
||||||
|
label=_("Key Name"),
|
||||||
|
regex=NAME_REGEX,
|
||||||
|
error_messages=ERROR_MESSAGES)
|
||||||
|
|
||||||
|
def handle(self, request, data):
|
||||||
|
try:
|
||||||
|
key_uuid = client.generate_key_pair(
|
||||||
|
request,
|
||||||
|
algorithm=data['algorithm'],
|
||||||
|
length=data['length'],
|
||||||
|
name=data['name'])
|
||||||
|
|
||||||
|
if data['name']:
|
||||||
|
key_identifier = data['name']
|
||||||
|
else:
|
||||||
|
key_identifier = key_uuid
|
||||||
|
messages.success(request,
|
||||||
|
_('Successfully generated key pair %s')
|
||||||
|
% key_identifier)
|
||||||
|
return key_uuid
|
||||||
|
except Exception as e:
|
||||||
|
msg = _('Unable to generate key pair: %s')
|
||||||
|
messages.error(request, msg % e)
|
||||||
|
exceptions.handle(request, ignore=True)
|
||||||
|
self.api_error(_('Unable to generate key pair.'))
|
||||||
|
return False
|
|
@ -0,0 +1,23 @@
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
# The slug of the panel to be added to HORIZON_CONFIG. Required.
|
||||||
|
PANEL = 'private_keys'
|
||||||
|
# The slug of the panel group the PANEL is associated with.
|
||||||
|
PANEL_GROUP = 'key_manager'
|
||||||
|
# The slug of the dashboard the PANEL associated with. Required.
|
||||||
|
PANEL_DASHBOARD = 'project'
|
||||||
|
|
||||||
|
ADD_INSTALLED_APP = ['castellan_ui', ]
|
||||||
|
|
||||||
|
# Python panel class of the PANEL to be added.
|
||||||
|
ADD_PANEL = 'castellan_ui.content.private_keys.panel.PrivateKeys'
|
|
@ -0,0 +1,23 @@
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
# The slug of the panel to be added to HORIZON_CONFIG. Required.
|
||||||
|
PANEL = 'public_keys'
|
||||||
|
# The slug of the panel group the PANEL is associated with.
|
||||||
|
PANEL_GROUP = 'key_manager'
|
||||||
|
# The slug of the dashboard the PANEL associated with. Required.
|
||||||
|
PANEL_DASHBOARD = 'project'
|
||||||
|
|
||||||
|
ADD_INSTALLED_APP = ['castellan_ui', ]
|
||||||
|
|
||||||
|
# Python panel class of the PANEL to be added.
|
||||||
|
ADD_PANEL = 'castellan_ui.content.public_keys.panel.PublicKeys'
|
|
@ -0,0 +1,9 @@
|
||||||
|
{% extends "horizon/common/_modal_form.html" %}
|
||||||
|
{% load i18n %}
|
||||||
|
|
||||||
|
{% block modal-body-right %}
|
||||||
|
<p>{% trans "Check your key manager to see which algorithms and bit lengths are supported." %}</p>
|
||||||
|
<p>{% trans "A key pair consists of a private key and a public key. When you generate a private key, the public key will also be generated, and vice versa." %}</p>
|
||||||
|
<p>{% trans "You can find the corresponding public key on the " %}<a href="{% url 'horizon:project:public_keys:index' %}">Public Keys</a> {% trans "page." %}</p>
|
||||||
|
{% endblock %}
|
||||||
|
|
|
@ -0,0 +1,9 @@
|
||||||
|
{% extends '_object_import.html' %}
|
||||||
|
{% load i18n %}
|
||||||
|
|
||||||
|
{% block modal-body-right %}
