From ef40e55b01f9366a30b51830f1158fe64fc350e4 Mon Sep 17 00:00:00 2001 From: Douglas Mendizabal Date: Tue, 1 Apr 2014 23:00:43 -0500 Subject: [PATCH] Clean up Verifications resource The Verifications resource POC should be removed from Barbican. Change-Id: I5823cb94314a2c2f497f045c620dde974741a004 --- barbican/api/app.py | 5 - barbican/api/resources.py | 124 ------------ barbican/common/validators.py | 39 ---- barbican/common/verifications.py | 37 ---- barbican/model/models.py | 56 +----- barbican/model/repositories.py | 60 ------ barbican/queue/client.py | 5 - barbican/queue/server.py | 10 - barbican/tasks/resources.py | 42 ---- barbican/tests/api/test_resources.py | 268 ------------------------- barbican/tests/queue/test_client.py | 9 - barbican/tests/queue/test_server.py | 18 -- barbican/tests/tasks/test_resources.py | 76 ------- barbican/tests/utils.py | 1 - etc/barbican/policy.json | 4 - 15 files changed, 2 insertions(+), 752 deletions(-) delete mode 100644 barbican/common/verifications.py diff --git a/barbican/api/app.py b/barbican/api/app.py index 8ec5066c0..4d6f47617 100644 --- a/barbican/api/app.py +++ b/barbican/api/app.py @@ -56,8 +56,6 @@ def create_main_app(global_config, **local_conf): secret = res.SecretResource(crypto_mgr) orders = res.OrdersResource() order = res.OrderResource() - verifications = res.VerificationsResource() - verification = res.VerificationResource() containers = res.ContainersResource() container = res.ContainerResource() @@ -73,9 +71,6 @@ def create_main_app(global_config, **local_conf): api.add_route('/{keystone_id}/secrets/{secret_id}', secret) api.add_route('/{keystone_id}/orders', orders) api.add_route('/{keystone_id}/orders/{order_id}', order) - api.add_route('/{keystone_id}/verifications', verifications) - api.add_route('/{keystone_id}/verifications/{verification_id}', - verification) api.add_route('/{keystone_id}/containers/', containers) api.add_route('/{keystone_id}/containers/{container_id}', container) diff --git a/barbican/api/resources.py b/barbican/api/resources.py index 922c174e2..82e2a3941 100644 --- a/barbican/api/resources.py +++ b/barbican/api/resources.py @@ -53,13 +53,6 @@ def _order_not_found(req, resp): 'another castle.'), req, resp) -def _verification_not_found(req, resp): - """Throw exception indicating verification not found.""" - api.abort(falcon.HTTP_404, u._('Not Found. Sorry but your verification ' - 'result is in ' - 'another castle.'), req, resp) - - def _container_not_found(req, resp): """Throw exception indicating container not found.""" api.abort(falcon.HTTP_404, u._('Not Found. Sorry but your container ' @@ -101,15 +94,6 @@ def convert_secret_to_href(keystone_id, secret_id): return utils.hostname_for_refs(keystone_id=keystone_id, resource=resource) -def convert_verification_to_href(keystone_id, verification_id): - """Convert the tenant/verification IDs to a HATEOS-style href.""" - if verification_id: - resource = 'verifications/' + verification_id - else: - resource = 'verifications/????' - return utils.hostname_for_refs(keystone_id=keystone_id, resource=resource) - - def convert_order_to_href(keystone_id, order_id): """Convert the tenant/order IDs to a HATEOS-style href.""" if order_id: @@ -140,11 +124,6 @@ def convert_to_hrefs(keystone_id, fields): fields['order_ref'] = convert_order_to_href(keystone_id, fields['order_id']) del fields['order_id'] - if 'verification_id' in fields: - fields['verification_ref'] = \ - convert_verification_to_href(keystone_id, - fields['verification_id']) - del fields['verification_id'] if 'container_id' in fields: fields['container_ref'] = \ @@ -591,109 +570,6 @@ class OrderResource(api.ApiResource): resp.status = falcon.HTTP_200 -class VerificationsResource(api.ApiResource): - """Handles Verification creation requests. - - Creating a verification entity initiates verification processing - on a target resource. The results of this verification processing - can be monitored via this entity. - """ - - def __init__(self, tenant_repo=None, verification_repo=None, - queue_resource=None): - self.tenant_repo = tenant_repo or repo.TenantRepo() - self.verification_repo = verification_repo or repo.VerificationRepo() - self.validator = validators.VerificationValidator() - self.queue = queue_resource or async_client.TaskClient() - - @handle_exceptions(u._('Verification creation')) - @handle_rbac('verifications:post') - def on_post(self, req, resp, keystone_id): - LOG.debug('Start on_post for tenant-ID {0}:...'