Restructure project to accommodate plugin types

The current project structure only naturally accommodates HSM-style plugins in
the 'crypto' package. This change request introduces the new Python packages
and module stubs needed for the new structure.

Change-Id: I466cbc833a638eda1707efcfe3c6c8af1bf3ddf7

barbican/plugin/crypto/crypto.py

@@ -0,0 +1,2 @@
+#TODO(john-wood-w) Pull over current crypto package elements: plugin.py and
+# lookup parts of extension_manager.py

barbican/plugin/crypto/p11_crypto.py

@@ -0,0 +1 @@
+#TODO(john-wood-w) Pull over current crypto package's p11_crypto.py

barbican/plugin/dogtag.py

@@ -0,0 +1,2 @@
+#TODO(john-wood-w) Move over Ade's current crypto/dogtag_crypto.py,
+#  but re-cast into the secret store interface.

barbican/plugin/interface/certificates.py

@@ -0,0 +1,2 @@
+#TODO(john-wood-w) See
+#  https://review.openstack.org/#/c/95023/1/barbican/tasks/certificates.py

barbican/plugin/interface/secret_store.py

@@ -16,7 +16,43 @@
 import abc
 import six
 
-# Constants used by SecretStores
+from oslo.config import cfg
+from stevedore import named
+
+from barbican.common import exception
+from barbican.openstack.common import gettextutils as u
+
+
+CONF = cfg.CONF
+DEFAULT_PLUGIN_NAMESPACE = 'barbican.secretstore.plugin'
+DEFAULT_PLUGINS = ['store_crypto']
+
+store_opt_group = cfg.OptGroup(name='secretstore',
+                               title='Secret Store Plugin Options')
+store_opts = [
+    cfg.StrOpt('namespace',
+               default=DEFAULT_PLUGIN_NAMESPACE,
+               help=u._('Extension namespace to search for plugins.')
+               ),
+    cfg.MultiStrOpt('enabled_secretstore_plugins',
+                    default=DEFAULT_PLUGINS,
+                    help=u._('List of secret store plugins to load.')
+                    )
+]
+CONF.register_group(store_opt_group)
+CONF.register_opts(store_opts, group=store_opt_group)
+
+
+class SecretStorePluginNotFound(exception.BarbicanException):
+    """Raised when no plugins are installed."""
+    message = u._("Secret store plugin not found.")
+
+
+class SecretStoreSupportedPluginNotFound(exception.BarbicanException):
+    """Raised when no plugins are found that support the requested
+    operation.
+    """
+    message = "Secret store plugin not found for requested operation."
 
 
 class SecretType(object):
@@ -202,3 +238,46 @@ class SecretStoreBase(object):
         :param secret_metadata: secret_metadata
         """
         raise NotImplementedError  # pragma: no cover
+
+
+class SecretStorePluginManager(named.NamedExtensionManager):
+    def __init__(self, conf=CONF, invoke_on_load=True,
+                 invoke_args=(), invoke_kwargs={}):
+        super(SecretStorePluginManager, self).__init__(
+            conf.secretstore.namespace,
+            conf.secretstore.enabled_secretstore_plugins,
+            invoke_on_load=invoke_on_load,
+            invoke_args=invoke_args,
+            invoke_kwds=invoke_kwargs
+        )
+
+    def get_plugin_store(self):
+        """Gets a secret store plugin.
+
+        :returns: SecretStoreBase plugin implementation
+        """
+
+        if len(self.extensions) < 1:
+            raise SecretStorePluginNotFound()
+
+        return self.extensions[0].obj
+
+    def get_plugin_generate(self, key_spec):
+        """Gets a secret generate plugin.
+
+        :param key_spec: KeySpec that contains details on the type of key to
+        generate
+        :returns: SecretStoreBase plugin implementation
+        """
+
+        if len(self.extensions) < 1:
+            raise SecretStorePluginNotFound()
+
+        for ext in self.extensions:
+            if ext.obj.generate_supports(key_spec):
+                generate_plugin = ext.obj
+                break
+        else:
+            raise SecretStoreSupportedPluginNotFound()
+
+        return generate_plugin

barbican/plugin/kmip.py

@@ -0,0 +1 @@
+#TODO(john-wood-w) Add KMIP implementation of the secret_store.py interface.

barbican/plugin/store_crypto.py

@@ -0,0 +1 @@
+#TODO(john-wood-w) Add store to crypto adapter logic here.

barbican/plugin/symantec.py

@@ -0,0 +1,2 @@
+#TODO(john-wood-w) See
+#  https://review.openstack.org/#/c/95023/1/barbican/tasks/symantec.py

barbican/tests/plugin/interface/test_secret_store.py

@@ -0,0 +1,87 @@
+# Copyright (c) 2014 Johns Hopkins University Applied Physics Laboratory
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import mock
+import testtools
+
+from barbican.plugin.interface import secret_store as str
+
+
+class TestSecretStore(str.SecretStoreBase):
+    """Secret store plugin for testing support."""
+
+    def __init__(self, generate_supports_response):
+        super(TestSecretStore, self).__init__()
+        self.generate_supports_response = generate_supports_response
+
+    def generate_symmetric_key(self, key_spec):
+        raise NotImplementedError  # pragma: no cover
+
+    def generate_asymmetric_key(self, key_spec):
+        raise NotImplementedError  # pragma: no cover
+
+    def store_secret(self, secret_dto):
+        raise NotImplementedError  # pragma: no cover
+
+    def get_secret(self, secret_metadata):
+        raise NotImplementedError  # pragma: no cover
+
+    def generate_supports(self, key_spec):
+        return self.generate_supports_response
+
+    def delete_secret(self, secret_metadata):
+        raise NotImplementedError  # pragma: no cover
+
+
+class WhenTestingSecretStorePluginManager(testtools.TestCase):
+
+    def setUp(self):
+        super(WhenTestingSecretStorePluginManager, self).setUp()
+        self.manager = str.SecretStorePluginManager()
+
+    def test_get_store_supported_plugin(self):
+        plugin = TestSecretStore(True)
+        plugin_mock = mock.MagicMock(obj=plugin)
+        self.manager.extensions = [plugin_mock]
+
+        self.assertEqual(plugin,
+                         self.manager.get_plugin_store())
+
+    def test_get_generate_supported_plugin(self):
+        plugin = TestSecretStore(True)
+        plugin_mock = mock.MagicMock(obj=plugin)
+        self.manager.extensions = [plugin_mock]
+        keySpec = str.KeySpec('AES', 128)
+
+        self.assertEqual(plugin,
+                         self.manager.get_plugin_generate(keySpec))
+
+    def test_get_store_no_plugin_found(self):
+        self.manager.extensions = []
+        self.assertRaises(
+            str.SecretStorePluginNotFound,
+            self.manager.get_plugin_store,
+        )
+
+    def test_get_generate_no_supported_plugin(self):
+        plugin = TestSecretStore(False)
+        plugin_mock = mock.MagicMock(obj=plugin)
+        self.manager.extensions = [plugin_mock]
+        keySpec = str.KeySpec('AES', 128)
+        self.assertRaises(
+            str.SecretStoreSupportedPluginNotFound,
+            self.manager.get_plugin_generate,
+            keySpec,
+        )

barbican/tests/plugin/test_kmip.py

@@ -13,6 +13,4 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-"""
-SecretStore services for Barbican.
-"""
+#TODO(john-wood-w) Add test of KMIP implementation.