Merge "Make a whole host of modules hacking 0.9.2 compliant"
This commit is contained in:
Jenkins
Gerrit Code Review
commit
344fba25f6
@ -69,9 +69,11 @@ class KMIPSecretStore(ss.SecretStoreBase):
|
||||
KMIP_ALGORITHM_ENUM = "kmip_algorithm_enum"
|
||||
|
||||
def __init__(self, conf=CONF):
|
||||
"""Initializes KMIPSecretStore by creating a dictionary of mappings
|
||||
between SecretStore enum values and pyKMIP enum values. Initializes
|
||||
the KMIP client with credentials needed to connect to the KMIP server.
|
||||
"""Initializes KMIPSecretStore
|
||||
|
||||
Creates a dictionary of mappings between SecretStore enum values
|
||||
and pyKMIP enum values. Initializes the KMIP client with credentials
|
||||
needed to connect to the KMIP server.
|
||||
"""
|
||||
super(KMIPSecretStore, self).__init__()
|
||||
self.valid_alg_dict = {
|
||||
@ -180,14 +182,14 @@ class KMIPSecretStore(ss.SecretStoreBase):
|
||||
template_attribute = kmip_objects.TemplateAttribute(
|
||||
attributes=attribute_list)
|
||||
|
||||
secret_features = {}
|
||||
|
||||
secret_features['key_format_type'] = enums.KeyFormatType.RAW
|
||||
secret_features['key_value'] =\
|
||||
{'bytes': self._convert_base64_to_byte_array(secret_dto.secret)}
|
||||
secret_features['cryptographic_algorithm'] = algorithm_value
|
||||
secret_features['cryptographic_length'] =\
|
||||
secret_dto.key_spec.bit_length
|
||||
secret_features = {
|
||||
'key_format_type': enums.KeyFormatType.RAW,
|
||||
'key_value': {
|
||||
'bytes': self._convert_base64_to_byte_array(secret_dto.secret)
|
||||
},
|
||||
'cryptographic_algorithm': algorithm_value,
|
||||
'cryptographic_length': secret_dto.key_spec.bit_length
|
||||
}
|
||||
|
||||
secret = secrets.SecretFactory().create_secret(object_type,
|
||||
secret_features)
|
||||
@ -242,14 +244,16 @@ class KMIPSecretStore(ss.SecretStoreBase):
|
||||
|
||||
secret_type = self._map_type_kmip_to_ss(
|
||||
result.object_type.enum)
|
||||
if type(secret_block.key_value.key_value) == \
|
||||
kmip_objects.KeyValueStruct:
|
||||
|
||||
key_value_type = type(secret_block.key_value.key_value)
|
||||
if key_value_type == kmip_objects.KeyValueStruct:
|
||||
secret_value = self._convert_byte_array_to_base64(
|
||||
secret_block.key_value.key_value.key_material.value)
|
||||
elif type(secret_block.key_value.key_value) == \
|
||||
kmip_objects.KeyValueString:
|
||||
|
||||
elif key_value_type == kmip_objects.KeyValueString:
|
||||
secret_value = self._convert_byte_array_to_base64(
|
||||
secret_block.key_value.key_value.value)
|
||||
|
||||
secret_alg = self._map_algorithm_kmip_to_ss(
|
||||
secret_block.cryptographic_algorithm.value)
|
||||
secret_bit_length = secret_block.cryptographic_length.value
|
||||
@ -259,7 +263,7 @@ class KMIPSecretStore(ss.SecretStoreBase):
|
||||
ss.KeySpec(secret_alg, secret_bit_length),
|
||||
'content_type',
|
||||
transport_key=None)
|
||||
# TODO(kaitlin-farr) remove 'content-type'
|
||||
# TODO(kaitlin-farr) remove 'content-type'
|
||||
LOG.debug("SUCCESS: Key retrieved with uuid: %s",
|
||||
uuid)
|
||||
return ret_secret_dto
|
||||
@ -282,15 +286,15 @@ class KMIPSecretStore(ss.SecretStoreBase):
|
||||
:returns: boolean indicating if secret can be generated
|
||||
"""
|
||||
alg_dict_entry = self.valid_alg_dict.get(key_spec.alg.lower())
|
||||
if alg_dict_entry and key_spec.bit_length in\
|
||||
alg_dict_entry.get(KMIPSecretStore.VALID_BIT_LENGTHS):
|
||||
if (alg_dict_entry and key_spec.bit_length in
|
||||
alg_dict_entry.get(KMIPSecretStore.VALID_BIT_LENGTHS)):
|
||||
return True
|
||||
return False
|
||||
|
||||
def delete_secret(self, secret_metadata):
|
||||
"""Deletes the secret whose metadata is included in the dictionary.
