openstack/barbican
Code Issues Proposed changes

Clean up Verifications resource

Browse Source 
The Verifications resource POC should be removed from Barbican.

Change-Id: I5823cb94314a2c2f497f045c620dde974741a004
This commit is contained in:
Douglas Mendizabal 2014-04-01 23:00:43 -05:00
parent e3d7b43cda
commit ef40e55b01
15 changed files with 2 additions and 752 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
barbican/api/app.py
View File

@ -56,8 +56,6 @@ def create_main_app(global_config, **local_conf):
secret = res.SecretResource(crypto_mgr)
orders = res.OrdersResource()
order = res.OrderResource()
verifications = res.VerificationsResource()
verification = res.VerificationResource()
containers = res.ContainersResource()
container = res.ContainerResource()
@ -73,9 +71,6 @@ def create_main_app(global_config, **local_conf):
api.add_route('/{keystone_id}/secrets/{secret_id}', secret)
api.add_route('/{keystone_id}/orders', orders)
api.add_route('/{keystone_id}/orders/{order_id}', order)
api.add_route('/{keystone_id}/verifications', verifications)
api.add_route('/{keystone_id}/verifications/{verification_id}',
verification)
api.add_route('/{keystone_id}/containers/', containers)
api.add_route('/{keystone_id}/containers/{container_id}', container)

124
barbican/api/resources.py
View File

@ -53,13 +53,6 @@ def _order_not_found(req, resp):
'another castle.'), req, resp)
def _verification_not_found(req, resp):
"""Throw exception indicating verification not found."""
api.abort(falcon.HTTP_404, u._('Not Found. Sorry but your verification '
'result is in '
'another castle.'), req, resp)
def _container_not_found(req, resp):
"""Throw exception indicating container not found."""
api.abort(falcon.HTTP_404, u._('Not Found. Sorry but your container '
@ -101,15 +94,6 @@ def convert_secret_to_href(keystone_id, secret_id):
return utils.hostname_for_refs(keystone_id=keystone_id, resource=resource)
def convert_verification_to_href(keystone_id, verification_id):
"""Convert the tenant/verification IDs to a HATEOS-style href."""
if verification_id:
resource = 'verifications/' + verification_id
else:
resource = 'verifications/????'
return utils.hostname_for_refs(keystone_id=keystone_id, resource=resource)
def convert_order_to_href(keystone_id, order_id):
"""Convert the tenant/order IDs to a HATEOS-style href."""
if order_id:
@ -140,11 +124,6 @@ def convert_to_hrefs(keystone_id, fields):
fields['order_ref'] = convert_order_to_href(keystone_id,
fields['order_id'])
del fields['order_id']
if 'verification_id' in fields:
fields['verification_ref'] = \
convert_verification_to_href(keystone_id,
fields['verification_id'])
del fields['verification_id']
if 'container_id' in fields:
fields['container_ref'] = \
@ -591,109 +570,6 @@ class OrderResource(api.ApiResource):
resp.status = falcon.HTTP_200
class VerificationsResource(api.ApiResource):
"""Handles Verification creation requests.
Creating a verification entity initiates verification processing
on a target resource. The results of this verification processing
can be monitored via this entity.
"""
def __init__(self, tenant_repo=None, verification_repo=None,
queue_resource=None):
self.tenant_repo = tenant_repo or repo.TenantRepo()
self.verification_repo = verification_repo or repo.VerificationRepo()
self.validator = validators.VerificationValidator()
self.queue = queue_resource or async_client.TaskClient()
@handle_exceptions(u._('Verification creation'))
@handle_rbac('verifications:post')
def on_post(self, req, resp, keystone_id):
LOG.debug('Start on_post for tenant-ID {0}:...'.format(keystone_id))
data = api.load_body(req, resp, self.validator)
tenant = res.get_or_create_tenant(keystone_id, self.tenant_repo)
new_verification = models.Verification(data)
new_verification.tenant_id = tenant.id
self.verification_repo.create_from(new_verification)
# Send to workers to process.
self.queue.process_verification(verification_id=new_verification.id,
keystone_id=keystone_id)
resp.status = falcon.HTTP_202
resp.set_header('Location',
'/{0}/verifications/{1}'.format(keystone_id,
new_verification.id))
url = convert_verification_to_href(keystone_id, new_verification.id)
LOG.debug('URI to verification is {0}'.format(url))
resp.body = json.dumps({'verification_ref': url})
@handle_exceptions(u._('Verification(s) retrieval'))
@handle_rbac('verifications:get')
def on_get(self, req, resp, keystone_id):
LOG.debug('Start verifications on_get '
'for tenant-ID {0}:'.format(keystone_id))
result = self.verification_repo.get_by_create_date(
keystone_id,
offset_arg=req.get_param('offset'),
limit_arg=req.get_param('limit'),
suppress_exception=True
)
verifications, offset, limit, total = result
if not verifications:
resp_verif_overall = {'verifications': [], 'total': total}
else:
resp_verif = [convert_to_hrefs(keystone_id,
v.to_dict_fields()) for
v in verifications]
resp_verif_overall = add_nav_hrefs('verifications', keystone_id,
offset, limit, total,
{'verifications': resp_verif})
resp_verif_overall.update({'total': total})
resp.status = falcon.HTTP_200
resp.body = json.dumps(resp_verif_overall,
default=json_handler)
class VerificationResource(api.ApiResource):
"""Handles Verification entity retrieval and deletion requests."""
def __init__(self, verification_repo=None):
self.repo = verification_repo or repo.VerificationRepo()
@handle_exceptions(u._('Verification retrieval'))
@handle_rbac('verification:get')
def on_get(self, req, resp, keystone_id, verification_id):
verif = self.repo.get(entity_id=verification_id,
keystone_id=keystone_id,
suppress_exception=True)
if not verif:
_verification_not_found(req, resp)
resp.status = falcon.HTTP_200
resp.body = json.dumps(convert_to_hrefs(keystone_id,
verif.to_dict_fields()),
default=json_handler)
@handle_exceptions(u._('Verification deletion'))
@handle_rbac('verification:delete')
def on_delete(self, req, resp, keystone_id, verification_id):
try:
self.repo.delete_entity_by_id(entity_id=verification_id,
keystone_id=keystone_id)
except exception.NotFound:
_verification_not_found(req, resp)
resp.status = falcon.HTTP_200
class ContainersResource(api.ApiResource):
""" Handles Container creation requests. """

