openstack/barbican
Code Issues Proposed changes

Merge "Add ID property to all entities"

Browse Source
This commit is contained in:
Jenkins 2017-01-27 22:14:07 +00:00 committed by Gerrit Code Review
commit 75a7ebe678
22 changed files with 166 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
api-guide/source/containers.rst
View File

@ -32,6 +32,7 @@ in the same container reference:
.. code-block:: json
{
"id": "{uuid}",
"type": "generic",
"status": "ACTIVE",
"name": "Test Environment User Passwords",
@ -71,6 +72,7 @@ certificates:
.. code-block:: json
{
"id": "{uuid}",
"type": "certificate",
"status": "ACTIVE",
"name": "Example.com Certificates",
@ -119,6 +121,7 @@ key pass phrases.
.. code-block:: json
{
"id": "{uuid}",
"type": "rsa",
"status": "ACTIVE",
"name": "John Smith RSA",
@ -180,7 +183,10 @@ This should provide a response as follows:
.. code-block:: bash
{"container_ref": "http://localhost:9311/v1/containers/0fecaec4-7cd7-4e70-a760-cc7eaf5c3afb"}
{
"id": "0fecaec4-7cd7-4e70-a760-cc7eaf5c3afb",
"container_ref": "http://localhost:9311/v1/containers/0fecaec4-7cd7-4e70-a760-cc7eaf5c3afb"
}
This is our container reference. We will need this in order to retrieve the container.
Jump ahead to :ref:`How To Retrieve a Container <retrieve_container>` to make sure our
@ -226,7 +232,10 @@ This should provide a response as follows:
.. code-block:: bash
{"container_ref": "http://localhost:9311/v1/containers/0fecaec4-7cd7-4e70-a760-cc7eaf5c3afb"}
{
"id": "0fecaec4-7cd7-4e70-a760-cc7eaf5c3afb",
"container_ref": "http://localhost:9311/v1/containers/0fecaec4-7cd7-4e70-a760-cc7eaf5c3afb"
}
This is our container reference. We will need this in order to retrieve the container.
Jump ahead to :ref:`How To Retrieve a Container <retrieve_container>` to make sure our
@ -268,7 +277,10 @@ This should provide a response as follows:
.. code-block:: bash
{"container_ref": "http://localhost:9311/v1/containers/0fecaec4-7cd7-4e70-a760-cc7eaf5c3afb"}
{
"id": "0fecaec4-7cd7-4e70-a760-cc7eaf5c3afb",
"container_ref": "http://localhost:9311/v1/containers/0fecaec4-7cd7-4e70-a760-cc7eaf5c3afb"
}
This is our container reference. We will need this in order to retrieve the container.
Jump ahead to :ref:`How To Retrieve a Container <retrieve_container>` to make sure our
@ -290,6 +302,7 @@ This should provide a response as follows:
.. code-block:: bash
{
"id": "49d3c5e9-80bb-47ec-8787-968bb500d76e",
"status": "ACTIVE",
"updated": "2015-03-31T21:21:34.126042",
"name": "container name",