|
||||
Returns nothing if successful, raises an exception if an error occurs
|
||||
|
||||
Returns nothing if successful, raises an exception if an error occurs
|
||||
:param secret_metadata: Dictionary of key metadata, requires:
|
||||
{'key_uuid': <uuid of key>}
|
||||
:raises: SecretGeneralException
|
||||
@ -330,26 +334,30 @@ class KMIPSecretStore(ss.SecretStoreBase):
|
||||
return self.generate_supports(key_spec)
|
||||
|
||||
def _convert_base64_to_byte_array(self, base64_secret):
|
||||
"""Converts a base64 string to a byte array. KMIP transports secret
|
||||
values as byte arrays, so the key values must be converted to a byte
|
||||
array for storage.
|
||||
"""Converts a base64 string to a byte array.
|
||||
|
||||
KMIP transports secret values as byte arrays, so the key values
|
||||
must be converted to a byte array for storage.
|
||||
:param base64_secret: base64 value of key
|
||||
:returns: bytearray of secret
|
||||
"""
|
||||
return bytearray(base64.b64decode(base64_secret))
|
||||
|
||||
def _convert_byte_array_to_base64(self, byte_array):
|
||||
"""Converts a byte array to a base64 string. KMIP transports secret
|
||||
values as byte arrays, so the key values must be converted to base64
|
||||
strings upon getting a stored secret.
|
||||
"""Converts a byte array to a base64 string.
|
||||
|
||||
KMIP transports secret values as byte arrays, so the key values
|
||||
must be converted to base64 strings upon getting a stored secret.
|
||||
:param byte_array: bytearray of key value
|
||||
:returns: base64 string
|
||||
"""
|
||||
return base64.b64encode(byte_array)
|
||||
|
||||
def _create_cryptographic_algorithm_attribute(self, alg):
|
||||
"""Creates a KMIP Cryptographic Algorithm attribute. This attribute
|
||||
is used when telling the KMIP server what kind of key to generate.
|
||||
"""Creates a KMIP Cryptographic Algorithm attribute.
|
||||
|
||||
This attribute is used when telling the KMIP server what kind of
|
||||
key to generate.
|
||||
:param algorithm: A SecretStore KeyAlgorithm enum value
|
||||
:returns: A KMIP Cryptographic Algorithm attribute
|
||||
"""
|
||||
@ -364,10 +372,11 @@ class KMIPSecretStore(ss.SecretStoreBase):
|
||||
return algorithm
|
||||
|
||||
def _create_usage_mask_attribute(self):
|
||||
"""Creates a KMIP Usage Mask attribute. For now, we assume the key
|
||||
will only be used for encryption and decryption. This attribute is
|
||||
used when telling the KMIP server what kind of key to generate or
|
||||
store.
|
||||
"""Creates a KMIP Usage Mask attribute.
|
||||
|
||||
For now, we assume the key will only be used for encryption and
|
||||
decryption. This attribute is used when telling the KMIP server
|
||||
what kind of key to generate or store.
|
||||
:returns: A KMIP Usage Mask attribute with values ENCRYPT and DECRYPT
|
||||
"""
|
||||
attribute_type = enums.AttributeType.CRYPTOGRAPHIC_USAGE_MASK
|
||||
@ -382,8 +391,10 @@ class KMIPSecretStore(ss.SecretStoreBase):
|
||||
return usage_mask
|
||||
|
||||
def _create_cryptographic_length_attribute(self, bit_length):
|
||||
"""Creates a KMIP Cryptographic Length attribute. This attribute is
|
||||
used when telling the KMIP server what kind of key to generate.
|
||||
"""Creates a KMIP Cryptographic Length attribute.
|
||||
|
||||
This attribute is used when telling the KMIP server what kind of
|
||||
key to generate.