39
barbican/common/validators.py
View File

@ -276,45 +276,6 @@ class NewOrderValidator(ValidatorBase):
return json_data
class VerificationValidator(ValidatorBase):
"""Validate a verification resource request."""
def __init__(self):
self.name = 'Verification'
self.schema = {
"type": "object",
"required": ["resource_type", "resource_ref",
"resource_action", "impersonation_allowed"],
"properties": {
"resource_type": {
"type": "string",
"enum": [
"image"
]
},
"resource_ref": {"type": "string"},
"resource_action": {
"type": "string",
"enum": [
"vm_attach"
]
},
"impersonation_allowed": {"type": "boolean"},
},
}
def validate(self, json_data, parent_schema=None):
schema_name = self._full_name(parent_schema)
try:
schema.validate(json_data, self.schema)
except schema.ValidationError as e:
raise exception.InvalidObject(schema=schema_name, reason=e.message,
property=get_invalid_property(e))
return json_data
class ContainerValidator(ValidatorBase):
""" Validator for all types of Container"""

37
barbican/common/verifications.py
View File

@ -1,37 +0,0 @@
# Copyright (c) 2013-2014 Rackspace, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""
Resource verification business logic.
"""
from barbican.common import utils
LOG = utils.getLogger(__name__)
def verify(verification):
"""Verifies if a resource is 'valid' for an action or not.
Based on the target resource information in the supplied verification
entity this function determines if it is valid to use for the specified
action. The supplied entity is then updated with the processing result.
:param verification: A Verification entity
"""
if 'image' == verification.resource_type:
#TODO(jfwood) Add rules or else consider a plugin approach similar to
# barbican/crypto/plugin.py.
verification.is_verified = True

