Add Public and Private Key Panels

Change-Id: I2c9a1c6562bb3111c558a6a46a2f90b63d048366
This commit is contained in:
Kaitlin Farr 2017-11-14 14:18:07 -05:00 committed by Brianna Poulos
parent 2cbad27df7
commit 32c35f6f20
33 changed files with 1400 additions and 0 deletions

View File

@ -55,6 +55,8 @@ And enable it in Horizon::
ln -s ../castellan-ui/castellan_ui/enabled/_90_project_key_manager_panelgroup.py openstack_dashboard/local/enabled
ln -s ../castellan-ui/castellan_ui/enabled/_91_project_key_manager_x509_certificates_panel.py openstack_dashboard/local/enabled
ln -s ../castellan-ui/castellan_ui/enabled/_92_project_key_manager_private_key_panel.py openstack_dashboard/local/enabled
ln -s ../castellan-ui/castellan_ui/enabled/_93_project_key_manager_public_key_panel.py openstack_dashboard/local/enabled
To run horizon with the newly enabled Castellan UI plugin run::

View File

@ -0,0 +1,47 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import base64
from django.utils.translation import ugettext_lazy as _
from castellan.common.objects import private_key
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.serialization import load_pem_private_key
from castellan_ui.content import shared_forms
class ImportPrivateKey(shared_forms.ImportKey):
def __init__(self, request, *args, **kwargs):
super(ImportPrivateKey, self).__init__(
request, *args, algorithms=shared_forms.KEY_PAIR_ALGORITHMS,
**kwargs)
self.fields['direct_input'].help_text = _(
"PEM formatted private key.")
self.fields['key_file'].help_text = _(
"PEM formatted private key file.")
def clean_key_data(self, key_data):
key_obj = load_pem_private_key(
key_data.encode('utf-8'), password=None, backend=default_backend())
key_der = key_obj.private_bytes(
encoding=serialization.Encoding.DER,
format=serialization.PrivateFormat.PKCS8,
encryption_algorithm=serialization.NoEncryption())
return base64.b64encode(key_der)
def handle(self, request, data):
return super(ImportPrivateKey, self).handle(
request, data, private_key.PrivateKey)

View File

@ -0,0 +1,23 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from django.utils.translation import ugettext_lazy as _
import horizon
# This panel will be loaded from horizon, because specified in enabled file.
# To register REST api, import below here.
from castellan_ui.api import client # noqa: F401
class PrivateKeys(horizon.Panel):
name = _("Private Keys")
slug = "private_keys"

View File

@ -0,0 +1,98 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from castellan_ui.content import filters
from django.core.urlresolvers import reverse
from django.utils.translation import ugettext_lazy as _
from django.utils.translation import ungettext_lazy
from castellan_ui.api import client
from horizon import tables
class GeneratePrivateKey(tables.LinkAction):
name = "generate_private_key"
verbose_name = _("Generate Key Pair")
url = "horizon:project:private_keys:generate"
classes = ("ajax-modal",)
icon = "plus"
policy_rules = ()
class ImportPrivateKey(tables.LinkAction):
name = "import_private_key"
verbose_name = _("Import Private Key")
url = "horizon:project:private_keys:import"
classes = ("ajax-modal",)
icon = "upload"
policy_rules = ()
class DownloadKey(tables.LinkAction):
name = "download"
verbose_name = _("Download Key")
url = "horizon:project:private_keys:download"
classes = ("btn-download",)
policy_rules = ()
def get_link_url(self, datum):
return reverse(self.url,
kwargs={'object_id': datum.id})
class DeletePrivateKey(tables.DeleteAction):
policy_rules = ()
help_text = _("You should not delete a private key unless you are "
"certain it is not being used anywhere. If there was a "
"public key generated with this private key, it will not "
"be deleted.")
@staticmethod
def action_present(count):
return ungettext_lazy(
u"Delete Private Key",
u"Delete Private Keys",
count
)
@staticmethod
def action_past(count):
return ungettext_lazy(
u"Deleted Private Key",
u"Deleted Private Keys",
count
)
def delete(self, request, obj_id):
client.delete(request, obj_id)
class PrivateKeyTable(tables.DataTable):
detail_link = "horizon:project:private_keys:detail"
uuid = tables.Column("id", verbose_name=_("Key ID"), link=detail_link)
name = tables.Column("name", verbose_name=_("Name"))
algorithm = tables.Column("algorithm", verbose_name=_("Algorithm"))
bit_length = tables.Column("bit_length", verbose_name=_("Bit Length"))
created_date = tables.Column("created",
verbose_name=_("Created Date"),
filters=(filters.timestamp_to_iso,))
def get_object_display(self, datum):
return datum.name if datum.name else datum.id
class Meta(object):
name = "private_key"
table_actions = (GeneratePrivateKey,
ImportPrivateKey,
DeletePrivateKey,)
row_actions = (DownloadKey, DeletePrivateKey)