.format(keystone_id)) - - data = api.load_body(req, resp, self.validator) - tenant = res.get_or_create_tenant(keystone_id, self.tenant_repo) - - new_verification = models.Verification(data) - new_verification.tenant_id = tenant.id - self.verification_repo.create_from(new_verification) - - # Send to workers to process. - self.queue.process_verification(verification_id=new_verification.id, - keystone_id=keystone_id) - - resp.status = falcon.HTTP_202 - resp.set_header('Location', - '/{0}/verifications/{1}'.format(keystone_id, - new_verification.id)) - url = convert_verification_to_href(keystone_id, new_verification.id) - LOG.debug('URI to verification is {0}'.format(url)) - resp.body = json.dumps({'verification_ref': url}) - - @handle_exceptions(u._('Verification(s) retrieval')) - @handle_rbac('verifications:get') - def on_get(self, req, resp, keystone_id): - LOG.debug('Start verifications on_get ' - 'for tenant-ID {0}:'.format(keystone_id)) - - result = self.verification_repo.get_by_create_date( - keystone_id, - offset_arg=req.get_param('offset'), - limit_arg=req.get_param('limit'), - suppress_exception=True - ) - - verifications, offset, limit, total = result - - if not verifications: - resp_verif_overall = {'verifications': [], 'total': total} - else: - resp_verif = [convert_to_hrefs(keystone_id, - v.to_dict_fields()) for - v in verifications] - resp_verif_overall = add_nav_hrefs('verifications', keystone_id, - offset, limit, total, - {'verifications': resp_verif}) - resp_verif_overall.update({'total': total}) - - resp.status = falcon.HTTP_200 - resp.body = json.dumps(resp_verif_overall, - default=json_handler) - - -class VerificationResource(api.ApiResource): - """Handles Verification entity retrieval and deletion requests.""" - - def __init__(self, verification_repo=None): - self.repo = verification_repo or repo.VerificationRepo() - - @handle_exceptions(u._('Verification retrieval')) - @handle_rbac('verification:get') - def on_get(self, req, resp, keystone_id, verification_id): - verif = self.repo.get(entity_id=verification_id, - keystone_id=keystone_id, - suppress_exception=True) - if not verif: - _verification_not_found(req, resp) - - resp.status = falcon.HTTP_200 - resp.body = json.dumps(convert_to_hrefs(keystone_id, - verif.to_dict_fields()), - default=json_handler) - - @handle_exceptions(u._('Verification deletion')) - @handle_rbac('verification:delete') - def on_delete(self, req, resp, keystone_id, verification_id): - - try: - self.repo.delete_entity_by_id(entity_id=verification_id, - keystone_id=keystone_id) - except exception.NotFound: - _verification_not_found(req, resp) - - resp.status = falcon.HTTP_200 - - class ContainersResource(api.ApiResource): """ Handles Container creation requests. """ diff --git a/barbican/common/validators.py b/barbican/common/validators.py index 7b3a2df85..37d26c41e 100644 --- a/barbican/common/validators.py +++ b/barbican/common/validators.py @@ -276,45 +276,6 @@ class NewOrderValidator(ValidatorBase): return json_data -class VerificationValidator(ValidatorBase): - """Validate a verification resource request.""" - - def __init__(self): - self.name = 'Verification' - self.schema = { - "type": "object", - "required": ["resource_type", "resource_ref", - "resource_action", "impersonation_allowed"], - "properties": { - "resource_type": { - "type": "string", - "enum": [ - "image" - ] - }, - "resource_ref": {"type": "string"}, - "resource_action": { - "type": "string", - "enum": [ - "vm_attach" - ] - }, - "impersonation_allowed": {"type": "boolean"}, - }, - } - - def