Remove test_barbican from keymgr tests
Unfortunately it seems we have some very poorly
written keymgr unit tests, specifically
keymgr/test_barbican.py does this:
from barbicanclient.common import auth
First problem is that from a unit test perspective
that pretty much sucks, second problem is that
barbicanclient as of version 3.0.0.0 no longer
has an "auth" module, as a result Cinderunit tests
now fail.
The test_barbican.py unit tests need to be rewritten
to mock out the client components and actually test
Cinder components where needed without relying on
the barbicanclient.
For now in order to free up the gate, remove test_barbican.py
Change-Id: Id770c87c0d622ae4c1e0d71141ffa9aed29be2ec
Partial-Bug: #1389419
(cherry picked from commit 37e4a12652
)
This commit is contained in:
parent
3e6c4e6126
commit
67c5a66cfc
@ -1,265 +0,0 @@
|
||||
# Copyright (c) 2014 The Johns Hopkins University/Applied Physics Laboratory
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
"""
|
||||
Test cases for the barbican key manager.
|
||||
"""
|
||||
|
||||
import array
|
||||
import base64
|
||||
import binascii
|
||||
|
||||
from barbicanclient import client as barbican_client
|
||||
from barbicanclient.common import auth
|
||||
from keystoneclient.v2_0 import client as keystone_client
|
||||
import mock
|
||||
from oslo.config import cfg
|
||||
|
||||
from cinder import exception
|
||||
from cinder.keymgr import barbican
|
||||
from cinder.keymgr import key as keymgr_key
|
||||
from cinder.tests.keymgr import test_key_mgr
|
||||
|
||||
CONF = cfg.CONF
|
||||
CONF.import_opt('encryption_auth_url', 'cinder.keymgr.key_mgr', group='keymgr')
|
||||
CONF.import_opt('encryption_api_url', 'cinder.keymgr.key_mgr', group='keymgr')
|
||||
|
||||
|
||||
class BarbicanKeyManagerTestCase(test_key_mgr.KeyManagerTestCase):
|
||||
|
||||
def _create_key_manager(self):
|
||||
return barbican.BarbicanKeyManager()
|
||||
|
||||
def setUp(self):
|
||||
super(BarbicanKeyManagerTestCase, self).setUp()
|
||||
|
||||
# Create fake auth_token
|
||||
self.ctxt = mock.Mock()
|
||||
self.ctxt.auth_token = "fake_token"
|
||||
|
||||
# Create mock keystone auth
|
||||
self._build_mock_auth()
|
||||
|
||||
# Create mock barbican client
|
||||
self._build_mock_barbican()
|
||||
|
||||
# Create mock keystone client
|
||||
self._build_mock_keystone()
|
||||
|
||||
# Create a key_id, secret_ref, pre_hex, and hex to use
|
||||
self.key_id = "d152fa13-2b41-42ca-a934-6c21566c0f40"
|
||||
self.secret_ref = self.key_mgr._create_secret_ref(self.key_id,
|
||||
self.mock_barbican)
|
||||
self.pre_hex = "AIDxQp2++uAbKaTVDMXFYIu8PIugJGqkK0JLqkU0rhY="
|
||||
self.hex = ("0080f1429dbefae01b29a4d50cc5c5608bbc3c8ba0246aa42b424baa4"
|
||||
"534ae16")
|
||||
self.addCleanup(self._restore)
|
||||
|
||||
def _restore(self):
|
||||
auth.KeystoneAuthV2 = self.original_auth
|
||||
barbican_client.Client = self.original_barbican
|
||||
keystone_client.Client = self.original_keystone
|
||||
if hasattr(self, 'original_key'):
|
||||
keymgr_key.SymmetricKey = self.original_key
|
||||
if hasattr(self, 'original_base64'):
|
||||
base64.b64encode = self.original_base64
|
||||
|
||||
def _build_mock_auth(self):
|
||||
self.mock_auth = mock.Mock()
|
||||
|
||||
def fake_keystone_auth(keystone):
|
||||
return self.mock_auth
|
||||
self.original_auth = auth.KeystoneAuthV2
|
||||