View File

@ -0,0 +1,27 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from castellan_ui.content.private_keys import views
from django.conf.urls import url
urlpatterns = [
url(r'^$', views.IndexView.as_view(), name='index'),
url(r'^import/$', views.ImportView.as_view(), name='import'),
url(r'^generate/$', views.GenerateView.as_view(), name='generate'),
url(r'^(?P<object_id>[^/]+)/$',
views.DetailView.as_view(),
name='detail'),
url(r'^download/$', views.download_key, name='download'),
url(r'^(?P<object_id>[^/]+)/download$',
views.download_key,
name='download'),
]

View File

@ -0,0 +1,150 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from django.core.urlresolvers import reverse
from django.core.urlresolvers import reverse_lazy
from django.http import HttpResponse
from django.utils.translation import ugettext_lazy as _
from cryptography.hazmat import backends
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.serialization import load_der_private_key
from castellan.common.objects import private_key
from castellan_ui.api import client
from castellan_ui.content.private_keys import forms as private_key_forms
from castellan_ui.content.private_keys import tables
from castellan_ui.content import shared_forms
from datetime import datetime
from horizon import exceptions
from horizon import forms
from horizon.tables import views as tables_views
from horizon.utils import memoized
from horizon import views
def download_key(request, object_id):
try:
obj = client.get(request, object_id)
data = obj.get_encoded()
key_obj = load_der_private_key(
data, password=None, backend=backends.default_backend())
key_pem = key_obj.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.PKCS8,
encryption_algorithm=serialization.NoEncryption())
response = HttpResponse()
response.write(key_pem)
response['Content-Disposition'] = ('attachment; '
'filename="%s.key"' % object_id)
response['Content-Length'] = str(len(response.content))
return response
except Exception:
redirect = reverse('horizon:project:private_keys:index')
msg = _('Unable to download private_key "%s".')\
% (object_id)
exceptions.handle(request, msg, redirect=redirect)
class IndexView(tables_views.MultiTableView):
table_classes = [
tables.PrivateKeyTable
]
template_name = 'private_keys.html'
def get_private_key_data(self):
try:
return client.list(
self.request, object_type=private_key.PrivateKey)
except Exception as e:
msg = _('Unable to list private keys: "%s".') % (e.message)
exceptions.handle(self.request, msg)
return []
class GenerateView(forms.ModalFormView):
form_class = shared_forms.GenerateKeyPair
template_name = 'private_key_generate.html'
submit_url = reverse_lazy(
"horizon:project:private_keys:generate")
success_url = reverse_lazy('horizon:project:private_keys:index')
submit_label = page_title = _("Generate Key Pair")
class ImportView(forms.ModalFormView):
form_class = private_key_forms.ImportPrivateKey
template_name = 'private_key_import.html'
submit_url = reverse_lazy(
"horizon:project:private_keys:import")
success_url = reverse_lazy('horizon:project:private_keys:index')
submit_label = page_title = _("Import Private Key")
def get_object_id(self, key_uuid):
return key_uuid
class DetailView(views.HorizonTemplateView):
template_name = 'private_key_detail.html'
page_title = _("Private Key Details")
@memoized.memoized_method
def _get_data(self):
try:
obj = client.get(self.request, self.kwargs['object_id'])
except Exception:
redirect = reverse('horizon:project:private_keys:index')
msg = _('Unable to retrieve details for private_key "%s".')\
% (self.kwargs['object_id'])
exceptions.handle(self.request, msg,
redirect=redirect)
return obj
@memoized.memoized_method
def _get_data_created_date(self, obj):
try:
created_date = datetime.utcfromtimestamp(obj.created).isoformat()
except Exception:
redirect = reverse('horizon:project:private_keys:index')
msg = _('Unable to retrieve details for private_key "%s".')\
% (self.kwargs['object_id'])
exceptions.handle(self.request, msg,
redirect=redirect)
return created_date
@memoized.memoized_method
def _get_data_bytes(self, obj):
try:
key = serialization.load_der_private_key(
obj.get_encoded(),
backend=backends.default_backend(),
password=None)
data_bytes = key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.PKCS8,
encryption_algorithm=serialization.NoEncryption())
except Exception:
redirect = reverse('horizon:project:private_keys:index')
msg = _('Unable to retrieve details for private_key "%s".')\
% (self.kwargs['object_id'])
exceptions.handle(self.request, msg,
redirect=redirect)
return data_bytes
def get_context_data(self, **kwargs):
"""Gets the context data for key."""
context = super(DetailView, self).get_context_data(**kwargs)
obj = self._get_data()
context['object'] = obj
context['object_created_date'] = self._get_data_created_date(obj)
context['object_bytes'] = self._get_data_bytes(obj)
return context