16
api-guide/source/orders.rst
View File

@ -30,8 +30,8 @@ Creating an Order
#################
When you want barbican to generate a secret you need to create an order.
For an order to be processed correctly the parameters mode,
bit_length, and algorithm must be valid. Otherwise the order will fail and
For an order to be processed correctly, all the parameters in the "meta"
object must be valid. Otherwise the order will fail and
the secret will not be generated. The example below shows a valid order for
generating a symmetric key. You can find a more detailed explanation about
the parameters in the
@ -45,13 +45,16 @@ documentation.
"bit_length": 256, "mode": "cbc", "payload_content_type": "application/octet-stream"}
}' http://localhost:9311/v1/orders
You should receive an order reference after placing your order with barbican.
You should receive an order ID after placing your order with barbican.
.. code-block:: bash
{"order_ref": "http://localhost:9311/v1/orders/3a5c6748-44de-4c1c-9e54-085c3f79e942"}
{
"id": "3a5c6748-44de-4c1c-9e54-085c3f79e942",
"order_ref": "http://localhost:9311/v1/orders/3a5c6748-44de-4c1c-9e54-085c3f79e942"
}
The order reference is used to retrieve the metadata for the order you placed
The order ID is used to retrieve the metadata for the order you placed
which can then be used to retrieve your secret.
.. _retrieve_order:
@ -72,6 +75,7 @@ The typical response is below:
.. code-block:: json
{
"id": "3a5c6748-44de-4c1c-9e54-085c3f79e942",
"created": "2015-10-15T18:15:10",
"creator_id": "40540f978fbd45c1af18910e3e02b63f",
"meta": {
@ -115,6 +119,7 @@ It is also possible to retrieve all orders for a project.
{
"orders": [
{
"id": "3a5c6748-44de-4c1c-9e54-085c3f79e942",
"created": "2015-10-15T18:15:10",
"creator_id": "40540f978fbd45c1af18910e3e02b63f",
"meta": {
@ -134,6 +139,7 @@ It is also possible to retrieve all orders for a project.
"updated": "2015-10-15T18:15:10"
},
{
"id": "d99ced51-ea7a-4c14-8e11-0dda0f49c5be",
"created": "2015-10-15T18:51:35",
"creator_id": "40540f978fbd45c1af18910e3e02b63f",
"meta": {

10
api-guide/source/secrets.rst
View File

@ -61,7 +61,10 @@ This should provide a response as follows:
.. code-block:: bash
{"secret_ref": "http://localhost:9311/v1/secrets/2a549393-0710-444b-8aa5-84cf0f85ea79"}
{
"id": "2a549393-0710-444b-8aa5-84cf0f85ea79",
"secret_ref": "http://localhost:9311/v1/secrets/2a549393-0710-444b-8aa5-84cf0f85ea79"
}
This is our secret reference. We will need this in order to retrieve the secret in the following steps.
Jump ahead to :ref:`How to Retrieve a Secret <retrieve_secret>` to make sure our secret is
@ -85,7 +88,10 @@ This should provide a response as follows:
.. code-block:: bash
{"secret_ref": "http://localhost:9311/v1/secrets/2a549393-0710-444b-8aa5-84cf0f85ea79"}
{
"id": "2a549393-0710-444b-8aa5-84cf0f85ea79",
"secret_ref": "http://localhost:9311/v1/secrets/2a549393-0710-444b-8aa5-84cf0f85ea79"
}
Now that we have a secret reference available, we can update the secret data.

4
barbican/api/controllers/containers.py
View File

@ -222,7 +222,7 @@ class ContainersController(controllers.ACLMixin):
LOG.info(u._LI('Created a container for project: %s'),
external_project_id)
return {'container_ref': url}
return {'id': new_container.id, 'container_ref': url}
class ContainersSecretsController(controllers.ACLMixin):
@ -288,7 +288,7 @@ class ContainersSecretsController(controllers.ACLMixin):
LOG.info(u._LI('Created a container secret for project: %s'),
external_project_id)
return {'container_ref': url}
return {'id': self.container.id, 'container_ref': url}
@index.when(method='DELETE')
@utils.allow_all_content_types

2
barbican/api/controllers/orders.py
View File

@ -254,4 +254,4 @@ class OrdersController(controllers.ACLMixin):
pecan.response.status = 202
pecan.response.headers['Location'] = url
return {'order_ref': url}
return {'id': order_id, 'order_ref': url}

5
barbican/api/controllers/secrets.py
View File

@ -451,6 +451,7 @@ class SecretsController(controllers.ACLMixin):
if transport_key_model is not None:
tkey_url = hrefs.convert_transport_key_to_href(
transport_key_model.id)
return {'secret_ref': url, 'transport_key_ref': tkey_url}
return {'id': new_secret.id, 'secret_ref': url,
'transport_key_ref': tkey_url}
else:
return {'secret_ref': url}
return {'id': new_secret.id, 'secret_ref': url}

