openstack/deb-barbican
Code Issues Proposed changes

Replace trivial instances of tenant for project

Browse Source 
This patch replaces the trivial instances were the word tenant is used.
No model is touched yet.

Partially implements: blueprint replace-concept-of-tenants-for-projects

Change-Id: Id21a34d2c414e0497a943ace970584369bd1d83f
This commit is contained in:
Juan Antonio Osorio Robles
2014-11-04 18:49:38 +02:00
parent 08af987336
commit 740d1dad88
31 changed files with 590 additions and 590 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
barbican/api/__init__.py
View File

@@ -112,7 +112,7 @@ def generate_safe_exception_message(operation_name, excep):
except policy.PolicyNotAuthorized:
message = u._('{0} attempt not allowed - '
'please review your '
'user/tenant privileges').format(operation_name)
'user/project privileges').format(operation_name)
status = 403
except s.SecretContentTypeNotSupportedException as sctnse:

4
barbican/api/controllers/__init__.py
View File

@@ -46,7 +46,7 @@ def _do_enforce_rbac(req, action_name, ctx):
credentials = {
'roles': ctx.roles,
'user': ctx.user,
'tenant': ctx.tenant
'project': ctx.project
}
# Enforce special case: secret GET decryption
@@ -70,7 +70,7 @@ def enforce_rbac(action_name='default'):
# middleware
ctx = _get_barbican_context(pecan.request)
if ctx:
keystone_id = ctx.tenant
keystone_id = ctx.project
else:
keystone_id = None

14
barbican/api/controllers/consumers.py
View File

@@ -35,9 +35,9 @@ def _consumer_not_found():
class ContainerConsumerController(object):
"""Handles Consumer entity retrieval and deletion requests."""
def __init__(self, consumer_id, tenant_repo=None, consumer_repo=None):
def __init__(self, consumer_id, project_repo=None, consumer_repo=None):
self.consumer_id = consumer_id
self.tenant_repo = tenant_repo or repo.TenantRepo()
self.project_repo = project_repo or repo.ProjectRepo()
self.consumer_repo = consumer_repo or repo.ContainerConsumerRepo()
self.validator = validators.ContainerConsumerValidator()
@@ -61,17 +61,17 @@ class ContainerConsumerController(object):
class ContainerConsumersController(object):
"""Handles Consumer creation requests."""
def __init__(self, container_id, tenant_repo=None, consumer_repo=None,
def __init__(self, container_id, project_repo=None, consumer_repo=None,
container_repo=None):
self.container_id = container_id
self.tenant_repo = tenant_repo or repo.TenantRepo()
self.project_repo = project_repo or repo.ProjectRepo()
self.consumer_repo = consumer_repo or repo.ContainerConsumerRepo()
self.container_repo = container_repo or repo.ContainerRepo()
self.validator = validators.ContainerConsumerValidator()
@pecan.expose()
def _lookup(self, consumer_id, *remainder):
return ContainerConsumerController(consumer_id, self.tenant_repo,
return ContainerConsumerController(consumer_id, self.project_repo,
self.consumer_repo), remainder
@pecan.expose(generic=True, template='json')
@@ -119,7 +119,7 @@ class ContainerConsumersController(object):
@controllers.enforce_content_types(['application/json'])
def on_post(self, keystone_id, **kwargs):
tenant = res.get_or_create_tenant(keystone_id, self.tenant_repo)
project = res.get_or_create_project(keystone_id, self.project_repo)
data = api.load_body(pecan.request, validator=self.validator)
LOG.debug('Start on_post...%s', data)
@@ -130,7 +130,7 @@ class ContainerConsumersController(object):
new_consumer = models.ContainerConsumerMetadatum(self.container_id,
data)
new_consumer.tenant_id = tenant.id
new_consumer.tenant_id = project.id
self.consumer_repo.create_from(new_consumer, container)
pecan.response.headers['Location'] = (

