openstack/barbican
Code Issues Proposed changes

Merge "Make default action return 405 in the controllers"

Browse Source
This commit is contained in:
Jenkins 2015-01-13 20:44:01 +00:00 committed by Gerrit Code Review
commit dd0d963f5b
8 changed files with 354 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
barbican/api/controllers/consumers.py
View File

@ -41,10 +41,14 @@ class ContainerConsumerController(object):
self.consumer_repo = consumer_repo or repo.ContainerConsumerRepo()
self.validator = validators.ContainerConsumerValidator()
@pecan.expose(generic=True, template='json')
@pecan.expose(generic=True)
def index(self):
pecan.abort(405) # HTTP 405 Method Not Allowed as default
@index.when(method='GET', template='json')
@controllers.handle_exceptions(u._('ContainerConsumer retrieval'))
@controllers.enforce_rbac('consumer:get')
def index(self, external_project_id):
def on_get(self, external_project_id):
consumer = self.consumer_repo.get(
entity_id=self.consumer_id,
external_project_id=external_project_id,
@ -75,10 +79,14 @@ class ContainerConsumersController(object):
return ContainerConsumerController(consumer_id, self.project_repo,
self.consumer_repo), remainder
@pecan.expose(generic=True, template='json')
@pecan.expose(generic=True)
def index(self, **kwargs):
pecan.abort(405) # HTTP 405 Method Not Allowed as default
@index.when(method='GET', template='json')
@controllers.handle_exceptions(u._('ContainerConsumers(s) retrieval'))
@controllers.enforce_rbac('consumers:get')
def index(self, external_project_id, **kw):
def on_get(self, external_project_id, **kw):
LOG.debug('Start consumers on_get '
'for container-ID %s:', self.container_id)

16
barbican/api/controllers/containers.py
View File

@ -48,10 +48,14 @@ class ContainerController(object):
container_id, self.project_repo, self.consumer_repo,
self.container_repo)
@pecan.expose(generic=True, template='json')
@pecan.expose(generic=True)
def index(self, **kwargs):
pecan.abort(405) # HTTP 405 Method Not Allowed as default
@index.when(method='GET', template='json')
@controllers.handle_exceptions(u._('Container retrieval'))
@controllers.enforce_rbac('container:get')
def index(self, external_project_id):
def on_get(self, external_project_id):
container = self.container_repo.get(
entity_id=self.container_id,
external_project_id=external_project_id,
@ -111,10 +115,14 @@ class ContainersController(object):
self.container_repo, self.consumer_repo),
remainder)
@pecan.expose(generic=True, template='json')
@pecan.expose(generic=True)
def index(self, **kwargs):
pecan.abort(405) # HTTP 405 Method Not Allowed as default
@index.when(method='GET', template='json')
@controllers.handle_exceptions(u._('Containers(s) retrieval'))
@controllers.enforce_rbac('containers:get')
def index(self, project_id, **kw):
def on_get(self, project_id, **kw):
LOG.debug('Start containers on_get for project-ID %s:', project_id)
result = self.container_repo.get_by_create_date(

18
barbican/api/controllers/orders.py
View File

@ -82,10 +82,14 @@ class OrderController(object):
self.queue = queue_resource or async_client.TaskClient()
self.type_order_validator = validators.TypeOrderValidator()
@pecan.expose(generic=True, template='json')
@pecan.expose(generic=True)
def index(self, **kwargs):
pecan.abort(405) # HTTP 405 Method Not Allowed as default
@index.when(method='GET', template='json')
@controllers.handle_exceptions(u._('Order retrieval'))
@controllers.enforce_rbac('order:get')
def index(self, external_project_id):
def on_get(self, external_project_id):
order = self.order_repo.get(entity_id=self.order_id,
external_project_id=external_project_id,
suppress_exception=True)
@ -168,10 +172,14 @@ class OrdersController(object):
def _lookup(self, order_id, *remainder):
return OrderController(order_id, self.order_repo), remainder
@pecan.expose(generic=True, template='json')
@pecan.expose(generic=True)
def index(self, **kwargs):
pecan.abort(405) # HTTP 405 Method Not Allowed as default
@index.when(method='GET', template='json')
@controllers.handle_exceptions(u._('Order(s) retrieval'))
@controllers.enforce_rbac('orders:get')
def index(self, external_project_id, **kw):
def on_get(self, external_project_id, **kw):
LOG.debug('Start orders on_get '
'for project-ID %s:', external_project_id)
@ -195,7 +203,7 @@ class OrdersController(object):
return orders_resp_overall
@pecan.expose(generic=True, template='json')
@index.when(method='PUT', template='json')
@controllers.handle_exceptions(u._('Order update'))
@controllers.enforce_rbac('orders:put')
def on_put(self, external_project_id, **kwargs):