56
barbican/model/models.py
View File

@ -184,7 +184,6 @@ class Tenant(BASE, ModelBase):
keystone_id = sa.Column(sa.String(255), unique=True)
orders = orm.relationship("Order", backref="tenant")
verifications = orm.relationship("Verification", backref="tenant")
secrets = orm.relationship("TenantSecret", backref="tenants")
keks = orm.relationship("KEKDatum", backref="tenant")
containers = orm.relationship("Container", backref="tenant")
@ -372,57 +371,6 @@ class Order(BASE, ModelBase):
return ret
class Verification(BASE, ModelBase):
"""Represents a Verification result in the datastore.
Verification represent that status of resource verification requests
made by Tenants.
"""
__tablename__ = 'verifications'
tenant_id = sa.Column(sa.String(36), sa.ForeignKey('tenants.id'),
nullable=False)
error_status_code = sa.Column(sa.String(16))
error_reason = sa.Column(sa.String(255))
resource_type = sa.Column(sa.String(255), nullable=False)
resource_ref = sa.Column(sa.String(255), nullable=False)
resource_action = sa.Column(sa.String(255), nullable=False)
impersonation_allowed = sa.Column(sa.Boolean, nullable=False,
default=True)
is_verified = sa.Column(sa.Boolean, nullable=False,
default=False)
def __init__(self, parsed_request=None):
"""Creates a Verification entity from a dict."""
super(Verification, self).__init__()
if parsed_request:
self.resource_type = parsed_request.get('resource_type')
self.resource_ref = parsed_request.get('resource_ref')
self.resource_action = parsed_request.get('resource_action')
self.impersonation_allowed = parsed_request.get('impersonation_'
'allowed')
self.status = States.PENDING
def _do_extra_dict_fields(self):
"""Sub-class hook method: return dict of fields."""
ret = {'verification_id': self.id,
'resource_type': self.resource_type,
'resource_ref': self.resource_ref,
'resource_action': self.resource_action,
'impersonation_allowed': self.impersonation_allowed,
'is_verified': self.is_verified}
if self.error_status_code:
ret['error_status_code'] = self.error_status_code
if self.error_reason:
ret['error_reason'] = self.error_reason
return ret
class Container(BASE, ModelBase):
"""Represents a Container for Secrets in the datastore.
@ -484,8 +432,8 @@ class Container(BASE, ModelBase):
} for container_secret in self.container_secrets]}
# Keep this tuple synchronized with the models in the file
MODELS = [TenantSecret, Tenant, Secret, EncryptedDatum, Order, Verification,
Container, ContainerSecret]
MODELS = [TenantSecret, Tenant, Secret, EncryptedDatum, Order, Container,
ContainerSecret]
def register_models(engine):

60
barbican/model/repositories.py
View File

@ -742,66 +742,6 @@ class OrderRepo(BaseRepo):
pass
class VerificationRepo(BaseRepo):
"""Repository for the Verification entity."""
def get_by_create_date(self, keystone_id, offset_arg=None, limit_arg=None,
suppress_exception=False, session=None):
"""
Returns a list of verifications, ordered by the date they were
created at and paged based on the offset and limit fields. The
keystone_id is external-to-Barbican value assigned to the tenant
by Keystone.
"""
offset, limit = clean_paging_values(offset_arg, limit_arg)
session = self.get_session(session)
try:
query = session.query(models.Verification) \
.order_by(models.Verification.created_at)
query = query.filter_by(deleted=False) \
.join(models.Tenant, models.Verification.tenant) \
.filter(models.Tenant.keystone_id == keystone_id)
start = offset
end = offset + limit
LOG.debug('Retrieving from {0} to {1}'.format(start, end))
total = query.count()
entities = query[start:end]
LOG.debug('Number entities retrieved: {0} out of {1}'.format(
len(entities), total
))
except sa_orm.exc.NoResultFound:
entities = None
total = 0
if not suppress_exception:
raise exception.NotFound("No %s's found"
% (self._do_entity_name()))
return entities, offset, limit, total
def _do_entity_name(self):
"""Sub-class hook: return entity name, such as for debugging."""
return "Verification"
def _do_create_instance(self):
return models.Verification()
def _do_build_get_query(self, entity_id, keystone_id, session):
"""Sub-class hook: build a retrieve query."""
return session.query(models.Verification).filter_by(id=entity_id) \
.filter_by(deleted=False) \
.join(models.Tenant, models.Verification.tenant) \
.filter(models.Tenant.keystone_id == keystone_id)
def _do_validate(self, values):
"""Sub-class hook: validate values."""
pass
class ContainerRepo(BaseRepo):
"""Repository for the Container entity."""

