slipstream · elegoff · May 14, 2018 · May 15, 2018 · May 15, 2018
diff --git a/cimi/src/com/sixsq/slipstream/ssclj/resources/common/schema.clj b/cimi/src/com/sixsq/slipstream/ssclj/resources/common/schema.clj
@@ -31,6 +31,7 @@
     :quarantine
     :upload
     :ready
+    :disable
     :download})
 
 (def ^:const action-uri

diff --git a/cimi/src/com/sixsq/slipstream/ssclj/resources/credential.clj b/cimi/src/com/sixsq/slipstream/ssclj/resources/credential.clj
@@ -5,7 +5,8 @@
     [com.sixsq.slipstream.ssclj.resources.common.schema :as c]
     [com.sixsq.slipstream.ssclj.resources.common.std-crud :as std-crud]
     [com.sixsq.slipstream.ssclj.resources.common.utils :as u]
-    [com.sixsq.slipstream.ssclj.util.log :as logu]))
+    [com.sixsq.slipstream.ssclj.util.log :as logu])
+  (:import (clojure.lang ExceptionInfo)))
 
 (def ^:const resource-tag :credentials)
 
@@ -102,24 +103,6 @@
 
 (def add-impl (std-crud/add-fn resource-name collection-acl resource-uri))
 
-;;
-;; available operations
-;;
-
-;; Use standard method for setting operations.
-#_(defmethod crud/set-operations resource-uri
-  [resource request]
-  (try
-    (a/can-modify? resource request)
-    (let [href (:id resource)
-          ^String resourceURI (:resourceURI resource)
-          ops (if (.endsWith resourceURI "Collection")
-                [{:rel (:add c/action-uri) :href href}]
-                [{:rel (:delete c/action-uri) :href href}])]
-      (assoc resource :operations ops))
-    (catch Exception e
-      (dissoc resource :operations))))
-
 (defn check-connector-exists
   "Use ADMIN role as we only want to check if href points to an existing
   resource."
@@ -188,3 +171,41 @@
 (defn initialize
   []
   (std-crud/initialize resource-url nil))
+
+;;; Disable operation
+
+(defmulti disable-subtype
+          (fn [resource _] (:type resource)))
+
+(defmethod disable-subtype :default
+  [resource _]
+  (let [err-msg (str "unknown Credential type: " (:type resource))]
+    (throw (ex-info err-msg {:status  400
+                             :message err-msg
+                             :body    resource}))))
+
+(defmethod crud/do-action [resource-url "disable"]
+  [{{uuid :uuid} :params :as request}]
+  (try
+    (let [id (str resource-url "/" uuid)]
+      (-> (crud/retrieve-by-id id {:user-name  "INTERNAL"
+                                   :user-roles ["ADMIN"]})
+          (disable-subtype request)))
+    (catch ExceptionInfo ei
+      (ex-data ei))))
+
+;;; set subtype operations
+
+(defmulti set-subtype-ops
+          (fn [resource _] (:type resource)))
+
+(defmethod set-subtype-ops :default
+  [resource request]
+  (crud/set-standard-operations resource request))
+
+(defmethod crud/set-operations resource-uri
+  [{:keys [id credentialTemplate] :as resource} request]
+  (let [disable-href (str id "/disable")
+        disable-op {:rel (:disable c/action-uri) :href disable-href}]
+    (cond-> (set-subtype-ops resource request)
+            (:href credentialTemplate) (update-in [:operations] conj disable-op))))
diff --git a/cimi/src/com/sixsq/slipstream/ssclj/resources/credential_api_key.clj b/cimi/src/com/sixsq/slipstream/ssclj/resources/credential_api_key.clj
@@ -6,7 +6,14 @@
     [com.sixsq.slipstream.ssclj.resources.credential :as p]
     [com.sixsq.slipstream.ssclj.resources.credential-template-api-key :as tpl]
     [com.sixsq.slipstream.ssclj.resources.credential.key-utils :as key-utils]
-    [com.sixsq.slipstream.ssclj.resources.spec.credential-api-key]))
+    [com.sixsq.slipstream.ssclj.resources.spec.credential-api-key]
+    [clojure.tools.logging :as log]
+    [com.sixsq.slipstream.ssclj.util.log :as logu]
+    [com.sixsq.slipstream.db.impl :as db]
+    [com.sixsq.slipstream.auth.acl :as a]
+    [com.sixsq.slipstream.ssclj.resources.common.crud :as crud]
+    [com.sixsq.slipstream.ssclj.resources.common.schema :as c])
+  (:import (clojure.lang ExceptionInfo)))
 
