Merge "Removes context "validation"." into stable/train

This commit is contained in:
Zuul 2020-07-07 14:24:25 +00:00 committed by Gerrit Code Review
commit 11775214fa
3 changed files with 4 additions and 80 deletions

View File

@ -217,11 +217,6 @@ class VaultKeyManager(key_manager.KeyManager):
expiration=None, name=None):
"""Creates an asymmetric key pair."""
# Confirm context is provided, if not raise forbidden
if not context:
msg = _("User is not authorized to use key manager.")
raise exception.Forbidden(msg)
if algorithm.lower() != 'rsa':
raise NotImplementedError(
"VaultKeyManager only implements rsa keys"
@ -293,11 +288,6 @@ class VaultKeyManager(key_manager.KeyManager):
def create_key(self, context, algorithm, length, name=None, **kwargs):
"""Creates a symmetric key."""
# Confirm context is provided, if not raise forbidden
if not context:
msg = _("User is not authorized to use key manager.")
raise exception.Forbidden(msg)
if length % 8:
msg = _("Length must be multiple of 8.")
raise ValueError(msg)
@ -315,22 +305,12 @@ class VaultKeyManager(key_manager.KeyManager):
def store(self, context, key_value, **kwargs):
"""Stores (i.e., registers) a key with the key manager."""
# Confirm context is provided, if not raise forbidden
if not context:
msg = _("User is not authorized to use key manager.")
raise exception.Forbidden(msg)
key_id = uuid.uuid4().hex
return self._store_key_value(key_id, key_value)
def get(self, context, key_id, metadata_only=False):
"""Retrieves the key identified by the specified id."""
# Confirm context is provided, if not raise forbidden
if not context:
msg = _("User is not authorized to use key manager.")
raise exception.Forbidden(msg)
if not key_id:
raise exception.KeyManagerError('key identifier not provided')
@ -371,11 +351,6 @@ class VaultKeyManager(key_manager.KeyManager):
def delete(self, context, key_id):
"""Represents deleting the key."""
# Confirm context is provided, if not raise forbidden
if not context:
msg = _("User is not authorized to use key manager.")
raise exception.Forbidden(msg)
if not key_id:
raise exception.KeyManagerError('key identifier not provided')
@ -388,11 +363,6 @@ class VaultKeyManager(key_manager.KeyManager):
def list(self, context, object_type=None, metadata_only=False):
"""Lists the managed objects given the criteria."""
# Confirm context is provided, if not raise forbidden
if not context:
msg = _("User is not authorized to use key manager.")
raise exception.Forbidden(msg)
if object_type and object_type not in self._secret_type_dict:
msg = _("Invalid secret type: %s") % object_type
raise exception.KeyManagerError(reason=msg)

View File

@ -77,6 +77,7 @@ class KeyManagerTestCase(object):
def setUp(self):
super(KeyManagerTestCase, self).setUp()
self.key_mgr = self._create_key_manager()
self.ctxt = None
def _get_valid_object_uuid(self, managed_object):
object_uuid = self.key_mgr.store(self.ctxt, managed_object)

View File

@ -15,12 +15,10 @@ Functional test cases for the Vault key manager.
Note: This requires local running instance of Vault.
"""
import abc
import os
import uuid
from oslo_config import cfg
from oslo_context import context
from oslo_utils import uuidutils
from oslotest import base
import requests
@ -34,7 +32,8 @@ from castellan.tests.functional.key_manager import test_key_manager
CONF = config.get_config()
class VaultKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
class VaultKeyManagerTestCase(test_key_manager.KeyManagerTestCase,
base.BaseTestCase):
def _create_key_manager(self):
key_mgr = vault_key_manager.VaultKeyManager(cfg.CONF)
@ -46,26 +45,6 @@ class VaultKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
key_mgr._vault_url = os.environ['VAULT_TEST_URL']
return key_mgr
@abc.abstractmethod
def get_context(self):
"""Retrieves Context for Authentication"""
return
def setUp(self):
super(VaultKeyManagerTestCase, self).setUp()
self.ctxt = self.get_context()
def tearDown(self):
super(VaultKeyManagerTestCase, self).tearDown()
def test_create_null_context(self):
self.assertRaises(exception.Forbidden,
self.key_mgr.create_key, None, 'AES', 256)
def test_create_key_pair_null_context(self):
self.assertRaises(exception.Forbidden,
self.key_mgr.create_key_pair, None, 'RSA', 2048)
def test_create_key_pair_bad_algorithm(self):
self.assertRaises(
NotImplementedError,
@ -73,24 +52,10 @@ class VaultKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
self.ctxt, 'DSA', 2048
)
def test_delete_null_context(self):
key_uuid = self._get_valid_object_uuid(
test_key_manager._get_test_symmetric_key())
self.addCleanup(self.key_mgr.delete, self.ctxt, key_uuid)
self.assertRaises(exception.Forbidden,
self.key_mgr.delete, None, key_uuid)
def test_delete_null_object(self):
self.assertRaises(exception.KeyManagerError,
self.key_mgr.delete, self.ctxt, None)
def test_get_null_context(self):
key_uuid = self._get_valid_object_uuid(
test_key_manager._get_test_symmetric_key())
self.addCleanup(self.key_mgr.delete, self.ctxt, key_uuid)
self.assertRaises(exception.Forbidden,
self.key_mgr.get, None, key_uuid)
def test_get_null_object(self):
self.assertRaises(exception.KeyManagerError,
self.key_mgr.get, self.ctxt, None)
@ -100,18 +65,6 @@ class VaultKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
self.assertRaises(exception.ManagedObjectNotFoundError,
self.key_mgr.get, self.ctxt, bad_key_uuid)
def test_store_null_context(self):
key = test_key_manager._get_test_symmetric_key()
self.assertRaises(exception.Forbidden,
self.key_mgr.store, None, key)
class VaultKeyManagerOSLOContextTestCase(VaultKeyManagerTestCase,
base.BaseTestCase):
def get_context(self):
return context.get_admin_context()
TEST_POLICY = '''
path "{backend}/*" {{
@ -128,7 +81,7 @@ POLICY_ENDPOINT = 'v1/sys/policy/{policy_name}'
APPROLE_ENDPOINT = 'v1/auth/approle/role/{role_name}'
class VaultKeyManagerAppRoleTestCase(VaultKeyManagerOSLOContextTestCase):
class VaultKeyManagerAppRoleTestCase(VaultKeyManagerTestCase):
mountpoint = 'secret'