openstack/castellan
Code Issues Proposed changes

Merge "barbican: Drop redundant full url composition"

Browse Source
This commit is contained in:
Zuul
2026-02-23 16:32:51 +00:00
committed by Gerrit Code Review
parent 84288b80ea a227bd9c4c
commit 6966cd50a5
2 changed files with 71 additions and 215 deletions
Download Patch File Download Diff File Expand all files Collapse all files

94
castellan/key_manager/barbican_key_manager.py
View File

@@ -18,7 +18,6 @@ Key manager implementation for Barbican
"""
import calendar
import time
import urllib.parse
from barbicanclient import client as barbican_client_import
from barbicanclient import exceptions as barbican_exceptions
@@ -124,7 +123,7 @@ class BarbicanKeyManager(key_manager.KeyManager):
"""Creates a client to connect to the Barbican service.
:param context: the user context for authentication
:return: tuple of a Barbican Client object and its endpoint
:return: a Barbican Client object
:raises Forbidden: if the context is None
:raises KeyManagerError: if context is missing tenant or tenant is
None or error occurs while creating client
@@ -141,13 +140,10 @@ class BarbicanKeyManager(key_manager.KeyManager):
sess = session.Session(auth=auth, verify=self._verify)
endpoint = self._get_barbican_endpoint(auth, sess)
return (
barbican_client_import.Client(
version=self.conf.barbican.barbican_api_version,
session=sess,
endpoint=endpoint),
self._create_base_url(auth, sess, endpoint)
)
return barbican_client_import.Client(
version=self.conf.barbican.barbican_api_version,
session=sess,
endpoint=endpoint)
# TODO(pbourke): more fine grained exception handling - we are eating
# tracebacks here
@@ -232,34 +228,6 @@ class BarbicanKeyManager(key_manager.KeyManager):
interface=self.conf.barbican.barbican_endpoint_type,
region_name=self.conf.barbican.barbican_region_name)
def _create_base_url(self, auth, sess, endpoint):
api_version = None
if self.conf.barbican.barbican_api_version:
api_version = self.conf.barbican.barbican_api_version
elif getattr(auth, 'service_catalog', None):
endpoint_data = auth.service_catalog.endpoint_data_for(
service_type='key-manager',
interface=self.conf.barbican.barbican_endpoint_type,
region_name=self.conf.barbican.barbican_region_name)
api_version = endpoint_data.api_version
elif getattr(auth, 'get_discovery', None):
discovery = auth.get_discovery(sess, url=endpoint)
raw_data = discovery.raw_version_data()
if len(raw_data) == 0:
msg = _(
"Could not find discovery information for %s") % endpoint
LOG.error(msg)
raise exception.KeyManagerError(reason=msg)
latest_version = raw_data[-1]
api_version = latest_version.get('id')
if endpoint[-1] != '/':
endpoint += '/'
base_url = urllib.parse.urljoin(endpoint, api_version)
return base_url
def _delete_order(self, client, order_ref):
try:
client.orders.delete(order_ref)
@@ -287,7 +255,7 @@ class BarbicanKeyManager(key_manager.KeyManager):
:return: the UUID of the new key
:raises KeyManagerError: if key creation fails
"""
barbican_client, _ = self._get_barbican_client(context)
barbican_client = self._get_barbican_client(context)
try:
key_order = barbican_client.orders.create_key(
@@ -320,7 +288,7 @@ class BarbicanKeyManager(key_manager.KeyManager):
:raises NotImplementedError: until implemented
:raises KeyManagerError: if key pair creation fails
"""
barbican_client, _ = self._get_barbican_client(context)
barbican_client = self._get_barbican_client(context)
try:
key_pair_order = barbican_client.orders.create_asymmetric(
@@ -411,7 +379,7 @@ class BarbicanKeyManager(key_manager.KeyManager):
:returns: the UUID of the stored object
:raises KeyManagerError: if object store fails
"""
barbican_client, _ = self._get_barbican_client(context)
barbican_client = self._get_barbican_client(context)
try:
secret = self._get_barbican_object(barbican_client,
@@ -425,20 +393,6 @@ class BarbicanKeyManager(key_manager.KeyManager):
LOG.error("Error storing object: %s", e)
raise exception.KeyManagerError(reason=e)
def _create_secret_ref(self, base_url, object_id):
"""Creates the URL required for accessing a secret.
