Add method to get UserCert by serial number.

2018-01-23 22:12:29 +00:00 · 2018-01-23 22:12:29 +00:00 · 252e740911
commit 252e740911
parent a061c474c2
5 changed files with 15 additions and 8 deletions
--- a/files/tatu.conf
+++ b/files/tatu.conf
@ -3,11 +3,11 @@
 [tatu]
 use_barbican_key_manager = True
 #use_pat_bastions = True
-#num_total_pats = 3
-#num_pat_bastions_per_server = 2
+num_total_pats = 1
+num_pat_bastions_per_server = 1
 #pat_dns_zone_name = tatuPAT.com.
 #pat_dns_zone_email = tatu@nono.nono
-sqlalchemy_engine = mysql+pymysql://root:pinot@127.0.0.1
+sqlalchemy_engine = mysql+pymysql://root:pinot@127.0.0.1/tatu
 auth_url = http://localhost/identity/v3
 user_id = fab01a1f2a7749b78a53dffe441a1879
 password = pinot
--- a/tatu/api/models.py
+++ b/tatu/api/models.py
@ -149,6 +149,7 @@ class UserCerts(object):
            raise falcon.HTTPBadRequest(str(e))
        resp.status = falcon.HTTP_201
        resp.location = '/usercerts/' + user.user_id + '/' + user.fingerprint
+        resp.body = json.dumps(_userAsDict(user))

    @falcon.before(validate)
    def on_get(self, req, resp):
--- a/tatu/config.py
+++ b/tatu/config.py
@ -41,7 +41,7 @@ opts = [
               default='tatu@nono.nono',
               help='Email of admin for DNS zone for PAT bastions'),
    cfg.StrOpt('sqlalchemy_engine',
-               default='mysql+pymysql://root:pinot@127.0.0.1',
+               default='mysql+pymysql://root:pinot@127.0.0.1/tatu',
               help='SQLAlchemy database URL'),
    cfg.StrOpt('auth_url',
               default='http://localhost/identity/v3',
--- a/tatu/db/models.py
+++ b/tatu/db/models.py
@ -77,6 +77,10 @@ class UserCert(Base):
 sa.Index('idx_user_finger', UserCert.user_id, UserCert.fingerprint, unique=True)


+def getUserCertBySerial(session, serial):
+    return session.query(UserCert).get(serial)
+
+
 def getUserCert(session, user_id, fingerprint):
    return session.query(UserCert).filter(
            UserCert.user_id == user_id).filter(
@ -138,8 +142,10 @@ def revokeUserKey(session, auth_id, serial=None, key_id=None, cert=None):
    ser = None
    userCert = None
    if serial is not None:
-        userCert = session.query(UserCert).filter(
-            UserCert.serial == serial).one()
+        try:
+            userCert = getUserCertBySerial(session, serial)
+        except Exception:
+            pass
        if userCert is None:
            raise falcon.HTTPBadRequest(
                "Can't find the certificate for serial # {}".format(serial))
--- a/tatu/db/persistence.py
+++ b/tatu/db/persistence.py
@ -24,8 +24,8 @@ class SQLAlchemySessionManager(object):
    def __init__(self):
        LOG.info('Creating sqlalchemy engine {}'.format(config.CONF.tatu.sqlalchemy_engine))
        self.engine = create_engine(config.CONF.tatu.sqlalchemy_engine)
-        self.engine.execute("CREATE DATABASE IF NOT EXISTS tatu;")
-        self.engine.execute("USE tatu;")
+        #self.engine.execute("CREATE DATABASE IF NOT EXISTS tatu;")
+        #self.engine.execute("USE tatu;")
        Base.metadata.create_all(self.engine)
        self.Session = scoped_session(sessionmaker(self.engine))