openstack/barbican
Code Issues Proposed changes

Change behavior of GET cas/preferred

Browse Source 
A user will want to know information about which CA has been assigned
to him by either the project admin or the system admin.
Get /cas/preferred will return the ref of either the project
preferred CA (set by /add-to-project) or the global preferred CA
(set by /set-global-preferred).
If the admins have not set a preferred CA, then 404 is returned.

Change-Id: I56e5d4d62e0b99c9151f25f0f395ffe7c3ad41d1
Partially-implements: blueprint add-cas
Closes-bug: #1498269
This commit is contained in:
Dave McCowan 2015-09-21 22:49:21 -04:00
parent 9c17680bd6
commit a0380d71aa
3 changed files with 80 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
barbican/api/controllers/cas.py
View File

@ -444,14 +444,13 @@ class CertificateAuthoritiesController(controllers.ACLMixin):
project = res.get_or_create_project(external_project_id) project = res.get_or_create_project(external_project_id)
pref_cas = self.preferred_ca_repo.get_project_entities(project.id) pref_ca_id = cert_resources.get_project_preferred_ca_id(project.id)
if not pref_cas: if not pref_ca_id:
pecan.abort(404, u._("No preferred CA defined for this project")) pecan.abort(404, u._("No preferred CA defined for this project"))
ca = pref_cas[0]
return { return {
'ca_ref': 'ca_ref':
hrefs.convert_certificate_authority_to_href(ca.ca_id) hrefs.convert_certificate_authority_to_href(pref_ca_id)
} }
@index.when(method='POST', template='json') @index.when(method='POST', template='json')

19
barbican/tasks/certificate_resources.py
View File

@ -326,22 +326,29 @@ def get_global_preferred_ca():
return cas[0] return cas[0]
def _get_ca_id(order_meta, project_id): def get_project_preferred_ca_id(project_id):
ca_id = order_meta.get(cert.CA_ID) """Compute the preferred CA ID for a project
if ca_id:
return ca_id
First priority: a preferred CA is defined for the project
Second priority: a preferred CA is defined globally
Else: None
"""
preferred_ca_repository = repos.get_preferred_ca_repository() preferred_ca_repository = repos.get_preferred_ca_repository()
cas, offset, limit, total = preferred_ca_repository.get_by_create_date( cas, offset, limit, total = preferred_ca_repository.get_by_create_date(
project_id=project_id, suppress_exception=True) project_id=project_id, suppress_exception=True)
if total > 0: if total > 0:
return cas[0].ca_id return cas[0].ca_id
global_ca = get_global_preferred_ca() global_ca = get_global_preferred_ca()
if global_ca: if global_ca:
return global_ca.ca_id return global_ca.ca_id
return None
def _get_ca_id(order_meta, project_id):
ca_id = order_meta.get(cert.CA_ID)
if ca_id:
return ca_id
return get_project_preferred_ca_id(project_id)
def _update_result_follow_on( def _update_result_follow_on(

65
functionaltests/api/v1/functional/test_cas.py
View File

@ -365,7 +365,7 @@ class GlobalPreferredCATestCase(CATestCommon):
def test_global_preferred_update(self): def test_global_preferred_update(self):
if self.num_cas < 2: if self.num_cas < 2:
self.sTest("At least two CAs are required for this test") self.skipTest("At least two CAs are required for this test")
resp = self.ca_behaviors.set_global_preferred( resp = self.ca_behaviors.set_global_preferred(
ca_ref=self.cas[0], user_name=service_admin) ca_ref=self.cas[0], user_name=service_admin)
self.assertEqual(204, resp.status_code) self.assertEqual(204, resp.status_code)
@ -400,3 +400,66 @@ class GlobalPreferredCATestCase(CATestCommon):
self.assertEqual(204, resp.status_code) self.assertEqual(204, resp.status_code)
resp = self.ca_behaviors.get_global_preferred(user_name=service_admin) resp = self.ca_behaviors.get_global_preferred(user_name=service_admin)
self.assertEqual(404, resp.status_code) self.assertEqual(404, resp.status_code)
def test_global_preferred_affects_project_preferred(self):
if self.num_cas < 2:
self.skipTest("At least two CAs are required for this test")
resp = self.ca_behaviors.get_preferred(user_name=admin_a)
self.assertEqual(404, resp.status_code)
resp = self.ca_behaviors.set_global_preferred(
ca_ref=self.cas[1], user_name=service_admin)
self.assertEqual(204, resp.status_code)
resp = self.ca_behaviors.get_preferred(user_name=admin_a)
self.assertEqual(200, resp.status_code)
ca_id = hrefs.get_ca_id_from_ref(resp.model.ca_ref)
self.assertEqual(self.ca_ids[1], ca_id)
resp = self.ca_behaviors.unset_global_preferred(
user_name=service_admin)
self.assertEqual(204, resp.status_code)
resp = self.ca_behaviors.get_preferred(user_name=admin_a)
self.assertEqual(404, resp.status_code)
def test_project_preferred_overrides_global_preferred(self):
if self.num_cas < 2:
self.skipTest("At least two CAs are required for this test")
resp = self.ca_behaviors.get_preferred(user_name=admin_a)
self.assertEqual(404, resp.status_code)
resp = self.ca_behaviors.set_global_preferred(
ca_ref=self.cas[1], user_name=service_admin)
self.assertEqual(204, resp.status_code)
resp = self.ca_behaviors.get_preferred(user_name=admin_a)
self.assertEqual(200, resp.status_code)
ca_id = hrefs.get_ca_id_from_ref(resp.model.ca_ref)
self.assertEqual(self.ca_ids[1], ca_id)
resp = self.ca_behaviors.add_ca_to_project(
ca_ref=self.cas[0], user_name=admin_a)
self.assertEqual(204, resp.status_code)
resp = self.ca_behaviors.get_preferred(user_name=admin_a)
self.assertEqual(200, resp.status_code)
ca_id = hrefs.get_ca_id_from_ref(resp.model.ca_ref)
self.assertEqual(self.ca_ids[0], ca_id)
resp = self.ca_behaviors.remove_ca_from_project(
ca_ref=self.cas[0], user_name=admin_a)
self.assertEqual(204, resp.status_code)
resp = self.ca_behaviors.get_preferred(user_name=admin_a)
ca_id = hrefs.get_ca_id_from_ref(resp.model.ca_ref)
self.assertEqual(self.ca_ids[1], ca_id)
resp = self.ca_behaviors.unset_global_preferred(
user_name=service_admin)
self.assertEqual(204, resp.status_code)
resp = self.ca_behaviors.get_preferred(user_name=admin_a)
self.assertEqual(404, resp.status_code)