8
barbican/api/controllers/versions.py
View File

@ -79,9 +79,11 @@ class V1Controller(BaseVersionController):
version_string = 'v1'
# NOTE(jaosorior): We might start using decimals in the future, meanwhile
# this is the same as the version string.
version_id = 'v1'
# This is the Major.Minor version
# 1.1 - Mitaka
# 1.2 - Newton
# 1.3 - Ocata
version_id = 'v1.3'
last_updated = '2015-04-28T00:00:00Z'

1
barbican/model/models.py
View File

@ -174,6 +174,7 @@ class ModelBase(object):
updated_at = self.updated_at
dict_fields = {
'id': self.id,
'created': created_at,
'updated': updated_at,
'status': self.status

16
barbican/tests/api/controllers/test_containers.py
View File

@ -49,6 +49,13 @@ class WhenCreatingContainersUsingContainersResource(
self.assertEqual(container_name, container.name)
self.assertEqual(container_type, container.type)
def test_created_container_has_id(self):
resp, id_from_ref = create_container(
self.app,
container_type='generic'
)
self.assertEqual(id_from_ref, resp.json.get('id'))
def test_should_add_new_populated_container(self):
secret_name = 'test secret 1'
resp, _ = secret_helper.create_secret(
@ -242,6 +249,15 @@ class WhenGettingOrDeletingContainerUsingContainerResource(
self.assertEqual(container_name, resp.json.get('name', ''))
self.assertEqual(container_type, resp.json.get('type', ''))
def test_container_has_id(self):
create_resp, container_id = create_container(
self.app,
container_type='generic'
)
get_resp = self.app.get('/containers/{0}'.format(container_id))
self.assertEqual(container_id, get_resp.json.get('id'))
def test_should_delete_container(self):
resp, container_uuid = create_container(
self.app,

17
barbican/tests/api/controllers/test_orders.py
View File

@ -57,6 +57,14 @@ class WhenCreatingOrdersUsingOrdersResource(utils.BarbicanAPIBaseTestCase):
self.assertIsInstance(order, models.Order)
def test_created_order_has_id(self):
resp, id_from_ref = create_order(
self.app,
order_type='key',
meta=generic_key_meta
)
self.assertEqual(id_from_ref, resp.json.get('id'))
def test_order_creation_should_allow_unknown_algorithm(self):
meta = {
'bit_length': 128,
@ -176,6 +184,15 @@ class WhenGettingOrDeletingOrders(utils.BarbicanAPIBaseTestCase):
get_resp = self.app.get('/orders/{0}/'.format(order_uuid))
self.assertEqual(200, get_resp.status_int)
def test_order_has_id(self):
create_resp, order_id = create_order(
self.app,
order_type='key',
meta=generic_key_meta
)
get_resp = self.app.get('/orders/{0}'.format(order_id))
self.assertEqual(order_id, get_resp.json.get('id'))
def test_can_delete_order(self):
# Make sure we have a order to retrieve
create_resp, order_uuid = create_order(

21
barbican/tests/api/controllers/test_secrets.py
View File

@ -42,6 +42,15 @@ class WhenTestingSecretsResource(utils.BarbicanAPIBaseTestCase):
self.assertEqual(201, resp.status_int)
self.assertIsNotNone(secret_uuid)
def test_created_secret_has_id(self):
resp, id_from_ref = create_secret(
self.app,
payload='some-secret',
content_type='text/plain'
)
self.assertEqual(id_from_ref, resp.json.get('id'))
def test_can_create_new_secret_without_payload(self):
resp, secret_uuid = create_secret(self.app, name='test')
self.assertEqual(201, resp.status_int)
@ -285,6 +294,18 @@ class WhenGettingSecretsList(utils.BarbicanAPIBaseTestCase):
class WhenGettingPuttingOrDeletingSecret(utils.BarbicanAPIBaseTestCase):
def test_get_secret_has_id(self):
resp, secret_id = create_secret(
self.app,
payload='secret-here',
content_type='text/plain'
)
get_resp = self.app.get(
'/secrets/{0}'.format(secret_id),
headers={'Accept': 'application/json'})
self.assertEqual(secret_id, get_resp.json.get('id'))
def test_get_secret_as_plain(self):
payload = 'this message will self destruct in 10 seconds'
resp, secret_uuid = create_secret(