5
barbican/queue/client.py
View File

@ -43,11 +43,6 @@ class TaskClient(object):
self._cast('process_order', order_id=order_id,
keystone_id=keystone_id)
def process_verification(self, verification_id, keystone_id):
"""Process Verification."""
self._cast('process_verification', verification_id=verification_id,
keystone_id=keystone_id)
def _cast(self, name, **kwargs):
"""Asynchronous call handler. Barbican probably only needs casts.

10
barbican/queue/server.py
View File

@ -50,16 +50,6 @@ class Tasks(object):
LOG.exception(">>>>> Task exception seen, details reported "
"on the Orders entity.")
def process_verification(self, context, verification_id, keystone_id):
"""Process Verification."""
LOG.debug('Verification id is {0}'.format(verification_id))
task = resources.PerformVerification()
try:
task.process(verification_id, keystone_id)
except Exception:
LOG.exception(">>>>> Task exception seen, details reported "
"on the the Verification entity.")
class TaskServer(Tasks, service.Service):
"""Server to process asynchronous tasking from Barbican API nodes.

42
barbican/tasks/resources.py
View File

@ -21,7 +21,6 @@ import abc
from barbican import api
from barbican.common import resources as res
from barbican.common import utils
from barbican.common import verifications as ver
from barbican.crypto import extension_manager as em
from barbican.model import models
from barbican.model import repositories as rep
@ -199,44 +198,3 @@ class BeginOrder(BaseTask):
order.secret_id = new_secret.id
LOG.debug("...done creating order's secret.")
class PerformVerification(BaseTask):
"""Handles beginning processing a Verification request."""
def get_name(self):
return u._('Perform Verification')
def __init__(self, verification_repo=None):
LOG.debug('Creating PerformVerification task processor')
self.verification_repo = verification_repo or rep.VerificationRepo()
def retrieve_entity(self, verification_id, keystone_id):
return self.verification_repo.get(entity_id=verification_id,
keystone_id=keystone_id)
def handle_processing(self, verification, *args, **kwargs):
self.handle_verification(verification)
def handle_error(self, verification, status, message, exception,
*args, **kwargs):
verification.status = models.States.ERROR
verification.error_status_code = status
verification.error_reason = message
self.verification_repo.save(verification)
def handle_success(self, verification, *args, **kwargs):
verification.status = models.States.ACTIVE
self.verification_repo.save(verification)
def handle_verification(self, verification):
"""Handle performing a verification.
Performs a verification process on a reference.
:param verification: Verification to process on behalf of.
"""
# Perform the verification.
ver.verify(verification)
LOG.debug("...done verifying resource.")