View File

@ -0,0 +1,46 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import base64
from django.utils.translation import ugettext_lazy as _
from castellan.common.objects import public_key
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.serialization import load_pem_public_key
from castellan_ui.content import shared_forms
class ImportPublicKey(shared_forms.ImportKey):
def __init__(self, request, *args, **kwargs):
super(ImportPublicKey, self).__init__(
request, *args, algorithms=shared_forms.KEY_PAIR_ALGORITHMS,
**kwargs)
self.fields['direct_input'].help_text = _(
"PEM formatted public key.")
self.fields['key_file'].help_text = _(
"PEM formatted public key file.")
def clean_key_data(self, key_data):
key_obj = load_pem_public_key(
key_data.encode('utf-8'), backend=default_backend())
key_der = key_obj.public_bytes(
encoding=serialization.Encoding.DER,
format=serialization.PublicFormat.SubjectPublicKeyInfo)
return base64.b64encode(key_der)
def handle(self, request, data):
return super(ImportPublicKey, self).handle(
request, data, public_key.PublicKey)

View File

@ -0,0 +1,23 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from django.utils.translation import ugettext_lazy as _
import horizon
# This panel will be loaded from horizon, because specified in enabled file.
# To register REST api, import below here.
from castellan_ui.api import client # noqa: F401
class PublicKeys(horizon.Panel):
name = _("Public Keys")
slug = "public_keys"

View File

@ -0,0 +1,98 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from castellan_ui.content import filters
from django.core.urlresolvers import reverse
from django.utils.translation import ugettext_lazy as _
from django.utils.translation import ungettext_lazy
from castellan_ui.api import client
from horizon import tables
class GeneratePublicKey(tables.LinkAction):
name = "generate_public_key"
verbose_name = _("Generate Key Pair")
url = "horizon:project:public_keys:generate"
classes = ("ajax-modal",)
icon = "plus"
policy_rules = ()
class ImportPublicKey(tables.LinkAction):
name = "import_public_key"
verbose_name = _("Import Public Key")
url = "horizon:project:public_keys:import"
classes = ("ajax-modal",)
icon = "upload"
policy_rules = ()
class DownloadKey(tables.LinkAction):
name = "download"
verbose_name = _("Download Key")
url = "horizon:project:public_keys:download"
classes = ("btn-download",)
policy_rules = ()
def get_link_url(self, datum):
return reverse(self.url,
kwargs={'object_id': datum.id})
class DeletePublicKey(tables.DeleteAction):
policy_rules = ()
help_text = _("You should not delete a public key unless you are "
"certain it is not being used anywhere. If there was a "
"private key generated with this public key, it will not "
"be deleted.")
@staticmethod
def action_present(count):
return ungettext_lazy(
u"Delete Public Key",
u"Delete Public Keys",
count
)
@staticmethod
def action_past(count):
return ungettext_lazy(
u"Deleted Public Key",
u"Deleted Public Keys",
count
)
def delete(self, request, obj_id):
client.delete(request, obj_id)
class PublicKeyTable(tables.DataTable):
detail_link = "horizon:project:public_keys:detail"
uuid = tables.Column("id", verbose_name=_("Key ID"), link=detail_link)
name = tables.Column("name", verbose_name=_("Name"))
algorithm = tables.Column("algorithm", verbose_name=_("Algorithm"))
bit_length = tables.Column("bit_length", verbose_name=_("Bit Length"))
created_date = tables.Column("created",
verbose_name=_("Created Date"),
filters=(filters.timestamp_to_iso,))
def get_object_display(self, datum):
return datum.name if datum.name else datum.id
class Meta(object):
name = "public_key"
table_actions = (GeneratePublicKey,
ImportPublicKey,
DeletePublicKey,)
row_actions = (DownloadKey, DeletePublicKey)

View File

@ -0,0 +1,27 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from castellan_ui.content.public_keys import views
from django.conf.urls import url
urlpatterns = [
url(r'^$', views.IndexView.as_view(), name='index'),
url(r'^import/$', views.ImportView.as_view(), name='import'),
url(r'^generate/$', views.GenerateView.as_view(), name='generate'),
url(r'^(?P<object_id>[^/]+)/$',
views.DetailView.as_view(),
name='detail'),
url(r'^download/$', views.download_key, name='download'),
url(r'^(?P<object_id>[^/]+)/download$',
views.download_key,
name='download'),
]