|
||||||
|
<p>{% trans "Private keys can be imported if they are in Privacy Enhanced Mail (PEM) format." %}</p>
|
||||||
|
<p>{% trans "Your PEM formatted key will look something like this:" %}</p>
|
||||||
|
<p><pre>-----BEGIN PRIVATE KEY-----<br><base64-encoded data><br>-----END PRIVATE KEY-----</pre></p>
|
||||||
|
{% endblock %}
|
||||||
|
|
|
@ -0,0 +1,10 @@
|
||||||
|
{% extends "horizon/common/_modal_form.html" %}
|
||||||
|
{% load i18n %}
|
||||||
|
|
||||||
|
{% block modal-body-right %}
|
||||||
|
<p>{% trans "Check your key manager to see which algorithms and bit lengths are supported." %}</p>
|
||||||
|
<p>{% trans "A key pair consists of a private key and a public key. When you generate a public key, the private key will also be generated, and vice versa." %}</p>
|
||||||
|
<p>{% trans "You can find the corresponding private key on the " %}<a href="{% url 'horizon:project:private_keys:index' %}">Private Keys</a> {% trans "page." %}</p>
|
||||||
|
|
||||||
|
{% endblock %}
|
||||||
|
|
|
@ -0,0 +1,9 @@
|
||||||
|
{% extends '_object_import.html' %}
|
||||||
|
{% load i18n %}
|
||||||
|
|
||||||
|
{% block modal-body-right %}
|
||||||
|
<p>{% trans "Public keys can be imported if they are in Privacy Enhanced Mail (PEM) format." %}</p>
|
||||||
|
<p>{% trans "Your PEM formatted key will look something like this:" %}</p>
|
||||||
|
<p><pre>-----BEGIN PUBLIC KEY-----<br><base64-encoded data><br>-----END PUBLIC KEY-----</pre></p>
|
||||||
|
{% endblock %}
|
||||||
|
|
|
@ -0,0 +1,27 @@
|
||||||
|
{% extends 'base.html' %}
|
||||||
|
{% load i18n parse_date %}
|
||||||
|
|
||||||
|
{% block title %}{{ page_title }}{% endblock %}
|
||||||
|
|
||||||
|
{% block page_header %}
|
||||||
|
{% include "horizon/common/_detail_header.html" %}
|
||||||
|
{% endblock %}
|
||||||
|
|
||||||
|
{% block main %}
|
||||||
|
<div class="detail">
|
||||||
|
<dl class="dl-horizontal">
|
||||||
|
<dt>{% trans "Name" %}</dt>
|
||||||
|
<dd>{{ object.name|default:_("None") }}</dd>
|
||||||
|
<dt>{% trans "Created" %}</dt>
|
||||||
|
<dd>{{ object_created_date|parse_date}}</dd>
|
||||||
|
<dt>{% trans "Algorithm" %}</dt>
|
||||||
|
<dd>{{ object.algorithm|default:_("None") }}</dd>
|
||||||
|
<dt>{% trans "Bit Length" %}</dt>
|
||||||
|
<dd>{{ object.bit_length|default:_("None") }}</dd>
|
||||||
|
<dt>{% trans "Key" %}</dt>
|
||||||
|
<dd>
|
||||||
|
<div style="white-space: pre-wrap; font-family: monospace;">{{ object_bytes|default:_("None") }}</div>
|
||||||
|
</dd>
|
||||||
|
</dl>
|
||||||
|
</div>
|
||||||
|
{% endblock %}
|
|
@ -0,0 +1,7 @@
|
||||||
|
{% extends 'base.html' %}
|
||||||
|
{% load i18n %}
|
||||||
|
{% block title %}{{ page_title }}{% endblock %}
|
||||||
|
|
||||||
|
{% block main %}
|
||||||
|
{% include '_private_key_generate.html' %}
|
||||||
|
{% endblock %}
|
|
@ -0,0 +1,7 @@
|
||||||
|
{% extends 'base.html' %}
|
||||||
|