validate(self, json_data, parent_schema=None): - schema_name = self._full_name(parent_schema) - - try: - schema.validate(json_data, self.schema) - except schema.ValidationError as e: - raise exception.InvalidObject(schema=schema_name, reason=e.message, - property=get_invalid_property(e)) - - return json_data - - class ContainerValidator(ValidatorBase): """ Validator for all types of Container""" diff --git a/barbican/common/verifications.py b/barbican/common/verifications.py deleted file mode 100644 index 84700eb8c..000000000 --- a/barbican/common/verifications.py +++ /dev/null @@ -1,37 +0,0 @@ -# Copyright (c) 2013-2014 Rackspace, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or -# implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -""" -Resource verification business logic. -""" -from barbican.common import utils - - -LOG = utils.getLogger(__name__) - - -def verify(verification): - """Verifies if a resource is 'valid' for an action or not. - - Based on the target resource information in the supplied verification - entity this function determines if it is valid to use for the specified - action. The supplied entity is then updated with the processing result. - - :param verification: A Verification entity - """ - if 'image' == verification.resource_type: - #TODO(jfwood) Add rules or else consider a plugin approach similar to - # barbican/crypto/plugin.py. - verification.is_verified = True diff --git a/barbican/model/models.py b/barbican/model/models.py index de5fc8196..d49c39aa7 100644 --- a/barbican/model/models.py +++ b/barbican/model/models.py @@ -184,7 +184,6 @@ class Tenant(BASE, ModelBase): keystone_id = sa.Column(sa.String(255), unique=True) orders = orm.relationship("Order", backref="tenant") - verifications = orm.relationship("Verification", backref="tenant") secrets = orm.relationship("TenantSecret", backref="tenants") keks = orm.relationship("KEKDatum", backref="tenant") containers = orm.relationship("Container", backref="tenant") @@ -372,57 +371,6 @@ class Order(BASE, ModelBase): return ret -class Verification(BASE, ModelBase): - """Represents a Verification result in the datastore. - - Verification represent that status of resource verification requests - made by Tenants. - """ - - __tablename__ = 'verifications' - - tenant_id = sa.Column(sa.String(36), sa.ForeignKey('tenants.id'), - nullable=False) - - error_status_code = sa.Column(sa.String(16)) - error_reason = sa.Column(sa.String(255)) - - resource_type = sa.Column(sa.String(255), nullable=False) - resource_ref = sa.Column(sa.String(255), nullable=False) - resource_action = sa.Column(sa.String(255), nullable=False) - impersonation_allowed = sa.Column(sa.Boolean, nullable=False, - default=True) - is_verified = sa.Column(sa.Boolean, nullable=False, - default=False) - - def __init__(self, parsed_request=None): - """Creates a Verification entity from a dict.""" - super(Verification, self).__init__() - - if parsed_request: - self.resource_type = parsed_request.get('resource_type') - self.resource_ref = parsed_request.get('resource_ref') - self.resource_action = parsed_request.get('resource_action') - self.impersonation_allowed = parsed_request.get('impersonation_' - 'allowed') - - self.status = States.PENDING - - def _do_extra_dict_fields(self): - """Sub-class hook method: return dict of fields.""" - ret = {'verification_id': self.id, - 'resource_type': self.resource_type, - 'resource_ref': self.resource_ref, - 'resource_action': self.resource_action, - 'impersonation_allowed': self.impersonation_allowed, - 'is_verified': self.is_verified} - if self.error_status_code: - ret['error_status_code'] = self.error_status_code - if self.error_reason: - ret['error_reason'] = self.error_reason - return ret - - class Container(BASE, ModelBase): """Represents a Container for Secrets in the datastore. @@ -484,8 +432,8 @@ class Container(BASE, ModelBase): } for container_secret in self.container_secrets]} # Keep this tuple synchronized with the models in the file -MODELS = [TenantSecret, Tenant, Secret, EncryptedDatum, Order, Verification, - Container, ContainerSecret] +MODELS = [TenantSecret, Tenant, Secret, EncryptedDatum, Order, Container, + ContainerSecret] def register_models(engine): diff --git a/barbican/model/repositories.py b/barbican/model/repositories.py index 4a9712d2b..f12ac67bc 100644 --- a/barbican/model/repositories.py +++ b/barbican/model/repositories.py @@ -742,66 +742,6 @@ class OrderRepo(BaseRepo): pass -class VerificationRepo(BaseRepo): - """Repository for the Verification entity.""" - - def get_by_create_date(self, keystone_id, offset_arg=None, limit_arg=None, - suppress_exception=False, session=None): - """ - Returns a list of verifications, ordered by the date they were - created at and paged based on the offset and limit fields. The - keystone_id is external-to-Barbican value assigned to the tenant - by Keystone. - """ - - offset, limit = clean_paging_values(offset_arg, limit_arg) - - session = self.get_session(session) - - try: - query = session.query(models.Verification) \ - .order_by(models.Verification.created_at) - query = query.filter_by(deleted=False) \ - .join(models.Tenant, models.Verification.tenant) \ - .filter(models.Tenant.keystone_id == keystone_id) - - start = offset - end = offset + limit - LOG.debug('Retrieving from {0} to {1}'.format(start, end)) - total = query.count() - entities = query[start:end] - LOG.debug('Number entities retrieved: {0} out of {1}'.format( - len(entities), total - )) - - except sa_orm.exc.NoResultFound: - entities = None - total = 0 - if not suppress_exception: - raise exception.NotFound("No %s's found" - % (self._do_entity_name())) - - return entities, offset, limit, total - - def _do_entity_name(self): - """Sub-class hook: return entity name, such as for debugging.""" - return "Verification" - - def _do_create_instance(self): - return models.Verification() - - def _do_build_get_query(self, entity_id, keystone_id, session): - """Sub-class hook: build a retrieve query.""" - return session.query(models.Verification).filter_by(id=entity_id) \ - .filter_by(deleted=False) \ - .join(models.Tenant, models.Verification.tenant) \ - .filter(models.Tenant.keystone_id == keystone_id) - - def _do_validate(self, values): - """Sub-class hook: validate values.""" - pass - - class ContainerRepo(BaseRepo): """Repository for the Container entity.""" diff --git a/barbican/queue/client.py b/barbican/queue/client.py index 05bb1c69f..f2751be29 100644 --- a/barbican/queue/client.py +++ b/barbican/queue/client.py @@ -43,11 +43,6 @@ class TaskClient(object): self._cast('process_order', order_id=order_id, keystone_id=keystone_id) - def process_verification(self, verification_id, keystone_id): - """Process Verification.""" - self._cast('process_verification', verification_id=verification_id, - keystone_id=keystone_id) - def _cast(self, name, **kwargs): """Asynchronous call handler. Barbican probably only needs casts. diff --git a/barbican/queue/server.py b/barbican/queue/server.py index 464abfc25..4ae25b889 100644 --- a/barbican/queue/server.py +++ b/barbican/queue/server.py @@ -50,16 +50,6 @@ class Tasks(object): LOG.exception(">>>>> Task exception seen, details reported " "on the Orders entity.") - def process_verification(self, context, verification_id, keystone_id): - """Process Verification.""" - LOG.debug('Verification id is {0}'.format(verification_id)) - task = resources.PerformVerification() - try: - task.process(verification_id, keystone_id) - except Exception: - LOG.exception(">>>>> Task exception seen, details reported " - "on the the Verification entity.") - class TaskServer(Tasks, service.Service): """Server to process asynchronous tasking from Barbican API nodes. diff --git a/barbican/tasks/resources.py b/barbican/tasks/resources.py index 9c47e82bb..70998e787 100644 --- a/barbican/tasks/resources.py +++ b/barbican/tasks/resources.py @@ -21,7 +21,6 @@ import abc from barbican import api from barbican.common import resources as res from barbican.common import utils -from barbican.common import verifications as ver