View File

@ -0,0 +1,147 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from django.core.urlresolvers import reverse
from django.core.urlresolvers import reverse_lazy
from django.http import HttpResponse
from django.utils.translation import ugettext_lazy as _
from cryptography.hazmat import backends
from cryptography.hazmat.primitives import serialization
from castellan.common.objects import public_key
from castellan_ui.api import client
from castellan_ui.content.public_keys import forms as public_key_forms
from castellan_ui.content.public_keys import tables
from castellan_ui.content import shared_forms
from datetime import datetime
from horizon import exceptions
from horizon import forms
from horizon.tables import views as tables_views
from horizon.utils import memoized
from horizon import views
def download_key(request, object_id):
try:
obj = client.get(request, object_id)
data = obj.get_encoded()
key_obj = serialization.load_der_public_key(
data, backend=backends.default_backend())
key_pem = key_obj.public_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PublicFormat.SubjectPublicKeyInfo)
response = HttpResponse()
response.write(key_pem)
response['Content-Disposition'] = ('attachment; '
'filename="%s.key"' % object_id)
response['Content-Length'] = str(len(response.content))
return response
except Exception:
redirect = reverse('horizon:project:public_keys:index')
msg = _('Unable to download public_key "%s".')\
% (object_id)
exceptions.handle(request, msg, redirect=redirect)
class IndexView(tables_views.MultiTableView):
table_classes = [
tables.PublicKeyTable
]
template_name = 'public_keys.html'
def get_public_key_data(self):
try:
return client.list(
self.request, object_type=public_key.PublicKey)
except Exception as e:
msg = _('Unable to list private keys: "%s".') % (e.message)
exceptions.handle(self.request, msg)
return []
class GenerateView(forms.ModalFormView):
form_class = shared_forms.GenerateKeyPair
template_name = 'public_key_generate.html'
submit_url = reverse_lazy(
"horizon:project:public_keys:generate")
success_url = reverse_lazy('horizon:project:public_keys:index')
submit_label = page_title = _("Generate Key Pair")
class ImportView(forms.ModalFormView):
form_class = public_key_forms.ImportPublicKey
template_name = 'public_key_import.html'
submit_url = reverse_lazy(
"horizon:project:public_keys:import")
success_url = reverse_lazy('horizon:project:public_keys:index')
submit_label = page_title = _("Import Public Key")
def get_object_id(self, key_uuid):
return key_uuid
class DetailView(views.HorizonTemplateView):
template_name = 'public_key_detail.html'
page_title = _("Public Key Details")
@memoized.memoized_method
def _get_data(self):
try:
obj = client.get(self.request, self.kwargs['object_id'])
except Exception:
redirect = reverse('horizon:project:public_keys:index')
msg = _('Unable to retrieve details for public_key "%s".')\
% (self.kwargs['object_id'])
exceptions.handle(self.request, msg,
redirect=redirect)
return obj
@memoized.memoized_method
def _get_data_created_date(self, obj):
try:
created_date = datetime.utcfromtimestamp(obj.created).isoformat()
except Exception:
redirect = reverse('horizon:project:public_keys:index')
msg = _('Unable to retrieve details for public_key "%s".')\
% (self.kwargs['object_id'])
exceptions.handle(self.request, msg,
redirect=redirect)
return created_date
@memoized.memoized_method
def _get_data_bytes(self, obj):
try:
key = serialization.load_der_public_key(
obj.get_encoded(),
backend=backends.default_backend())
data_bytes = key.public_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PublicFormat.SubjectPublicKeyInfo)
except Exception:
redirect = reverse('horizon:project:public_keys:index')
msg = _('Unable to retrieve details for public_key "%s".')\
% (self.kwargs['object_id'])
exceptions.handle(self.request, msg,
redirect=redirect)
return data_bytes
def get_context_data(self, **kwargs):
"""Gets the context data for key."""
context = super(DetailView, self).get_context_data(**kwargs)
obj = self._get_data()
context['object'] = obj
context['object_created_date'] = self._get_data_created_date(obj)
context['object_bytes'] = self._get_data_bytes(obj)
return context