23
barbican/api/controllers/containers.py
View File

@@ -36,16 +36,16 @@ def container_not_found():
class ContainerController(object):
"""Handles Container entity retrieval and deletion requests."""
def __init__(self, container_id, tenant_repo=None, container_repo=None,
def __init__(self, container_id, project_repo=None, container_repo=None,
consumer_repo=None):
# TODO(rm_work): refactor this to use repo-factory method
self.container_id = container_id
self.tenant_repo = tenant_repo or repo.TenantRepo()
self.project_repo = project_repo or repo.ProjectRepo()
self.container_repo = container_repo or repo.ContainerRepo()
self.consumer_repo = consumer_repo or repo.ContainerConsumerRepo()
self.validator = validators.ContainerValidator()
self.consumers = consumers.ContainerConsumersController(
container_id, self.tenant_repo, self.consumer_repo,
container_id, self.project_repo, self.consumer_repo,
self.container_repo)
@pecan.expose(generic=True, template='json')
@@ -84,10 +84,10 @@ class ContainerController(object):
class ContainersController(object):
"""Handles Container creation requests."""
def __init__(self, tenant_repo=None, container_repo=None,
def __init__(self, project_repo=None, container_repo=None,
secret_repo=None, consumer_repo=None):
# TODO(rm_work): refactor this to use repo-factory method
self.tenant_repo = tenant_repo or repo.TenantRepo()
self.project_repo = project_repo or repo.ProjectRepo()
self.container_repo = container_repo or repo.ContainerRepo()
self.secret_repo = secret_repo or repo.SecretRepo()
self.consumer_repo = consumer_repo or repo.ContainerConsumerRepo()
@@ -95,19 +95,18 @@ class ContainersController(object):
@pecan.expose()
def _lookup(self, container_id, *remainder):
return (ContainerController(container_id, self.tenant_repo,
return (ContainerController(container_id, self.project_repo,
self.container_repo, self.consumer_repo),
remainder)
@pecan.expose(generic=True, template='json')
@controllers.handle_exceptions(u._('Containers(s) retrieval'))
@controllers.enforce_rbac('containers:get')
def index(self, keystone_id, **kw):
LOG.debug('Start containers on_get '
'for tenant-ID %s:', keystone_id)
def index(self, project_id, **kw):
LOG.debug('Start containers on_get for project-ID %s:', project_id)
result = self.container_repo.get_by_create_date(
keystone_id,
project_id,
offset_arg=kw.get('offset', 0),
limit_arg=kw.get('limit', None),
suppress_exception=True
@@ -144,13 +143,13 @@ class ContainersController(object):
@controllers.enforce_content_types(['application/json'])
def on_post(self, keystone_id, **kwargs):
tenant = res.get_or_create_tenant(keystone_id, self.tenant_repo)
project = res.get_or_create_project(keystone_id, self.project_repo)
data = api.load_body(pecan.request, validator=self.validator)
LOG.debug('Start on_post...%s', data)
new_container = models.Container(data)
new_container.tenant_id = tenant.id
new_container.tenant_id = project.id
# TODO(hgedikli): performance optimizations
for secret_ref in new_container.container_secrets:

11
barbican/api/controllers/orders.py
View File

@@ -153,11 +153,11 @@ class OrderController(object):
class OrdersController(object):
"""Handles Order requests for Secret creation."""
def __init__(self, tenant_repo=None, order_repo=None,
def __init__(self, project_repo=None, order_repo=None,
queue_resource=None):
LOG.debug('Creating OrdersController')
self.tenant_repo = tenant_repo or repo.TenantRepo()
self.project_repo = project_repo or repo.ProjectRepo()
self.order_repo = order_repo or repo.OrderRepo()
self.queue = queue_resource or async_client.TaskClient()
self.type_order_validator = validators.TypeOrderValidator()
@@ -171,7 +171,7 @@ class OrdersController(object):
@controllers.enforce_rbac('orders:get')
def index(self, keystone_id, **kw):
LOG.debug('Start orders on_get '
'for tenant-ID %s:', keystone_id)
'for project-ID %s:', keystone_id)
result = self.order_repo.get_by_create_date(
keystone_id, offset_arg=kw.get('offset', 0),
@@ -205,17 +205,18 @@ class OrdersController(object):
@controllers.enforce_content_types(['application/json'])
def on_post(self, keystone_id, **kwargs):
tenant = res.get_or_create_tenant(keystone_id, self.tenant_repo)
project = res.get_or_create_project(keystone_id, self.project_repo)
body = api.load_body(pecan.request,
validator=self.type_order_validator)
order_type = body.get('type')
LOG.debug('Processing order type %s', order_type)
new_order = models.Order()
new_order.meta = body.get('meta')
new_order.type = order_type
new_order.tenant_id = project.id
new_order.tenant_id = tenant.id
self.order_repo.create_from(new_order)
self.queue.process_type_order(order_id=new_order.id,

