From a75f0e3666bc7239040ee0d32f0a780c622e44da Mon Sep 17 00:00:00 2001 From: Peter Hamilton Date: Mon, 2 Apr 2018 10:39:58 -0400 Subject: [PATCH] Add operation policy name to demo scripts This change adds the ability to set the operation policy name attribute to object creation demo scripts, including demos for the Create, CreateKeyPair, and Register operations. --- kmip/demos/pie/create.py | 6 ++++- kmip/demos/pie/create_key_pair.py | 6 ++++- kmip/demos/pie/register_certificate.py | 1 + kmip/demos/pie/register_opaque_object.py | 1 + kmip/demos/pie/register_private_key.py | 1 + kmip/demos/pie/register_public_key.py | 1 + kmip/demos/pie/register_secret_data.py | 1 + kmip/demos/pie/register_symmetric_key.py | 1 + kmip/demos/units/create.py | 9 ++++++++ kmip/demos/units/create_key_pair.py | 9 ++++++++ kmip/demos/units/register.py | 12 ++++++++++ kmip/demos/utils.py | 28 ++++++++++++++++++++++++ 12 files changed, 74 insertions(+), 2 deletions(-) diff --git a/kmip/demos/pie/create.py b/kmip/demos/pie/create.py index 6123fd7..70a219f 100644 --- a/kmip/demos/pie/create.py +++ b/kmip/demos/pie/create.py @@ -46,7 +46,11 @@ if __name__ == '__main__': # Build the client and connect to the server with client.ProxyKmipClient(config=config) as client: try: - uid = client.create(algorithm, length) + uid = client.create( + algorithm, + length, + operation_policy_name=opts.operation_policy_name + ) logger.info("Successfully created symmetric key with ID: " "{0}".format(uid)) except Exception as e: diff --git a/kmip/demos/pie/create_key_pair.py b/kmip/demos/pie/create_key_pair.py index 31b15c3..e82eae5 100644 --- a/kmip/demos/pie/create_key_pair.py +++ b/kmip/demos/pie/create_key_pair.py @@ -45,7 +45,11 @@ if __name__ == '__main__': # Build the client and connect to the server with client.ProxyKmipClient(config=config) as client: try: - public_uid, private_uid = client.create_key_pair(algorithm, length) + public_uid, private_uid = client.create_key_pair( + algorithm, + length, + operation_policy_name=opts.operation_policy_name + ) logger.info("Successfully created public key with ID: {0}".format( public_uid)) logger.info("Successfully created private key with ID: {0}".format( diff --git a/kmip/demos/pie/register_certificate.py b/kmip/demos/pie/register_certificate.py index ac32ff9..f5eeae6 100644 --- a/kmip/demos/pie/register_certificate.py +++ b/kmip/demos/pie/register_certificate.py @@ -88,6 +88,7 @@ if __name__ == '__main__': name = 'Demo X.509 Certificate' cert = objects.X509Certificate(value, usage_mask, name) + cert.operation_policy_name = opts.operation_policy_name # Build the client and connect to the server with client.ProxyKmipClient(config=config) as client: diff --git a/kmip/demos/pie/register_opaque_object.py b/kmip/demos/pie/register_opaque_object.py index e7fcd46..043a77c 100644 --- a/kmip/demos/pie/register_opaque_object.py +++ b/kmip/demos/pie/register_opaque_object.py @@ -36,6 +36,7 @@ if __name__ == '__main__': name = 'Demo Opaque Object' obj = objects.OpaqueObject(value, opaque_type, name) + obj.operation_policy_name = opts.operation_policy_name # Build the client and connect to the server with client.ProxyKmipClient(config=config) as client: diff --git a/kmip/demos/pie/register_private_key.py b/kmip/demos/pie/register_private_key.py index 176acca..7807f8f 100644 --- a/kmip/demos/pie/register_private_key.py +++ b/kmip/demos/pie/register_private_key.py @@ -115,6 +115,7 @@ if __name__ == '__main__': key = objects.PrivateKey( algorithm, length, value, format_type, usage_mask, name) + key.operation_policy_name = opts.operation_policy_name # Build the client and connect to the server with client.ProxyKmipClient(config=config) as client: diff --git a/kmip/demos/pie/register_public_key.py b/kmip/demos/pie/register_public_key.py index 9dae926..b76728e 100644 --- a/kmip/demos/pie/register_public_key.py +++ b/kmip/demos/pie/register_public_key.py @@ -57,6 +57,7 @@ if __name__ == '__main__': key = objects.PublicKey( algorithm, length, value, format_type, usage_mask, name) + key.operation_policy_name = opts.operation_policy_name # Build the client and connect to the server with client.ProxyKmipClient(config=config) as client: diff --git a/kmip/demos/pie/register_secret_data.py b/kmip/demos/pie/register_secret_data.py index 59faca9..b4e3628 100644 --- a/kmip/demos/pie/register_secret_data.py +++ b/kmip/demos/pie/register_secret_data.py @@ -38,6 +38,7 @@ if __name__ == '__main__': name = 'Demo Secret Data' secret = objects.SecretData(value, data_type, usage_mask, name) + secret.operation_policy_name = opts.operation_policy_name # Build the client and connect to the server with client.ProxyKmipClient(config=config) as client: diff --git a/kmip/demos/pie/register_symmetric_key.py b/kmip/demos/pie/register_symmetric_key.py index eea05a5..65c3b5e 100644 --- a/kmip/demos/pie/register_symmetric_key.py +++ b/kmip/demos/pie/register_symmetric_key.py @@ -41,6 +41,7 @@ if __name__ == '__main__': name = 'Demo Symmetric Key' key = objects.SymmetricKey(algorithm, length, value, usage_mask, name) + key.operation_policy_name = opts.operation_policy_name # Build the client and connect to the server with client.ProxyKmipClient(config=config) as client: diff --git a/kmip/demos/units/create.py b/kmip/demos/units/create.py index cb527b3..b41ff00 100644 --- a/kmip/demos/units/create.py +++ b/kmip/demos/units/create.py @@ -13,6 +13,7 @@ # License for the specific language governing permissions and limitations # under the License. +from kmip.core import enums from kmip.core.enums import AttributeType from kmip.core.enums import CredentialType from kmip.core.enums import CryptographicAlgorithm @@ -108,6 +109,14 @@ if __name__ == '__main__': name = Attribute(attribute_name=name, attribute_value=value) attributes = [algorithm_obj, usage_mask, length_obj, name] + + if opts.operation_policy_name is not None: + opn = attribute_factory.create_attribute( + enums.AttributeType.OPERATION_POLICY_NAME, + opts.operation_policy_name + ) + attributes.append(opn) + template_attribute = TemplateAttribute(attributes=attributes) # Create the SYMMETRIC_KEY object diff --git a/kmip/demos/units/create_key_pair.py b/kmip/demos/units/create_key_pair.py index 75e2e18..86e8d71 100644 --- a/kmip/demos/units/create_key_pair.py +++ b/kmip/demos/units/create_key_pair.py @@ -13,6 +13,7 @@ # License for the specific language governing permissions and limitations # under the License. +from kmip.core import enums from kmip.core.enums import AttributeType from kmip.core.enums import CredentialType from kmip.core.enums import CryptographicAlgorithm @@ -108,6 +109,14 @@ if __name__ == '__main__': length) attributes = [algorithm_obj, length_obj, name, usage_mask] + + if opts.operation_policy_name is not None: + opn = attribute_factory.create_attribute( + enums.AttributeType.OPERATION_POLICY_NAME, + opts.operation_policy_name + ) + attributes.append(opn) + common = CommonTemplateAttribute(attributes=attributes) private = PrivateKeyTemplateAttribute(attributes=attributes) public = PublicKeyTemplateAttribute(attributes=attributes) diff --git a/kmip/demos/units/register.py b/kmip/demos/units/register.py index 48fbb39..6f177f7 100644 --- a/kmip/demos/units/register.py +++ b/kmip/demos/units/register.py @@ -13,11 +13,13 @@ # License for the specific language governing permissions and limitations # under the License. +from kmip.core import enums from kmip.core.enums import KeyFormatType from kmip.core.enums import ObjectType from kmip.core.enums import Operation from kmip.core.enums import ResultStatus +from kmip.core.factories.attributes import AttributeFactory from kmip.core.objects import TemplateAttribute from kmip.demos import utils @@ -51,9 +53,19 @@ if __name__ == '__main__': logger.error( "Invalid key format type specified; exiting early from demo") + attribute_factory = AttributeFactory() + # Create the template attribute for the secret and then build the secret usage_mask = utils.build_cryptographic_usage_mask(logger, object_type) attributes = [usage_mask] + + if opts.operation_policy_name is not None: + opn = attribute_factory.create_attribute( + enums.AttributeType.OPERATION_POLICY_NAME, + opts.operation_policy_name + ) + attributes.append(opn) + template_attribute = TemplateAttribute(attributes=attributes) secret = utils.build_object(logger, object_type, key_format_type) diff --git a/kmip/demos/utils.py b/kmip/demos/utils.py index a93a48b..7d8c686 100644 --- a/kmip/demos/utils.py +++ b/kmip/demos/utils.py @@ -104,6 +104,15 @@ def build_cli_parser(operation=None): default=None, dest="length", help="Key length in bits (e.g., 128, 256)") + parser.add_option( + "-o", + "--operation-policy-name", + action="store", + type="str", + default=None, + dest="operation_policy_name", + help="Operation policy name for the secret (e.g., 'default')" + ) elif operation is Operation.CREATE_KEY_PAIR: parser.add_option( "-a", @@ -129,6 +138,16 @@ def build_cli_parser(operation=None): default=None, dest="name", help="Name of key pair to create") + parser.add_option( + "-o", + "--operation-policy-name", + action="store", + type="str", + default=None, + dest="operation_policy_name", + help="Operation policy name for the secrets (e.g., 'default')" + ) + elif operation is Operation.DESTROY: parser.add_option( "-i", @@ -212,6 +231,15 @@ def build_cli_parser(operation=None): help=("Type of the object to register. Supported types include: " "CERTIFICATE, PRIVATE_KEY, PUBLIC_KEY, SYMMETRIC_KEY, " "SECRET_DATA")) + parser.add_option( + "-o", + "--operation-policy-name", + action="store", + type="str", + default=None, + dest="operation_policy_name", + help="Operation policy name for the secret (e.g., 'default')" + ) elif operation is Operation.DISCOVER_VERSIONS: parser.add_option( "-v",