|
||||
:param bit_length: Bit length of the secret's algorithm
|
||||
:returns: KMIP Cryptographic Length attribute
|
||||
"""
|
||||
@ -397,8 +408,10 @@ class KMIPSecretStore(ss.SecretStoreBase):
|
||||
return length
|
||||
|
||||
def _map_type_ss_to_kmip(self, object_type):
|
||||
"""Map SecretType to KMIP type enum. Returns None if the type is not
|
||||
supported. The KMIP plugin only supports symmetric keys for now.
|
||||
"""Map SecretType to KMIP type enum
|
||||
|
||||
Returns None if the type is not supported. The KMIP plugin only
|
||||
supports symmetric keys for now.
|
||||
:param object_type: SecretType enum value
|
||||
:returns: KMIP type enum if supported, None if not supported
|
||||
"""
|
||||
@ -408,9 +421,10 @@ class KMIPSecretStore(ss.SecretStoreBase):
|
||||
return None
|
||||
|
||||
def _map_type_kmip_to_ss(self, object_type):
|
||||
"""Map KMIP type enum to SecretType enum. Returns None if the
|
||||
type is not supported. The KMIP plugin only supports symmetric keys
|
||||
for now.
|
||||
"""Map KMIP type enum to SecretType enum
|
||||
|
||||
Returns None if the type is not supported. The KMIP plugin only
|
||||
supports symmetric keys for now.
|
||||
:param object_type: KMIP type enum
|
||||
:returns: SecretType enum if type is supported, None if not supported
|
||||
"""
|
||||
@ -420,8 +434,9 @@ class KMIPSecretStore(ss.SecretStoreBase):
|
||||
return None
|
||||
|
||||
def _map_algorithm_ss_to_kmip(self, algorithm):
|
||||
"""Map SecretStore enum value to the KMIP algorithm enum. Returns None
|
||||
if the algorithm is not supported.
|
||||
"""Map SecretStore enum value to the KMIP algorithm enum
|
||||
|
||||
Returns None if the algorithm is not supported.
|
||||
:param algorithm: SecretStore algorithm enum value
|
||||
:returns: KMIP algorithm enum value if supported, None if not
|
||||
supported
|
||||
@ -433,8 +448,9 @@ class KMIPSecretStore(ss.SecretStoreBase):
|
||||
return None
|
||||
|
||||
def _map_algorithm_kmip_to_ss(self, algorithm):
|
||||
"""Map KMIP algorithm enum to SecretStore algorithm enum. Returns None
|
||||
if the algorithm is not supported.
|
||||
"""Map KMIP algorithm enum to SecretStore algorithm enum
|
||||
|
||||
Returns None if the algorithm is not supported.
|
||||
:param algorithm: KMIP algorithm enum
|
||||
:returns: SecretStore algorithm enum value if supported, None if not
|
||||
supported
|
||||
|
||||
@ -16,9 +16,8 @@
|
||||
"""
|
||||
Barbican certificate processing plugins and support.
|
||||
"""
|
||||
from requests import exceptions as request_exceptions
|
||||
|
||||
from oslo.config import cfg
|
||||
from requests import exceptions as request_exceptions
|
||||
from symantecssl.core import Symantec
|
||||
from symantecssl import exceptions as symantec_exceptions
|
||||
|
||||
@ -121,24 +120,24 @@ class SymantecCertificatePlugin(cert.CertificatePluginBase):
|
||||
raise NotImplementedError # pragma: no cover
|
||||
|
||||
def supports(self, certificate_spec):
|
||||
"""Returns a boolean indicating if the plugin supports the
|
||||
certificate type.
|
||||
"""Indicates if the plugin supports the certificate type.
|
||||
|
||||
:param certificate_spec: Contains details on the certificate to
|
||||
generate the certificate order
|
||||
:returns: boolean indicating if the plugin supports the certificate
|
||||
type
|
||||
"""
|
||||
#TODO(chellygel): Research what certificate types are supported by
|
||||
# TODO(chellygel): Research what certificate types are supported by
|
||||
# symantec. Returning True for testing purposes
|
||||
return True
|
||||
|
||||
|
||||
def _ca_create_order(self, order_meta, plugin_meta):
|
||||
"""Creates an order with the Symantec CA. The PartnerOrderId
|
||||
and GeoTrustOrderId are returned and stored in plugin_meta.
|
||||
PartnerCode and ProductCode are also stored in plugin_meta for
|
||||
future use.
|
||||
"""Creates an order with the Symantec CA.