35
barbican/api/controllers/secrets.py
View File

@@ -65,7 +65,7 @@ class SecretController(object):
"""Handles Secret retrieval and deletion requests."""
def __init__(self, secret_id,
tenant_repo=None, secret_repo=None, datum_repo=None,
project_repo=None, secret_repo=None, datum_repo=None,
kek_repo=None, secret_meta_repo=None,
transport_key_repo=None):
LOG.debug('=== Creating SecretController ===')
@@ -73,7 +73,7 @@ class SecretController(object):
# TODO(john-wood-w) Remove passed-in repositories in favor of
# repository factories and patches in unit tests.
self.repos = repo.Repositories(tenant_repo=tenant_repo,
self.repos = repo.Repositories(project_repo=project_repo,
secret_repo=secret_repo,
datum_repo=datum_repo,
kek_repo=kek_repo,
@@ -106,8 +106,8 @@ class SecretController(object):
secret_fields['transport_key_id'] = transport_key_id
return hrefs.convert_to_hrefs(secret_fields)
else:
tenant = res.get_or_create_tenant(keystone_id,
self.repos.tenant_repo)
project = res.get_or_create_project(keystone_id,
self.repos.project_repo)
pecan.override_template('', pecan.request.accept.header_value)
transport_key = None
twsk = kwargs.get('trans_wrapped_session_key', None)
@@ -122,7 +122,7 @@ class SecretController(object):
return plugin.get_secret(pecan.request.accept.header_value,
secret,
tenant,
project,
self.repos,
twsk,
transport_key)
@@ -161,14 +161,14 @@ class SecretController(object):
if secret_model.encrypted_data:
_secret_already_has_data()
tenant_model = res.get_or_create_tenant(keystone_id,
self.repos.tenant_repo)
project_model = res.get_or_create_project(keystone_id,
self.repos.project_repo)
content_type = pecan.request.content_type
content_encoding = pecan.request.headers.get('Content-Encoding')
plugin.store_secret(payload, content_type,
content_encoding, secret_model.to_dict_fields(),
secret_model, tenant_model, self.repos,
secret_model, project_model, self.repos,
transport_key_id=transport_key_id)
@index.when(method='DELETE')
@@ -190,13 +190,13 @@ class SecretsController(object):
"""Handles Secret creation requests."""
def __init__(self,
tenant_repo=None, secret_repo=None,
tenant_secret_repo=None, datum_repo=None, kek_repo=None,
project_repo=None, secret_repo=None,
project_secret_repo=None, datum_repo=None, kek_repo=None,
secret_meta_repo=None, transport_key_repo=None):
LOG.debug('Creating SecretsController')
self.validator = validators.NewSecretValidator()
self.repos = repo.Repositories(tenant_repo=tenant_repo,
tenant_secret_repo=tenant_secret_repo,
self.repos = repo.Repositories(project_repo=project_repo,
project_secret_repo=project_secret_repo,
secret_repo=secret_repo,
datum_repo=datum_repo,
kek_repo=kek_repo,
@@ -206,7 +206,7 @@ class SecretsController(object):
@pecan.expose()
def _lookup(self, secret_id, *remainder):
return SecretController(secret_id,
self.repos.tenant_repo,
self.repos.project_repo,
self.repos.secret_repo,
self.repos.datum_repo,
self.repos.kek_repo,
@@ -221,7 +221,7 @@ class SecretsController(object):
return putil.mime_types.augment_fields_with_content_types(field)
LOG.debug('Start secrets on_get '
'for tenant-ID %s:', keystone_id)
'for project-ID %s:', keystone_id)
name = kw.get('name', '')
if name:
@@ -269,10 +269,11 @@ class SecretsController(object):
@controllers.enforce_rbac('secrets:post')
@controllers.enforce_content_types(['application/json'])
def on_post(self, keystone_id, **kwargs):
LOG.debug('Start on_post for tenant-ID %s:...', keystone_id)
LOG.debug('Start on_post for project-ID %s:...', keystone_id)
data = api.load_body(pecan.request, validator=self.validator)
tenant = res.get_or_create_tenant(keystone_id, self.repos.tenant_repo)
project = res.get_or_create_project(keystone_id,
self.repos.project_repo)
transport_key_needed = data.get('transport_key_needed',
'false').lower() == 'true'
@@ -282,7 +283,7 @@ class SecretsController(object):
data.get('payload_content_type',
'application/octet-stream'),
data.get('payload_content_encoding'),
data, None, tenant,
data, None, project,
self.repos,
transport_key_needed=transport_key_needed,
transport_key_id=data.get('transport_key_id'))