 (defn strip-session-role
   [roles]
@@ -31,6 +38,7 @@
                           :type        type
                           :method      method
                           :digest      digest
+                          :enabled     true
                           :claims      (extract-claims request)}
                          (valid-ttl? ttl) (assoc :expiry (u/ttl->timestamp ttl)))]
     [{:secretKey secret-key} resource]))
@@ -56,3 +64,39 @@
 (defn initialize
   []
   (std-crud/initialize p/resource-url :cimi/credential.api-key))
+
+;;
+;; Disable operation
+;;
+(defn disable-fn [{enabled :enabled id :id :as credential}]
+  (if (or enabled (nil? enabled))
+    (do
+      (log/warn "Disabling credential : " id)
+      (assoc credential :enabled false))
+    (logu/log-and-throw-400 (str "Bad enabled field value " enabled))))
+
+
+(defmethod p/disable-subtype tpl/credential-type
+  [_ {{uuid :uuid} :params :as request}]
+  (try
+    (let [id (str (u/de-camelcase p/resource-name) "/" uuid)]
+      (-> (db/retrieve id request)
+          (a/can-modify? request)
+          (disable-fn)
+          (db/edit request)))
+    (catch ExceptionInfo ei
+      (ex-data ei))))
+
+
+;; Set operation
+(def set-subtype-ops-fn
+  (fn [{:keys [id] :as resource} request]
+    (let [
+          href-disable (str id "/disable")
+          disable-op {:rel (:disable c/action-uri) :href href-disable}]
+      (-> (crud/set-standard-operations resource request)
+          (update-in [:operations] conj disable-op)))))
+
+(defmethod p/set-subtype-ops tpl/credential-type
+  [resource request]
+  (set-subtype-ops-fn resource request))
diff --git a/cimi/src/com/sixsq/slipstream/ssclj/resources/credential_ssh_public_key.clj b/cimi/src/com/sixsq/slipstream/ssclj/resources/credential_ssh_public_key.clj
@@ -6,7 +6,13 @@
     [com.sixsq.slipstream.ssclj.resources.credential-template-ssh-public-key :as tpl]
     [com.sixsq.slipstream.ssclj.resources.credential.ssh-utils :as ssh-utils]
     [com.sixsq.slipstream.ssclj.resources.spec.credential-ssh-public-key]
-    [com.sixsq.slipstream.ssclj.util.log :as logu]))
+    [com.sixsq.slipstream.ssclj.util.log :as logu]
+    [com.sixsq.slipstream.db.impl :as db]
+    [com.sixsq.slipstream.auth.acl :as a]
+    [clojure.tools.logging :as log]
+    [com.sixsq.slipstream.ssclj.resources.common.crud :as crud]
+    [com.sixsq.slipstream.ssclj.resources.common.schema :as c])
+  (:import (clojure.lang ExceptionInfo)))
 
 (defn import-key [common-info publicKey]
   [nil (merge (ssh-utils/load publicKey) common-info)])
@@ -23,7 +29,8 @@
   [{:keys [type method publicKey algorithm size]} request]
   (let [common-info {:resourceURI p/resource-uri
                      :type        type
-                     :method      method}]
+                     :method      method
+                     :enabled     true}]
     (try
       (if publicKey
         (import-key common-info publicKey)
@@ -52,3 +59,40 @@
 (defn initialize
   []
   (std-crud/initialize p/resource-url :cimi/credential.ssh-public-key))
+
+;;
+;; Disable operation
+;;
+(defn disable-fn [{enabled :enabled id :id :as credential}]
+  (if (or enabled (nil? enabled))
+    (do
+      (log/warn "Disabling credential : " id)
+      (assoc credential :enabled false))
+    (logu/log-and-throw-400 (str "Bad enabled field value " enabled))))
+
+
+(defmethod p/disable-subtype tpl/credential-type
+  [_ {{uuid :uuid} :params :as request}]
+  (try
+    (let [id (str (u/de-camelcase p/resource-name) "/" uuid)]
+      (-> (db/retrieve id request)
+          (a/can-modify? request)
+          (disable-fn)
+          (db/edit request)))
+    (catch ExceptionInfo ei
+      (ex-data ei))))
+
+
+;; Set operation
+(def set-subtype-ops-fn
+  (fn [{:keys [id] :as resource} request]
+    (let [
+          href-disable (str id "/disable")
+          disable-op {:rel (:disable c/action-uri) :href href-disable}]
+      (-> (crud/set-standard-operations resource request)
+          (update-in [:operations] conj disable-op)))))
+
+(defmethod p/set-subtype-ops tpl/credential-type
+  [resource request]
+  (set-subtype-ops-fn resource request))
+
diff --git a/cimi/src/com/sixsq/slipstream/ssclj/resources/credential_template.clj b/cimi/src/com/sixsq/slipstream/ssclj/resources/credential_template.clj
@@ -102,6 +102,13 @@
                    :type        "string"
                    :mandatory   true
                    :readOnly    true
+                   :order       11}
+          :enabled {:displayName "Credential availability flag"
+                   :category    "general"
+                   :description "true if credential can be used"
+                   :type        "boolean"
+                   :mandatory   false
+                   :readOnly    false
                    :order       11}}))
 ;;
 ;; multimethods for validation