268
barbican/tests/api/test_resources.py
View File

@ -77,17 +77,6 @@ def validate_datum(test, datum):
test.assertIsNotNone(datum.kek_meta_tenant.kek_label)
def create_verification(id_ref="id"):
"""Generate an Verification entity instance."""
verify = models.Verification()
verify.id = id_ref
verify.resource_type = 'image'
verify.resource_action = 'vm_attach'
verify.resource_ref = 'http://www.myres.com'
verify.impersonation_allowed = True
return verify
def create_container(id_ref):
"""Generate a Container entity instance."""
container = models.Container()
@ -1318,263 +1307,6 @@ class WhenAddingNavigationHrefs(testtools.TestCase):
self.assertNotIn('next', data_with_hrefs)
class WhenCreatingVerificationsUsingVerificationsResource(testtools.TestCase):
def setUp(self):
super(
WhenCreatingVerificationsUsingVerificationsResource,
self,
).setUp()
self.resource_type = 'image'
self.resource_ref = 'http://www.images.com/v1/images/12345'
self.resource_action = 'vm_attach'
self.impersonation = True
self.tenant_internal_id = 'tenantid1234'
self.tenant_keystone_id = 'keystoneid1234'
self.tenant = models.Tenant()
self.tenant.id = self.tenant_internal_id
self.tenant.keystone_id = self.tenant_keystone_id
self.tenant_repo = mock.MagicMock()
self.tenant_repo.get.return_value = self.tenant
self.verification_repo = mock.MagicMock()
self.verification_repo.create_from.return_value = None
self.queue_resource = mock.MagicMock()
self.queue_resource.process_verification.return_value = None
self.stream = mock.MagicMock()
self.verify_req = {'resource_type': self.resource_type,
'resource_ref': self.resource_ref,
'resource_action': self.resource_action,
'impersonation_allowed': self.impersonation}
self.json = json.dumps(self.verify_req)
self.stream.read.return_value = self.json
self.req = mock.MagicMock()
self.req.stream = self.stream
self.resp = mock.MagicMock()
self.resource = res.VerificationsResource(self.tenant_repo,
self.verification_repo,
self.queue_resource)
def test_should_add_new_verification(self):
self.resource.on_post(self.req, self.resp, self.tenant_keystone_id)
self.assertEquals(falcon.HTTP_202, self.resp.status)
self.queue_resource.process_verification \
.assert_called_once_with(verification_id=None,
keystone_id=self.tenant_keystone_id)
args, kwargs = self.verification_repo.create_from.call_args
verification = args[0]
self.assertIsInstance(verification, models.Verification)
def test_should_fail_add_new_verification_no_resource_ref(self):
self.verify_req.pop('resource_ref')
self.json = json.dumps(self.verify_req)
self.stream.read.return_value = self.json
exception = self.assertRaises(
falcon.HTTPError,
self.resource.on_post,
self.req, self.resp, self.tenant_keystone_id,
)
self.assertEqual(falcon.HTTP_400, exception.status)
def test_should_fail_verification_unsupported_resource_type(self):
self.verify_req['resource_type'] = 'not-a-valid-type'
self.json = json.dumps(self.verify_req)
self.stream.read.return_value = self.json
exception = self.assertRaises(
falcon.HTTPError,
self.resource.on_post,
self.req, self.resp, self.tenant_keystone_id,
)
self.assertEqual(falcon.HTTP_400, exception.status)
def test_should_fail_verification_bad_json(self):
self.stream.read.return_value = ''
exception = self.assertRaises(
falcon.HTTPError,
self.resource.on_post,
self.req, self.resp, self.tenant_keystone_id,
)
self.assertEqual(falcon.HTTP_400, exception.status)
class WhenGettingOrDeletingVerificationUsingVerifyResource(testtools.TestCase):
def setUp(self):
super(
WhenGettingOrDeletingVerificationUsingVerifyResource,
self,
).setUp()
self.tenant_keystone_id = 'keystoneid1234'
self.requestor = 'requestor1234'
self.verification = self._create_verification(id="id1")
self.verify_repo = mock.MagicMock()
self.verify_repo.get.return_value = self.verification
self.verify_repo.delete_entity_by_id.return_value = None
self.req = mock.MagicMock()
self.resp = mock.MagicMock()
self.resource = res.VerificationResource(self.verify_repo)
def test_should_get_verification(self):
self.resource.on_get(self.req, self.resp, self.tenant_keystone_id,
self.verification.id)
self.verify_repo.get \
.assert_called_once_with(entity_id=self.verification.id,
keystone_id=self.tenant_keystone_id,