14
barbican/api/controllers/secrets.py
View File

@ -81,10 +81,14 @@ class SecretController(object):
transport_key_repo=transport_key_repo)
@pecan.expose(generic=True)
def index(self, **kwargs):
pecan.abort(405) # HTTP 405 Method Not Allowed as default
@index.when(method='GET')
@allow_all_content_types
@controllers.handle_exceptions(u._('Secret retrieval'))
@controllers.enforce_rbac('secret:get')
def index(self, external_project_id, **kwargs):
def on_get(self, external_project_id, **kwargs):
secret = self.repos.secret_repo.get(
entity_id=self.secret_id,
@ -215,10 +219,14 @@ class SecretsController(object):
self.repos.secret_meta_repo,
self.repos.transport_key_repo), remainder
@pecan.expose(generic=True, template='json')
@pecan.expose(generic=True)
def index(self, **kwargs):
pecan.abort(405) # HTTP 405 Method Not Allowed as default
@index.when(method='GET', template='json')
@controllers.handle_exceptions(u._('Secret(s) retrieval'))
@controllers.enforce_rbac('secrets:get')
def index(self, external_project_id, **kw):
def on_get(self, external_project_id, **kw):
def secret_fields(field):
return putil.mime_types.augment_fields_with_content_types(field)

14
barbican/api/controllers/transportkeys.py
View File

@ -43,9 +43,13 @@ class TransportKeyController(object):
self.repo = transport_key_repo or repo.TransportKeyRepo()
@pecan.expose(generic=True)
def index(self, external_project_id, **kwargs):
pecan.abort(405) # HTTP 405 Method Not Allowed as default
@index.when(method='GET')
@controllers.handle_exceptions(u._('Transport Key retrieval'))
@controllers.enforce_rbac('transport_key:get')
def index(self, external_project_id):
def on_get(self, external_project_id):
LOG.debug("== Getting transport key for %s", external_project_id)
transport_key = self.repo.get(entity_id=self.transport_key_id)
if not transport_key:
@ -82,10 +86,14 @@ class TransportKeysController(object):
def _lookup(self, transport_key_id, *remainder):
return TransportKeyController(transport_key_id, self.repo), remainder
@pecan.expose(generic=True, template='json')
@pecan.expose(generic=True)
def index(self, external_project_id, **kwargs):
pecan.abort(405) # HTTP 405 Method Not Allowed as default
@index.when(method='GET', template='json')
@controllers.handle_exceptions(u._('Transport Key(s) retrieval'))
@controllers.enforce_rbac('transport_keys:get')
def index(self, external_project_id, **kw):
def on_get(self, external_project_id, **kw):
LOG.debug('Start transport_keys on_get')
plugin_name = kw.get('plugin_name', None)

8
barbican/api/controllers/versions.py
View File

@ -25,9 +25,13 @@ class VersionController(object):
def __init__(self):
LOG.debug('=== Creating VersionController ===')
@pecan.expose('json')
@controllers.handle_exceptions(u._('Version retrieval'))
@pecan.expose(generic=True)
def index(self):
pecan.abort(405) # HTTP 405 Method Not Allowed as default
@index.when(method='GET', template='json')
@controllers.handle_exceptions(u._('Version retrieval'))
def on_get(self):
return {
'v1': 'current',
'build': version.__version__