|
||||
|
||||
The PartnerOrderId and GeoTrustOrderId are returned and stored in
|
||||
plugin_meta. PartnerCode and ProductCode are also stored in plugin_meta
|
||||
for future use.
|
||||
|
||||
All required order parameters must be stored as a dict in
|
||||
order_meta.
|
||||
|
||||
@ -1,14 +0,0 @@
|
||||
# Copyright (c) 2013-2014 Rackspace, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||
# implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
@ -805,8 +805,8 @@ class WhenTestingRSAContainerValidator(testtools.TestCase):
|
||||
self.assertEqual('secret_refs', exception.invalid_property)
|
||||
|
||||
def test_should_raise_duplicate_secret_id_in_secret_refs(self):
|
||||
self.container_req['secret_refs'][0]['secret_ref'] = \
|
||||
self.container_req['secret_refs'][2]['secret_ref']
|
||||
self.container_req['secret_refs'][0]['secret_ref'] = (
|
||||
self.container_req['secret_refs'][2]['secret_ref'])
|
||||
|
||||
exception = self.assertRaises(
|
||||
excep.InvalidObject,
|
||||
|
||||
@ -14,6 +14,7 @@
|
||||
# limitations under the License.
|
||||
|
||||
import datetime
|
||||
|
||||
import testtools
|
||||
|
||||
from barbican.model import models
|
||||
@ -101,13 +102,13 @@ class WhenCreatingNewContainer(testtools.TestCase):
|
||||
self.parsed_container['secret_refs'][2]['secret_ref'])
|
||||
|
||||
def test_parse_secret_ref_uri(self):
|
||||
self.parsed_container['secret_refs'][0]['secret_ref'] =\
|
||||
'http://localhost:9110/123/secrets/123456'
|
||||
self.parsed_container['secret_refs'][0]['secret_ref'] = (
|
||||
'http://localhost:9110/123/secrets/123456')
|
||||
container = models.Container(self.parsed_container)
|
||||
self.assertEqual(container.container_secrets[0].secret_id, '123456')
|
||||
|
||||
self.parsed_container['secret_refs'][0]['secret_ref'] =\
|
||||
'http://localhost:9110/123/secrets/123456/'
|
||||
self.parsed_container['secret_refs'][0]['secret_ref'] = (
|
||||
'http://localhost:9110/123/secrets/123456/')
|
||||
container = models.Container(self.parsed_container)
|
||||
self.assertEqual(container.container_secrets[0].secret_id, '123456')
|
||||
|
||||
|
||||
@ -19,7 +19,6 @@ from Crypto.PublicKey import DSA
|
||||
from Crypto.PublicKey import RSA
|
||||
from Crypto.Util import asn1
|
||||
from cryptography import fernet
|
||||
|
||||
import mock
|
||||
import six
|
||||
import testtools
|
||||
@ -94,6 +93,7 @@ class WhenTestingSimpleCryptoPlugin(testtools.TestCase):
|
||||
|
||||
def test_encrypt_with_unicode_kek_must_pass(self):
|
||||
"""Test plan:
|
||||
|
||||
Generate a kek
|
||||
Encrypt with master kek
|
||||
Convert to unicode
|
||||
@ -335,10 +335,11 @@ class WhenTestingSimpleCryptoPlugin(testtools.TestCase):
|
||||
generate_dto = plugin.GenerateDTO('rsa', 1024, None, 'changeme')
|
||||
kek_meta_dto = self._get_mocked_kek_meta_dto()
|
||||
|
||||
private_dto, public_dto, passwd_dto = \
|
||||
self.plugin.generate_asymmetric(generate_dto,
|
||||
kek_meta_dto,
|
||||
mock.MagicMock())
|
||||
private_dto, public_dto, passwd_dto = self.plugin.generate_asymmetric(
|
||||
generate_dto,
|
||||
kek_meta_dto,
|
||||
mock.MagicMock()
|
||||
)
|
||||
decrypt_dto = plugin.DecryptDTO(private_dto.cypher_text)
|
||||
private_dto = self.plugin.decrypt(decrypt_dto,
|
||||
kek_meta_dto,
|
||||
@ -352,10 +353,11 @@ class WhenTestingSimpleCryptoPlugin(testtools.TestCase):
|
||||
generate_dto = plugin.GenerateDTO('dsa', 1024, None, None)
|
||||
kek_meta_dto = self._get_mocked_kek_meta_dto()
|
||||
|
||||
private_dto, public_dto, passwd_dto = \
|
||||
self.plugin.generate_asymmetric(generate_dto,
|
||||
kek_meta_dto,
|
||||
mock.MagicMock())
|
||||
private_dto, public_dto, passwd_dto = self.plugin.generate_asymmetric(
|
||||
generate_dto,
|
||||
kek_meta_dto,
|
||||
mock.MagicMock()
|
||||
)
|
||||
|
||||
decrypt_dto = plugin.DecryptDTO(private_dto.cypher_text)