:param endpoint: Base endpoint URL
:param object_id: the UUID of the key to copy
:return: the URL of the requested secret
"""
if not object_id:
msg = _("Key ID is None")
raise exception.KeyManagerError(reason=msg)
if base_url[-1] != '/':
base_url += '/'
return urllib.parse.urljoin(base_url, "secrets/" + object_id)
def _get_active_order(self, barbican_client, order_ref):
"""Returns the order when it is active.
@@ -592,12 +546,13 @@ class BarbicanKeyManager(key_manager.KeyManager):
:raises HTTPClientError: if object retrieval fails with 4xx
:raises HTTPServerError: if object retrieval fails with 5xx
"""
if not object_id:
raise exception.KeyManagerError('key identifier not provided')
barbican_client, base_url = self._get_barbican_client(context)
barbican_client = self._get_barbican_client(context)
try:
secret_ref = self._create_secret_ref(base_url, object_id)
return barbican_client.secrets.get(secret_ref)
return barbican_client.secrets.get(object_id)
except (barbican_exceptions.HTTPAuthError,
barbican_exceptions.HTTPClientError,
barbican_exceptions.HTTPServerError) as e:
@@ -648,10 +603,12 @@ class BarbicanKeyManager(key_manager.KeyManager):
:raises KeyManagerError: if object deletion fails
:raises ManagedObjectNotFoundError: if the object could not be found
"""
barbican_client, base_url = self._get_barbican_client(context)
if not managed_object_id:
raise exception.KeyManagerError('key identifier not provided')
barbican_client = self._get_barbican_client(context)
try:
secret_ref = self._create_secret_ref(base_url, managed_object_id)
barbican_client.secrets.delete(secret_ref, force)
barbican_client.secrets.delete(managed_object_id, force)
except (barbican_exceptions.HTTPAuthError,
barbican_exceptions.HTTPClientError,
barbican_exceptions.HTTPServerError) as e:
@@ -673,11 +630,13 @@ class BarbicanKeyManager(key_manager.KeyManager):
:raises ManagedObjectNotFoundError: if the object could not be found
"""
barbican_client, base_url = self._get_barbican_client(context)
if not managed_object_id:
raise exception.KeyManagerError('key identifier not provided')
barbican_client = self._get_barbican_client(context)
try:
secret_ref = self._create_secret_ref(base_url, managed_object_id)
barbican_client.secrets.register_consumer(
secret_ref, **consumer_data)
managed_object_id, **consumer_data)
except (barbican_exceptions.HTTPAuthError,
barbican_exceptions.HTTPClientError,
@@ -690,12 +649,13 @@ class BarbicanKeyManager(key_manager.KeyManager):
raise exception.KeyManagerError(reason=e)
def remove_consumer(self, context, managed_object_id, consumer_data):
if not managed_object_id:
raise exception.KeyManagerError('key identifier not provided')
barbican_client, base_url = self._get_barbican_client(context)
barbican_client = self._get_barbican_client(context)
try:
secret_ref = self._create_secret_ref(base_url, managed_object_id)
barbican_client.secrets.remove_consumer(
secret_ref, **consumer_data)
managed_object_id, **consumer_data)
except (barbican_exceptions.HTTPAuthError,
barbican_exceptions.HTTPClientError,
barbican_exceptions.HTTPServerError) as e:
@@ -718,7 +678,7 @@ class BarbicanKeyManager(key_manager.KeyManager):
:raises KeyManagerError: if listing secrets fails
"""
objects = []
barbican_client, _ = self._get_barbican_client(context)
barbican_client = self._get_barbican_client(context)
if object_type and object_type not in self._secret_type_dict:
msg = _("Invalid secret type: %s") % object_type

192
castellan/tests/unit/key_manager/test_barbican_key_manager.py
View File

@@ -54,7 +54,7 @@ class BarbicanKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
# Create a key_id, secret_ref, pre_hex, and hex to use
self.key_id = "d152fa13-2b41-42ca-a934-6c21566c0f40"
self.secret_ref = ("http://host:9311/v1/secrets/" + self.key_id)
