Pass secret_type to repository query

In the secrets controller, the list functionality had a "secret_type"
argument, but wasn't being used in the actual query to the secrets repo.
This fixes the issue and adds functional tests to ensure the filter
queries are working correctly.

Change-Id: Ifa42f5e817908973dd8b927e4744cdc754a4b027

barbican/api/controllers/secrets.py

@@ -379,6 +379,7 @@ class SecretsController(controllers.ACLMixin):
             alg=kw.get('alg'),
             mode=kw.get('mode'),
             bits=bits,
+            secret_type=kw.get('secret_type'),
             suppress_exception=True,
             acl_only=kw.get('acl_only'),
             user_id=user_id,

functionaltests/api/v1/behaviors/secret_behaviors.py

@@ -131,24 +131,35 @@ class SecretBehaviors(base_behaviors.BaseBehaviors):
             response_model_type=secret_models.SecretModel,
             use_auth=use_auth, user_name=user_name)
 
-    def get_secrets(self, limit=10, offset=0, filter=None,
-                    extra_headers=None, omit_headers=None, use_auth=True,
-                    user_name=None):
+    def get_secrets(self, limit=10, offset=0, extra_headers=None,
+                    omit_headers=None, use_auth=True, user_name=None,
+                    name=None, alg=None, mode=None, bits=None,
+                    secret_type=None):
         """Handles getting a list of secrets.
 
         :param limit: limits number of returned secrets
         :param offset: represents how many records to skip before retrieving
                        the list
-        :param filter: optional filter to limit the returned secrets to
-                        those whose name matches the filter.
         :param extra_headers: Optional HTTP headers to add to the request
         :param omit_headers: headers to delete before making the request
         :param use_auth: Boolean for whether to send authentication headers
         :param user_name: The user name used to list the secrets
+        :param alg: Optional algorithm for filtering secrets
+        :param mode: Optional mode for filtering secrets
+        :param bits: Optional bit length for filtering secrets
+        :param secret_type: Optional secret type for filtering secrets
         """
         params = {'limit': limit, 'offset': offset}
-        if filter:
-            params['name'] = filter
+        if name:
+            params['name'] = name
+        if alg:
+            params['alg'] = alg
+        if mode:
+            params['mode'] = mode
+        if bits:
+            params['bits'] = bits
+        if secret_type:
+            params['secret_type'] = secret_type
         resp = self.client.get('secrets', params=params,
                                extra_headers=extra_headers,
                                omit_headers=omit_headers,

functionaltests/api/v1/functional/test_secrets.py

@@ -22,6 +22,7 @@ import time
 
 from testtools import testcase
 
+from barbican.plugin.interface import secret_store as ss
 from barbican.plugin.util import translations
 from barbican.tests import keys
 from barbican.tests import utils
@@ -1088,6 +1089,52 @@ class SecretsTestCase(base.TestCase):
         self.assertEqual(400, resp.status_code)
 
 
+@utils.parameterized_test_case
+class ListingSecretsTestCase(SecretsTestCase):
+
+    @utils.parameterized_dataset({
+        'query_by_name': {
+            'secret_1_dict': dict(name="name1"),
+            'secret_2_dict': dict(name="name2"),
+            'query_dict': dict(name="name1")
+        },
+        'query_by_algorithm': {
+            'secret_1_dict': dict(algorithm="algorithm1"),
+            'secret_2_dict': dict(algorithm="algorithm2"),
+            'query_dict': dict(alg="algorithm1")
+        },
+        'query_by_mode': {
+            'secret_1_dict': dict(mode="mode1"),
+            'secret_2_dict': dict(mode="mode2"),
+            'query_dict': dict(mode="mode1")
+        },
+        'query_by_bit_length': {
+            'secret_1_dict': dict(bit_length=1024),
+            'secret_2_dict': dict(bit_length=2048),
+            'query_dict': dict(bits=1024)
+        },
+        'query_by_secret_type': {
+            'secret_1_dict': dict(secret_type=ss.SecretType.SYMMETRIC),
+            'secret_2_dict': dict(secret_type=ss.SecretType.OPAQUE),
+            'query_dict': dict(secret_type=ss.SecretType.SYMMETRIC)
+        },
+    })
+    @testcase.attr('positive')
+    def test_secret_list_with_filter(self, secret_1_dict, secret_2_dict,
+                                     query_dict):
+        secret_1 = secret_models.SecretModel(**secret_1_dict)
+        secret_2 = secret_models.SecretModel(**secret_2_dict)
+
+        self.behaviors.create_secret(secret_1)
+        self.behaviors.create_secret(secret_2)
+
+        resp, secrets_list, next_ref, prev_ref = self.behaviors.get_secrets(
+            **query_dict)
+
+        self.assertEqual(200, resp.status_code)
+        self.assertEqual(1, len(secrets_list))
+
+
 class SecretsPagingTestCase(base.PagingTestCase):
 
     def setUp(self):
@@ -1111,7 +1158,7 @@ class SecretsPagingTestCase(base.PagingTestCase):
 
     def get_resources(self, limit=10, offset=0, filter=None):
         return self.behaviors.get_secrets(limit=limit, offset=offset,
-                                          filter=filter)
+                                          name=filter)
 
     def set_filter_field(self, unique_str, model):
         '''Set the name field which we use in the get_resources '''

functionaltests/run_tests.sh

@@ -32,7 +32,7 @@ coverage combine
 coverage report -m
 
 # run the tests in parallel
-SKIP=^\(\?\!\.\*\(ProjectQuotasPagingTestCase\|QuotaEnforcementTestCase\|ListingCAsTestCase\|ProjectCATestCase\|GlobalPreferredCATestCase\|CertificateAuthoritiesTestCase\)\)
+SKIP=^\(\?\!\.\*\(ProjectQuotasPagingTestCase\|QuotaEnforcementTestCase\|ListingCAsTestCase\|ProjectCATestCase\|GlobalPreferredCATestCase\|CertificateAuthoritiesTestCase\|ListingSecretsTestCase\)\)
 testr init
 testr run $SKIP --parallel --subunit | subunit-trace --no-failure-debug -f
 retval=$(($retval || $?))