10
barbican/api/middleware/context.py
View File

@@ -29,7 +29,7 @@ LOG = utils.getLogger(__name__)
context_opts = [
cfg.BoolOpt('owner_is_tenant', default=True,
help=u._('When true, this option sets the owner of an image '
'to be the tenant. Otherwise, the owner of the '
'to be the project. Otherwise, the owner of the '
' image will be the authenticated user issuing the '
'request.')),
cfg.StrOpt('admin_role', default='admin',
@@ -91,7 +91,7 @@ class ContextMiddleware(BaseContextMiddleware):
def _get_anonymous_context(self):
kwargs = {
'user': None,
'tenant': None,
'project': None,
'roles': [],
'is_admin': False,
'read_only': True,
@@ -120,11 +120,11 @@ class ContextMiddleware(BaseContextMiddleware):
kwargs = {
'user': req.headers.get('X-User-Id'),
'tenant': req.headers.get('X-Tenant-Id'),
'project': req.headers.get('X-Tenant-Id'),
'roles': roles,
'is_admin': CONF.admin_role.strip().lower() in roles,
'auth_tok': req.headers.get('X-Auth-Token', deprecated_token),
'owner_is_tenant': CONF.owner_is_tenant,
'owner_is_project': CONF.owner_is_tenant,
'service_catalog': service_catalog,
'policy_enforcer': self.policy_enforcer,
}
@@ -149,7 +149,7 @@ class UnauthenticatedContextMiddleware(BaseContextMiddleware):
kwargs = {
'user': None,
'tenant': project_id,
'project': project_id,
'roles': [],
'is_admin': True
}

28
barbican/common/resources.py
View File

@@ -23,20 +23,20 @@ from barbican.model import models
LOG = utils.getLogger(__name__)
def get_or_create_tenant(keystone_id, tenant_repo):
"""Returns tenant with matching keystone_id.
def get_or_create_project(project_id, project_repo):
"""Returns project with matching project_id.
Creates it if it does not exist.
:param keystone_id: The external-to-Barbican ID for this tenant.
:param tenant_repo: Tenant repository.
:return: Tenant model instance
:param project_id: The external-to-Barbican ID for this project.
:param project_repo: Project repository.
:return: Project model instance
"""
tenant = tenant_repo.find_by_keystone_id(keystone_id,
suppress_exception=True)
if not tenant:
LOG.debug('Creating tenant for %s', keystone_id)
tenant = models.Tenant()
tenant.keystone_id = keystone_id
tenant.status = models.States.ACTIVE
tenant_repo.create_from(tenant)
return tenant
project = project_repo.find_by_keystone_id(project_id,
suppress_exception=True)
if not project:
LOG.debug('Creating project for %s', project_id)
project = models.Tenant()
project.keystone_id = project_id
project.status = models.States.ACTIVE
project_repo.create_from(project)
return project

19
barbican/context.py
View File

@@ -25,19 +25,19 @@ class RequestContext(object):
accesses the system, as well as additional request information.
"""
def __init__(self, auth_tok=None, user=None, tenant=None, roles=None,
def __init__(self, auth_tok=None, user=None, project=None, roles=None,
is_admin=False, read_only=False, show_deleted=False,
owner_is_tenant=True, service_catalog=None,
owner_is_project=True, service_catalog=None,
policy_enforcer=None):
self.auth_tok = auth_tok
self.user = user
self.tenant = tenant
self.project = project
self.roles = roles or []
self.read_only = read_only
# TODO(jwood): self._show_deleted = show_deleted
# (mkbhanda) possibly domain could be owner
# brings us to the key scope question
self.owner_is_tenant = owner_is_tenant
self.owner_is_project = owner_is_project
self.request_id = utils.generate_uuid()
self.service_catalog = service_catalog
self.policy_enforcer = policy_enforcer or policy.Enforcer()
@@ -59,10 +59,9 @@ class RequestContext(object):
'user': self.user,
'user_id': self.user,
# NOTE(bcwaldon): openstack-common logging expects 'tenant'
'tenant': self.tenant,
'tenant_id': self.tenant,
'project_id': self.tenant,
# NOTE(bcwaldon): openstack-common logging expects 'project'
'project': self.project,
'project_id': self.project,
# TODO(jwood): 'is_admin': self.is_admin,
# TODO(jwood): 'read_deleted': self.show_deleted,
'roles': self.roles,
@@ -80,8 +79,8 @@ class RequestContext(object):
@property
def owner(self):
"""Return the owner to correlate with key."""
if self.owner_is_tenant:
return self.tenant
if self.owner_is_project:
return self.project
return self.user
# TODO(jwood):