View File

@ -0,0 +1,195 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import abc
import re
from django.utils.translation import ugettext_lazy as _
from horizon import exceptions
from horizon import forms
from horizon import messages
from castellan_ui.api import client
KEY_PAIR_ALGORITHMS = ('RSA', 'DSA')
NEW_LINES = re.compile(r"\r|\n")
NAME_REGEX = re.compile(r"^\w+(?:[- ]\w+)*$", re.UNICODE)
ERROR_MESSAGES = {
'invalid': _('Key name may only contain letters, '
'numbers, underscores, spaces, and hyphens '
'and may not be white space.')}
ALG_HELP_TEXT = _(
"Check which algorithms your key manager supports. "
"Some common algorithms are: %s") % ', '.join(KEY_PAIR_ALGORITHMS)
LENGTH_HELP_TEXT = _(
"Only certain bit lengths are valid for each algorithm. "
"Some common bit lengths are: 1024, 2048")
class ListTextWidget(forms.TextInput):
def __init__(self, data_list, name, *args, **kwargs):
super(ListTextWidget, self).__init__(*args, **kwargs)
self._name = name
self._list = data_list
self.attrs.update({'list': 'list__%s' % self._name})
def render(self, name, value, attrs=None):
text_html = super(ListTextWidget, self).render(name,
value,
attrs=attrs)
data_list = '<datalist id="list__%s">' % self._name
for item in self._list:
data_list += '<option value="%s">' % item
data_list += '</datalist>'
return (text_html + data_list)
class ImportKey(forms.SelfHandlingForm):
algorithm = forms.CharField(label=_("Algorithm"), help_text=ALG_HELP_TEXT)
bit_length = forms.IntegerField(
label=_("Bit Length"), min_value=0, help_text=LENGTH_HELP_TEXT)
name = forms.RegexField(required=False,
max_length=255,
label=_("Key Name"),
regex=NAME_REGEX,
error_messages=ERROR_MESSAGES)
source_type = forms.ChoiceField(
label=_('Source'),
required=False,
choices=[('file', _('Key File')),
('raw', _('Direct Input'))],
widget=forms.ThemableSelectWidget(
attrs={'class': 'switchable', 'data-slug': 'source'}))
key_file = forms.FileField(
label=_("Choose file"),
widget=forms.FileInput(
attrs={'class': 'switched', 'data-switch-on': 'source',
'data-source-file': _('Key File')}),
required=False)
direct_input = forms.CharField(
label=_('Key Value'),
widget=forms.widgets.Textarea(
attrs={'class': 'switched', 'data-switch-on': 'source',
'data-source-raw': _('Key Value')}),
required=False)
def __init__(self, request, *args, **kwargs):
algorithms = kwargs.pop('algorithms', None)
super(ImportKey, self).__init__(request, *args, **kwargs)
self.fields['algorithm'].widget = ListTextWidget(data_list=algorithms,
name='algorithms')
@abc.abstractmethod
def clean_key_data(self, key_pem):
"""This should be implemented for the specific key import form"""
return
def clean(self):
data = super(ImportKey, self).clean()
# The key can be missing based on particular upload
# conditions. Code defensively for it here...
key_file = data.get('key_file', None)
key_raw = data.get('direct_input', None)
if key_raw and key_file:
raise forms.ValidationError(
_("Cannot specify both file and direct input."))
if not key_raw and not key_file:
raise forms.ValidationError(
_("No input was provided for the key value."))
try:
if key_file:
key_pem = self.files['key_file'].read()
else:
key_pem = data['direct_input']
data['key_data'] = self.clean_key_data(key_pem)
except Exception as e:
msg = _('There was a problem loading the key: %s. '
'Is the key valid and in the correct format?') % e
raise forms.ValidationError(msg)
return data
def handle(self, request, data, key_type):
try:
key_uuid = client.import_object(
request,
algorithm=data['algorithm'],
bit_length=data['bit_length'],
key=data['key_data'],
name=data['name'],
object_type=key_type)
if data['name']:
key_identifier = data['name']
else:
key_identifier = key_uuid
messages.success(request,
_('Successfully imported key: %s')
% key_identifier)
return key_uuid
except Exception as e:
msg = _('Unable to import key: %s')
messages.error(request, msg % e)
exceptions.handle(request, ignore=True)
self.api_error(_('Unable to import key.'))
return False
class GenerateKeyPair(forms.SelfHandlingForm):
algorithm = forms.CharField(
label=_("Algorithm"),
help_text=ALG_HELP_TEXT,
widget=ListTextWidget(
data_list=KEY_PAIR_ALGORITHMS, name='algorithm-list'))
length = forms.IntegerField(
label=_("Bit Length"),
min_value=0,
help_text=LENGTH_HELP_TEXT)
name = forms.RegexField(required=False,
max_length=255,
label=_("Key Name"),
regex=NAME_REGEX,
error_messages=ERROR_MESSAGES)
def handle(self, request, data):
try:
key_uuid = client.generate_key_pair(
request,
algorithm=data['algorithm'],
length=data['length'],
name=data['name'])
if data['name']:
key_identifier = data['name']
else:
key_identifier = key_uuid
messages.success(request,
_('Successfully generated key pair %s')
% key_identifier)
return key_uuid
except Exception as e:
msg = _('Unable to generate key pair: %s')
messages.error(request, msg % e)
exceptions.handle(request, ignore=True)
self.api_error(_('Unable to generate key pair.'))
return False

View File

@ -0,0 +1,23 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# The slug of the panel to be added to HORIZON_CONFIG. Required.
PANEL = 'private_keys'
# The slug of the panel group the PANEL is associated with.
PANEL_GROUP = 'key_manager'
# The slug of the dashboard the PANEL associated with. Required.
PANEL_DASHBOARD = 'project'
ADD_INSTALLED_APP = ['castellan_ui', ]
# Python panel class of the PANEL to be added.
ADD_PANEL = 'castellan_ui.content.private_keys.panel.PrivateKeys'

View File

@ -0,0 +1,23 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# The slug of the panel to be added to HORIZON_CONFIG. Required.
PANEL = 'public_keys'
# The slug of the panel group the PANEL is associated with.
PANEL_GROUP = 'key_manager'
# The slug of the dashboard the PANEL associated with. Required.
PANEL_DASHBOARD = 'project'
ADD_INSTALLED_APP = ['castellan_ui', ]
# Python panel class of the PANEL to be added.
ADD_PANEL = 'castellan_ui.content.public_keys.panel.PublicKeys'

View File

@ -0,0 +1,9 @@
{% extends "horizon/common/_modal_form.html" %}
{% load i18n %}
{% block modal-body-right %}
<p>{% trans "Check your key manager to see which algorithms and bit lengths are supported." %}</p>
<p>{% trans "A key pair consists of a private key and a public key. When you generate a private key, the public key will also be generated, and vice versa." %}</p>
<p>{% trans "You can find the corresponding public key on the " %}<a href="{% url 'horizon:project:public_keys:index' %}">Public Keys</a> {% trans "page." %}</p>
{% endblock %}