{% load i18n %}
|
||||||
|
{% block title %}{{ page_title }}{% endblock %}
|
||||||
|
|
||||||
|
{% block main %}
|
||||||
|
{% include '_private_key_import.html' %}
|
||||||
|
{% endblock %}
|
|
@ -0,0 +1,23 @@
|
||||||
|
{% extends 'base.html' %}
|
||||||
|
{% load i18n %}
|
||||||
|
{% block title %}{% trans "Private Keys" %}{% endblock %}
|
||||||
|
|
||||||
|
{% block breadcrumb_nav %}
|
||||||
|
<ol class = "breadcrumb">
|
||||||
|
<li>{% trans "Project" %}</li>
|
||||||
|
<li>{% trans "Key Manager" %}</li>
|
||||||
|
<li class="active">{% trans "Private Keys" %}</li>
|
||||||
|
</ol>
|
||||||
|
{% endblock %}
|
||||||
|
|
||||||
|
{% block page_header %}
|
||||||
|
<hz-page-header header="{% trans "Private Keys" %}"></hz-page-header>
|
||||||
|
{% endblock page_header %}
|
||||||
|
|
||||||
|
{% block main %}
|
||||||
|
<div class="row">
|
||||||
|
<div class="col-sm-12">
|
||||||
|
{{ private_key_table.render }}
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
{% endblock %}
|
|
@ -0,0 +1,27 @@
|
||||||
|
{% extends 'base.html' %}
|
||||||
|
{% load i18n parse_date %}
|
||||||
|
|
||||||
|
{% block title %}{{ page_title }}{% endblock %}
|
||||||
|
|
||||||
|
{% block page_header %}
|
||||||
|
{% include "horizon/common/_detail_header.html" %}
|
||||||
|
{% endblock %}
|
||||||
|
|
||||||
|
{% block main %}
|
||||||
|
<div class="detail">
|
||||||
|
<dl class="dl-horizontal">
|
||||||
|
<dt>{% trans "Name" %}</dt>
|
||||||
|
<dd>{{ object.name|default:_("None") }}</dd>
|
||||||
|
<dt>{% trans "Created" %}</dt>
|
||||||
|
<dd>{{ object_created_date|parse_date}}</dd>
|
||||||
|
<dt>{% trans "Algorithm" %}</dt>
|
||||||
|
<dd>{{ object.algorithm|default:_("None") }}</dd>
|
||||||
|
<dt>{% trans "Bit Length" %}</dt>
|
||||||
|
<dd>{{ object.bit_length|default:_("None") }}</dd>
|
||||||
|
<dt>{% trans "Key" %}</dt>
|
||||||
|
<dd>
|
||||||
|
<div style="white-space: pre-wrap; font-family: monospace;">{{ object_bytes|default:_("None") }}</div>
|
||||||
|
</dd>
|
||||||
|
</dl>
|
||||||
|
</div>
|
||||||
|
{% endblock %}
|
|
@ -0,0 +1,7 @@
|
||||||
|
{% extends 'base.html' %}
|
||||||
|
{% load i18n %}
|
||||||
|
{% block title %}{{ page_title }}{% endblock %}
|
||||||
|
|
||||||
|
{% block main %}
|
||||||
|
{% include '_public_key_generate.html' %}
|
||||||
|
{% endblock %}
|
|
@ -0,0 +1,7 @@
|
||||||
|
{% extends 'base.html' %}
|
||||||
|
{% load i18n %}
|
||||||
|
{% block title %}{{ page_title }}{% endblock %}
|
||||||
|
|
||||||
|
{% block main %}
|
||||||
|
{% include '_public_key_import.html' %}
|
||||||
|
{% endblock %}
|
|
@ -0,0 +1,23 @@
|
||||||
|
{% extends 'base.html' %}
|
||||||
|
{% load i18n %}
|
||||||
|
{% block title %}{% trans "Public Keys" %}{% endblock %}
|
||||||
|
|
||||||
|
{% block breadcrumb_nav %}
|
||||||
|
<ol class = "breadcrumb">
|
||||||
|
<li>{% trans "Project" %}</li>
|
||||||
|
<li>{% trans "Key Manager" %}</li>