18
barbican/model/models.py
View File

@@ -196,7 +196,7 @@ class ModelBase(object):
class TenantSecret(BASE, ModelBase):
"""Represents an association between a Tenant and a Secret."""
"""Represents an association between a Project and a Secret."""
__tablename__ = 'tenant_secret'
@@ -233,9 +233,9 @@ class ContainerSecret(BASE, ModelBase):
class Tenant(BASE, ModelBase):
"""Represents a Tenant in the datastore.
"""Represents a Project in the datastore.
Tenants are users that wish to store secret information within
Projects are users that wish to store secret information within
Cloudkeep's Barbican.
"""
@@ -256,7 +256,7 @@ class Tenant(BASE, ModelBase):
class Secret(BASE, ModelBase):
"""Represents a Secret in the datastore.
Secrets are any information Tenants wish to store within
Secrets are any information Projects wish to store within
Cloudkeep's Barbican, though the actual encrypted data
is stored in one or more EncryptedData entities on behalf
of a Secret.
@@ -411,12 +411,12 @@ class KEKDatum(BASE, ModelBase):
to encrypt/decrypt the secret information, so please do not place vendor-
specific attributes here.
Note as well that each Tenant will have at most one 'active=True' KEKDatum
Note as well that each Project will have at most one 'active=True' KEKDatum
instance at a time, representing the most recent KEK metadata instance
to use for encryption processes performed on behalf of the Tenant.
to use for encryption processes performed on behalf of the Project.
KEKDatum instances that are 'active=False' are associated to previously
used encryption processes for the Tenant, that eventually should be
rotated and deleted with the Tenant's active KEKDatum.
used encryption processes for the Project, that eventually should be
rotated and deleted with the Project's active KEKDatum.
"""
__tablename__ = 'kek_data'
@@ -547,7 +547,7 @@ class OrderPluginMetadatum(BASE, ModelBase):
class Container(BASE, ModelBase):
"""Represents a Container for Secrets in the datastore.
Containers store secret references. Containers are owned by Tenants.
Containers store secret references. Containers are owned by Projects.
Containers can be generic or have a predefined type. Predefined typed
containers allow users to store structured key relationship
inside Barbican.

