1f0c90f3a8
This patch updates the imported code to reflect octavia-dashboard. More work is required to make this work with the Octavia v2 API. This will be done in followup patches. Change-Id: I7363105a53642d0003036cada21c5b0cc25efc1a
96 lines
3.4 KiB
Python
96 lines
3.4 KiB
Python
# Copyright 2016 IBM Corp.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
"""API over the barbican service.
|
|
"""
|
|
|
|
from barbicanclient import client as barbican_client
|
|
from django.conf import settings
|
|
from django.views import generic
|
|
from keystoneclient.auth.identity import v2 as auth_v2
|
|
from keystoneclient.auth.identity import v3 as auth_v3
|
|
from keystoneclient import session
|
|
|
|
from horizon.utils.memoized import memoized # noqa
|
|
|
|
from openstack_dashboard.api import base
|
|
from openstack_dashboard.api import keystone
|
|
from openstack_dashboard.api.rest import urls
|
|
from openstack_dashboard.api.rest import utils as rest_utils
|
|
|
|
|
|
@memoized
|
|
def barbicanclient(request):
|
|
project_id = request.user.project_id
|
|
region = request.user.services_region
|
|
endpoint = base.url_for(request, 'key-manager')
|
|
if keystone.get_version() < 3:
|
|
auth = auth_v2.Token(settings.OPENSTACK_KEYSTONE_URL,
|
|
request.user.token.id,
|
|
tenant_id=project_id)
|
|
else:
|
|
domain_id = request.session.get('domain_context')
|
|
auth = auth_v3.Token(settings.OPENSTACK_KEYSTONE_URL,
|
|
request.user.token.id,
|
|
project_id=project_id,
|
|
project_domain_id=domain_id)
|
|
insecure = getattr(settings, 'OPENSTACK_SSL_NO_VERIFY', False)
|
|
cacert = getattr(settings, 'OPENSTACK_SSL_CACERT', None)
|
|
# If 'insecure' is True, 'verify' is False in all cases; otherwise
|
|
# pass the cacert path if it is present, or True if no cacert.
|
|
verify = not insecure and (cacert or True)
|
|
return barbican_client.Client(session=session.Session(auth=auth,
|
|
verify=verify),
|
|
endpoint=endpoint,
|
|
region_name=region)
|
|
|
|
|
|
@urls.register
|
|
class SSLCertificates(generic.View):
|
|
"""API for working with SSL certificate containers.
|
|
|
|
"""
|
|
url_regex = r'barbican/certificates/$'
|
|
|
|
@rest_utils.ajax()
|
|
def get(self, request):
|
|
"""List certificate containers.
|
|
|
|
The listing result is an object with property "items".
|
|
"""
|
|
limit = getattr(settings, 'API_RESULT_LIMIT', 1000)
|
|
containers = barbicanclient(request).containers
|
|
params = {'limit': limit, 'type': 'certificate'}
|
|
result = containers._api.get('containers', params=params)
|
|
return {'items': result.get('containers')}
|
|
|
|
|
|
@urls.register
|
|
class Secrets(generic.View):
|
|
"""API for working with secrets.
|
|
|
|
"""
|
|
url_regex = r'barbican/secrets/$'
|
|
|
|
@rest_utils.ajax()
|
|
def get(self, request):
|
|
"""List secrets.
|
|
|
|
The listing result is an object with property "items".
|
|
"""
|
|
limit = getattr(settings, 'API_RESULT_LIMIT', 1000)
|
|
secrets = barbicanclient(request).secrets
|
|
params = {'limit': limit}
|
|
result = secrets._api.get('secrets', params=params)
|
|
return {'items': result.get('secrets')}
|