|
||||
private_dto = self.plugin.decrypt(decrypt_dto,
|
||||
|
||||
@ -14,7 +14,6 @@
|
||||
# limitations under the License.
|
||||
|
||||
import mock
|
||||
|
||||
import testtools
|
||||
|
||||
from barbican.model import models
|
||||
@ -130,8 +129,8 @@ class WhenTestingP11CryptoPlugin(testtools.TestCase):
|
||||
14, 15, 16]
|
||||
iv = self.plugin._generate_iv()
|
||||
self.assertEqual(len(iv), self.plugin.block_size)
|
||||
self.session.generateRandom.\
|
||||
assert_called_once_with(self.plugin.block_size)
|
||||
self.session.generateRandom.assert_called_once_with(
|
||||
self.plugin.block_size)
|
||||
|
||||
def test_generate_iv_with_invalid_response_size(self):
|
||||
self.session.generateRandom.return_value = [1, 2, 3, 4, 5, 6, 7]
|
||||
|
||||
@ -13,12 +13,12 @@
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
import mock
|
||||
import os
|
||||
import tempfile
|
||||
import testtools
|
||||
|
||||
import mock
|
||||
from requests import exceptions as request_exceptions
|
||||
import testtools
|
||||
|
||||
try:
|
||||
import barbican.plugin.dogtag as dogtag_import
|
||||
@ -206,7 +206,7 @@ class WhenTestingDogtagCAPlugin(testtools.TestCase):
|
||||
self.order_id = mock.MagicMock()
|
||||
self.profile_id = mock.MagicMock()
|
||||
|
||||
#request generated
|
||||
# request generated
|
||||
self.request = mock.MagicMock()
|
||||
self.request_id_mock = mock.MagicMock()
|
||||
self.request.request_id = self.request_id_mock
|
||||
@ -214,7 +214,7 @@ class WhenTestingDogtagCAPlugin(testtools.TestCase):
|
||||
self.cert_id_mock = mock.MagicMock()
|
||||
self.request.cert_id = self.cert_id_mock
|
||||
|
||||
#cert generated
|
||||
# cert generated
|
||||
self.cert = mock.MagicMock()
|
||||
self.cert_encoded_mock = mock.MagicMock()
|
||||
self.cert.encoded = self.cert_encoded_mock
|
||||
@ -228,8 +228,8 @@ class WhenTestingDogtagCAPlugin(testtools.TestCase):
|
||||
self.modified_request = mock.MagicMock()
|
||||
self.modified_request_id_mock = mock.MagicMock()
|
||||
self.modified_request.request_id = self.modified_request_id_mock
|
||||
self.modified_request.request_status = \
|
||||
dogtag_cert.CertRequestStatus.COMPLETE
|
||||
self.modified_request.request_status = (
|
||||
dogtag_cert.CertRequestStatus.COMPLETE)
|
||||
self.modified_request.cert_id = self.cert_id_mock
|
||||
|
||||
def tearDown(self):
|
||||
@ -409,8 +409,8 @@ class WhenTestingDogtagCAPlugin(testtools.TestCase):
|
||||
order_meta = {dogtag_import.DogtagCAPlugin.PROFILE_ID: self.profile_id}
|
||||
plugin_meta = {}
|
||||
|
||||
self.certclient_mock.enroll_cert.side_effect = \
|
||||
pki.BadRequestException("bad request")
|
||||
self.certclient_mock.enroll_cert.side_effect = (
|
||||
pki.BadRequestException("bad request"))
|
||||
|
||||
result_dto = self.plugin.issue_certificate_request(
|
||||
self.order_id, order_meta, plugin_meta)
|
||||
@ -427,8 +427,8 @@ class WhenTestingDogtagCAPlugin(testtools.TestCase):
|
||||
order_meta = {dogtag_import.DogtagCAPlugin.PROFILE_ID: self.profile_id}
|
||||
plugin_meta = {}
|
||||
|
||||
self.certclient_mock.enroll_cert.side_effect = \
|
||||
pki.PKIException("generic enrollment error")
|
||||
self.certclient_mock.enroll_cert.side_effect = (
|
||||
pki.PKIException("generic enrollment error"))
|
||||
|
||||
self.assertRaises(
|
||||
cm.CertificateGeneralException,
|
||||
@ -442,8 +442,8 @@ class WhenTestingDogtagCAPlugin(testtools.TestCase):
|
||||
order_meta = {dogtag_import.DogtagCAPlugin.PROFILE_ID: self.profile_id}
