api: lease: drop usage of global authority import

2025-10-31 01:19:11 +00:00 · 2018-02-03 12:43:21 +02:00
parent 937c81bd5f
commit be454d7a65
2 changed files with 11 additions and 5 deletions
--- a/certidude/api/init.py
+++ b/certidude/api/init.py
@@ -233,13 +233,13 @@ def certidude_app(log_handlers=[]):

    # API calls used by pushed events on the JS end
    app.add_route("/api/signed/{cn}/tag/", TagResource())
-    app.add_route("/api/signed/{cn}/lease/", LeaseDetailResource())
+    app.add_route("/api/signed/{cn}/lease/", LeaseDetailResource(authority))

    # API call used to delete existing tags
    app.add_route("/api/signed/{cn}/tag/{tag}/", TagDetailResource())

    # Gateways can submit leases via this API call
-    app.add_route("/api/lease/", LeaseResource())
+    app.add_route("/api/lease/", LeaseResource(authority))

    # Bootstrap resource
    app.add_route("/api/bootstrap/", BootstrapResource(authority))
--- a/certidude/api/lease.py
+++ b/certidude/api/lease.py
@@ -5,7 +5,7 @@ import logging
 import os
 import xattr
 from datetime import datetime
-from certidude import config, authority, push
+from certidude import config, push
 from certidude.auth import login_required, authorize_admin, authorize_server
 from certidude.decorators import serialize

@@ -14,12 +14,15 @@ logger = logging.getLogger(__name__)
 # TODO: lease namespacing (?)

 class LeaseDetailResource(object):
+    def __init__(self, authority):
+        self.authority = authority
+
    @serialize
    @login_required
    @authorize_admin
    def on_get(self, req, resp, cn):
        try:
-            path, buf, cert, signed, expires = authority.get_signed(cn)
+            path, buf, cert, signed, expires = self.authority.get_signed(cn)
            return dict(
                last_seen =     xattr.getxattr(path, "user.lease.last_seen").decode("ascii"),
                inner_address = xattr.getxattr(path, "user.lease.inner_address").decode("ascii"),
@@ -30,6 +33,9 @@ class LeaseDetailResource(object):


 class LeaseResource(object):
+    def __init__(self, authority):
+        self.authority = authority
+
    @authorize_server
    def on_post(self, req, resp):
        client_common_name = req.get_param("client", required=True)
@@ -38,7 +44,7 @@ class LeaseResource(object):
            if "," in client_common_name:
                client_common_name, _ = client_common_name.split(",", 1)

-        path, buf, cert, signed, expires = authority.get_signed(client_common_name) # TODO: catch exceptions
+        path, buf, cert, signed, expires = self.authority.get_signed(client_common_name) # TODO: catch exceptions
        if req.get_param("serial") and cert.serial_number != req.get_param_as_int("serial"): # OCSP-ish solution for OpenVPN, not exposed for StrongSwan
            raise falcon.HTTPForbidden("Forbidden", "Invalid serial number supplied")
        now = datetime.utcnow().strftime("%Y-%m-%dT%H:%M:%S.%f")[:-3] + "Z"