Add secret store sync functionality to barbican-manage

Change-Id: Ie5841de328c07d8c6c0a9fb80bb56a7d218f0da2
2018-01-25 00:06:26 -05:00 · 2018-01-25 00:06:26 -05:00 · 33283a9eab
commit 33283a9eab
parent 3d3ea33e8b
4 changed files with 119 additions and 0 deletions
--- a/barbican/cmd/barbican_manage.py
+++ b/barbican/cmd/barbican_manage.py
@ -31,6 +31,7 @@ from barbican.cmd import pkcs11_kek_rewrap as pkcs11_rewrap
 from barbican.common import config
 from barbican.model import clean
 from barbican.model.migration import commands
+from barbican.model import sync
 from barbican.plugin.crypto import pkcs11
 import barbican.version

@ -143,6 +144,28 @@ class DbCommands(object):
        else:
            commands.current(verbose, sql_url=str(dburl))

+    sync_secret_stores_description = "Sync secret_stores with barbican.conf"
+
+    @args('--db-url', '-d', metavar='<db-url>', dest='dburl',
+          help='barbican database URL')
+    @args('--verbose', '-V', action='store_true', dest='verbose',
+          default=False, help='Show verbose information about the clean up.')
+    @args('--log-file', '-L', metavar='<log-file>', type=str, default=None,
+          dest='log_file',
+          help='Set log file location. '
+               'Default value for log_file can be found in barbican.conf')
+    def sync_secret_stores(self, dburl=None, verbose=None, log_file=None):
+        """Sync secret_stores table with barbican.conf"""
+        if dburl is None:
+            dburl = CONF.sql_connection
+        if log_file is None:
+            log_file = CONF.log_file
+
+        sync.sync_secret_stores(
+            sql_url=dburl,
+            verbose=verbose,
+            log_file=log_file)
+

 class HSMCommands(object):
    """Class for managing HSM/pkcs11 plugin"""
--- a/barbican/model/sync.py
+++ b/barbican/model/sync.py
@ -0,0 +1,65 @@
+# Copyright (c) 2018 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from barbican.common import config
+from barbican.model import repositories as repo
+from oslo_log import log
+
+# Import and configure logging.
+CONF = config.CONF
+log.setup(CONF, 'barbican')
+LOG = log.getLogger(__name__)
+
+
+def sync_secret_stores(sql_url, verbose, log_file):
+    """Command to sync secret stores table with config .
+
+    :param sql_url: sql connection string to connect to a database
+    :param verbose: If True, log and print more information
+    :param log_file: If set, override the log_file configured
+    """
+    if verbose:
+        # The verbose flag prints out log events to the screen, otherwise
+        # the log events will only go to the log file
+        CONF.set_override('debug', True)
+
+    if log_file:
+        CONF.set_override('log_file', log_file)
+
+    LOG.info("Syncing the secret_stores table with barbican.conf")
+    log.setup(CONF, 'barbican')
+
+    try:
+        if sql_url:
+            CONF.set_override('sql_connection', sql_url)
+        repo.setup_database_engine_and_factory(
+            initialize_secret_stores=True)
+        repo.commit()
+    except Exception as ex:
+        LOG.exception('Failed to sync secret_stores table.')
+        repo.rollback()
+        raise ex
+    finally:
+        if verbose:
+            CONF.clear_override('debug')
+
+        if log_file:
+            CONF.clear_override('log_file')
+        repo.clear()
+
+        if sql_url:
+            CONF.clear_override('sql_connection')
+
+        log.setup(CONF, 'barbican')  # reset the overrides
--- a/barbican/tests/cmd/test_barbican_manage.py
+++ b/barbican/tests/cmd/test_barbican_manage.py
@ -119,6 +119,31 @@ class TestBarbicanManage(TestBarbicanManageBase):
            log_file='/tmp/whatevs')
        manager.CONF.clear_override('log_file')

+    @mock.patch('barbican.model.sync.sync_secret_stores')
+    def test_db_sync_secret_stores_no_args(self, mock_sync_command):
+        manager.CONF.set_override('log_file', 'mock_log_file')
+        self._main_test_helper(
+            ['barbican.cmd.barbican_manage', 'db', 'sync_secret_stores'],
+            func_name=mock_sync_command,
+            sql_url='mockdburl',
+            verbose=False,
+            log_file='mock_log_file')
+        manager.CONF.clear_override('log_file')
+
+    @mock.patch('barbican.model.sync.sync_secret_stores')
+    def test_db_sync_secret_stores_with_args(self, mock_sync_command):
+        manager.CONF.set_override('log_file', 'mock_log_file')
+        self._main_test_helper(
+            ['barbican.cmd.barbican_manage', 'db', 'sync_secret_stores',
+             '--db-url', 'somewhere',
+             '--verbose',
+             '--log-file', '/tmp/whatevs'],
+            func_name=mock_sync_command,
+            sql_url='somewhere',
+            verbose=True,
+            log_file='/tmp/whatevs')
+        manager.CONF.clear_override('log_file')
+
    @mock.patch('barbican.model.migration.commands.current')
    def test_db_current(self, mock_current):
        self._main_test_helper(
--- a/doc/source/admin/barbican_manage.rst
+++ b/doc/source/admin/barbican_manage.rst
@ -57,6 +57,12 @@ Barbican Database
    Clean up soft deletions in the database. More documentation can be
    found here: :doc:`Database Cleaning <database_cleaning>`

+``barbican-manage db sync_secret_stores [--db-url] [--verbose] [--log-file]``
+
+    Synchronize the secret_store database table with the configuration
+    in barbican.conf.  This is useful when multiple secret stores are
+    enabled and new secret stores have been enabled.
+
 Barbican PKCS11/HSM
 ~~~~~~~~~~~~~~~~~~~