288
barbican/tests/api/test_resources.py
View File

@ -1449,6 +1449,26 @@ class WhenGettingPuttingOrDeletingSecretUsingSecretResource(FunctionalTest):
self.assertEqual(resp.content_type, "application/json")
class WhenPerformingUnallowedOperationsOnSecrets(BaseSecretsResource):
def test_should_not_allow_put_on_secrets(self):
resp = self.app.put_json(
'/secrets/',
self.secret_req,
expect_errors=True
)
self.assertEqual(resp.status_int, 405)
def test_should_not_allow_delete_on_secrets(self):
resp = self.app.delete(
'/secrets/',
expect_errors=True
)
self.assertEqual(resp.status_int, 405)
class WhenCreatingOrdersUsingOrdersResource(FunctionalTest):
def setUp(self):
super(
@ -1916,6 +1936,79 @@ class WhenCreatingTypeOrdersUsingOrdersResource(FunctionalTest):
self.assertEqual(resp.status_int, 415)
class WhenPerformingUnallowedOperationsOnOrders(FunctionalTest):
def setUp(self):
super(
WhenPerformingUnallowedOperationsOnOrders, self
).setUp()
self.app = webtest.TestApp(app.PecanAPI(self.root))
self.app.extra_environ = get_barbican_env(self.external_project_id)
@property
def root(self):
self._init()
class RootController(object):
orders = controllers.orders.OrdersController(self.project_repo,
self.order_repo,
self.queue_resource)
return RootController()
def _init(self):
self.project_internal_id = 'projectid1234'
self.external_project_id = 'keystoneid1234'
self.project = models.Project()
self.project.id = self.project_internal_id
self.project.external_id = self.external_project_id
self.project_repo = mock.MagicMock()
self.project_repo.get.return_value = self.project
self.order_repo = mock.MagicMock()
self.order_repo.create_from.return_value = None
self.queue_resource = mock.MagicMock()
self.type = 'key'
self.meta = {"name": "secretname",
"algorithm": "AES",
"bit_length": 256,
"mode": "cbc",
'payload_content_type':
'application/octet-stream'}
self.key_order_req = {'type': self.type,
'meta': self.meta}
def test_should_not_allow_put_orders(self):
resp = self.app.put_json(
'/orders/',
self.key_order_req,
expect_errors=True
)
self.assertEqual(resp.status_int, 405)
def test_should_not_allow_delete_orders(self):
resp = self.app.delete(
'/orders/',
expect_errors=True
)
self.assertEqual(resp.status_int, 405)
def test_should_not_allow_post_order_by_id(self):
resp = self.app.post_json(
'/orders/{0}/'.format('id1'),
self.key_order_req,
headers={
'Content-Type': 'application/json'
},
expect_errors=True
)
self.assertEqual(resp.status_int, 405)
class WhenAddingNavigationHrefs(utils.BaseTestCase):
def setUp(self):
@ -2204,6 +2297,90 @@ class WhenGettingOrDeletingContainerUsingContainerResource(FunctionalTest):
self.assertEqual(resp.content_type, "application/json")
class WhenPerformingUnallowedOperationsOnContainers(FunctionalTest):
def setUp(self):
super(
WhenPerformingUnallowedOperationsOnContainers, self
).setUp()
self.app = webtest.TestApp(app.PecanAPI(self.root))
self.app.extra_environ = get_barbican_env(self.external_project_id)
@property
def root(self):
self._init()
class RootController(object):
containers = controllers.containers.ContainersController(
self.project_repo, self.container_repo, self.secret_repo,
self.consumer_repo
)
return RootController()
def _init(self):
self.name = 'test container name'
self.type = 'generic'
self.secret_refs = [
{
'name': 'test secret 1',
'secret_ref': '1231'
},
{
'name': 'test secret 2',
'secret_ref': '1232'
},
{
'name': 'test secret 3',
'secret_ref': '1233'
}
]
self.external_project_id = 'keystoneid1234'
self.project_internal_id = 'projectid1234'
self.project = models.Project()
self.project.id = self.project_internal_id
self.project.external_id = self.external_project_id
self.project_repo = mock.MagicMock()
self.project_repo.get.return_value = self.project
self.container = create_container(id_ref='id1')
self.container_repo = mock.MagicMock()
self.container_repo.get.return_value = self.container
self.container_repo.delete_entity_by_id.return_value = None
self.secret_repo = mock.MagicMock()
self.consumer_repo = mock.MagicMock()
self.container_req = {'name': self.name,
'type': self.type,
'secret_refs': self.secret_refs}