self.secret_ref = self.key_id
self.pre_hex = "AIDxQp2++uAbKaTVDMXFYIu8PIugJGqkK0JLqkU0rhY="
self.hex = ("0080f1429dbefae01b29a4d50cc5c5608bbc3c8ba0246aa42b424baa4"
"534ae16")
@@ -159,115 +159,11 @@ class BarbicanKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
auth = self.key_mgr._get_keystone_auth(self.ctxt)
self.assertIsInstance(auth, service_token.ServiceTokenAuthWrapper)
def test_base_url_old_version(self):
version = "v1"
self.key_mgr.conf.barbican.barbican_api_version = version
endpoint = "http://localhost:9311"
base_url = self.key_mgr._create_base_url(mock.Mock(),
mock.Mock(),
endpoint)
self.assertEqual(endpoint + "/" + version, base_url)
def test_base_url_new_version(self):
version = "v1"
self.key_mgr.conf.barbican.barbican_api_version = version
endpoint = "http://localhost/key_manager"
base_url = self.key_mgr._create_base_url(mock.Mock(),
mock.Mock(),
endpoint)
self.assertEqual(endpoint + "/" + version, base_url)
def test_base_url_service_catalog(self):
endpoint_data = mock.Mock()
endpoint_data.api_version = 'v321'
auth = mock.Mock(spec=['service_catalog'])
auth.service_catalog.endpoint_data_for.return_value = endpoint_data
endpoint = "http://localhost/key_manager"
base_url = self.key_mgr._create_base_url(auth,
mock.Mock(),
endpoint)
self.assertEqual(endpoint + "/" + endpoint_data.api_version, base_url)
auth.service_catalog.endpoint_data_for.assert_called_once_with(
service_type='key-manager', interface='public',
region_name=None)
def test_base_url_service_catalog_with_endpoint_type(self):
self.key_mgr.conf.barbican.barbican_endpoint_type = 'internal'
endpoint_data = mock.Mock()
endpoint_data.api_version = 'v321'
auth = mock.Mock(spec=['service_catalog'])
auth.service_catalog.endpoint_data_for.return_value = endpoint_data
endpoint = "http://localhost/key_manager"
base_url = self.key_mgr._create_base_url(auth,
mock.Mock(),
endpoint)
self.assertEqual(endpoint + "/" + endpoint_data.api_version, base_url)
auth.service_catalog.endpoint_data_for.assert_called_once_with(
service_type='key-manager', interface='internal',
region_name=None)
def test_base_url_service_catalog_with_region_name(self):
self.key_mgr.conf.barbican.barbican_region_name = 'regionOne'
endpoint_data = mock.Mock()
endpoint_data.api_version = 'v321'
auth = mock.Mock(spec=['service_catalog'])
auth.service_catalog.endpoint_data_for.return_value = endpoint_data
endpoint = "http://localhost/key_manager"
base_url = self.key_mgr._create_base_url(auth,
mock.Mock(),
endpoint)
self.assertEqual(endpoint + "/" + endpoint_data.api_version, base_url)
auth.service_catalog.endpoint_data_for.assert_called_once_with(
service_type='key-manager', interface='public',
region_name='regionOne')
def test_base_url_raise_exception(self):
auth = mock.Mock(spec=['get_discovery'])
sess = mock.Mock()
discovery = mock.Mock()
discovery.raw_version_data = mock.Mock(return_value=[])
auth.get_discovery = mock.Mock(return_value=discovery)
endpoint = "http://localhost/key_manager"
self.assertRaises(exception.KeyManagerError,
self.key_mgr._create_base_url,
auth, sess, endpoint)
auth.get_discovery.assert_called_once_with(sess, url=endpoint)
self.assertEqual(1, discovery.raw_version_data.call_count)
def test_base_url_get_discovery(self):
version = 'v100500'
auth = mock.Mock(spec=['get_discovery'])
sess = mock.Mock()
discovery = mock.Mock()
auth.get_discovery = mock.Mock(return_value=discovery)
discovery.raw_version_data = mock.Mock(return_value=[{'id': version}])
endpoint = "http://localhost/key_manager"
base_url = self.key_mgr._create_base_url(auth,
sess,
endpoint)
self.assertEqual(endpoint + "/" + version, base_url)
auth.get_discovery.assert_called_once_with(sess, url=endpoint)
self.assertEqual(1, discovery.raw_version_data.call_count)
@mock.patch('castellan.key_manager.barbican_key_manager.'
