Merge "Changes to get certificate issuance flow working"

2014-09-25 16:15:57 +00:00 · 2014-09-25 16:15:57 +00:00 · c13df4f2be
commit c13df4f2be
parent f3ff599d25 3c23d316d7
8 changed files with 65 additions and 24 deletions
--- a/barbican/model/repositories.py
+++ b/barbican/model/repositories.py
@ -855,6 +855,26 @@ class OrderPluginMetadatumRepo(BaseRepo):
                meta_model.order = order_model
                meta_model.save(session=session)
    def get_metadata_for_order(self, order_id):
        """Returns a dict of OrderPluginMetadatum instances."""
        session = get_session()
        with session.begin():
            try:
                query = session.query(models.OrderPluginMetadatum)
                query = query.filter_by(deleted=False)
                # Note: Must use '== None' below, not 'is None'.
                query = query.filter(
                    models.OrderPluginMetadatum.order_id == order_id)
                metadata = query.all()
            except sa_orm.exc.NoResultFound:
                metadata = dict()
        return dict((m.key, m.value) for m in metadata)
    def _do_entity_name(self):
        """Sub-class hook: return entity name, such as for debugging."""
        return "OrderPluginMetadatum"
--- a/barbican/plugin/dogtag.py
+++ b/barbican/plugin/dogtag.py
@ -480,14 +480,15 @@ class DogtagKRAPlugin(sstore.SecretStoreBase):
    def _store_secret_attributes(meta_dict, secret_dto):
        # store the following attributes for retrieval
        key_spec = secret_dto.key_spec
-        if key_spec.alg is not None:
+        if key_spec is not None:
-            meta_dict[DogtagKRAPlugin.ALG] = key_spec.alg
+            if key_spec.alg is not None:
-        if key_spec.bit_length is not None:
+                meta_dict[DogtagKRAPlugin.ALG] = key_spec.alg
-            meta_dict[DogtagKRAPlugin.BIT_LENGTH] = key_spec.bit_length
+            if key_spec.bit_length is not None:
-        if key_spec.mode is not None:
+                meta_dict[DogtagKRAPlugin.BIT_LENGTH] = key_spec.bit_length
-            meta_dict[DogtagKRAPlugin.SECRET_MODE] = key_spec.mode
+            if key_spec.mode is not None:
                meta_dict[DogtagKRAPlugin.SECRET_MODE] = key_spec.mode
        if secret_dto.type is not None:
-            meta_dict[DogtagKRAPlugin.SECRET_TYPE] = secret_dto, type
+            meta_dict[DogtagKRAPlugin.SECRET_TYPE] = secret_dto.type
    def _get_passphrase_for_a_private_key(self, secret_metadata, key_spec):
        """Retrieve the passphrase for the private key which is stored
--- a/barbican/plugin/resources.py
+++ b/barbican/plugin/resources.py
@ -110,7 +110,9 @@ def store_secret(unencrypted_raw, content_type_raw, content_encoding,
    # Store the secret securely.
    # TODO(john-wood-w) Remove the SecretStoreContext once repository factory
    #  and unit test patch work is completed.
-    secret_type = secret_store.KeyAlgorithm().get_secret_type(key_spec.alg)
+    secret_type = None
    if key_spec is not None:
        secret_store.KeyAlgorithm().get_secret_type(key_spec.alg)
    secret_dto = secret_store.SecretDTO(type=secret_type,
                                        secret=unencrypted,
                                        key_spec=key_spec,
--- a/barbican/tasks/certificate_resources.py
+++ b/barbican/tasks/certificate_resources.py
@ -70,7 +70,8 @@ def issue_certificate_request(order_model, tenant_model, repos):
        the request has been completed.  None otherwise
    """
    container_model = None
-    plugin_meta = _get_plugin_meta(order_model)
+
    plugin_meta = _get_plugin_meta(order_model, repos)
    # Locate a suitable plugin to issue a certificate.
    cert_plugin = cert.CertificatePluginManager().get_plugin(order_model.meta)
@ -125,7 +126,8 @@ def check_certificate_request(order_model, tenant_model, plugin_name, repos):
        request has been completed.  None otherwise.