suppress_exception=True)
def test_should_delete_verification(self):
self.resource.on_delete(self.req, self.resp, self.tenant_keystone_id,
self.verification.id)
self.verify_repo.delete_entity_by_id \
.assert_called_once_with(entity_id=self.verification.id,
keystone_id=self.tenant_keystone_id)
def test_should_throw_exception_for_get_when_verify_not_found(self):
self.verify_repo.get.return_value = None
exception = self.assertRaises(
falcon.HTTPError,
self.resource.on_get,
self.req, self.resp, self.tenant_keystone_id, self.verification.id,
)
self.assertEqual(falcon.HTTP_404, exception.status)
def test_should_throw_exception_for_delete_when_verify_not_found(self):
self.verify_repo.delete_entity_by_id.side_effect = excep.NotFound(
"Test not found exception")
exception = self.assertRaises(
falcon.HTTPError,
self.resource.on_delete,
self.req, self.resp, self.tenant_keystone_id, self.verification.id,
)
self.assertEqual(falcon.HTTP_404, exception.status)
def _create_verification(self, id="id",
resource_type='image',
resource_ref='http://www.images.com/images/123',
resource_action='vm_attach',
impersonation_allowed=True):
"""Generate a Verification entity instance."""
verification = models.Verification()
verification.id = id
verification.resource_type = resource_type
verification.resource_ref = resource_ref
verification.resource_action = resource_action
verification.impersonation_allowed = impersonation_allowed
return verification
class WhenGettingVerificationsListUsingResource(testtools.TestCase):
def setUp(self):
super(WhenGettingVerificationsListUsingResource, self).setUp()
self.tenant_id = 'tenant1234'
self.keystone_id = 'keystoneid1234'
self.num_verifs = 10
self.offset = 2
self.limit = 2
self.verifs = [create_verification(id_ref='id' + str(id_ref)) for
id_ref in xrange(self.num_verifs)]
self.total = len(self.verifs)
self.verif_repo = mock.MagicMock()
self.verif_repo.get_by_create_date.return_value = (self.verifs,
self.offset,
self.limit,
self.total)
self.tenant_repo = mock.MagicMock()
self.queue_resource = mock.MagicMock()
self.queue_resource.process_order.return_value = None
self.req = mock.MagicMock()
self.req.accept = 'application/json'
self.req.get_param = mock.Mock()
self.req.get_param.side_effect = [self.offset, self.limit, None, None,
None, 0]
self.resp = mock.MagicMock()
self.resource = res.VerificationsResource(self.tenant_repo,
self.verif_repo,
self.queue_resource)
def test_should_get_list_verifications(self):
self.resource.on_get(self.req, self.resp, self.keystone_id)
self.verif_repo.get_by_create_date \
.assert_called_once_with(self.keystone_id,
offset_arg=self.offset,
limit_arg=self.limit,
suppress_exception=True)
resp_body = jsonutils.loads(self.resp.body)
self.assertTrue('previous' in resp_body)
self.assertTrue('next' in resp_body)
url_nav_next = self._create_url(self.keystone_id,
self.offset + self.limit, self.limit)
self.assertTrue(self.resp.body.count(url_nav_next) == 1)
url_nav_prev = self._create_url(self.keystone_id,
0, self.limit)
self.assertTrue(self.resp.body.count(url_nav_prev) == 1)
url_hrefs = self._create_url(self.keystone_id)
self.assertTrue(self.resp.body.count(url_hrefs) ==
(self.num_verifs + 2))
def test_response_should_include_total(self):
self.resource.on_get(self.req, self.resp, self.keystone_id)
resp_body = jsonutils.loads(self.resp.body)
self.assertIn('total', resp_body)
self.assertEqual(resp_body['total'], self.total)
def test_should_handle_no_orders(self):
del self.verifs[:]
self.resource.on_get(self.req, self.resp, self.keystone_id)
self.verif_repo.get_by_create_date \
.assert_called_once_with(self.keystone_id,
offset_arg=self.offset,
limit_arg=self.limit,
suppress_exception=True)
resp_body = jsonutils.loads(self.resp.body)
self.assertFalse('previous' in resp_body)
self.assertFalse('next' in resp_body)
def _create_url(self, keystone_id, offset_arg=None, limit_arg=None):
if limit_arg:
offset = int(offset_arg)
limit = int(limit_arg)
return '/v1/{0}/verifications' \
'?limit={1}&offset={2}'.format(keystone_id,
limit, offset)
else:
return '/v1/{0}/verifications'.format(self.keystone_id)
class TestingJsonSanitization(testtools.TestCase):
def test_json_sanitization_without_array(self):