|
||||||
|
<li class="active">{% trans "Public Keys" %}</li>
|
||||||
|
</ol>
|
||||||
|
{% endblock %}
|
||||||
|
|
||||||
|
{% block page_header %}
|
||||||
|
<hz-page-header header="{% trans "Public Keys" %}"></hz-page-header>
|
||||||
|
{% endblock page_header %}
|
||||||
|
|
||||||
|
{% block main %}
|
||||||
|
<div class="row">
|
||||||
|
<div class="col-sm-12">
|
||||||
|
{{ public_key_table.render }}
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
{% endblock %}
|
|
@ -0,0 +1,137 @@
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
import base64
|
||||||
|
from django.core.handlers import wsgi
|
||||||
|
from django.core.urlresolvers import reverse
|
||||||
|
from horizon import messages as horizon_messages
|
||||||
|
import mock
|
||||||
|
|
||||||
|
from castellan.common.objects import private_key
|
||||||
|
from castellan_ui.api import client as api_castellan
|
||||||
|
from castellan_ui.test import helpers as tests
|
||||||
|
from castellan_ui.test import test_data
|
||||||
|
|
||||||
|
INDEX_URL = reverse('horizon:project:private_keys:index')
|
||||||
|
|
||||||
|
|
||||||
|
class PrivateKeysViewTest(tests.APITestCase):
|
||||||
|
|
||||||
|
def setUp(self):
|
||||||
|
super(PrivateKeysViewTest, self).setUp()
|
||||||
|
self.key = test_data.private_key
|
||||||
|
self.key_b64_bytes = base64.b64encode(self.key.get_encoded())
|
||||||
|
self.mock_object(
|
||||||
|
api_castellan, "get", mock.Mock(return_value=self.key))
|
||||||
|
self.mock_object(api_castellan, "list", mock.Mock(return_value=[]))
|
||||||
|
self.mock_object(horizon_messages, "success")
|
||||||
|
FAKE_ENVIRON = {'REQUEST_METHOD': 'GET', 'wsgi.input': 'fake_input'}
|
||||||
|
self.request = wsgi.WSGIRequest(FAKE_ENVIRON)
|
||||||
|
|
||||||
|
def test_index(self):
|
||||||
|
key_list = [test_data.private_key, test_data.nameless_private_key]
|
||||||
|
|
||||||
|
self.mock_object(
|
||||||
|
api_castellan, "list", mock.Mock(return_value=key_list))
|
||||||
|
|
||||||
|
res = self.client.get(INDEX_URL)
|
||||||
|
self.assertEqual(res.status_code, 200)
|
||||||
|
self.assertTemplateUsed(res, 'private_keys.html')
|
||||||
|
api_castellan.list.assert_called_with(
|
||||||
|
mock.ANY, object_type=private_key.PrivateKey)
|
||||||
|
|
||||||
|
def test_detail_view(self):
|
||||||
|
url = reverse('horizon:project:private_keys:detail',
|
||||||
|
args=[self.key.id])
|
||||||
|
self.mock_object(
|
||||||
|
api_castellan, "list", mock.Mock(return_value=[self.key]))
|
||||||
|
self.mock_object(
|
||||||
|
api_castellan, "get", mock.Mock(return_value=self.key))
|
||||||
|
|
||||||
|
res = self.client.get(url)
|
||||||
|
self.assertContains(
|
||||||
|
res, "<dt>Name</dt>\n <dd>%s</dd>" % self.key.name, 1, 200)
|
||||||
|
api_castellan.get.assert_called_once_with(mock.ANY, self.key.id)
|
||||||
|
|
||||||
|
def test_generate_key_pair(self):
|
||||||
|
self.mock_object(