110
barbican/model/repositories.py
View File

@@ -49,7 +49,7 @@ sa_logger = None
# Singleton repository references, instantiated via get_xxxx_repository()
# functions below.
_SECRET_REPOSITORY = None
_TENANT_SECRET_REPOSITORY = None
_PROJECT_SECRET_REPOSITORY = None
_ENCRYPTED_DATUM_REPOSITORY = None
_KEK_DATUM_REPOSITORY = None
@@ -293,7 +293,7 @@ def clean_paging_values(offset_arg=0, limit_arg=CONF.default_limit_paging):
return offset, limit
def delete_all_project_resources(tenant_id, repos):
def delete_all_project_resources(project_id, repos):
"""Logic to cleanup all project resources.
This cleanup uses same alchemy session to perform all db operations as a
@@ -303,17 +303,17 @@ def delete_all_project_resources(tenant_id, repos):
session = get_session()
repos.container_repo.delete_project_entities(
tenant_id, suppress_exception=False, session=session)
project_id, suppress_exception=False, session=session)
# secret children SecretStoreMetadatum, EncryptedDatum
# and container_secrets are deleted as part of secret delete
repos.secret_repo.delete_project_entities(
tenant_id, suppress_exception=False, session=session)
project_id, suppress_exception=False, session=session)
repos.kek_repo.delete_project_entities(
tenant_id, suppress_exception=False, session=session)
repos.tenant_secret_repo.delete_project_entities(
tenant_id, suppress_exception=False, session=session)
repos.tenant_repo.delete_project_entities(
tenant_id, suppress_exception=False, session=session)
project_id, suppress_exception=False, session=session)
repos.project_secret_repo.delete_project_entities(
project_id, suppress_exception=False, session=session)
repos.project_repo.delete_project_entities(
project_id, suppress_exception=False, session=session)
class Repositories(object):
@@ -333,8 +333,8 @@ class Repositories(object):
'and non-None repository instances')
# Only set properties for specified repositories.
self._set_repo('tenant_repo', TenantRepo, kwargs)
self._set_repo('tenant_secret_repo', TenantSecretRepo, kwargs)
self._set_repo('project_repo', ProjectRepo, kwargs)
self._set_repo('project_secret_repo', ProjectSecretRepo, kwargs)
self._set_repo('secret_repo', SecretRepo, kwargs)
self._set_repo('datum_repo', EncryptedDatumRepo, kwargs)
self._set_repo('kek_repo', KEKDatumRepo, kwargs)
@@ -561,11 +561,11 @@ class BaseRepo(object):
if getattr(entity_ref, k) != values[k]:
setattr(entity_ref, k, values[k])
def _build_get_project_entities_query(self, tenant_id, session):
def _build_get_project_entities_query(self, project_id, session):
"""Sub-class hook: build a query to retrieve entities for a given
project.
:param tenant_id: id of barbican tenant (project) entity
:param project_id: id of barbican project entity
:param session: existing db session reference.
:returns: A query object for getting all project related entities
@@ -575,10 +575,10 @@ class BaseRepo(object):
"entities.").format(self._do_entity_name())
raise NotImplementedError(msg)
def get_project_entities(self, tenant_id, session=None):
def get_project_entities(self, project_id, session=None):
"""Gets entities associated with a given project.
:param tenant_id: id of barbican tenant (project) entity
:param project_id: id of barbican project entity
:param session: existing db session reference. If None, gets session.
:returns: list of matching entities found otherwise returns empty list
if no entity exists for a given project.
@@ -589,18 +589,18 @@ class BaseRepo(object):
"""
session = self.get_session(session)
query = self._build_get_project_entities_query(tenant_id, session)
query = self._build_get_project_entities_query(project_id, session)
if query:
return query.all()
else:
return []
def delete_project_entities(self, tenant_id,
def delete_project_entities(self, project_id,
suppress_exception=False,
session=None):
"""Deletes entities for a given project.
:param tenant_id: id of barbican tenant (project) entity
:param project_id: id of barbican project entity
:param suppress_exception: Pass True if want to suppress exception
:param session: existing db session reference. If None, gets session.
@@ -609,7 +609,7 @@ class BaseRepo(object):
on its usage.
"""
session = self.get_session(session)
query = self._build_get_project_entities_query(tenant_id,
query = self._build_get_project_entities_query(project_id,
session=session)
try:
# query cannot be None as related repo class is expected to
@@ -621,12 +621,12 @@ class BaseRepo(object):
LOG.exception('Problem finding project related entity to delete')
if not suppress_exception:
raise exception.BarbicanException('Error deleting project '
'entities for tenant_id=%s',
tenant_id)
'entities for project_id=%s',
project_id)
class TenantRepo(BaseRepo):
"""Repository for the Tenant entity."""
class ProjectRepo(BaseRepo):
"""Repository for the Project entity."""
def _do_entity_name(self):
"""Sub-class hook: return entity name, such as for debugging."""
@@ -652,17 +652,17 @@ class TenantRepo(BaseRepo):
except sa_orm.exc.NoResultFound:
entity = None
if not suppress_exception:
