Fix getting secret for vault plugin
The following related tests in 'barbican-vault-devstack-functional' jenkins job should pass with this patch: test_secret_get_nones_payload_with_a_octet_stream test_secret_create_defaults_valid_types_and_encoding test_secret_create_with_secret_type This patch also enables kv version 1 in Vault, otherwise the Vault API interaction in castellan will fail. Change-Id: Id3b2503b2adb4f1f5eff55bb22f41d904232c284 Story: 2002976 Task: 22984
This commit is contained in:
parent
1baaacfa3a
commit
51ad51477b
@ -67,7 +67,9 @@ class CastellanSecretStore(ss.SecretStoreBase):
|
|||||||
secret = self.key_manager.get(
|
secret = self.key_manager.get(
|
||||||
self.context,
|
self.context,
|
||||||
secret_ref)
|
secret_ref)
|
||||||
return secret.get_encoded()
|
|
||||||
|
return ss.SecretDTO(secret_type, secret.get_encoded(),
|
||||||
|
ss.KeySpec(), secret_metadata['content_type'])
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
LOG.exception("Error retrieving secret {}: {}".format(
|
LOG.exception("Error retrieving secret {}: {}".format(
|
||||||
secret_ref, six.text_type(e)))
|
secret_ref, six.text_type(e)))
|
||||||
|
@ -155,19 +155,24 @@ class WhenTestingVaultSecretStore(utils.BaseTestCase):
|
|||||||
)
|
)
|
||||||
|
|
||||||
def test_get_secret(self):
|
def test_get_secret(self):
|
||||||
secret_metadata = {css.CastellanSecretStore.KEY_ID: key_ref1}
|
secret_metadata = {
|
||||||
|
css.CastellanSecretStore.KEY_ID: key_ref1,
|
||||||
|
"content_type": "application/octet-stream"
|
||||||
|
}
|
||||||
response = self.plugin.get_secret(
|
response = self.plugin.get_secret(
|
||||||
ss.SecretType.SYMMETRIC,
|
ss.SecretType.SYMMETRIC,
|
||||||
secret_metadata
|
secret_metadata
|
||||||
)
|
)
|
||||||
|
|
||||||
|
self.assertIsInstance(response, ss.SecretDTO)
|
||||||
|
|
||||||
|
self.assertEqual(ss.SecretType.SYMMETRIC, response.type)
|
||||||
|
self.assertEqual(secret_passphrase, response.secret)
|
||||||
self.plugin.key_manager.get.assert_called_once_with(
|
self.plugin.key_manager.get.assert_called_once_with(
|
||||||
mock.ANY,
|
mock.ANY,
|
||||||
key_ref1
|
key_ref1
|
||||||
)
|
)
|
||||||
|
|
||||||
self.assertEqual(response, secret_passphrase)
|
|
||||||
|
|
||||||
def test_get_secret_throws_exception(self):
|
def test_get_secret_throws_exception(self):
|
||||||
secret_metadata = {css.CastellanSecretStore.KEY_ID: key_ref1}
|
secret_metadata = {css.CastellanSecretStore.KEY_ID: key_ref1}
|
||||||
self.plugin.key_manager.get.side_effect = exception.Forbidden()
|
self.plugin.key_manager.get.side_effect = exception.Forbidden()
|
||||||
|
@ -597,8 +597,13 @@ function install_vault {
|
|||||||
echo "Wah! Need to throw an error code here!"
|
echo "Wah! Need to throw an error code here!"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
#debug code follows:
|
|
||||||
export VAULT_ADDR="http://${HOST_IP}:8200"
|
export VAULT_ADDR="http://${HOST_IP}:8200"
|
||||||
|
|
||||||
|
# Enable kv version 1
|
||||||
|
vault secrets disable secret/
|
||||||
|
vault secrets enable -version=1 -path=secret -description "kv version 1" kv
|
||||||
|
|
||||||
|
#debug code follows:
|
||||||
vault status
|
vault status
|
||||||
vault kv put secret/hello foo=world
|
vault kv put secret/hello foo=world
|
||||||
vault kv get secret/hello
|
vault kv get secret/hello
|
||||||
|
Loading…
Reference in New Issue
Block a user