9
barbican/tests/queue/test_client.py
View File

@ -40,15 +40,6 @@ class WhenUsingAsyncTaskClient(utils.BaseTestCase):
order_id=self.order_id,
keystone_id=self.keystone_id)
def test_should_process_verification(self):
self.client.process_verification(verification_id=self.verification_id,
keystone_id=self.keystone_id)
queue.get_client.assert_called_with()
self.mock_client.cast.assert_called_with({}, 'process_verification',
verification_id=
self.verification_id,
keystone_id=self.keystone_id)
class WhenCreatingDirectTaskClient(utils.BaseTestCase):
"""Test using the synchronous task client (i.e. standalone mode)."""

18
barbican/tests/queue/test_server.py
View File

@ -38,24 +38,6 @@ class WhenUsingBeginOrderTask(utils.BaseTestCase):
.assert_called_with(self.order_id, self.keystone_id)
class WhenUsingPerformVerificationTask(utils.BaseTestCase):
"""Test using the Tasks class for 'verification' task."""
def setUp(self):
super(WhenUsingPerformVerificationTask, self).setUp()
self.tasks = server.Tasks()
@patch('barbican.tasks.resources.PerformVerification')
def test_should_process_verification(self, mock_begin_verification):
mock_begin_verification.return_value.process.return_value = None
self.tasks.process_verification(context=None,
verification_id=self.verification_id,
keystone_id=self.keystone_id)
mock_begin_verification.return_value.process\
.assert_called_with(self.verification_id, self.keystone_id)
class WhenUsingTaskServer(utils.BaseTestCase):
"""Test using the asynchronous task client."""

76
barbican/tests/tasks/test_resources.py
View File

@ -179,79 +179,3 @@ class WhenBeginningOrder(testtools.TestCase):
self.order.id,
self.keystone_id,
)
class WhenPerformingVerification(testtools.TestCase):
def setUp(self):
super(WhenPerformingVerification, self).setUp()
self.verif = models.Verification()
self.verif.id = "id1"
self.resource_type = 'image',
self.resource_ref = 'http://www.images.com/images/123',
self.resource_action = 'vm_attach',
self.impersonation_allowed = True
self.keystone_id = 'keystone1234'
self.tenant_id = 'tenantid1234'
self.tenant = models.Tenant()
self.tenant.id = self.tenant_id
self.tenant.keystone_id = self.keystone_id
self.tenant_repo = mock.MagicMock()
self.tenant_repo.get.return_value = self.tenant
self.verif.status = models.States.PENDING
self.verif.tenant_id = self.tenant_id
self.verif.resource_type = self.resource_type
self.verif.resource_ref = self.resource_ref
self.verif.resource_action = self.resource_action
self.verif.impersonation_allowed = self.impersonation_allowed
self.verif_repo = mock.MagicMock()
self.verif_repo.get.return_value = self.verif
self.resource = resources.PerformVerification(self.verif_repo)
def test_should_process_verification(self):
self.resource.process(self.verif.id, self.keystone_id)
self.verif_repo.get \
.assert_called_once_with(entity_id=self.verif.id,
keystone_id=self.keystone_id)
self.assertEqual(self.verif.status, models.States.ACTIVE)
args, kwargs = self.verif_repo.save.call_args
verif = args[0]
self.assertIsInstance(verif, models.Verification)
self.assertEqual(verif.resource_type, self.resource_type)
self.assertEqual(verif.resource_action, self.resource_action)
def test_should_fail_during_retrieval(self):
# Force an error during the verification retrieval phase.
self.verif_repo.get = mock.MagicMock(return_value=None,
side_effect=ValueError())
self.assertRaises(
ValueError,
self.resource.process,
self.verif.id,
self.keystone_id,
)
# Verification state doesn't change because can't retrieve
# it to change it.
self.assertEqual(models.States.PENDING, self.verif.status)
def test_should_fail_during_success_report_fail(self):
# Force an error during the processing handler phase.
self.verif_repo.save = mock.MagicMock(return_value=None,
side_effect=ValueError())
self.assertRaises(
ValueError,
self.resource.process,
self.verif.id,
self.keystone_id,
)

1
barbican/tests/utils.py
View File

@ -19,7 +19,6 @@ class BaseTestCase(testtools.TestCase):
def setUp(self):
super(BaseTestCase, self).setUp()
self.order_id = 'order1234'
self.verification_id = 'verif1234'
self.keystone_id = 'keystone1234'
def tearDown(self):

4
etc/barbican/policy.json
View File

@ -14,10 +14,6 @@
"containers:get": "rule:all_but_audit",
"container:get": "rule:all_users",
"container:delete": "rule:admin",
"verifications:post": "rule:admin_or_creator",
"verifications:get": "rule:all_but_audit",
"verification:get": "rule:all_users",
"verification:delete": "rule:admin",
"admin": "role:admin",
"observer": "role:observer",
"creator": "role:creator",