|
||||
plugin_meta = {}
|
||||
|
||||
self.certclient_mock.enroll_cert.side_effect = \
|
||||
request_exceptions.RequestException()
|
||||
self.certclient_mock.enroll_cert.side_effect = (
|
||||
request_exceptions.RequestException())
|
||||
|
||||
result_dto = self.plugin.issue_certificate_request(
|
||||
self.order_id, order_meta, plugin_meta)
|
||||
@ -478,8 +478,8 @@ class WhenTestingDogtagCAPlugin(testtools.TestCase):
|
||||
order_meta = mock.ANY
|
||||
plugin_meta = {dogtag_import.DogtagCAPlugin.REQUEST_ID:
|
||||
self.request_id_mock}
|
||||
self.certclient_mock.review_request.side_effect = \
|
||||
pki.RequestNotFoundException("request_not_found")
|
||||
self.certclient_mock.review_request.side_effect = (
|
||||
pki.RequestNotFoundException("request_not_found"))
|
||||
|
||||
result_dto = self.plugin.cancel_certificate_request(
|
||||
self.order_id, order_meta, plugin_meta)
|
||||
@ -496,8 +496,8 @@ class WhenTestingDogtagCAPlugin(testtools.TestCase):
|
||||
plugin_meta = {dogtag_import.DogtagCAPlugin.REQUEST_ID:
|
||||
self.request_id_mock}
|
||||
self.certclient_mock.review_request.return_value = self.review_response
|
||||
self.certclient_mock.cancel_request.side_effect = \
|
||||
pki.ConflictingOperationException("conflicting_operation")
|
||||
self.certclient_mock.cancel_request.side_effect = (
|
||||
pki.ConflictingOperationException("conflicting_operation"))
|
||||
|
||||
result_dto = self.plugin.cancel_certificate_request(
|
||||
self.order_id, order_meta, plugin_meta)
|
||||
@ -514,8 +514,8 @@ class WhenTestingDogtagCAPlugin(testtools.TestCase):
|
||||
order_meta = mock.ANY
|
||||
plugin_meta = {dogtag_import.DogtagCAPlugin.REQUEST_ID:
|
||||
self.request_id_mock}
|
||||
self.certclient_mock.review_request.side_effect = \
|
||||
request_exceptions.RequestException("request_exception")
|
||||
self.certclient_mock.review_request.side_effect = (
|
||||
request_exceptions.RequestException("request_exception"))
|
||||
|
||||
result_dto = self.plugin.cancel_certificate_request(
|
||||
self.order_id, order_meta, plugin_meta)
|
||||
@ -689,8 +689,8 @@ class WhenTestingDogtagCAPlugin(testtools.TestCase):
|
||||
order_meta = mock.ANY
|
||||
plugin_meta = {dogtag_import.DogtagCAPlugin.REQUEST_ID:
|
||||
self.request_id_mock}
|
||||
self.certclient_mock.review_request.side_effect = \
|
||||
pki.RequestNotFoundException("request_not_found")
|
||||
self.certclient_mock.review_request.side_effect = (
|
||||
pki.RequestNotFoundException("request_not_found"))
|
||||
|
||||
result_dto = self.plugin.modify_certificate_request(
|
||||
self.order_id, order_meta, plugin_meta)
|
||||
@ -707,8 +707,8 @@ class WhenTestingDogtagCAPlugin(testtools.TestCase):
|
||||
plugin_meta = {dogtag_import.DogtagCAPlugin.REQUEST_ID:
|
||||
self.request_id_mock}
|
||||
self.certclient_mock.review_request.return_value = self.review_response
|
||||
self.certclient_mock.cancel_request.side_effect = \
|
||||
pki.ConflictingOperationException("conflicting_operation")
|
||||
self.certclient_mock.cancel_request.side_effect = (
|
||||
pki.ConflictingOperationException("conflicting_operation"))
|
||||
|
||||
result_dto = self.plugin.modify_certificate_request(
|
||||
self.order_id, order_meta, plugin_meta)
|
||||
@ -725,8 +725,8 @@ class WhenTestingDogtagCAPlugin(testtools.TestCase):
|
||||
order_meta = mock.ANY
|
||||
plugin_meta = {dogtag_import.DogtagCAPlugin.REQUEST_ID:
|
||||
self.request_id_mock}
|
||||
