Fix getting secret for vault plugin

The following related tests in 'barbican-vault-devstack-functional' jenkins job should pass with this patch: test_secret_get_nones_payload_with_a_octet_stream test_secret_create_defaults_valid_types_and_encoding test_secret_create_with_secret_type This patch also enables kv version 1 in Vault, otherwise the Vault API interaction in castellan will fail. Change-Id: Id3b2503b2adb4f1f5eff55bb22f41d904232c284 Story: 2002976 Task: 22984
2018-07-17 20:33:44 +12:00 · 2018-07-17 20:33:44 +12:00 · 51ad51477b
commit 51ad51477b
parent 1baaacfa3a
3 changed files with 17 additions and 5 deletions
--- a/barbican/plugin/castellan_secret_store.py
+++ b/barbican/plugin/castellan_secret_store.py
@ -67,7 +67,9 @@ class CastellanSecretStore(ss.SecretStoreBase):
            secret = self.key_manager.get(
                self.context,
                secret_ref)
-            return secret.get_encoded()
+
+            return ss.SecretDTO(secret_type, secret.get_encoded(),
+                                ss.KeySpec(), secret_metadata['content_type'])
        except Exception as e:
            LOG.exception("Error retrieving secret {}: {}".format(
                secret_ref, six.text_type(e)))
--- a/barbican/tests/plugin/test_castellan_secret_store.py
+++ b/barbican/tests/plugin/test_castellan_secret_store.py
@ -155,19 +155,24 @@ class WhenTestingVaultSecretStore(utils.BaseTestCase):
        )

    def test_get_secret(self):
-        secret_metadata = {css.CastellanSecretStore.KEY_ID: key_ref1}
+        secret_metadata = {
+            css.CastellanSecretStore.KEY_ID: key_ref1,
+            "content_type": "application/octet-stream"
+        }
        response = self.plugin.get_secret(
            ss.SecretType.SYMMETRIC,
            secret_metadata
        )

+        self.assertIsInstance(response, ss.SecretDTO)
+
+        self.assertEqual(ss.SecretType.SYMMETRIC, response.type)
+        self.assertEqual(secret_passphrase, response.secret)
        self.plugin.key_manager.get.assert_called_once_with(
            mock.ANY,
            key_ref1
        )

-        self.assertEqual(response, secret_passphrase)
-
    def test_get_secret_throws_exception(self):
        secret_metadata = {css.CastellanSecretStore.KEY_ID: key_ref1}
        self.plugin.key_manager.get.side_effect = exception.Forbidden()
--- a/devstack/lib/barbican
+++ b/devstack/lib/barbican
@ -597,8 +597,13 @@ function install_vault {
        echo "Wah! Need to throw an error code here!"
    fi

-    #debug code follows:
    export VAULT_ADDR="http://${HOST_IP}:8200"
+
+    # Enable kv version 1
+    vault secrets disable secret/
+    vault secrets enable -version=1 -path=secret -description "kv version 1" kv
+
+    #debug code follows:
    vault status
    vault kv put secret/hello foo=world
    vault kv get secret/hello