from barbican.crypto import extension_manager as em from barbican.model import models from barbican.model import repositories as rep @@ -199,44 +198,3 @@ class BeginOrder(BaseTask): order.secret_id = new_secret.id LOG.debug("...done creating order's secret.") - - -class PerformVerification(BaseTask): - """Handles beginning processing a Verification request.""" - - def get_name(self): - return u._('Perform Verification') - - def __init__(self, verification_repo=None): - LOG.debug('Creating PerformVerification task processor') - self.verification_repo = verification_repo or rep.VerificationRepo() - - def retrieve_entity(self, verification_id, keystone_id): - return self.verification_repo.get(entity_id=verification_id, - keystone_id=keystone_id) - - def handle_processing(self, verification, *args, **kwargs): - self.handle_verification(verification) - - def handle_error(self, verification, status, message, exception, - *args, **kwargs): - verification.status = models.States.ERROR - verification.error_status_code = status - verification.error_reason = message - self.verification_repo.save(verification) - - def handle_success(self, verification, *args, **kwargs): - verification.status = models.States.ACTIVE - self.verification_repo.save(verification) - - def handle_verification(self, verification): - """Handle performing a verification. - - Performs a verification process on a reference. - - :param verification: Verification to process on behalf of. - """ - # Perform the verification. - ver.verify(verification) - - LOG.debug("...done verifying resource.") diff --git a/barbican/tests/api/test_resources.py b/barbican/tests/api/test_resources.py index b87b72279..269c255c6 100644 --- a/barbican/tests/api/test_resources.py +++ b/barbican/tests/api/test_resources.py @@ -77,17 +77,6 @@ def validate_datum(test, datum): test.assertIsNotNone(datum.kek_meta_tenant.kek_label) -def create_verification(id_ref="id"): - """Generate an Verification entity instance.""" - verify = models.Verification() - verify.id = id_ref - verify.resource_type = 'image' - verify.resource_action = 'vm_attach' - verify.resource_ref = 'http://www.myres.com' - verify.impersonation_allowed = True - return verify - - def create_container(id_ref): """Generate a Container entity instance.""" container = models.Container() @@ -1318,263 +1307,6 @@ class WhenAddingNavigationHrefs(testtools.TestCase): self.assertNotIn('next', data_with_hrefs) -class WhenCreatingVerificationsUsingVerificationsResource(testtools.TestCase): - def setUp(self): - super( - WhenCreatingVerificationsUsingVerificationsResource, - self, - ).setUp() - self.resource_type = 'image' - self.resource_ref = 'http://www.images.com/v1/images/12345' - self.resource_action = 'vm_attach' - self.impersonation = True - - self.tenant_internal_id = 'tenantid1234' - self.tenant_keystone_id = 'keystoneid1234' - - self.tenant = models.Tenant() - self.tenant.id = self.tenant_internal_id - self.tenant.keystone_id = self.tenant_keystone_id - - self.tenant_repo = mock.MagicMock() - self.tenant_repo.get.return_value = self.tenant - - self.verification_repo = mock.MagicMock() - self.verification_repo.create_from.return_value = None - - self.queue_resource = mock.MagicMock() - self.queue_resource.process_verification.return_value = None - - self.stream = mock.MagicMock() - - self.verify_req = {'resource_type': self.resource_type, - 'resource_ref': self.resource_ref, - 'resource_action': self.resource_action, - 'impersonation_allowed': self.impersonation} - self.json = json.dumps(self.verify_req) - self.stream.read.return_value = self.json - - self.req = mock.MagicMock() - self.req.stream = self.stream - - self.resp = mock.MagicMock() - self.resource = res.VerificationsResource(self.tenant_repo, - self.verification_repo, - self.queue_resource) - - def test_should_add_new_verification(self): - self.resource.on_post(self.req, self.resp, self.tenant_keystone_id) - - self.assertEquals(falcon.HTTP_202, self.resp.status) - - self.queue_resource.process_verification \ - .assert_called_once_with(verification_id=None, - keystone_id=self.tenant_keystone_id) - - args, kwargs = self.verification_repo.create_from.call_args - verification = args[0] - self.assertIsInstance(verification, models.Verification) - - def test_should_fail_add_new_verification_no_resource_ref(self): - self.verify_req.pop('resource_ref') - self.json = json.dumps(self.verify_req) - self.stream.read.return_value = self.json - - exception = self.assertRaises( - falcon.HTTPError, - self.resource.on_post, - self.req, self.resp, self.tenant_keystone_id, - ) - self.assertEqual(falcon.HTTP_400, exception.status) - - def test_should_fail_verification_unsupported_resource_type(self): - self.verify_req['resource_type'] = 'not-a-valid-type' - self.json = json.dumps(self.verify_req) - self.stream.read.return_value = self.json - - exception = self.assertRaises( - falcon.HTTPError, - self.resource.on_post, - self.req, self.resp, self.tenant_keystone_id, - ) - self.assertEqual(falcon.HTTP_400, exception.status) - - def test_should_fail_verification_bad_json(self): - self.stream.read.return_value = '' - - exception = self.assertRaises( - falcon.HTTPError, - self.resource.on_post, - self.req, self.resp, self.tenant_keystone_id, - ) - self.assertEqual(falcon.HTTP_400, exception.status) - - -class WhenGettingOrDeletingVerificationUsingVerifyResource(testtools.TestCase): - def setUp(self): - super( - WhenGettingOrDeletingVerificationUsingVerifyResource, - self, - ).setUp() - self.tenant_keystone_id = 'keystoneid1234' - self.requestor = 'requestor1234' - - self.verification = self._create_verification(id="id1") - - self.verify_repo = mock.MagicMock() - self.verify_repo.get.return_value = self.verification - self.verify_repo.delete_entity_by_id.return_value = None - - self.req = mock.MagicMock() - self.resp = mock.MagicMock() - - self.resource = res.VerificationResource(self.verify_repo) - - def test_should_get_verification(self): - self.resource.on_get(self.req, self.resp, self.tenant_keystone_id, - self.verification.id) - - self.verify_repo.get \ - .assert_called_once_with(entity_id=self.verification.id, - keystone_id=self.tenant_keystone_id, - suppress_exception=True) - - def test_should_delete_verification(self): - self.resource.on_delete(self.req, self.resp, self.tenant_keystone_id, - self.verification.id) - - self.verify_repo.delete_entity_by_id \ - .assert_called_once_with(entity_id=self.verification.id, - keystone_id=self.tenant_keystone_id) - - def test_should_throw_exception_for_get_when_verify_not_found(self): - self.verify_repo.get.return_value = None - - exception = self.assertRaises( - falcon.HTTPError, - self.resource.on_get, - self.req, self.resp, self.tenant_keystone_id, self.verification.id, - ) - self.assertEqual(falcon.HTTP_404, exception.status) - - def test_should_throw_exception_for_delete_when_verify_not_found(self): - self.verify_repo.delete_entity_by_id.side_effect = excep.NotFound( - "Test not found exception") - - exception = self.assertRaises( - falcon.HTTPError, - self.resource.on_delete, - self.req, self.resp, self.tenant_keystone_id, self.verification.id, - ) - self.assertEqual(falcon.HTTP_404, exception.status) - - def _create_verification(self, id="id", - resource_type='image', - resource_ref='http://www.images.com/images/123', - resource_action='vm_attach', - impersonation_allowed=True): - """Generate a Verification entity instance.""" - verification = models.Verification() - verification.id = id - verification.resource_type = resource_type - verification.resource_ref = resource_ref - verification.resource_action = resource_action - verification.impersonation_allowed = impersonation_allowed - return verification - - -class WhenGettingVerificationsListUsingResource(testtools.TestCase): - def setUp(self): - super(WhenGettingVerificationsListUsingResource, self).setUp() - - self.tenant_id = 'tenant1234' - self.keystone_id = 'keystoneid1234' - - self.num_verifs = 10 - self.offset = 2 - self.limit = 2 - - self.verifs = [create_verification(id_ref='id' + str(id_ref)) for - id_ref in xrange(self.num_verifs)] - self.total = len(self.verifs) - self.verif_repo = mock.MagicMock() - self.verif_repo.get_by_create_date.return_value = (self.verifs, - self.offset, - self.limit, - self.total) - self.tenant_repo = mock.MagicMock() - - self.queue_resource = mock.MagicMock() - self.queue_resource.process_order.return_value = None - - self.req = mock.MagicMock() - self.req.accept = 'application/json' - self.req.get_param = mock.Mock() - self.req.get_param.side_effect = [self.offset, self.limit, None, None, - None, 0] - self.resp = mock.MagicMock() - self.resource = res.VerificationsResource(self.tenant_repo, - self.verif_repo, - self.queue_resource) - - def test_should_get_list_verifications(self): - self.resource.on_get(self.req, self.resp, self.keystone_id) - - self.verif_repo.get_by_create_date \ - .assert_called_once_with(self.keystone_id, - offset_arg=self.offset, - limit_arg=self.limit, - suppress_exception=True) - - resp_body = jsonutils.loads(self.resp.body) - self.assertTrue('previous' in resp_body) - self.assertTrue('next' in resp_body) - - url_nav_next = self._create_url(self.keystone_id, - self.offset + self.limit, self.limit) - self.assertTrue(self.resp.body.count(url_nav_next) == 1) - - url_nav_prev = self._create_url(self.keystone_id, - 0, self.limit) - self.assertTrue(self.resp.body.count(url_nav_prev) == 1) - - url_hrefs = self._create_url(self.keystone_id) - self.assertTrue(self.resp.body.count(url_hrefs) == - (self.num_verifs + 2)) - - def test_response_should_include_total(self): - self.resource.on_get(self.req, self.resp, self.keystone_id) - resp_body = jsonutils.loads(self.resp.body) - self.assertIn('total', resp_body) - self.assertEqual(resp_body['total'], self.total) - - def test_should_handle_no_orders(self): - - del self.verifs[:] - - self.resource.on_get(self.req, self.resp, self.keystone_id) - - self.verif_repo.get_by_create_date \ - .assert_called_once_with(self.keystone_id, - offset_arg=self.offset, - limit_arg=self.limit, - suppress_exception=True) - - resp_body = jsonutils.loads(self.resp.body) - self.assertFalse('previous' in resp_body) - self.assertFalse('next' in resp_body) - - def _create_url(self, keystone_id, offset_arg=None, limit_arg=None): - if limit_arg: - offset = int(offset_arg) - limit = int(limit_arg) - return '/v1/{0}/verifications' \ - '?limit={1}&offset={2}'.format(keystone_id, - limit, offset) - else: - return '/v1/{0}/verifications'.format(self.keystone_id) - - class TestingJsonSanitization(testtools.TestCase): def test_json_sanitization_without_array(self): diff --git a/barbican/tests/queue/test_client.py b/barbican/tests/queue/test_client.py index f0a259cde..be3c8cb94 100644 --- a/barbican/tests/queue/test_client.py +++ b/barbican/tests/queue/test_client.py @@ -40,15 +40,6 @@ class WhenUsingAsyncTaskClient(utils.BaseTestCase): order_id=self.order_id, keystone_id=self.keystone_id) - def test_should_process_verification(self): - self.client.process_verification(verification_id=self.verification_id, - keystone_id=self.keystone_id) - queue.get_client.assert_called_with() - self.mock_client.cast.assert_called_with({}, 'process_verification', - verification_id= - self.verification_id, - keystone_id=self.keystone_id) - class WhenCreatingDirectTaskClient(utils.BaseTestCase): """Test using the synchronous task client (i.e. standalone mode).""" diff --git a/barbican/tests/queue/test_server.py b/barbican/tests/queue/test_server.py index 7079befc6..c6e9410c2 100644 --- a/barbican/tests/queue/test_server.py +++ b/barbican/tests/queue/test_server.py @@ -38,24 +38,6 @@ class WhenUsingBeginOrderTask(utils.BaseTestCase): .assert_called_with(self.order_id, self.keystone_id) -class WhenUsingPerformVerificationTask(utils.BaseTestCase): - """Test using the Tasks class for 'verification' task.""" - - def setUp(self): - super(WhenUsingPerformVerificationTask, self).setUp() - - self.tasks = server.Tasks() - - @patch('barbican.tasks.resources.PerformVerification') - def