auth.KeystoneAuthV2 = fake_keystone_auth
|
||||
|
||||
def _build_mock_barbican(self):
|
||||
self.mock_barbican = mock.MagicMock(name='mock_barbican')
|
||||
self.mock_barbican.base_url = "http://localhost:9311/v1/None"
|
||||
|
||||
# Set commonly used methods
|
||||
self.get = self.mock_barbican.secrets.get
|
||||
self.decrypt = self.mock_barbican.secrets.decrypt
|
||||
self.delete = self.mock_barbican.secrets.delete
|
||||
self.store = self.mock_barbican.secrets.store
|
||||
|
||||
def fake_barbican_client(auth_plugin):
|
||||
return self.mock_barbican
|
||||
self.original_barbican = barbican_client.Client
|
||||
barbican_client.Client = fake_barbican_client
|
||||
|
||||
def _build_mock_keystone(self):
|
||||
self.mock_keystone = mock.Mock()
|
||||
|
||||
def fake_keystone_client(token, endpoint):
|
||||
self.barbican_auth_endpoint = endpoint
|
||||
return self.mock_keystone
|
||||
self.original_keystone = keystone_client.Client
|
||||
keystone_client.Client = fake_keystone_client
|
||||
|
||||
def _build_mock_symKey(self):
|
||||
self.mock_symKey = mock.Mock()
|
||||
|
||||
def fake_sym_key(alg, key):
|
||||
self.mock_symKey.get_encoded.return_value = key
|
||||
self.mock_symKey.get_algorithm.return_value = alg
|
||||
return self.mock_symKey
|
||||
self.original_key = keymgr_key.SymmetricKey
|
||||
keymgr_key.SymmetricKey = fake_sym_key
|
||||
|
||||
def _build_mock_base64(self):
|
||||
|
||||
def fake_base64_b64encode(string):
|
||||
return self.pre_hex
|
||||
|
||||
self.original_base64 = base64.b64encode
|
||||
base64.b64encode = fake_base64_b64encode
|
||||
|
||||
def test_conf_urls(self):
|
||||
# Create a Key
|
||||
self.key_mgr.create_key(self.ctxt)
|
||||
|
||||
# Confirm proper URL's were used
|
||||
self.assertEqual(self.barbican_auth_endpoint,
|
||||
CONF.keymgr.encryption_auth_url)
|
||||
self.assertEqual(self.mock_auth._barbican_url,
|
||||
CONF.keymgr.encryption_api_url)
|
||||
|
||||
def test_copy_key(self):
|
||||
# Create metadata for original secret
|
||||
original_secret_metadata = mock.Mock()
|
||||
original_secret_metadata.algorithm = 'fake_algorithm'
|
||||
original_secret_metadata.bit_length = 'fake_bit_length'
|
||||
original_secret_metadata.name = 'original_name'
|
||||
original_secret_metadata.expiration = 'fake_expiration'
|
||||
original_secret_metadata.mode = 'fake_mode'
|
||||
content_types = {'default': 'fake_type'}
|
||||
original_secret_metadata.content_types = content_types
|
||||
self.get.return_value = original_secret_metadata
|
||||
|
||||
# Create data for original secret
|
||||
original_secret_data = mock.Mock()
|
||||
self.decrypt.return_value = original_secret_data
|
||||
|
||||
# Create the mock key
|
||||
self._build_mock_symKey()
|
||||
|
||||
# Copy the original
|
||||
self.key_mgr.copy_key(self.ctxt, self.key_id)
|
||||
|
||||
# Assert proper methods were called
|
||||
self.get.assert_called_once_with(self.secret_ref)
|
||||
self.decrypt.assert_called_once_with(self.secret_ref,
|
||||
content_types['default'])
|
||||
self.store.assert_called_once_with(original_secret_metadata.name,
|
||||
self.mock_symKey.get_encoded(),
|
||||
content_types['default'],
|
||||
'base64',
|
||||
original_secret_metadata.algorithm,
|
||||
original_secret_metadata.bit_length,
|
||||
original_secret_metadata.mode,
|
||||
original_secret_metadata.expiration)
|
||||
|
||||
def test_copy_null_context(self):
