Pass secret_type to repository query

In the secrets controller, the list functionality had a "secret_type"
argument, but wasn't being used in the actual query to the secrets repo.
This fixes the issue and adds functional tests to ensure the filter
queries are working correctly.

Change-Id: Ifa42f5e817908973dd8b927e4744cdc754a4b027
This commit is contained in:
Kaitlin Farr 2016-11-14 13:05:19 -05:00
parent a444b8b07e
commit fba4607f6e
4 changed files with 68 additions and 9 deletions

View File

@ -379,6 +379,7 @@ class SecretsController(controllers.ACLMixin):
alg=kw.get('alg'), alg=kw.get('alg'),
mode=kw.get('mode'), mode=kw.get('mode'),
bits=bits, bits=bits,
secret_type=kw.get('secret_type'),
suppress_exception=True, suppress_exception=True,
acl_only=kw.get('acl_only'), acl_only=kw.get('acl_only'),
user_id=user_id, user_id=user_id,

View File

@ -131,24 +131,35 @@ class SecretBehaviors(base_behaviors.BaseBehaviors):
response_model_type=secret_models.SecretModel, response_model_type=secret_models.SecretModel,
use_auth=use_auth, user_name=user_name) use_auth=use_auth, user_name=user_name)
def get_secrets(self, limit=10, offset=0, filter=None, def get_secrets(self, limit=10, offset=0, extra_headers=None,
extra_headers=None, omit_headers=None, use_auth=True, omit_headers=None, use_auth=True, user_name=None,
user_name=None): name=None, alg=None, mode=None, bits=None,
secret_type=None):
"""Handles getting a list of secrets. """Handles getting a list of secrets.
:param limit: limits number of returned secrets :param limit: limits number of returned secrets
:param offset: represents how many records to skip before retrieving :param offset: represents how many records to skip before retrieving
the list the list
:param filter: optional filter to limit the returned secrets to
those whose name matches the filter.
:param extra_headers: Optional HTTP headers to add to the request :param extra_headers: Optional HTTP headers to add to the request
:param omit_headers: headers to delete before making the request :param omit_headers: headers to delete before making the request
:param use_auth: Boolean for whether to send authentication headers :param use_auth: Boolean for whether to send authentication headers
:param user_name: The user name used to list the secrets :param user_name: The user name used to list the secrets
:param alg: Optional algorithm for filtering secrets
:param mode: Optional mode for filtering secrets
:param bits: Optional bit length for filtering secrets
:param secret_type: Optional secret type for filtering secrets
""" """
params = {'limit': limit, 'offset': offset} params = {'limit': limit, 'offset': offset}
if filter: if name:
params['name'] = filter params['name'] = name
if alg:
params['alg'] = alg
if mode:
params['mode'] = mode
if bits:
params['bits'] = bits
if secret_type:
params['secret_type'] = secret_type
resp = self.client.get('secrets', params=params, resp = self.client.get('secrets', params=params,
extra_headers=extra_headers, extra_headers=extra_headers,
omit_headers=omit_headers, omit_headers=omit_headers,

View File

@ -22,6 +22,7 @@ import time
from testtools import testcase from testtools import testcase
from barbican.plugin.interface import secret_store as ss
from barbican.plugin.util import translations from barbican.plugin.util import translations
from barbican.tests import keys from barbican.tests import keys
from barbican.tests import utils from barbican.tests import utils
@ -1088,6 +1089,52 @@ class SecretsTestCase(base.TestCase):
self.assertEqual(400, resp.status_code) self.assertEqual(400, resp.status_code)
@utils.parameterized_test_case
class ListingSecretsTestCase(SecretsTestCase):
@utils.parameterized_dataset({
'query_by_name': {
'secret_1_dict': dict(name="name1"),
'secret_2_dict': dict(name="name2"),
'query_dict': dict(name="name1")
},
'query_by_algorithm': {
'secret_1_dict': dict(algorithm="algorithm1"),
'secret_2_dict': dict(algorithm="algorithm2"),
'query_dict': dict(alg="algorithm1")
},
'query_by_mode': {
'secret_1_dict': dict(mode="mode1"),
'secret_2_dict': dict(mode="mode2"),
'query_dict': dict(mode="mode1")
},
'query_by_bit_length': {
'secret_1_dict': dict(bit_length=1024),
'secret_2_dict': dict(bit_length=2048),
'query_dict': dict(bits=1024)
},
'query_by_secret_type': {
'secret_1_dict': dict(secret_type=ss.SecretType.SYMMETRIC),
'secret_2_dict': dict(secret_type=ss.SecretType.OPAQUE),
'query_dict': dict(secret_type=ss.SecretType.SYMMETRIC)
},
})
@testcase.attr('positive')
def test_secret_list_with_filter(self, secret_1_dict, secret_2_dict,
query_dict):
secret_1 = secret_models.SecretModel(**secret_1_dict)
secret_2 = secret_models.SecretModel(**secret_2_dict)
self.behaviors.create_secret(secret_1)
self.behaviors.create_secret(secret_2)
resp, secrets_list, next_ref, prev_ref = self.behaviors.get_secrets(
**query_dict)
self.assertEqual(200, resp.status_code)
self.assertEqual(1, len(secrets_list))
class SecretsPagingTestCase(base.PagingTestCase): class SecretsPagingTestCase(base.PagingTestCase):
def setUp(self): def setUp(self):
@ -1111,7 +1158,7 @@ class SecretsPagingTestCase(base.PagingTestCase):
def get_resources(self, limit=10, offset=0, filter=None): def get_resources(self, limit=10, offset=0, filter=None):
return self.behaviors.get_secrets(limit=limit, offset=offset, return self.behaviors.get_secrets(limit=limit, offset=offset,
filter=filter) name=filter)
def set_filter_field(self, unique_str, model): def set_filter_field(self, unique_str, model):
'''Set the name field which we use in the get_resources ''' '''Set the name field which we use in the get_resources '''

View File

@ -32,7 +32,7 @@ coverage combine
coverage report -m coverage report -m
# run the tests in parallel # run the tests in parallel
SKIP=^\(\?\!\.\*\(ProjectQuotasPagingTestCase\|QuotaEnforcementTestCase\|ListingCAsTestCase\|ProjectCATestCase\|GlobalPreferredCATestCase\|CertificateAuthoritiesTestCase\)\) SKIP=^\(\?\!\.\*\(ProjectQuotasPagingTestCase\|QuotaEnforcementTestCase\|ListingCAsTestCase\|ProjectCATestCase\|GlobalPreferredCATestCase\|CertificateAuthoritiesTestCase\|ListingSecretsTestCase\)\)
testr init testr init
testr run $SKIP --parallel --subunit | subunit-trace --no-failure-debug -f testr run $SKIP --parallel --subunit | subunit-trace --no-failure-debug -f
retval=$(($retval || $?)) retval=$(($retval || $?))