|
||||||
|
api_castellan, "list", mock.Mock(return_value=[self.key]))
|
||||||
|
url = reverse('horizon:project:private_keys:generate')
|
||||||
|
self.mock_object(
|
||||||
|
api_castellan, "generate_key_pair",
|
||||||
|
mock.Mock(return_value=(self.key, self.key)))
|
||||||
|
|
||||||
|
key_form_data = {
|
||||||
|
'name': self.key.name,
|
||||||
|
'length': 2048,
|
||||||
|
'algorithm': 'RSA'
|
||||||
|
}
|
||||||
|
|
||||||
|
self.client.post(url, key_form_data)
|
||||||
|
|
||||||
|
api_castellan.generate_key_pair.assert_called_once_with(
|
||||||
|
mock.ANY,
|
||||||
|
name=self.key.name,
|
||||||
|
algorithm=u'RSA',
|
||||||
|
length=2048
|
||||||
|
)
|
||||||
|
|
||||||
|
def test_import_key(self):
|
||||||
|
self.mock_object(
|
||||||
|
api_castellan, "list", mock.Mock(return_value=[self.key]))
|
||||||
|
url = reverse('horizon:project:private_keys:import')
|
||||||
|
self.mock_object(
|
||||||
|
api_castellan, "import_object", mock.Mock(return_value=self.key))
|
||||||
|
|
||||||
|
key_input = (
|
||||||
|
u"-----BEGIN PRIVATE KEY-----\n" +
|
||||||
|
self.key_b64_bytes.decode("utf-8") +
|
||||||
|
u"\n-----END PRIVATE KEY-----"
|
||||||
|
)
|
||||||
|
|
||||||
|
key_form_data = {
|
||||||
|
'source_type': 'raw',
|
||||||
|
'name': self.key.name,
|
||||||
|
'direct_input': key_input,
|
||||||
|
'bit_length': 2048,
|
||||||
|
'algorithm': 'RSA'
|
||||||
|
}
|
||||||
|
|
||||||
|
self.client.post(url, key_form_data)
|
||||||
|
|
||||||
|
api_castellan.import_object.assert_called_once_with(
|
||||||
|
mock.ANY,
|
||||||
|
object_type=private_key.PrivateKey,
|
||||||
|
key=self.key_b64_bytes,
|
||||||
|
name=self.key.name,
|
||||||
|
algorithm=u'RSA',
|
||||||
|
bit_length=2048
|
||||||
|
)
|
||||||
|
|
||||||
|
def test_delete_key(self):
|
||||||
|
self.mock_object(
|
||||||
|
api_castellan, "list", mock.Mock(return_value=[self.key]))
|
||||||
|
self.mock_object(api_castellan, "delete")
|
||||||
|
|
||||||
|
key_form_data = {
|
||||||
|
'action': 'private_key__delete__%s' % self.key.id
|
||||||
|
}
|
||||||
|
|
||||||
|
res = self.client.post(INDEX_URL, key_form_data)
|
||||||
|
|
||||||
|
api_castellan.list.assert_called_with(
|
||||||
|
mock.ANY, object_type=private_key.PrivateKey)
|
||||||
|
api_castellan.delete.assert_called_once_with(
|
||||||
|
mock.ANY,
|
||||||
|
self.key.id,
|
||||||
|
)
|
||||||
|
self.assertRedirectsNoFollow(res, INDEX_URL)
|
|
@ -0,0 +1,137 @@
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
import base64
|
||||||
|
from django.core.handlers import wsgi
|
||||||
|
from django.core.urlresolvers import reverse
|
||||||
|
from horizon import messages as horizon_messages
|
||||||
|
import mock
|
||||||
|
|
||||||
|
from castellan.common.objects import public_key
|
||||||
|
from castellan_ui.api import client as api_castellan
|
||||||
|
from castellan_ui.test import helpers as tests
|
||||||
|