    """
    container_model = None
-    plugin_meta = _get_plugin_meta(order_model)
+    plugin_meta = _get_plugin_meta(order_model, repos)
    cert_plugin = cert.CertificatePluginManager().get_plugin_by_name(
        plugin_name)
@ -227,11 +229,10 @@ def _schedule_retry_task(retry_object, retry_method, retry_time, args):
    pass
-def _get_plugin_meta(order_model):
+def _get_plugin_meta(order_model, repos):
    if order_model:
-        meta_dict = dict((k, v.value) for (k, v) in
+        return repos.order_plugin_meta_repo.get_metadata_for_order(
-                         order_model.order_plugin_metadata.items())
+            order_model.id)
        return meta_dict
    else:
        return dict()
--- a/barbican/tasks/resources.py
+++ b/barbican/tasks/resources.py
@ -217,7 +217,8 @@ class BeginTypeOrder(BaseTask):
    def __init__(self, tenant_repo=None, order_repo=None,
                 secret_repo=None, tenant_secret_repo=None, datum_repo=None,
                 kek_repo=None, container_repo=None,
-                 container_secret_repo=None, secret_meta_repo=None):
+                 container_secret_repo=None, secret_meta_repo=None,
                 order_plugin_meta_repo=None):
            LOG.debug('Creating BeginTypeOrder task processor')
            self.repos = rep.Repositories(
                tenant_repo=tenant_repo,
@ -227,6 +228,7 @@ class BeginTypeOrder(BaseTask):
                kek_repo=kek_repo,
                secret_meta_repo=secret_meta_repo,
                order_repo=order_repo,
                order_plugin_meta_repo=order_plugin_meta_repo,
                container_repo=container_repo,
                container_secret_repo=container_secret_repo)
--- a/barbican/tests/tasks/test_certificate_resources.py
+++ b/barbican/tests/tasks/test_certificate_resources.py
@ -30,21 +30,26 @@ class WhenPerformingPrivateOperations(utils.BaseTestCase):
                self.value = value
        class OrderModel(object):
            id = mock.ANY
            order_plugin_metadata = {
                "foo": Value(1),
                "bar": Value(2),
            }
        order_model = OrderModel()
-        expected_dict = dict(
+        repos = mock.MagicMock()
-            (k, v.value) for (k, v) in
+        meta_repo_mock = mock.MagicMock()
-            order_model.order_plugin_metadata.items())
+        repos.order_plugin_meta_repo = meta_repo_mock
        meta_repo_mock.get_metadata_for_order.return_value = (
            order_model.order_plugin_metadata
        )
-        result = cert_res._get_plugin_meta(order_model)
+        result = cert_res._get_plugin_meta(order_model, repos)
-        self._assert_dict_equal(expected_dict, result)
+        self._assert_dict_equal(order_model.order_plugin_metadata, result)
    def test_get_plugin_meta_with_empty_dict(self):
-        result = cert_res._get_plugin_meta(None)
+        repos = mock.MagicMock()
        result = cert_res._get_plugin_meta(None, repos)
        self._assert_dict_equal({}, result)
--- a/barbican/tests/tasks/test_resources.py
+++ b/barbican/tests/tasks/test_resources.py
@ -205,6 +205,8 @@ class WhenBeginningKeyTypeOrder(utils.BaseTestCase):
        self.order_repo = mock.MagicMock()
        self.order_repo.get.return_value = self.order
        self.order_plugin_meta_repo = mock.MagicMock()
        self.secret = models.Secret()
        self.secret_repo = mock.MagicMock()
@ -236,7 +238,8 @@ class WhenBeginningKeyTypeOrder(utils.BaseTestCase):
                                                 self.kek_repo,
                                                 self.secret_meta_repo,
                                                 self.container_repo,
-                                                 self.container_secret_repo)
+                                                 self.container_secret_repo,
                                                 self.order_plugin_meta_repo)
    @mock.patch('barbican.plugin.resources.generate_secret')
    def test_should_process_key_order(self, mock_generate_secret):
@ -358,6 +361,8 @@ class WhenBeginningAsymmetricTypeOrder(utils.BaseTestCase):
        self.order_repo = mock.MagicMock()
        self.order_repo.get.return_value = self.order
        self.order_plugin_meta_repo = mock.MagicMock()
        self.secret_repo = mock.MagicMock()
        self.secret_repo.create_from.return_value = None
@ -386,7 +391,8 @@ class WhenBeginningAsymmetricTypeOrder(utils.BaseTestCase):
                                                 self.kek_repo,
                                                 self.secret_meta_repo,
                                                 self.container_repo,
-                                                 self.container_secret_repo)
+                                                 self.container_secret_repo,
                                                 self.order_plugin_meta_repo)
    @mock.patch('barbican.plugin.resources.generate_asymmetric_secret')
    def test_should_process_asymmetric_order(self,
--- a/etc/barbican/barbican-api.conf
+++ b/etc/barbican/barbican-api.conf
@ -151,6 +151,11 @@ version = '1.1'
 # Server name for RPC service
 server_name = 'barbican.queue'
 # ================= Secret Store Plugin ===================
 [secretstore]
 namespace = barbican.secretstore.plugin
 enabled_secretstore_plugins = store_crypto
 # ================= Crypto plugin ===================
 [crypto]
 namespace = barbican.crypto.plugin
@ -162,7 +167,6 @@ kek = 'YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXoxMjM0NTY='
 [dogtag_plugin]
 pem_path = '/etc/barbican/kra_admin_cert.pem'
 pem_password = 'password123'
 dogtag_host = localhost
 dogtag_port = 8443
 nss_db_path = '/etc/barbican/alias'