View File

@ -0,0 +1,9 @@
{% extends '_object_import.html' %}
{% load i18n %}
{% block modal-body-right %}
<p>{% trans "Private keys can be imported if they are in Privacy Enhanced Mail (PEM) format." %}</p>
<p>{% trans "Your PEM formatted key will look something like this:" %}</p>
<p><pre>-----BEGIN PRIVATE KEY-----<br>&lt;base64-encoded data&gt;<br>-----END PRIVATE KEY-----</pre></p>
{% endblock %}

View File

@ -0,0 +1,10 @@
{% extends "horizon/common/_modal_form.html" %}
{% load i18n %}
{% block modal-body-right %}
<p>{% trans "Check your key manager to see which algorithms and bit lengths are supported." %}</p>
<p>{% trans "A key pair consists of a private key and a public key. When you generate a public key, the private key will also be generated, and vice versa." %}</p>
<p>{% trans "You can find the corresponding private key on the " %}<a href="{% url 'horizon:project:private_keys:index' %}">Private Keys</a> {% trans "page." %}</p>
{% endblock %}

View File

@ -0,0 +1,9 @@
{% extends '_object_import.html' %}
{% load i18n %}
{% block modal-body-right %}
<p>{% trans "Public keys can be imported if they are in Privacy Enhanced Mail (PEM) format." %}</p>
<p>{% trans "Your PEM formatted key will look something like this:" %}</p>
<p><pre>-----BEGIN PUBLIC KEY-----<br>&lt;base64-encoded data&gt;<br>-----END PUBLIC KEY-----</pre></p>
{% endblock %}

View File

@ -0,0 +1,27 @@
{% extends 'base.html' %}
{% load i18n parse_date %}
{% block title %}{{ page_title }}{% endblock %}
{% block page_header %}
{% include "horizon/common/_detail_header.html" %}
{% endblock %}
{% block main %}
<div class="detail">
<dl class="dl-horizontal">
<dt>{% trans "Name" %}</dt>
<dd>{{ object.name|default:_("None") }}</dd>
<dt>{% trans "Created" %}</dt>
<dd>{{ object_created_date|parse_date}}</dd>
<dt>{% trans "Algorithm" %}</dt>
<dd>{{ object.algorithm|default:_("None") }}</dd>
<dt>{% trans "Bit Length" %}</dt>
<dd>{{ object.bit_length|default:_("None") }}</dd>
<dt>{% trans "Key" %}</dt>
<dd>
<div style="white-space: pre-wrap; font-family: monospace;">{{ object_bytes|default:_("None") }}</div>
</dd>
</dl>
</div>
{% endblock %}

View File

@ -0,0 +1,7 @@
{% extends 'base.html' %}
{% load i18n %}
{% block title %}{{ page_title }}{% endblock %}
{% block main %}
{% include '_private_key_generate.html' %}
{% endblock %}

View File

@ -0,0 +1,7 @@
{% extends 'base.html' %}
{% load i18n %}
{% block title %}{{ page_title }}{% endblock %}
{% block main %}
{% include '_private_key_import.html' %}
{% endblock %}

View File

@ -0,0 +1,23 @@
{% extends 'base.html' %}
{% load i18n %}
{% block title %}{% trans "Private Keys" %}{% endblock %}
{% block breadcrumb_nav %}
<ol class = "breadcrumb">
<li>{% trans "Project" %}</li>
<li>{% trans "Key Manager" %}</li>
<li class="active">{% trans "Private Keys" %}</li>
</ol>
{% endblock %}
{% block page_header %}
<hz-page-header header="{% trans "Private Keys" %}"></hz-page-header>
{% endblock page_header %}
{% block main %}
<div class="row">
<div class="col-sm-12">
{{ private_key_table.render }}
</div>
</div>
{% endblock %}

View File

@ -0,0 +1,27 @@
{% extends 'base.html' %}
{% load i18n parse_date %}
{% block title %}{{ page_title }}{% endblock %}
{% block page_header %}
{% include "horizon/common/_detail_header.html" %}
{% endblock %}
{% block main %}
<div class="detail">
<dl class="dl-horizontal">
<dt>{% trans "Name" %}</dt>
<dd>{{ object.name|default:_("None") }}</dd>
<dt>{% trans "Created" %}</dt>
<dd>{{ object_created_date|parse_date}}</dd>
<dt>{% trans "Algorithm" %}</dt>
<dd>{{ object.algorithm|default:_("None") }}</dd>
<dt>{% trans "Bit Length" %}</dt>
<dd>{{ object.bit_length|default:_("None") }}</dd>
<dt>{% trans "Key" %}</dt>
<dd>
<div style="white-space: pre-wrap; font-family: monospace;">{{ object_bytes|default:_("None") }}</div>
</dd>
</dl>
</div>
{% endblock %}

View File

@ -0,0 +1,7 @@
{% extends 'base.html' %}
{% load i18n %}
{% block title %}{{ page_title }}{% endblock %}
{% block main %}
{% include '_public_key_generate.html' %}
{% endblock %}

