Juju Charm - Barbican
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 

201 lines
7.0 KiB

# Copyright 2016 Canonical Ltd
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from __future__ import absolute_import
from __future__ import print_function
import mock
import charms_openstack.test_utils as test_utils
import charm.openstack.barbican as barbican
class Helper(test_utils.PatchHelper):
def setUp(self):
super().setUp()
self.patch_release(barbican.BarbicanCharm.release)
class TestCustomProperties(Helper):
def test_validate_keystone_api_version(self):
config = mock.MagicMock()
for v in ['2', '3', 'none']:
config.keystone_api_version = v
barbican.validate_keystone_api_version(config)
# ensure that it fails
with self.assertRaises(ValueError):
config.keystone_api_version = 'fail-me'
barbican.validate_keystone_api_version(config)
def test_barbican_api_keystone_pipeline(self):
config = mock.MagicMock()
config.keystone_api_version = '2'
self.assertEqual(barbican.barbican_api_keystone_pipeline(config),
'cors keystone_authtoken context apiapp')
config.keystone_api_version = ''
self.assertEqual(barbican.barbican_api_keystone_pipeline(config),
'cors keystone_v3_authtoken context apiapp')
def test_barbican_api_pipeline(self):
config = mock.MagicMock()
config.keystone_api_version = '2'
self.assertEqual(barbican.barbican_api_pipeline(config),
'cors keystone_authtoken context apiapp')
config.keystone_api_version = '3'
self.assertEqual(barbican.barbican_api_pipeline(config),
'cors keystone_v3_authtoken context apiapp')
config.keystone_api_version = 'none'
self.assertEqual(barbican.barbican_api_pipeline(config),
'cors unauthenticated-context apiapp')
def test_barbican_api_keystone_audit_pipeline(self):
config = mock.MagicMock()
config.keystone_api_version = '2'
self.assertEqual(barbican.barbican_api_keystone_audit_pipeline(config),
'keystone_authtoken context audit apiapp')
config.keystone_api_version = ''
self.assertEqual(barbican.barbican_api_keystone_audit_pipeline(config),
'keystone_v3_authtoken context audit apiapp')
class TestHSMProperties(Helper):
def setUp(self):
super().setUp()
self.data_none = {}
self.data_set = {
'library_path': 'a-path',
'login': 'a-login',
'slot_id': 'a-slot_id',
}
def test_library_path(self):
hsm = mock.MagicMock()
hsm.relation.plugin_data = self.data_none
self.assertEqual(barbican.library_path(hsm), '')
hsm.relation.plugin_data = self.data_set
self.assertEqual(barbican.library_path(hsm), 'a-path')
def test_login(self):
hsm = mock.MagicMock()
hsm.relation.plugin_data = self.data_none
self.assertEqual(barbican.login(hsm), '')
hsm.relation.plugin_data = self.data_set
self.assertEqual(barbican.login(hsm), 'a-login')
def test_slot_id(self):
hsm = mock.MagicMock()
hsm.relation.plugin_data = self.data_none
self.assertEqual(barbican.slot_id(hsm), '')
hsm.relation.plugin_data = self.data_set
self.assertEqual(barbican.slot_id(hsm), 'a-slot_id')
class TestBarbicanCharm(Helper):
def test_action_generate_mkek(self):
hsm = mock.MagicMock()
hsm.plugin_data = {
'library_path': 'path1',
'login': '1234',
'slot_id': 'slot1'
}
self.patch_object(barbican.hookenv, 'config')
config = {
'mkek-key-length': 5,
'label-mkek': 'the-label'
}
def cf(key=None):
if key is not None:
return config[key]
return config
self.config.side_effect = cf
self.patch_object(barbican.subprocess, 'check_call')
self.patch_object(barbican.hookenv, 'log')
# try generating a an mkek with no failure
c = barbican.BarbicanCharm()
c.action_generate_mkek(hsm)
cmd = [
'barbican-manage', 'hsm', 'gen_mkek',
'--library-path', 'path1',
'--passphrase', '1234',
'--slot-id', 'slot1',
'--length', '5',
'--label', 'the-label',
]
self.check_call.assert_called_once_with(cmd)
self.log.assert_called_once_with(
"barbican-mangage hsm gen_mkek succeeded")
# and check that a problem is logged if it goes wrong
def side_effect():
raise barbican.subprocess.CalledProcessError
self.check_call.side_effect = side_effect
self.log.reset_mock()
with self.assertRaises(Exception):
c.action_generate_mkek(hsm)
self.log.assert_called_once_with(
"barbican-manage hsm gen_mkek failed.")
def test_action_generate_hmac(self):
hsm = mock.MagicMock()
hsm.plugin_data = {
'library_path': 'path1',
'login': '1234',
'slot_id': 'slot1'
}
self.patch_object(barbican.hookenv, 'config')
config = {
'hmac-key-length': 5,
'label-hmac': 'the-label'
}
def cf(key=None):
if key is not None:
return config[key]
return config
self.config.side_effect = cf
self.patch_object(barbican.subprocess, 'check_call')
self.patch_object(barbican.hookenv, 'log')
# try generating a an hmac with no failure
c = barbican.BarbicanCharm()
c.action_generate_hmac(hsm)
cmd = [
'barbican-manage', 'hsm', 'gen_hmac',
'--library-path', 'path1',
'--passphrase', '1234',
'--slot-id', 'slot1',
'--length', '5',
'--label', 'the-label',
]
self.check_call.assert_called_once_with(cmd)
self.log.assert_called_once_with(
"barbican-mangage hsm gen_hmac succeeded")
# and check that a problem is logged if it goes wrong
def side_effect():
raise barbican.subprocess.CalledProcessError
self.check_call.side_effect = side_effect
self.log.reset_mock()
with self.assertRaises(Exception):
c.action_generate_hmac(hsm)
self.log.assert_called_once_with(
"barbican-manage hsm gen_hmac failed.")