'BarbicanKeyManager._get_barbican_client')
def test_create_key(self, mock_get_client):
mock_client = mock.Mock()
mock_get_client.return_value = (mock_client, self.base_url)
mock_get_client.return_value = mock_client
# Create order_ref_url and assign return value
order_ref_url = ("http://localhost:9311/v1/orders/"
@@ -299,7 +195,7 @@ class BarbicanKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
'BarbicanKeyManager._get_barbican_client')
def test_create_key_with_error(self, mock_get_client):
mock_client = mock.Mock()
mock_get_client.return_value = (mock_client, self.base_url)
mock_get_client.return_value = mock_client
key_order = mock.Mock()
mock_client.orders.create_key.return_value = key_order
@@ -312,7 +208,7 @@ class BarbicanKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
'BarbicanKeyManager._get_barbican_client')
def test_create_key_with_error_delete_order(self, mock_get_client):
mock_client = mock.Mock()
mock_get_client.return_value = (mock_client, self.base_url)
mock_get_client.return_value = mock_client
# Create order_ref_url and assign return value
order_ref_url = ("http://localhost:9311/v1/orders/"
@@ -341,7 +237,7 @@ class BarbicanKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
'BarbicanKeyManager._get_barbican_client')
def test_create_key_pair(self, mock_get_client):
mock_client = mock.Mock()
mock_get_client.return_value = (mock_client, self.base_url)
mock_get_client.return_value = mock_client
# Create order_ref_url and assign return value
order_ref_url = ("http://localhost:9311/v1/orders/"
@@ -390,7 +286,7 @@ class BarbicanKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
'BarbicanKeyManager._get_barbican_client')
def test_create_key_pair_with_error(self, mock_get_client):
mock_client = mock.Mock()
mock_get_client.return_value = (mock_client, self.base_url)
mock_get_client.return_value = mock_client
asym_order = mock.Mock()
mock_client.orders.create_asymmetric.return_value = asym_order
@@ -404,7 +300,7 @@ class BarbicanKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
def test_create_key_pair_error_in_delete_order_container(self,
mock_get_client):
mock_client = mock.Mock()
mock_get_client.return_value = (mock_client, self.base_url)
mock_get_client.return_value = mock_client
# Create order_ref_url and assign return value
order_ref_url = ("http://localhost:9311/v1/orders/"
@@ -457,7 +353,7 @@ class BarbicanKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
'BarbicanKeyManager._get_barbican_client')
def test_delete_key(self, mock_get_client):
mock_client = mock.Mock()
mock_get_client.return_value = (mock_client, self.base_url)
mock_get_client.return_value = mock_client
self.key_mgr.delete(self.ctxt, self.key_id)
mock_client.secrets.delete.assert_called_once_with(
@@ -468,7 +364,7 @@ class BarbicanKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
def test_delete_secret_with_consumers_no_force_parameter(
self, mock_get_client):
mock_client = mock.Mock()
mock_get_client.return_value = (mock_client, self.base_url)
mock_get_client.return_value = mock_client
mock_client.secrets.delete = mock.Mock(
side_effect=exception.KeyManagerError(
@@ -483,7 +379,7 @@ class BarbicanKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
def test_delete_secret_with_consumers_force_parameter_false(
self, mock_get_client):
mock_client = mock.Mock()
mock_get_client.return_value = (mock_client, self.base_url)
mock_get_client.return_value = mock_client
mock_client.secrets.delete.side_effect = \
barbican_exceptions.HTTPClientError(
@@ -499,7 +395,7 @@ class BarbicanKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
def test_delete_secret_with_consumers_force_parameter_true(
self, mock_get_client):
mock_client = mock.Mock()
mock_get_client.return_value = (mock_client, self.base_url)
mock_get_client.return_value = mock_client
self.key_mgr.delete(self.ctxt, self.key_id, force=True)
mock_client.secrets.delete.assert_called_once_with(
@@ -513,7 +409,7 @@ class BarbicanKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
'BarbicanKeyManager._get_barbican_client')
def test_delete_with_error(self, mock_get_client):
mock_client = mock.Mock()
mock_get_client.return_value = (mock_client, self.base_url)
mock_get_client.return_value = mock_client
mock_client.secrets.delete = mock.Mock(
side_effect=barbican_exceptions.HTTPClientError('test error'))
self.assertRaises(exception.KeyManagerError,
@@ -523,7 +419,7 @@ class BarbicanKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
'BarbicanKeyManager._get_barbican_client')
def test_get_key(self, mock_get_client):
mock_client = mock.Mock()
mock_get_client.return_value = (mock_client, self.base_url)