|
||||
self.assertRaises(exception.NotAuthorized,
|
||||
self.key_mgr.copy_key, None, None)
|
||||
|
||||
def test_create_key(self):
|
||||
# Create order_ref_url and assign return value
|
||||
order_ref_url = ("http://localhost:9311/v1/None/orders/"
|
||||
"4fe939b7-72bc-49aa-bd1e-e979589858af")
|
||||
self.mock_barbican.orders.create.return_value = order_ref_url
|
||||
|
||||
# Create order and assign return value
|
||||
order = mock.Mock()
|
||||
order.secret_ref = self.secret_ref
|
||||
self.mock_barbican.orders.get.return_value = order
|
||||
|
||||
# Create the key, get the UUID
|
||||
returned_uuid = self.key_mgr.create_key(self.ctxt)
|
||||
|
||||
self.mock_barbican.orders.get.assert_called_once_with(order_ref_url)
|
||||
self.assertEqual(returned_uuid, self.key_id)
|
||||
|
||||
def test_create_null_context(self):
|
||||
self.assertRaises(exception.NotAuthorized,
|
||||
self.key_mgr.create_key, None)
|
||||
|
||||
def test_delete_null_context(self):
|
||||
self.assertRaises(exception.NotAuthorized,
|
||||
self.key_mgr.delete_key, None, None)
|
||||
|
||||
def test_delete_key(self):
|
||||
self.key_mgr.delete_key(self.ctxt, self.key_id)
|
||||
self.delete.assert_called_once_with(self.secret_ref)
|
||||
|
||||
def test_delete_unknown_key(self):
|
||||
self.assertRaises(TypeError, self.key_mgr.delete_key, self.ctxt, None)
|
||||
|
||||
def test_get_key(self):
|
||||
self._build_mock_base64()
|
||||
content_type = 'application/octet-stream'
|
||||
|
||||
key = self.key_mgr.get_key(self.ctxt, self.key_id, content_type)
|
||||
|
||||
self.decrypt.assert_called_once_with(self.secret_ref,
|
||||
content_type)
|
||||
encoded = array.array('B', binascii.unhexlify(self.hex)).tolist()
|
||||
self.assertEqual(key.get_encoded(), encoded)
|
||||
|
||||
def test_get_null_context(self):
|
||||
self.assertRaises(exception.NotAuthorized,
|
||||
self.key_mgr.get_key, None, None)
|
||||
|
||||
def test_get_unknown_key(self):
|
||||
self.assertRaises(TypeError, self.key_mgr.get_key, self.ctxt, None)
|
||||
|
||||
def test_store_key_base64(self):
|
||||
# Create Key to store
|
||||
secret_key = array.array('B', [0x01, 0x02, 0xA0, 0xB3]).tolist()
|
||||
_key = keymgr_key.SymmetricKey('AES', secret_key)
|
||||
|
||||
# Define the return value
|
||||
self.store.return_value = self.secret_ref
|
||||
|
||||
# Store the Key
|
||||
returned_uuid = self.key_mgr.store_key(self.ctxt, _key, bit_length=32)
|
||||
|
||||
self.store.assert_called_once_with('Cinder Volume Key',
|
||||
'AQKgsw==',
|
||||
'application/octet-stream',
|
||||
'base64',
|
||||
'AES', 32, 'CBC',
|
||||
None)
|
||||
self.assertEqual(returned_uuid, self.key_id)
|
||||
|
||||
def test_store_key_plaintext(self):
|
||||
# Create the plaintext key
|
||||
secret_key_text = "This is a test text key."
|
||||
_key = keymgr_key.SymmetricKey('AES', secret_key_text)
|
||||
|
||||
# Store the Key
|
||||
self.key_mgr.store_key(self.ctxt, _key,
|
||||
payload_content_type='text/plain',
|
||||
payload_content_encoding=None)
|
||||
self.store.assert_called_once_with('Cinder Volume Key',
|
||||
secret_key_text,
|
||||
'text/plain',
|
||||
None,
|
||||
'AES', 256, 'CBC',
|
||||
None)
|
||||
|
||||
def test_store_null_context(self):
|
||||
self.assertRaises(exception.NotAuthorized,
|
||||
self.key_mgr.store_key, None, None)
|
Loading…
Reference in New Issue
Block a user