from castellan_ui.test import test_data
|
||||||
|
|
||||||
|
INDEX_URL = reverse('horizon:project:public_keys:index')
|
||||||
|
|
||||||
|
|
||||||
|
class PublicKeysViewTest(tests.APITestCase):
|
||||||
|
|
||||||
|
def setUp(self):
|
||||||
|
super(PublicKeysViewTest, self).setUp()
|
||||||
|
self.key = test_data.public_key
|
||||||
|
self.key_b64_bytes = base64.b64encode(self.key.get_encoded())
|
||||||
|
self.mock_object(
|
||||||
|
api_castellan, "get", mock.Mock(return_value=self.key))
|
||||||
|
self.mock_object(api_castellan, "list", mock.Mock(return_value=[]))
|
||||||
|
self.mock_object(horizon_messages, "success")
|
||||||
|
FAKE_ENVIRON = {'REQUEST_METHOD': 'GET', 'wsgi.input': 'fake_input'}
|
||||||
|
self.request = wsgi.WSGIRequest(FAKE_ENVIRON)
|
||||||
|
|
||||||
|
def test_index(self):
|
||||||
|
key_list = [test_data.public_key, test_data.nameless_public_key]
|
||||||
|
|
||||||
|
self.mock_object(
|
||||||
|
api_castellan, "list", mock.Mock(return_value=key_list))
|
||||||
|
|
||||||
|
res = self.client.get(INDEX_URL)
|
||||||
|
self.assertEqual(res.status_code, 200)
|
||||||
|
self.assertTemplateUsed(res, 'public_keys.html')
|
||||||
|
api_castellan.list.assert_called_with(
|
||||||
|
mock.ANY, object_type=public_key.PublicKey)
|
||||||
|
|
||||||
|
def test_detail_view(self):
|
||||||
|
url = reverse('horizon:project:public_keys:detail',
|
||||||
|
args=[self.key.id])
|
||||||
|
self.mock_object(
|
||||||
|
api_castellan, "list", mock.Mock(return_value=[self.key]))
|
||||||
|
self.mock_object(
|
||||||
|
api_castellan, "get", mock.Mock(return_value=self.key))
|
||||||
|
|
||||||
|
res = self.client.get(url)
|
||||||
|
self.assertContains(
|
||||||
|
res, "<dt>Name</dt>\n <dd>%s</dd>" % self.key.name, 1, 200)
|
||||||
|
api_castellan.get.assert_called_once_with(mock.ANY, self.key.id)
|
||||||
|
|
||||||
|
def test_generate_key_pair(self):
|
||||||
|
self.mock_object(
|
||||||
|
api_castellan, "list", mock.Mock(return_value=[self.key]))
|
||||||
|
url = reverse('horizon:project:public_keys:generate')
|
||||||
|
self.mock_object(
|
||||||
|
api_castellan, "generate_key_pair",
|
||||||
|
mock.Mock(return_value=(self.key, self.key)))
|
||||||
|
|
||||||
|
key_form_data = {
|
||||||
|
'name': self.key.name,
|
||||||
|
'length': 2048,
|
||||||
|
'algorithm': 'RSA'
|
||||||
|
}
|
||||||
|
|
||||||
|
self.client.post(url, key_form_data)
|
||||||
|
|
||||||
|
api_castellan.generate_key_pair.assert_called_once_with(
|
||||||
|
mock.ANY,
|
||||||
|
name=self.key.name,
|
||||||
|
algorithm=u'RSA',
|
||||||
|
length=2048
|
||||||
|
)
|
||||||
|
|
||||||
|
def test_import_key(self):
|
||||||
|
self.mock_object(
|
||||||
|
api_castellan, "list", mock.Mock(return_value=[self.key]))
|
||||||
|
url = reverse('horizon:project:public_keys:import')
|
||||||
|
self.mock_object(
|
||||||
|
api_castellan, "import_object", mock.Mock(return_value=self.key))