1
barbican/tests/api/controllers/test_secretstores.py
View File

@ -78,7 +78,6 @@ class WhenTestingSecretStores(utils.BarbicanAPIBaseTestCase,
for i, secret_data in enumerate(secret_stores_data):
self.assertEqual(i == g_index, secret_data['global_default'])
self.assertIsNotNone(secret_data['secret_store_ref'])
self.assertIsNone(secret_data.get('id'))
self.assertIsNone(secret_data.get('secret_store_id'))
self.assertIsNotNone(secret_data['name'])
self.assertIsNotNone(secret_data['secret_store_plugin'])

6
doc/source/api/reference/containers.rst
View File

@ -63,6 +63,7 @@ Response:
{
"containers": [
{
"id": "{uuid}",
"consumers": [],
"container_ref": "https://{barbican_host}/v1/containers/{uuid}",
"created": "2015-03-26T21:10:45.417835",
@ -104,6 +105,8 @@ Response Attributes
+-------------+--------+---------------------------------------------------------+
| Name | Type | Description |
+=============+========+=========================================================+
| id | string | The unique identifier for the container. New in v1.3 |
+-------------+--------+---------------------------------------------------------+
| name | string | (optional) Human readable name for the container |
+-------------+--------+---------------------------------------------------------+
| type | string | Type of container. Options: generic, rsa, certificate |
@ -126,6 +129,7 @@ Response:
.. code-block:: javascript
{
"id": "{uuid}",
"type": "generic",
"status": "ACTIVE",
"name": "container name",
@ -223,6 +227,7 @@ Response:
.. code-block:: javascript
{
"id": "{container_uuid}",
"container_ref": "https://{barbican_host}/v1/containers/{container_uuid}"
}
@ -316,6 +321,7 @@ Response:
.. code-block:: javascript
{
"id": "{container_uuid}",
"container_ref": "https://{barbican_host}/v1/containers/{container_uuid}"
}

16
doc/source/api/reference/orders.rst
View File

@ -54,6 +54,7 @@ Response:
{
"orders": [
{
"id": "2284ba6f-f964-4de7-b61e-c413df5d1e47",
"created": "2015-10-20T18:38:44",
"creator_id": "40540f978fbd45c1af18910e3e02b63f",
"meta": {
@ -73,6 +74,7 @@ Response:
"updated": "2015-10-20T18:38:44"
},
{
"id": "87b7169e-3aa2-4cb1-8800-b5aadf6babd1",
"created": "2015-10-20T18:38:47",
"creator_id": "40540f978fbd45c1af18910e3e02b63f",
"meta": {
@ -186,6 +188,7 @@ Response:
202 Created
{
"id": "{order_uuid}",
"order_ref": "http://{barbican_host}/v1/orders/{order_uuid}"
}
@ -194,11 +197,13 @@ Response:
Response Attributes
*******************
+----------+---------+--------------------------------------------------------------+
+----------+---------+---------------------------------------------------------------+
| Name | Type | Description |
+==========+=========+==============================================================+
| order_ref| string | Order reference |
+----------+---------+--------------------------------------------------------------+
+==========+=========+===============================================================+
| id | string | Unique identifier for the order that was created. New in v1.3 |
+----------+---------+---------------------------------------------------------------+
| order_ref| string | Order reference URI |
+----------+---------+---------------------------------------------------------------+
.. _post_orders_status_codes:
@ -250,6 +255,7 @@ Response:
200 Success
{
"id": "5443d349-fe0c-4bfd-bd9d-99c4a9770638",
"created": "2015-10-20T18:49:02",
"creator_id": "40540f978fbd45c1af18910e3e02b63f",
"meta": {
@ -278,6 +284,8 @@ Response Attributes
+--------------------+---------+----------------------------------------------------+
| Name | Type | Description |
+====================+=========+====================================================+
| id | string | Unique identifier for the order. New in v1.3 |
+--------------------+---------+----------------------------------------------------+
| created | string | Timestamp in ISO8601 format of when the order was |
| | | created |
+--------------------+---------+----------------------------------------------------+