test_should_process_verification(self, mock_begin_verification): - mock_begin_verification.return_value.process.return_value = None - self.tasks.process_verification(context=None, - verification_id=self.verification_id, - keystone_id=self.keystone_id) - mock_begin_verification.return_value.process\ - .assert_called_with(self.verification_id, self.keystone_id) - - class WhenUsingTaskServer(utils.BaseTestCase): """Test using the asynchronous task client.""" diff --git a/barbican/tests/tasks/test_resources.py b/barbican/tests/tasks/test_resources.py index 9800815d3..aff22732a 100644 --- a/barbican/tests/tasks/test_resources.py +++ b/barbican/tests/tasks/test_resources.py @@ -179,79 +179,3 @@ class WhenBeginningOrder(testtools.TestCase): self.order.id, self.keystone_id, ) - - -class WhenPerformingVerification(testtools.TestCase): - - def setUp(self): - super(WhenPerformingVerification, self).setUp() - - self.verif = models.Verification() - self.verif.id = "id1" - - self.resource_type = 'image', - self.resource_ref = 'http://www.images.com/images/123', - self.resource_action = 'vm_attach', - self.impersonation_allowed = True - - self.keystone_id = 'keystone1234' - self.tenant_id = 'tenantid1234' - self.tenant = models.Tenant() - self.tenant.id = self.tenant_id - self.tenant.keystone_id = self.keystone_id - self.tenant_repo = mock.MagicMock() - self.tenant_repo.get.return_value = self.tenant - - self.verif.status = models.States.PENDING - self.verif.tenant_id = self.tenant_id - self.verif.resource_type = self.resource_type - self.verif.resource_ref = self.resource_ref - self.verif.resource_action = self.resource_action - self.verif.impersonation_allowed = self.impersonation_allowed - - self.verif_repo = mock.MagicMock() - self.verif_repo.get.return_value = self.verif - - self.resource = resources.PerformVerification(self.verif_repo) - - def test_should_process_verification(self): - self.resource.process(self.verif.id, self.keystone_id) - - self.verif_repo.get \ - .assert_called_once_with(entity_id=self.verif.id, - keystone_id=self.keystone_id) - self.assertEqual(self.verif.status, models.States.ACTIVE) - - args, kwargs = self.verif_repo.save.call_args - verif = args[0] - self.assertIsInstance(verif, models.Verification) - self.assertEqual(verif.resource_type, self.resource_type) - self.assertEqual(verif.resource_action, self.resource_action) - - def test_should_fail_during_retrieval(self): - # Force an error during the verification retrieval phase. - self.verif_repo.get = mock.MagicMock(return_value=None, - side_effect=ValueError()) - - self.assertRaises( - ValueError, - self.resource.process, - self.verif.id, - self.keystone_id, - ) - - # Verification state doesn't change because can't retrieve - # it to change it. - self.assertEqual(models.States.PENDING, self.verif.status) - - def test_should_fail_during_success_report_fail(self): - # Force an error during the processing handler phase. - self.verif_repo.save = mock.MagicMock(return_value=None, - side_effect=ValueError()) - - self.assertRaises( - ValueError, - self.resource.process, - self.verif.id, - self.keystone_id, - ) diff --git a/barbican/tests/utils.py b/barbican/tests/utils.py index 0fbeeef51..ca5cc8230 100644 --- a/barbican/tests/utils.py +++ b/barbican/tests/utils.py @@ -19,7 +19,6 @@ class BaseTestCase(testtools.TestCase): def setUp(self): super(BaseTestCase, self).setUp() self.order_id = 'order1234' - self.verification_id = 'verif1234' self.keystone_id = 'keystone1234' def tearDown(self): diff --git a/etc/barbican/policy.json b/etc/barbican/policy.json index 3a202ba30..b78ab05ef 100644 --- a/etc/barbican/policy.json +++ b/etc/barbican/policy.json @@ -14,10 +14,6 @@ "containers:get": "rule:all_but_audit", "container:get": "rule:all_users", "container:delete": "rule:admin", - "verifications:post": "rule:admin_or_creator", - "verifications:get": "rule:all_but_audit", - "verification:get": "rule:all_users", - "verification:delete": "rule:admin", "admin": "role:admin", "observer": "role:observer", "creator": "role:creator",