View File

@ -0,0 +1,7 @@
{% extends 'base.html' %}
{% load i18n %}
{% block title %}{{ page_title }}{% endblock %}
{% block main %}
{% include '_public_key_import.html' %}
{% endblock %}

View File

@ -0,0 +1,23 @@
{% extends 'base.html' %}
{% load i18n %}
{% block title %}{% trans "Public Keys" %}{% endblock %}
{% block breadcrumb_nav %}
<ol class = "breadcrumb">
<li>{% trans "Project" %}</li>
<li>{% trans "Key Manager" %}</li>
<li class="active">{% trans "Public Keys" %}</li>
</ol>
{% endblock %}
{% block page_header %}
<hz-page-header header="{% trans "Public Keys" %}"></hz-page-header>
{% endblock page_header %}
{% block main %}
<div class="row">
<div class="col-sm-12">
{{ public_key_table.render }}
</div>
</div>
{% endblock %}

View File

@ -0,0 +1,137 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import base64
from django.core.handlers import wsgi
from django.core.urlresolvers import reverse
from horizon import messages as horizon_messages
import mock
from castellan.common.objects import private_key
from castellan_ui.api import client as api_castellan
from castellan_ui.test import helpers as tests
from castellan_ui.test import test_data
INDEX_URL = reverse('horizon:project:private_keys:index')
class PrivateKeysViewTest(tests.APITestCase):
def setUp(self):
super(PrivateKeysViewTest, self).setUp()
self.key = test_data.private_key
self.key_b64_bytes = base64.b64encode(self.key.get_encoded())
self.mock_object(
api_castellan, "get", mock.Mock(return_value=self.key))
self.mock_object(api_castellan, "list", mock.Mock(return_value=[]))
self.mock_object(horizon_messages, "success")
FAKE_ENVIRON = {'REQUEST_METHOD': 'GET', 'wsgi.input': 'fake_input'}
self.request = wsgi.WSGIRequest(FAKE_ENVIRON)
def test_index(self):
key_list = [test_data.private_key, test_data.nameless_private_key]
self.mock_object(
api_castellan, "list", mock.Mock(return_value=key_list))
res = self.client.get(INDEX_URL)
self.assertEqual(res.status_code, 200)
self.assertTemplateUsed(res, 'private_keys.html')
api_castellan.list.assert_called_with(
mock.ANY, object_type=private_key.PrivateKey)
def test_detail_view(self):
url = reverse('horizon:project:private_keys:detail',
args=[self.key.id])
self.mock_object(
api_castellan, "list", mock.Mock(return_value=[self.key]))
self.mock_object(
api_castellan, "get", mock.Mock(return_value=self.key))
res = self.client.get(url)
self.assertContains(
res, "<dt>Name</dt>\n <dd>%s</dd>" % self.key.name, 1, 200)
api_castellan.get.assert_called_once_with(mock.ANY, self.key.id)
def test_generate_key_pair(self):
self.mock_object(
api_castellan, "list", mock.Mock(return_value=[self.key]))
url = reverse('horizon:project:private_keys:generate')
self.mock_object(
api_castellan, "generate_key_pair",
mock.Mock(return_value=(self.key, self.key)))
key_form_data = {
'name': self.key.name,
'length': 2048,
'algorithm': 'RSA'
}
self.client.post(url, key_form_data)
api_castellan.generate_key_pair.assert_called_once_with(
mock.ANY,
name=self.key.name,
algorithm=u'RSA',
length=2048
)
def test_import_key(self):
self.mock_object(
api_castellan, "list", mock.Mock(return_value=[self.key]))
url = reverse('horizon:project:private_keys:import')
self.mock_object(
api_castellan, "import_object", mock.Mock(return_value=self.key))
key_input = (
u"-----BEGIN PRIVATE KEY-----\n" +
self.key_b64_bytes.decode("utf-8") +
u"\n-----END PRIVATE KEY-----"
)
key_form_data = {
'source_type': 'raw',
'name': self.key.name,
'direct_input': key_input,
'bit_length': 2048,
'algorithm': 'RSA'
}
self.client.post(url, key_form_data)
api_castellan.import_object.assert_called_once_with(
mock.ANY,
object_type=private_key.PrivateKey,
key=self.key_b64_bytes,
name=self.key.name,
algorithm=u'RSA',
bit_length=2048
)
def test_delete_key(self):
self.mock_object(
api_castellan, "list", mock.Mock(return_value=[self.key]))
self.mock_object(api_castellan, "delete")
key_form_data = {
'action': 'private_key__delete__%s' % self.key.id
}
res = self.client.post(INDEX_URL, key_form_data)
api_castellan.list.assert_called_with(
mock.ANY, object_type=private_key.PrivateKey)
api_castellan.delete.assert_called_once_with(
mock.ANY,
self.key.id,
)
self.assertRedirectsNoFollow(res, INDEX_URL)