5
doc/source/api/reference/secret_types.rst
View File

@ -63,6 +63,7 @@ This should return a reference (URI) for the secret that was created:
.. code-block:: json
{
"id": "48d24158-b4b4-45b8-9669-d9f0ef793c23",
"secret_ref": "http://localhost:9311/v1/secrets/48d24158-b4b4-45b8-9669-d9f0ef793c23"
}
@ -79,6 +80,7 @@ The metadata will list the available content-types for the symmetric secret:
.. code-block:: json
{
"id": "48d24158-b4b4-45b8-9669-d9f0ef793c23",
"algorithm": "AES",
"bit_length": 256,
"content_types": {
@ -157,6 +159,7 @@ This should return a reference (URI) for the secret that was created:
200 OK
{
"id": "cd20d134-c229-417a-a753-86432ad13bad",
"secret_ref": "http://localhost:9311/v1/secrets/cd20d134-c229-417a-a753-86432ad13bad"
}
@ -190,6 +193,7 @@ listed there:
.. code-block:: json
{
"id": "cd20d134-c229-417a-a753-86432ad13bad",
"algorithm": "RSA",
"bit_length": null,
"content_types": {
@ -254,5 +258,6 @@ This should return a reference (URI) for the secret that was created.
200 OK
{
"id": "d553f0ac-c79d-43b4-b165-32594b612ad4",
"secret_ref": "http://localhost:9311/v1/secrets/d553f0ac-c79d-43b4-b165-32594b612ad4"
}

25
doc/source/api/reference/secrets.rst
View File

@ -105,6 +105,7 @@ Response:
"previous": "http://{barbican_host}:9311/v1/secrets?limit=2&offset=0",
"secrets": [
{
"id": "{uuid}",
"algorithm": null,
"bit_length": null,
"content_types": {
@ -121,6 +122,7 @@ Response:
"updated": "2015-04-07T03:37:19.808337"
},
{
"id": "{uuid}",
"algorithm": null,
"bit_length": null,
"content_types": {
@ -192,6 +194,10 @@ Attributes
+----------------------------+---------+-----------------------------------------------------+------------+
| Attribute Name | Type | Description | Default |
+============================+=========+=====================================================+============+
| secret_type | string | (optional) Used to indicate the type of | ``opaque`` |
| | | secret being stored. For more information | |
| | | see :doc:`Secret Types <../reference/secret_types>` | |
+----------------------------+---------+-----------------------------------------------------+------------+
| name | string | (optional) The name of the secret set by the | None |
| | | user. | |
+----------------------------+---------+-----------------------------------------------------+------------+
@ -224,10 +230,6 @@ Attributes
| | | to include it in the JSON request. | |
| | | Currently only ``base64`` is supported. | |
+----------------------------+---------+-----------------------------------------------------+------------+
| secret_type | string | (optional) Used to indicate the type of | ``opaque`` |
| | | secret being stored. For more information | |
| | | see :doc:`Secret Types <../reference/secret_types>` | |
+----------------------------+---------+-----------------------------------------------------+------------+
Request:
********
@ -248,7 +250,8 @@ Request:
"mode": "cbc",
"payload": "YmVlcg==",
"payload_content_type": "application/octet-stream",
"payload_content_encoding": "base64"
"payload_content_encoding": "base64",
"secret_type": "symmetric"
}
Response:
@ -259,9 +262,20 @@ Response:
201 Created
{
"id": "{secret_uuid}",
"secret_ref": "https://{barbican_host}/v1/secrets/{secret_uuid}"
}
Response Attributes
*******************
+------------+---------+--------------------------------------------------------------+
| Name | Type | Description |
+============+=========+==============================================================+
| id | uuid | Unique identifier for the created secret. New in v1.3 |
+------------+---------+--------------------------------------------------------------+
| secret_ref | uri | Location URI for the created secret. |
+------------+---------+--------------------------------------------------------------+
HTTP Status Codes
*****************
@ -306,6 +320,7 @@ Response:
200 OK
{
"id": "{secret_uuid}",
"status": "ACTIVE",
"created": "2015-03-23T20:46:51.650515",
"updated": "2015-03-23T20:46:51.654116",

