certidude/certidude/api/script.py

import falcon
import logging
from certidude import const, config, authority
from certidude.decorators import serialize
from jinja2 import Environment, FileSystemLoader
from certidude.firewall import whitelist_subject

logger = logging.getLogger(__name__)
env = Environment(loader=FileSystemLoader(config.SCRIPT_DIR), trim_blocks=True)

class ScriptResource():
    @whitelist_subject
    def on_get(self, req, resp, cn):
        path, buf, cert, attribs = authority.get_attributes(cn)
        # TODO: are keys unique?
        named_tags = {}
        other_tags = []

        try:
            for tag in attribs.get("user").get("xdg").get("tags").split(","):
                if "=" in tag:
                    k, v = tag.split("=", 1)
                    named_tags[k] = v
                else:
                    other_tags.append(tag)
        except AttributeError: # No tags
            pass

        script = named_tags.get("script", config.SCRIPT_DEFAULT)
        resp.set_header("Content-Type", "text/x-shellscript")
        resp.body = env.get_template(script).render(
            authority_name=const.FQDN,
            common_name=cn,
            other_tags=other_tags,
            named_tags=named_tags,
            attributes=attribs.get("user").get("machine"))
        logger.info("Served script %s for %s at %s" % (script, cn, req.context["remote_addr"]))
        # TODO: Assert time is within reasonable range
Add API call for rendering scripts, bugfixes 2017-05-04 17:56:53 +00:00			`import falcon`
			`import logging`
Several changes * OCSP workaround for StrongSwan * Machine attributes framework * Scripting support * Default to nginx frontend 2017-07-05 15:22:03 +00:00			`from certidude import const, config, authority`
Add API call for rendering scripts, bugfixes 2017-05-04 17:56:53 +00:00			`from certidude.decorators import serialize`
			`from jinja2 import Environment, FileSystemLoader`
Several changes * OCSP workaround for StrongSwan * Machine attributes framework * Scripting support * Default to nginx frontend 2017-07-05 15:22:03 +00:00			`from certidude.firewall import whitelist_subject`
Add API call for rendering scripts, bugfixes 2017-05-04 17:56:53 +00:00
			`logger = logging.getLogger(__name__)`
			`env = Environment(loader=FileSystemLoader(config.SCRIPT_DIR), trim_blocks=True)`

			`class ScriptResource():`
Several changes * OCSP workaround for StrongSwan * Machine attributes framework * Scripting support * Default to nginx frontend 2017-07-05 15:22:03 +00:00			`@whitelist_subject`
Add API call for rendering scripts, bugfixes 2017-05-04 17:56:53 +00:00			`def on_get(self, req, resp, cn):`
tests: Fixes and better code coverage 2017-07-06 08:15:44 +00:00			`path, buf, cert, attribs = authority.get_attributes(cn)`
			`# TODO: are keys unique?`
			`named_tags = {}`
			`other_tags = []`

Add API call for rendering scripts, bugfixes 2017-05-04 17:56:53 +00:00			`try:`
tests: Fixes and better code coverage 2017-07-06 08:15:44 +00:00			`for tag in attribs.get("user").get("xdg").get("tags").split(","):`
			`if "=" in tag:`
			`k, v = tag.split("=", 1)`
			`named_tags[k] = v`
			`else:`
Major refactor * Migrate to Python 3 * Update token generator mechanism * Switch to Bootstrap 4 * Switch from Iconmonstr to Font Awesome icons * Rename default CA common name to "Certidude at ca.example.lan" * Add self-enroll for the TLS server certificates * TLS client auth for lease updating * Compile assets from npm packages to /var/lib/certidude/ca.example.lan/assets 2017-12-30 13:57:48 +00:00			`other_tags.append(tag)`
tests: Fixes and better code coverage 2017-07-06 08:15:44 +00:00			`except AttributeError: # No tags`
			`pass`
Add API call for rendering scripts, bugfixes 2017-05-04 17:56:53 +00:00
tests: Fixes and better code coverage 2017-07-06 08:15:44 +00:00			`script = named_tags.get("script", config.SCRIPT_DEFAULT)`
			`resp.set_header("Content-Type", "text/x-shellscript")`
			`resp.body = env.get_template(script).render(`
			`authority_name=const.FQDN,`
			`common_name=cn,`
			`other_tags=other_tags,`
			`named_tags=named_tags,`
			`attributes=attribs.get("user").get("machine"))`
Major refactor * Migrate to Python 3 * Update token generator mechanism * Switch to Bootstrap 4 * Switch from Iconmonstr to Font Awesome icons * Rename default CA common name to "Certidude at ca.example.lan" * Add self-enroll for the TLS server certificates * TLS client auth for lease updating * Compile assets from npm packages to /var/lib/certidude/ca.example.lan/assets 2017-12-30 13:57:48 +00:00			`logger.info("Served script %s for %s at %s" % (script, cn, req.context["remote_addr"]))`
Add API call for rendering scripts, bugfixes 2017-05-04 17:56:53 +00:00			`# TODO: Assert time is within reasonable range`