mock_get_client.return_value = mock_client
original_secret_metadata = mock.Mock()
original_secret_metadata.algorithm = mock.sentinel.alg
@@ -566,7 +462,7 @@ class BarbicanKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
'BarbicanKeyManager._get_barbican_client')
def test_get_with_error(self, mock_get_client):
mock_client = mock.Mock()
mock_get_client.return_value = (mock_client, self.base_url)
mock_get_client.return_value = mock_client
mock_client.secrets.get.side_effect = \
barbican_exceptions.HTTPClientError('test error')
self.assertRaises(exception.KeyManagerError,
@@ -576,7 +472,7 @@ class BarbicanKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
'BarbicanKeyManager._get_barbican_client')
def test_store_key(self, mock_get_client):
mock_client = mock.Mock()
mock_get_client.return_value = (mock_client, self.base_url)
mock_get_client.return_value = mock_client
# Create Key to store
secret_key = bytes(b'\x01\x02\xA0\xB3')
@@ -605,7 +501,7 @@ class BarbicanKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
'BarbicanKeyManager._get_barbican_client')
def test_store_key_with_name(self, mock_get_client):
mock_client = mock.Mock()
mock_get_client.return_value = (mock_client, self.base_url)
mock_get_client.return_value = mock_client
# Create Key to store
secret_key = bytes(b'\x01\x02\xA0\xB3')
@@ -640,7 +536,7 @@ class BarbicanKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
'BarbicanKeyManager._get_barbican_client')
def test_store_with_error(self, mock_get_client):
mock_client = mock.Mock()
mock_get_client.return_value = (mock_client, self.base_url)
mock_get_client.return_value = mock_client
mock_client.secrets.create.side_effect = \
barbican_exceptions.HTTPClientError('test error')
secret_key = bytes(b'\x01\x02\xA0\xB3')
@@ -655,7 +551,7 @@ class BarbicanKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
'BarbicanKeyManager._get_barbican_client')
def test_get_active_order(self, mock_get_client):
mock_client = mock.Mock()
mock_get_client.return_value = (mock_client, self.base_url)
mock_get_client.return_value = mock_client
order_ref_url = ("http://localhost:9311/v1/orders/"
"4fe939b7-72bc-49aa-bd1e-e979589858af")
@@ -682,7 +578,7 @@ class BarbicanKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
'BarbicanKeyManager._get_barbican_client')
def test_get_active_order_timeout(self, mock_get_client):
mock_client = mock.Mock()
mock_get_client.return_value = (mock_client, self.base_url)
mock_get_client.return_value = mock_client
order_ref_url = ("http://localhost:9311/v1/orders/"
"4fe939b7-72bc-49aa-bd1e-e979589858af")
@@ -707,7 +603,7 @@ class BarbicanKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
'BarbicanKeyManager._get_barbican_client')
def test_get_active_order_error(self, mock_get_client):
mock_client = mock.Mock()
mock_get_client.return_value = (mock_client, self.base_url)
mock_get_client.return_value = mock_client
order_ref_url = ("http://localhost:9311/v1/orders/"
"4fe939b7-72bc-49aa-bd1e-e979589858af")
@@ -735,7 +631,7 @@ class BarbicanKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
'BarbicanKeyManager._get_barbican_client')
def test_list(self, mock_get_client):
mock_client = mock.Mock()
mock_get_client.return_value = (mock_client, self.base_url)
mock_get_client.return_value = mock_client
original_secret_metadata = mock.Mock()
original_secret_metadata.algorithm = mock.sentinel.alg
@@ -787,7 +683,7 @@ class BarbicanKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
'BarbicanKeyManager._get_barbican_client')
def test_list_with_error(self, mock_get_client):
mock_client = mock.Mock()
mock_get_client.return_value = (mock_client, self.base_url)
mock_get_client.return_value = mock_client
mock_client.secrets.list = mock.Mock(
side_effect=barbican_exceptions.HTTPClientError('test error'))
self.assertRaises(exception.KeyManagerError,
@@ -857,7 +753,7 @@ class BarbicanKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
'BarbicanKeyManager._get_barbican_client')
def test_add_consumer_with_different_project_fails(self, mock_get_client):
mock_client = mock.Mock()
mock_get_client.return_value = (mock_client, self.base_url)
mock_get_client.return_value = mock_client
side_effect = barbican_exceptions.HTTPClientError(
"Forbidden: SecretConsumer creation attempt not allowed - "
@@ -891,7 +787,7 @@ class BarbicanKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
def test_add_consumer_with_invalid_managed_object_id_fails(
self, mock_get_client):
mock_client = mock.Mock()
mock_get_client.return_value = (mock_client, self.base_url)
mock_get_client.return_value = mock_client
side_effect = ValueError("Secret incorrectly specified.")