3
functionaltests/api/v1/models/ca_models.py
View File

@ -19,12 +19,13 @@ from functionaltests.api.v1.models import base_models
class CAModel(base_models.BaseModel):
def __init__(self, expiration=None, ca_id=None, ca_ref=None,
def __init__(self, id=None, expiration=None, ca_id=None, ca_ref=None,
status=None, updated=None, created=None, plugin_name=None,
plugin_ca_id=None, meta=None, parent_ca_ref=None,
subject_dn=None, name=None, description=None):
super(CAModel, self).__init__()
self.id = id
self.expiration = expiration
self.ca_id = ca_id
self.ca_ref = ca_ref

5
functionaltests/api/v1/models/consumer_model.py
View File

@ -18,9 +18,10 @@ from functionaltests.api.v1.models import base_models
class ConsumerModel(base_models.BaseModel):
def __init__(self, name=None, URL=None, created=None, updated=None,
status=None):
def __init__(self, id=None, name=None, URL=None, created=None,
updated=None, status=None):
super(ConsumerModel, self).__init__()
self.id = id
self.name = name
self.URL = URL
self.created = created

6
functionaltests/api/v1/models/container_models.py
View File

@ -25,9 +25,10 @@ class SecretRefModel(base_models.BaseModel):
class ContainerModel(base_models.BaseModel):
def __init__(self, name=None, type=None, secret_refs=[],
def __init__(self, id=None, name=None, type=None, secret_refs=[],
container_ref=None, consumers=None, status=None,
updated=None, created=None, creator_id=None):
self.id = id
self.name = name
self.type = type
self.secret_refs = secret_refs
@ -42,5 +43,6 @@ class ContainerModel(base_models.BaseModel):
def dict_to_obj(cls, input_dict):
secret_refs = [SecretRefModel(**secret_ref) for secret_ref in
input_dict.get('secret_refs', [])]
return cls(input_dict.get('name'), input_dict.get('type'), secret_refs,
return cls(input_dict.get('id'), input_dict.get('name'),
input_dict.get('type'), secret_refs,
container_ref=input_dict.get('container_ref'))

8
functionaltests/api/v1/models/order_models.py
View File

@ -18,10 +18,10 @@ from functionaltests.api.v1.models.base_models import BaseModel
class OrderModel(BaseModel):
def __init__(self, type=None, name=None, status=None, secret_ref=None,
expiration=None, updated=None, created=None, meta=None,
payload_content_type=None, order_ref=None, container_ref=None,
error_status_code=None, error_reason=None,
def __init__(self, id=None, type=None, name=None, status=None,
secret_ref=None, expiration=None, updated=None, created=None,
meta=None, payload_content_type=None, order_ref=None,
container_ref=None, error_status_code=None, error_reason=None,
sub_status=None, sub_status_message=None, creator_id=None):
super(OrderModel, self).__init__()
self.type = type

3
functionaltests/api/v1/models/secret_models.py
View File

@ -19,13 +19,14 @@ from functionaltests.api.v1.models import base_models
class SecretModel(base_models.BaseModel):
def __init__(self, name=None, expiration=None, algorithm=None,
def __init__(self, id=None, name=None, expiration=None, algorithm=None,
secret_ref=None, bit_length=None, mode=None, secret_type=None,
payload_content_type=None, payload=None, content_types=None,
payload_content_encoding=None, status=None, updated=None,
created=None, creator_id=None, metadata=None):
super(SecretModel, self).__init__()
self.id = id
self.name = name
self.expiration = expiration
self.algorithm = algorithm

6
releasenotes/notes/add-id-property-b7c1d3d102c0293b.yaml Normal file
View File

@ -0,0 +1,6 @@
---
features:
- |
This release adds an "id" property to all entities returned by the API.
The value of the new "id" property is the unique UUID found at the end of
the entity reference URI.