Merge pull request #31 from kevgliss/keys

Switch to relying on the configuration key in the configuration file
Netflix · Aug 8, 2015 · c78daa2 · c78daa2
2 parents 3ebbbd2 + 32ef793
commit c78daa2
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 16 deletions.
diff --git a/lemur/certificates/models.py b/lemur/certificates/models.py
@@ -5,19 +5,17 @@
     :license: Apache, see LICENSE for more details.
 .. moduleauthor:: Kevin Glisson <kglisson@netflix.com>
 """
-import os
 import datetime
+from flask import current_app
 
 from cryptography import x509
 from cryptography.hazmat.backends import default_backend
-
-from flask import current_app
-
 from sqlalchemy.orm import relationship
 from sqlalchemy import event, Integer, ForeignKey, String, DateTime, PassiveDefault, func, Column, Text, Boolean
 
 from sqlalchemy_utils import EncryptedType
 
+from lemur.utils import get_key
 from lemur.database import db
 from lemur.plugins.base import plugins
 
@@ -211,7 +209,7 @@ class Certificate(db.Model):
     id = Column(Integer, primary_key=True)
     owner = Column(String(128))
     body = Column(Text())
-    private_key = Column(EncryptedType(String, os.environ.get('LEMUR_ENCRYPTION_KEY')))
+    private_key = Column(EncryptedType(String, get_key))
     status = Column(String(128))
     deleted = Column(Boolean, index=True)
     name = Column(String(128))

diff --git a/lemur/roles/models.py b/lemur/roles/models.py
@@ -1,5 +1,5 @@
 """
-.. module: models
+.. module: lemur.roles.models
     :platform: unix
     :synopsis: This module contains all of the models need to create a role within Lemur
 
@@ -9,13 +9,12 @@
 .. moduleauthor:: Kevin Glisson <kglisson@netflix.com>
 
 """
-import os
 from sqlalchemy.orm import relationship
 from sqlalchemy import Column, Integer, String, Text, ForeignKey
 
 from sqlalchemy_utils import EncryptedType
-
 from lemur.database import db
+from lemur.utils import get_key
 from lemur.models import roles_users
 
 
@@ -24,15 +23,8 @@ class Role(db.Model):
     id = Column(Integer, primary_key=True)
     name = Column(String(128), unique=True)
     username = Column(String(128))
-    password = Column(EncryptedType(String, os.environ.get('LEMUR_ENCRYPTION_KEY')))
+    password = Column(EncryptedType(String, get_key))
     description = Column(Text)
     authority_id = Column(Integer, ForeignKey('authorities.id'))
     user_id = Column(Integer, ForeignKey('users.id'))
     users = relationship("User", secondary=roles_users, passive_deletes=True, backref="role", cascade='all,delete')
-
-    def as_dict(self):
-        return {c.name: getattr(self, c.name) for c in self.__table__.columns}
-
-    def serialize(self):
-        blob = self.as_dict()
-        return blob
diff --git a/lemur/utils.py b/lemur/utils.py
@@ -0,0 +1,20 @@
+"""
+.. module: lemur.utils
+    :platform: Unix
+    :copyright: (c) 2015 by Netflix Inc., see AUTHORS for more
+    :license: Apache, see LICENSE for more details.
+.. moduleauthor:: Kevin Glisson <kglisson@netflix.com>
+"""
+from flask import current_app
+
+
+def get_key():
+    """
+    Gets the current encryption key
+
+    :return:
+    """
+    try:
+        return current_app.config.get('LEMUR_ENCRYPTION_KEY')
+    except RuntimeError:
+        return ''