self._test_add_consumer_expects_error(
@@ -903,7 +799,7 @@ class BarbicanKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
def test_add_consumer_with_inexistent_managed_object_id_fails(
self, mock_get_client):
mock_client = mock.Mock()
mock_get_client.return_value = (mock_client, self.base_url)
mock_get_client.return_value = mock_client
side_effect = barbican_exceptions.HTTPClientError(
"Not Found: Secret not found.", status_code=404)
@@ -916,7 +812,7 @@ class BarbicanKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
def test_add_consumer_with_null_service_fails(
self, mock_get_client):
mock_client = mock.Mock()
mock_get_client.return_value = (mock_client, self.base_url)
mock_get_client.return_value = mock_client
side_effect = barbican_exceptions.HTTPClientError(
"Bad Request: Provided object does not match schema "
@@ -931,7 +827,7 @@ class BarbicanKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
def test_add_consumer_with_empty_service_fails(
self, mock_get_client):
mock_client = mock.Mock()
mock_get_client.return_value = (mock_client, self.base_url)
mock_get_client.return_value = mock_client
side_effect = barbican_exceptions.HTTPClientError(
"Bad Request: Provided object does not match schema "
@@ -946,7 +842,7 @@ class BarbicanKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
def test_add_consumer_with_null_resource_type_fails(
self, mock_get_client):
mock_client = mock.Mock()
mock_get_client.return_value = (mock_client, self.base_url)
mock_get_client.return_value = mock_client
side_effect = barbican_exceptions.HTTPClientError(
"Bad Request: Provided object does not match schema "
@@ -961,7 +857,7 @@ class BarbicanKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
def test_add_consumer_with_empty_resource_type_fails(
self, mock_get_client):
mock_client = mock.Mock()
mock_get_client.return_value = (mock_client, self.base_url)
mock_get_client.return_value = mock_client
side_effect = barbican_exceptions.HTTPClientError(
"Bad Request: Provided object does not match schema "
@@ -976,7 +872,7 @@ class BarbicanKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
def test_add_consumer_with_null_resource_id_fails(
self, mock_get_client):
mock_client = mock.Mock()
mock_get_client.return_value = (mock_client, self.base_url)
mock_get_client.return_value = mock_client
side_effect = barbican_exceptions.HTTPClientError(
"Bad Request: Provided object does not match schema "
@@ -991,7 +887,7 @@ class BarbicanKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
def test_add_consumer_with_empty_resource_id_fails(
self, mock_get_client):
mock_client = mock.Mock()
mock_get_client.return_value = (mock_client, self.base_url)
mock_get_client.return_value = mock_client
side_effect = barbican_exceptions.HTTPClientError(
"Bad Request: Provided object does not match schema "
@@ -1006,7 +902,7 @@ class BarbicanKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
def test_add_consumer_with_valid_parameters_doesnt_fail(
self, mock_get_client):
mock_client = mock.Mock()
mock_get_client.return_value = (mock_client, self.base_url)
mock_get_client.return_value = mock_client
self.key_mgr.add_consumer(
self.ctxt, self.secret_ref, self._get_custom_consumer_data())
@@ -1021,7 +917,7 @@ class BarbicanKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
def test_remove_consumer_with_different_project_fails(
self, mock_get_client):
mock_client = mock.Mock()
mock_get_client.return_value = (mock_client, self.base_url)
mock_get_client.return_value = mock_client
side_effect = barbican_exceptions.HTTPClientError(
"Forbidden: SecretConsumer creation attempt not allowed - "
@@ -1035,7 +931,7 @@ class BarbicanKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
def test_remove_consumer_with_null_managed_object_id_fails(
self, mock_get_client):
mock_client = mock.Mock()
mock_get_client.return_value = (mock_client, self.base_url)
mock_get_client.return_value = mock_client
side_effect = ValueError("secret incorrectly specified.")
