openstack/barbican
Code Issues Proposed changes

Fix 500 server error invalid transport key during secret creation

Browse Source 
If a user creates a secret and passes in a transport key reference
that does not exist, the server responds to a 500 error. It has
been fixed to return a 400 error with a message that says transport key
not found.

Change-Id: I3c6dd459efc4aec611f88a73b118cd3f36444b63
Closes-Bug: #1554172
This commit is contained in:
Elvin Tubillara 2016-03-09 09:16:07 -06:00
parent c5526e2b69
commit caa0bd0301
3 changed files with 24 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
barbican/common/exception.py
View File

@ -424,6 +424,13 @@ class StoredKeyPrivateKeyNotFound(BarbicanException):
"key needed for stored key certificate generation.")
class ProvidedTransportKeyNotFound(BarbicanHTTPException):
message = u._("Provided Transport key %(transport_key_id)s "
"could not be found")
client_message = u._("Provided transport key was not found.")
status_code = 400
class InvalidUUIDInURI(BarbicanHTTPException):
message = u._("The provided UUID in the URI (%(uuid_string)s) is "
"malformed.")

10
barbican/plugin/resources.py
View File

@ -11,6 +11,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
from barbican.common import exception
from barbican.common import utils
from barbican.model import models
from barbican.model import repositories as repos
@ -47,10 +48,11 @@ def _get_plugin_name_and_transport_key(transport_key_id):
transport_key = None
if transport_key_id is not None:
transport_key_repo = repos.get_transport_key_repository()
transport_key_model = transport_key_repo.get(
entity_id=transport_key_id)
if transport_key_model is None:
raise ValueError("Invalid transport key ID provided")
try:
transport_key_model = transport_key_repo.get(
entity_id=transport_key_id)
except exception.NotFound:
raise exception.ProvidedTransportKeyNotFound(str(transport_key_id))
plugin_name = transport_key_model.plugin_name
if plugin_name is None:

11
barbican/tests/api/controllers/test_secrets.py
View File

@ -157,6 +157,17 @@ class WhenTestingSecretsResource(utils.BarbicanAPIBaseTestCase):
transport_key_needed=False
)
def test_new_secret_fails_with_invalid_transport_key_ref(self):
resp, _ = create_secret(
self.app,
payload=b'superdupersecret',
content_type='text/plain',
transport_key_id="non_existing_transport_key_id",
transport_key_needed="true",
expect_errors=True
)
self.assertEqual(400, resp.status_int)
def test_new_secret_w_unsupported_content_type_should_fail(self):
resp, _ = create_secret(
self.app,