View File

@ -0,0 +1,137 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import base64
from django.core.handlers import wsgi
from django.core.urlresolvers import reverse
from horizon import messages as horizon_messages
import mock
from castellan.common.objects import public_key
from castellan_ui.api import client as api_castellan
from castellan_ui.test import helpers as tests
from castellan_ui.test import test_data
INDEX_URL = reverse('horizon:project:public_keys:index')
class PublicKeysViewTest(tests.APITestCase):
def setUp(self):
super(PublicKeysViewTest, self).setUp()
self.key = test_data.public_key
self.key_b64_bytes = base64.b64encode(self.key.get_encoded())
self.mock_object(
api_castellan, "get", mock.Mock(return_value=self.key))
self.mock_object(api_castellan, "list", mock.Mock(return_value=[]))
self.mock_object(horizon_messages, "success")
FAKE_ENVIRON = {'REQUEST_METHOD': 'GET', 'wsgi.input': 'fake_input'}
self.request = wsgi.WSGIRequest(FAKE_ENVIRON)
def test_index(self):
key_list = [test_data.public_key, test_data.nameless_public_key]
self.mock_object(
api_castellan, "list", mock.Mock(return_value=key_list))
res = self.client.get(INDEX_URL)
self.assertEqual(res.status_code, 200)
self.assertTemplateUsed(res, 'public_keys.html')
api_castellan.list.assert_called_with(
mock.ANY, object_type=public_key.PublicKey)
def test_detail_view(self):
url = reverse('horizon:project:public_keys:detail',
args=[self.key.id])
self.mock_object(
api_castellan, "list", mock.Mock(return_value=[self.key]))
self.mock_object(
api_castellan, "get", mock.Mock(return_value=self.key))
res = self.client.get(url)
self.assertContains(
res, "<dt>Name</dt>\n <dd>%s</dd>" % self.key.name, 1, 200)
api_castellan.get.assert_called_once_with(mock.ANY, self.key.id)
def test_generate_key_pair(self):
self.mock_object(
api_castellan, "list", mock.Mock(return_value=[self.key]))
url = reverse('horizon:project:public_keys:generate')
self.mock_object(
api_castellan, "generate_key_pair",
mock.Mock(return_value=(self.key, self.key)))
key_form_data = {
'name': self.key.name,
'length': 2048,
'algorithm': 'RSA'
}
self.client.post(url, key_form_data)
api_castellan.generate_key_pair.assert_called_once_with(
mock.ANY,
name=self.key.name,
algorithm=u'RSA',
length=2048
)
def test_import_key(self):
self.mock_object(
api_castellan, "list", mock.Mock(return_value=[self.key]))
url = reverse('horizon:project:public_keys:import')
self.mock_object(
api_castellan, "import_object", mock.Mock(return_value=self.key))
key_input = (
u"-----BEGIN PUBLIC KEY-----\n" +
self.key_b64_bytes.decode("utf-8") +
u"\n-----END PUBLIC KEY-----"
)
key_form_data = {
'source_type': 'raw',
'name': self.key.name,
'direct_input': key_input,
'bit_length': 2048,
'algorithm': 'RSA'
}
self.client.post(url, key_form_data)
api_castellan.import_object.assert_called_once_with(
mock.ANY,
object_type=public_key.PublicKey,
key=self.key_b64_bytes,
name=self.key.name,
algorithm=u'RSA',
bit_length=2048
)
def test_delete_key(self):
self.mock_object(
api_castellan, "list", mock.Mock(return_value=[self.key]))
self.mock_object(api_castellan, "delete")
key_form_data = {
'action': 'public_key__delete__%s' % self.key.id
}
res = self.client.post(INDEX_URL, key_form_data)
api_castellan.list.assert_called_with(
mock.ANY, object_type=public_key.PublicKey)
api_castellan.delete.assert_called_once_with(
mock.ANY,
self.key.id,
)
self.assertRedirectsNoFollow(res, INDEX_URL)

View File

@ -24,3 +24,35 @@ nameless_x509_cert = objects.x_509.X509(
name=None,
created=1448088699,
id=u'11111111-1111-1111-1111-111111111111')
private_key = objects.private_key.PrivateKey(
key=castellan_utils.get_private_key_der(),
algorithm="RSA",
bit_length=2048,
name=u'test private key',
created=1448088699,
id=u'00000000-0000-0000-0000-000000000000')
nameless_private_key = objects.private_key.PrivateKey(
key=castellan_utils.get_private_key_der(),
algorithm="RSA",
bit_length=2048,
name=None,
created=1448088699,
id=u'11111111-1111-1111-1111-111111111111')
public_key = objects.public_key.PublicKey(
key=castellan_utils.get_public_key_der(),
algorithm="RSA",
bit_length=2048,
name=u'test public key',
created=1448088699,
id=u'00000000-0000-0000-0000-000000000000')
nameless_public_key = objects.public_key.PublicKey(
key=castellan_utils.get_public_key_der(),
algorithm="RSA",
bit_length=2048,
name=None,
created=1448088699,
id=u'11111111-1111-1111-1111-111111111111')