diff --git a/cimi/src/com/sixsq/slipstream/ssclj/resources/credential_template_api_key.clj b/cimi/src/com/sixsq/slipstream/ssclj/resources/credential_template_api_key.clj
@@ -23,6 +23,7 @@
    :name        "Generate API Key"
    :description "generates an API key and stores hash"
    :ttl         0
+   :enabled true
    :acl         resource-acl})
 
 ;;

diff --git a/cimi/src/com/sixsq/slipstream/ssclj/resources/credential_template_ssh_key_pair.clj b/cimi/src/com/sixsq/slipstream/ssclj/resources/credential_template_ssh_key_pair.clj
@@ -25,7 +25,9 @@
    :description "public key of a generated SSH key pair"
    :size        1024
    :algorithm   "rsa"
-   :acl         resource-acl})
+   :acl         resource-acl
+   :enabled     true
+   })
 
 ;;
 ;; description

diff --git a/cimi/src/com/sixsq/slipstream/ssclj/resources/credential_template_ssh_public_key.clj b/cimi/src/com/sixsq/slipstream/ssclj/resources/credential_template_ssh_public_key.clj
@@ -24,7 +24,9 @@
    :name        "Import SSH Public Key"
    :description "import public key of an existing SSH key pair"
    :publicKey   "ssh-public-key"
-   :acl         resource-acl})
+   :acl         resource-acl
+   :enabled     true
+   })
 
 ;;
 ;; description

diff --git a/cimi/src/com/sixsq/slipstream/ssclj/resources/spec/credential.cljc b/cimi/src/com/sixsq/slipstream/ssclj/resources/spec/credential.cljc
@@ -11,4 +11,5 @@
 
 (def credential-keys-spec (su/merge-keys-specs [c/common-attrs
                                                 {:req-un [:cimi.credential/type
-                                                          :cimi.credential/method]}]))
+                                                          :cimi.credential/method]
+                                                 :opt-un [:cimi.credential-template/enabled]}]))
diff --git a/cimi/src/com/sixsq/slipstream/ssclj/resources/spec/credential_template.cljc b/cimi/src/com/sixsq/slipstream/ssclj/resources/spec/credential_template.cljc
@@ -14,6 +14,8 @@
 ;; credential templates must provide a method name.
 (s/def :cimi.credential-template/method ::cimi-core/identifier)
 
+(s/def :cimi.credential-template/enabled boolean?)
+
 (def credential-template-regex #"^credential-template/[a-zA-Z0-9]([a-zA-Z0-9_-]*[a-zA-Z0-9])?$")
 (s/def :cimi.credential-template/href (s/and string? #(re-matches credential-template-regex %)))
 
@@ -24,10 +26,8 @@
 ;;
 
 (def credential-template-keys-spec {:req-un [:cimi.credential-template/type
-                                             :cimi.credential-template/method]})
-
-(def credential-template-keys-spec-opt {:opt-un [:cimi.credential-template/type
-                                                 :cimi.credential-template/method]})
+                                             :cimi.credential-template/method]
+                                    :opt-un [:cimi.credential-template/enabled]})
 
 (def resource-keys-spec
   (su/merge-keys-specs [c/common-attrs
@@ -39,5 +39,5 @@
 ;; subclasses MUST provide the href to the template to use
 (def template-keys-spec
   (su/merge-keys-specs [c/template-attrs
-                        credential-template-keys-spec-opt]))
+                        credential-template-keys-spec]))