|
||||||
|
|
||||||
|
key_input = (
|
||||||
|
u"-----BEGIN PUBLIC KEY-----\n" +
|
||||||
|
self.key_b64_bytes.decode("utf-8") +
|
||||||
|
u"\n-----END PUBLIC KEY-----"
|
||||||
|
)
|
||||||
|
|
||||||
|
key_form_data = {
|
||||||
|
'source_type': 'raw',
|
||||||
|
'name': self.key.name,
|
||||||
|
'direct_input': key_input,
|
||||||
|
'bit_length': 2048,
|
||||||
|
'algorithm': 'RSA'
|
||||||
|
}
|
||||||
|
|
||||||
|
self.client.post(url, key_form_data)
|
||||||
|
|
||||||
|
api_castellan.import_object.assert_called_once_with(
|
||||||
|
mock.ANY,
|
||||||
|
object_type=public_key.PublicKey,
|
||||||
|
key=self.key_b64_bytes,
|
||||||
|
name=self.key.name,
|
||||||
|
algorithm=u'RSA',
|
||||||
|
bit_length=2048
|
||||||
|
)
|
||||||
|
|
||||||
|
def test_delete_key(self):
|
||||||
|
self.mock_object(
|
||||||
|
api_castellan, "list", mock.Mock(return_value=[self.key]))
|
||||||
|
self.mock_object(api_castellan, "delete")
|
||||||
|
|
||||||
|
key_form_data = {
|
||||||
|
'action': 'public_key__delete__%s' % self.key.id
|
||||||
|
}
|
||||||
|
|
||||||
|
res = self.client.post(INDEX_URL, key_form_data)
|
||||||
|
|
||||||
|
api_castellan.list.assert_called_with(
|
||||||
|
mock.ANY, object_type=public_key.PublicKey)
|
||||||
|
api_castellan.delete.assert_called_once_with(
|
||||||
|
mock.ANY,
|
||||||
|
self.key.id,
|
||||||
|
)
|
||||||
|
self.assertRedirectsNoFollow(res, INDEX_URL)
|
|
@ -24,3 +24,35 @@ nameless_x509_cert = objects.x_509.X509(
|
||||||
name=None,
|
name=None,
|
||||||
created=1448088699,
|
created=1448088699,
|
||||||
id=u'11111111-1111-1111-1111-111111111111')
|
id=u'11111111-1111-1111-1111-111111111111')
|
||||||
|
|
||||||
|
private_key = objects.private_key.PrivateKey(
|
||||||
|
key=castellan_utils.get_private_key_der(),
|
||||||
|
algorithm="RSA",
|
||||||
|
bit_length=2048,
|
||||||
|
name=u'test private key',
|
||||||
|
created=1448088699,
|
||||||
|
id=u'00000000-0000-0000-0000-000000000000')
|
||||||
|
|
||||||
|
nameless_private_key = objects.private_key.PrivateKey(
|
||||||
|
key=castellan_utils.get_private_key_der(),
|
||||||
|
algorithm="RSA",
|
||||||
|
bit_length=2048,
|
||||||
|
name=None,
|
||||||
|
created=1448088699,
|
||||||
|
id=u'11111111-1111-1111-1111-111111111111')
|
||||||
|
|
||||||
|
public_key = objects.public_key.PublicKey(
|
||||||
|
key=castellan_utils.get_public_key_der(),
|
||||||
|
algorithm="RSA",
|
||||||
|
bit_length=2048,
|
||||||
|
name=u'test public key',
|
||||||
|
created=1448088699,
|
||||||
|
id=u'00000000-0000-0000-0000-000000000000')
|
||||||
|
|
||||||
|
nameless_public_key = objects.public_key.PublicKey(
|
||||||
|
key=castellan_utils.get_public_key_der(),
|
||||||
|
algorithm="RSA",
|
||||||
|
bit_length=2048,
|
||||||
|
name=None,
|
||||||
|
created=1448088699,
|
||||||
|
id=u'11111111-1111-1111-1111-111111111111')
|
||||||
|
|
Loading…
Reference in New Issue