def test_should_not_allow_put_on_containers(self):
resp = self.app.put_json(
'/containers/',
self.container_req,
expect_errors=True
)
self.assertEqual(resp.status_int, 405)
def test_should_not_allow_post_on_container_by_id(self):
resp = self.app.post_json(
'/containers/{0}/'.format(self.container.id),
self.container_req,
expect_errors=True)
self.assertEqual(resp.status_int, 405)
def test_should_not_allow_put_on_container_by_id(self):
resp = self.app.put_json(
'/containers/{0}/'.format(self.container.id),
self.container_req,
expect_errors=True)
self.assertEqual(resp.status_int, 405)
class WhenCreatingConsumersUsingConsumersResource(FunctionalTest):
def setUp(self):
super(
@ -2482,6 +2659,117 @@ class WhenGettingOrDeletingConsumersUsingConsumerResource(FunctionalTest):
)
class WhenPerformingUnallowedOperationsOnConsumers(FunctionalTest):
def setUp(self):
super(
WhenPerformingUnallowedOperationsOnConsumers, self
).setUp()
self.app = webtest.TestApp(app.PecanAPI(self.root))
self.app.extra_environ = get_barbican_env(self.external_project_id)
@property
def root(self):
self._init()
class RootController(object):
containers = controllers.containers.ContainersController(
self.project_repo, self.container_repo, self.secret_repo,
self.consumer_repo
)
return RootController()
def _init(self):
self.name = 'test container name'
self.type = 'generic'
self.secret_refs = [
{
'name': 'test secret 1',
'secret_ref': '1231'
},
{
'name': 'test secret 2',
'secret_ref': '1232'
},
{
'name': 'test secret 3',
'secret_ref': '1233'
}
]
self.consumer_ref = {
'name': 'test_consumer1',
'URL': 'http://consumer/1'
}
self.external_project_id = 'keystoneid1234'
self.project_internal_id = 'projectid1234'
self.project = models.Project()
self.project.id = self.project_internal_id
self.project.external_id = self.external_project_id
self.project_repo = mock.MagicMock()
self.project_repo.get.return_value = self.project
self.consumer_repo = mock.MagicMock()
self.container = create_container(id_ref='id1')
self.consumer = create_consumer(self.container.id, id_ref='id2')
self.consumer2 = create_consumer(self.container.id, id_ref='id3')
self.consumer_ref = {
'name': self.consumer.name,
'URL': self.consumer.URL
}
self.container_repo = mock.MagicMock()
self.container_repo.get.return_value = self.container
self.consumer_repo.get_by_values.return_value = self.consumer
self.consumer_repo.delete_entity_by_id.return_value = None
self.secret_repo = mock.MagicMock()
def test_should_not_allow_put_on_consumers(self):
ret_val = ([self.consumer], 0, 0, 1)
self.consumer_repo.get_by_container_id.return_value = ret_val
resp = self.app.put_json(
'/containers/{0}/consumers/'.format(self.container.id),
self.consumer_ref,
expect_errors=True
)
self.assertEqual(resp.status_int, 405)
def test_should_not_allow_post_on_consumer_by_id(self):
self.consumer_repo.get.return_value = self.consumer
resp = self.app.post_json(
'/containers/{0}/consumers/{1}/'.format(self.container.id,
self.consumer.id),
self.consumer_ref,
expect_errors=True
)
self.assertEqual(resp.status_int, 405)
def test_should_not_allow_put_on_consumer_by_id(self):
self.consumer_repo.get.return_value = self.consumer
resp = self.app.put_json(
'/containers/{0}/consumers/{1}/'.format(self.container.id,
self.consumer.id),
self.consumer_ref,
expect_errors=True
)
self.assertEqual(resp.status_int, 405)
def test_should_not_allow_delete_on_consumer_by_id(self):
self.consumer_repo.get.return_value = self.consumer
resp = self.app.delete(
'/containers/{0}/consumers/{1}/'.format(self.container.id,
self.consumer.id),
expect_errors=True
)
self.assertEqual(resp.status_int, 405)
class WhenGettingContainersListUsingResource(FunctionalTest):
def setUp(self):
super(

2
barbican/tests/api/test_resources_policy.py
View File

@ -51,7 +51,7 @@ class TestableResource(object):
def on_get(self, req, resp, *args, **kwargs):
with mock.patch('pecan.request', req):
with mock.patch('pecan.response', resp):
return self.controller.index(*args, **kwargs)
return self.controller.on_get(*args, **kwargs)
def on_post(self, req, resp, *args, **kwargs):
with mock.patch('pecan.request', req):