self._test_add_consumer_expects_error(
@@ -1047,7 +943,7 @@ class BarbicanKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
def test_remove_consumer_with_empty_managed_object_id_fails(
self, mock_get_client):
mock_client = mock.Mock()
mock_get_client.return_value = (mock_client, self.base_url)
mock_get_client.return_value = mock_client
side_effect = ValueError("secret incorrectly specified.")
self._test_add_consumer_expects_error(
@@ -1059,7 +955,7 @@ class BarbicanKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
def test_remove_consumer_with_invalid_managed_object_id_fails(
self, mock_get_client):
mock_client = mock.Mock()
mock_get_client.return_value = (mock_client, self.base_url)
mock_get_client.return_value = mock_client
side_effect = ValueError("Secret incorrectly specified.")
self._test_add_consumer_expects_error(
@@ -1071,7 +967,7 @@ class BarbicanKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
def test_remove_consumer_without_registered_managed_object_id_fails(
self, mock_get_client):
mock_client = mock.Mock()
mock_get_client.return_value = (mock_client, self.base_url)
mock_get_client.return_value = mock_client
side_effect = barbican_exceptions.HTTPClientError(
"Not Found: Secret not found.", status_code=404)
@@ -1083,7 +979,7 @@ class BarbicanKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
'BarbicanKeyManager._get_barbican_client')
def test_remove_consumer_with_null_service_fails(self, mock_get_client):
mock_client = mock.Mock()
mock_get_client.return_value = (mock_client, self.base_url)
mock_get_client.return_value = mock_client
side_effect = barbican_exceptions.HTTPClientError(
"Bad Request: Provided object does not match schema "
@@ -1098,7 +994,7 @@ class BarbicanKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
def test_remove_consumer_with_empty_service_fails(
self, mock_get_client):
mock_client = mock.Mock()
mock_get_client.return_value = (mock_client, self.base_url)
mock_get_client.return_value = mock_client
side_effect = barbican_exceptions.HTTPClientError(
"Bad Request: Provided object does not match schema "
@@ -1113,7 +1009,7 @@ class BarbicanKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
def test_remove_consumer_with_null_resource_type_fails(
self, mock_get_client):
mock_client = mock.Mock()
mock_get_client.return_value = (mock_client, self.base_url)
mock_get_client.return_value = mock_client
side_effect = barbican_exceptions.HTTPClientError(
"Bad Request: Provided object does not match schema "
@@ -1128,7 +1024,7 @@ class BarbicanKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
def test_remove_consumer_with_empty_resource_type_fails(
self, mock_get_client):
mock_client = mock.Mock()
mock_get_client.return_value = (mock_client, self.base_url)
mock_get_client.return_value = mock_client
side_effect = barbican_exceptions.HTTPClientError(
"Bad Request: Provided object does not match schema "
@@ -1143,7 +1039,7 @@ class BarbicanKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
def test_remove_consumer_with_null_resource_id_fails(
self, mock_get_client):
mock_client = mock.Mock()
mock_get_client.return_value = (mock_client, self.base_url)
mock_get_client.return_value = mock_client
side_effect = barbican_exceptions.HTTPClientError(
"Bad Request: Provided object does not match schema "
@@ -1158,7 +1054,7 @@ class BarbicanKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
def test_remove_consumer_with_empty_resource_id_fails(
self, mock_get_client):
mock_client = mock.Mock()
mock_get_client.return_value = (mock_client, self.base_url)
mock_get_client.return_value = mock_client
side_effect = barbican_exceptions.HTTPClientError(
"Bad Request: Provided object does not match schema "
@@ -1173,6 +1069,6 @@ class BarbicanKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
def test_remove_consumer_with_valid_parameters_doesnt_fail(
self, mock_get_client):
mock_client = mock.Mock()
mock_get_client.return_value = (mock_client, self.base_url)
mock_get_client.return_value = mock_client
self.key_mgr.remove_consumer(
self.ctxt, self.secret_ref, self._get_custom_consumer_data())