self.certclient_mock.review_request.side_effect = \
|
||||
request_exceptions.RequestException("request_exception")
|
||||
self.certclient_mock.review_request.side_effect = (
|
||||
request_exceptions.RequestException("request_exception"))
|
||||
|
||||
result_dto = self.plugin.modify_certificate_request(
|
||||
self.order_id, order_meta, plugin_meta)
|
||||
|
||||
@ -12,10 +12,10 @@
|
||||
# implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
import testtools
|
||||
|
||||
from barbican.plugin.interface import secret_store
|
||||
from barbican.plugin import store_crypto
|
||||
import testtools
|
||||
|
||||
|
||||
class WhenStoreCryptoAdapterPlugin(testtools.TestCase):
|
||||
|
||||
@ -1,14 +0,0 @@
|
||||
# Copyright (c) 2013-2014 Rackspace, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||
# implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
@ -33,8 +33,8 @@ class WhenUsingBeginOrderTask(utils.BaseTestCase):
|
||||
self.tasks.process_order(context=None,
|
||||
order_id=self.order_id,
|
||||
keystone_id=self.keystone_id)
|
||||
mock_begin_order.return_value.process\
|
||||
.assert_called_with(self.order_id, self.keystone_id)
|
||||
mock_begin_order.return_value.process.assert_called_with(
|
||||
self.order_id, self.keystone_id)
|
||||
|
||||
|
||||
class WhenUsingTaskServer(utils.BaseTestCase):
|
||||
|
||||
@ -1,14 +0,0 @@
|
||||
# Copyright (c) 2013-2014 Rackspace, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||
# implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
@ -101,8 +101,8 @@ class WhenIssuingCertificateRequests(testtools.TestCase):
|
||||
)
|
||||
|
||||
def test_should_return_ca_unavailable_for_request(self):
|
||||
self.result.status = cert_man.CertificateStatus.\
|
||||
CA_UNAVAILABLE_FOR_REQUEST
|
||||
self.result.status = (
|
||||
cert_man.CertificateStatus.CA_UNAVAILABLE_FOR_REQUEST)
|
||||
|
||||
cert_res.issue_certificate_request(self.order_model,
|
||||
self.tenant_model,
|
||||
|
||||
@ -54,8 +54,8 @@ class WhenBeginningOrder(testtools.TestCase):
|
||||
self.order.secret_bit_length = self.secret_bit_length
|
||||
self.order.secret_mode = self.secret_mode
|
||||
self.order.secret_expiration = self.secret_expiration
|
||||
self.order.secret_payload_content_type = self\
|
||||
.secret_payload_content_type
|
||||
self.order.secret_payload_content_type = (
|
||||
self.secret_payload_content_type)
|
||||
|
||||
self.order_repo = mock.MagicMock()
|
||||
self.order_repo.get.return_value = self.order
|
||||
@ -88,19 +88,18 @@ class WhenBeginningOrder(testtools.TestCase):
|
||||
|
||||
self.resource.process(self.order.id, self.keystone_id)
|
||||
|
||||
self.order_repo.get \
|
||||
.assert_called_once_with(entity_id=self.order.id,
|
||||
keystone_id=self.keystone_id)
|
||||
self.order_repo.get.assert_called_once_with(
|
||||
entity_id=self.order.id, keystone_id=self.keystone_id)
|
||||
self.assertEqual(self.order.status, models.States.ACTIVE)
|
||||
|
||||
secret_info = self.order.to_dict_fields()['secret']
|
||||
mock_generate_secret\
|
||||
.assert_called_once_with(
|
||||
secret_info,
|
||||
secret_info.get('payload_content_type',
|
||||
'application/octet-stream'),
|
||||
self.tenant, mock.ANY
|
||||
)
|
||||
mock_generate_secret.assert_called_once_with(
|
||||
secret_info,
|
||||
secret_info.get('payload_content_type',
|
||||
'application/octet-stream'),
|
||||
self.tenant,
|
||||
mock.ANY
|
||||
)
|
||||
|
||||
def test_should_raise_during_retrieval(self):
