The field returned by barbican is secret_ref, not secret_href
Also, this accounts for the the resp.to_dict() call not absorbing the secret_ref key. This commit also adds type mapping for missing secret types to their barbican equivalents. Change-Id: Idd4895fd441443a3dc41a3358edf6bd3648be5c1
This commit is contained in:
parent
879dfb6129
commit
0fae4bec58
@ -32,7 +32,7 @@ class BarbicanDriver(object):
|
||||
secret = self.barbicanclient.call("secrets.create", **kwargs)
|
||||
|
||||
try:
|
||||
secret.store()
|
||||
secret_ref = secret.store()
|
||||
except (barbicanclient.exceptions.HTTPAuthError,
|
||||
barbicanclient.exceptions.HTTPClientError,
|
||||
barbicanclient.exceptions.HTTPServerError) as e:
|
||||
@ -43,6 +43,7 @@ class BarbicanDriver(object):
|
||||
# NOTE(fmontei): The dictionary representation of the Secret object by
|
||||
# default has keys that are not snake case -- so make them snake case.
|
||||
resp = secret.to_dict()
|
||||
for key in resp.keys():
|
||||
for key in resp:
|
||||
resp[utils.to_snake_case(key)] = resp.pop(key)
|
||||
resp['secret_ref'] = secret_ref
|
||||
return resp
|
||||
|
@ -73,7 +73,7 @@ class SecretsManager(object):
|
||||
}
|
||||
resp = self.barbican_driver.create_secret(**kwargs)
|
||||
|
||||
secret_ref = resp['secret_href']
|
||||
secret_ref = resp['secret_ref']
|
||||
created_secret = secret_ref
|
||||
elif encryption_type == CLEARTEXT:
|
||||
created_secret = secret_doc['data']
|
||||
@ -93,6 +93,12 @@ class SecretsManager(object):
|
||||
_schema = schema.split('/')[1].lower().strip()
|
||||
if _schema == 'certificatekey':
|
||||
return 'private'
|
||||
elif _schema == 'certificateauthority':
|
||||
return 'certificate'
|
||||
elif _schema == 'certificateauthoritykey':
|
||||
return 'private'
|
||||
elif _schema == 'publickey':
|
||||
return 'public'
|
||||
return _schema
|
||||
|
||||
|
||||
|
@ -30,7 +30,7 @@ class TestSecretsManager(test_base.TestDbBase):
|
||||
secrets_manager.SecretsManager, 'barbican_driver')
|
||||
self.secret_ref = 'https://path/to/fake_secret'
|
||||
self.mock_barbican_driver.create_secret.return_value = (
|
||||
{'secret_href': self.secret_ref})
|
||||
{'secret_ref': self.secret_ref})
|
||||
|
||||
self.secrets_manager = secrets_manager.SecretsManager()
|
||||
self.factory = factories.DocumentSecretFactory()
|
||||
|
@ -35,4 +35,8 @@ oslo.policy>=1.23.0 # Apache-2.0
|
||||
oslo.serialization!=2.19.1,>=1.10.0 # Apache-2.0
|
||||
oslo.utils>=3.20.0 # Apache-2.0
|
||||
|
||||
# TODO(alanmeadows)
|
||||
# this must match the container service
|
||||
# likely this should be imported from a
|
||||
# container sidecar long-term
|
||||
python-barbicanclient>=4.0.0 # Apache-2.0
|
||||
|
Loading…
Reference in New Issue
Block a user