|
||||
# Force an error during the order retrieval phase.
|
||||
@ -244,19 +243,18 @@ class WhenBeginningKeyTypeOrder(testtools.TestCase):
|
||||
mock_generate_secret.return_value = self.secret
|
||||
self.resource.process(self.order.id, self.keystone_id)
|
||||
|
||||
self.order_repo.get \
|
||||
.assert_called_once_with(entity_id=self.order.id,
|
||||
keystone_id=self.keystone_id)
|
||||
self.order_repo.get.assert_called_once_with(
|
||||
entity_id=self.order.id, keystone_id=self.keystone_id)
|
||||
self.assertEqual(self.order.status, models.States.ACTIVE)
|
||||
|
||||
secret_info = self.order.to_dict_fields()['meta']
|
||||
mock_generate_secret\
|
||||
.assert_called_once_with(
|
||||
secret_info,
|
||||
secret_info.get('payload_content_type',
|
||||
'application/octet-stream'),
|
||||
self.tenant, mock.ANY
|
||||
)
|
||||
mock_generate_secret.assert_called_once_with(
|
||||
secret_info,
|
||||
secret_info.get('payload_content_type',
|
||||
'application/octet-stream'),
|
||||
self.tenant,
|
||||
mock.ANY
|
||||
)
|
||||
|
||||
def test_should_fail_during_retrieval(self):
|
||||
# Force an error during the order retrieval phase.
|
||||
@ -396,19 +394,18 @@ class WhenBeginningAsymmetricTypeOrder(testtools.TestCase):
|
||||
mock_generate_asymmetric_secret.return_value = self.container
|
||||
self.resource.process(self.order.id, self.keystone_id)
|
||||
|
||||
self.order_repo.get \
|
||||
.assert_called_once_with(entity_id=self.order.id,
|
||||
keystone_id=self.keystone_id)
|
||||
self.order_repo.get.assert_called_once_with(
|
||||
entity_id=self.order.id, keystone_id=self.keystone_id)
|
||||
self.assertEqual(self.order.status, models.States.ACTIVE)
|
||||
|
||||
secret_info = self.order.to_dict_fields()['meta']
|
||||
mock_generate_asymmetric_secret\
|
||||
.assert_called_once_with(
|
||||
secret_info,
|
||||
secret_info.get('payload_content_type',
|
||||
'application/octet-stream'),
|
||||
self.tenant, mock.ANY
|
||||
)
|
||||
mock_generate_asymmetric_secret.assert_called_once_with(
|
||||
secret_info,
|
||||
secret_info.get('payload_content_type',
|
||||
'application/octet-stream'),
|
||||
self.tenant,
|
||||
mock.ANY
|
||||
)
|
||||
|
||||
def test_should_fail_during_retrieval(self):
|
||||
# Force an error during the order retrieval phase.
|
||||
|
||||
@ -33,14 +33,14 @@ expected_response = {"v1": "current", "build": "0.1.34dev"}
|
||||
# uuid tokens are smaller and easier to test with
|
||||
# assume there is a "demo" user with only member role
|
||||
|
||||
# curl -XPOST -d '{"auth":{"passwordCredentials":{"username": "demo", \
|
||||
# "password": "secret"}, "tenantName": "demo"}}' \
|
||||
# curl -XPOST -d '{"auth":{"passwordCredentials":{"username": "demo",
|
||||
# "password": "secret"}, "tenantName": "demo"}}'
|
||||
# -H "Content-type: application/json" http://localhost:35357/v2.0/tokens
|
||||
#
|
||||
# pull out the token_id from above and use in ping_barbican
|
||||
#
|
||||
|
||||
#TODO(malini) flesh this out
|
||||
# TODO(malini) flesh this out
|
||||
def get_demo_token(password):
|
||||
pass
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user