LOG.exception("Problem getting Tenant %s", keystone_id)
LOG.exception("Problem getting Project %s", keystone_id)
raise exception.NotFound("No %s found with keystone-ID %s"
% (self._do_entity_name(),
keystone_id))
return entity
def _build_get_project_entities_query(self, tenant_id, session):
def _build_get_project_entities_query(self, project_id, session):
"""Builds query for retrieving project for given id.
"""
return session.query(models.Tenant).filter_by(id=tenant_id).filter_by(
return session.query(models.Tenant).filter_by(id=project_id).filter_by(
deleted=False)
@@ -676,7 +676,7 @@ class SecretRepo(BaseRepo):
The returned secrets are ordered by the date they were created at
and paged based on the offset and limit fields. The keystone_id is
external-to-Barbican value assigned to the tenant by Keystone.
external-to-Barbican value assigned to the project by Keystone.
"""
offset, limit = clean_paging_values(offset_arg, limit_arg)
@@ -756,16 +756,16 @@ class SecretRepo(BaseRepo):
"""Sub-class hook: validate values."""
pass
def _build_get_project_entities_query(self, tenant_id, session):
def _build_get_project_entities_query(self, project_id, session):
"""Builds query for retrieving Secrets associated with a given
project via TenantSecret association.
:param tenant_id: id of barbican tenant (project) entity
:param project_id: id of barbican project entity
:param session: existing db session reference.
"""
query = session.query(models.Secret).filter_by(deleted=False)
query = query.join(models.TenantSecret, models.Secret.tenant_assocs)
query = query.filter(models.TenantSecret.tenant_id == tenant_id)
query = query.filter(models.TenantSecret.tenant_id == project_id)
return query
@@ -853,7 +853,7 @@ class KEKDatumRepo(BaseRepo):
encrypt/decrypt secrets.
"""
def find_or_create_kek_datum(self, tenant,
def find_or_create_kek_datum(self, project,
plugin_name,
suppress_exception=False,
session=None):
@@ -870,7 +870,7 @@ class KEKDatumRepo(BaseRepo):
# TODO(jfwood): Reverse this...attempt insert first, then get on fail.
try:
query = session.query(models.KEKDatum)
query = query.filter_by(tenant_id=tenant.id,
query = query.filter_by(tenant_id=project.id,
plugin_name=plugin_name,
active=True,
deleted=False)
@@ -882,8 +882,8 @@ class KEKDatumRepo(BaseRepo):
kek_datum = models.KEKDatum()
kek_datum.kek_label = "tenant-{0}-key-{1}".format(
tenant.keystone_id, uuid.uuid4())
kek_datum.tenant_id = tenant.id
project.keystone_id, uuid.uuid4())
kek_datum.tenant_id = project.id
kek_datum.plugin_name = plugin_name
kek_datum.status = models.States.ACTIVE
@@ -906,19 +906,19 @@ class KEKDatumRepo(BaseRepo):
"""Sub-class hook: validate values."""
pass
def _build_get_project_entities_query(self, tenant_id, session):
def _build_get_project_entities_query(self, project_id, session):
"""Builds query for retrieving KEK Datum instance(s) related to given
project.
:param tenant_id: id of barbican tenant (project) entity
:param project_id: id of barbican project entity
:param session: existing db session reference.
"""
return session.query(models.KEKDatum).filter_by(
tenant_id=tenant_id).filter_by(deleted=False)
tenant_id=project_id).filter_by(deleted=False)
class TenantSecretRepo(BaseRepo):
"""Repository for the TenantSecret entity."""
class ProjectSecretRepo(BaseRepo):
"""Repository for the ProjectSecret entity."""
def _do_entity_name(self):
"""Sub-class hook: return entity name, such as for debugging."""
@@ -935,14 +935,14 @@ class TenantSecretRepo(BaseRepo):
"""Sub-class hook: validate values."""
pass
def _build_get_project_entities_query(self, tenant_id, session):
def _build_get_project_entities_query(self, project_id, session):
"""Builds query for retrieving TenantSecret related to given project.
:param tenant_id: id of barbican tenant (project) entity
:param project_id: id of barbican project entity
:param session: existing db session reference.
"""
return session.query(models.TenantSecret).filter_by(
tenant_id=tenant_id).filter_by(deleted=False)
tenant_id=project_id).filter_by(deleted=False)
class OrderRepo(BaseRepo):
@@ -955,7 +955,7 @@ class OrderRepo(BaseRepo):
The list is ordered by the date they were created at and paged
based on the offset and limit fields.
:param keystone_id: The keystone id for the tenant.
:param keystone_id: The keystone id for the project.
:param offset_arg: The entity number where the query result should
start.
:param limit_arg: The maximum amount of entities in the result set.
@@ -1014,14 +1014,14 @@ class OrderRepo(BaseRepo):
"""Sub-class hook: validate values."""
pass
def _build_get_project_entities_query(self, tenant_id, session):
def _build_get_project_entities_query(self, project_id, session):
"""Builds query for retrieving orders related to given project.
:param tenant_id: id of barbican tenant (project) entity
:param project_id: id of barbican project entity
:param session: existing db session reference.
"""
return session.query(models.Order).filter_by(
tenant_id=tenant_id).filter_by(deleted=False)
tenant_id=project_id).filter_by(deleted=False)
class OrderPluginMetadatumRepo(BaseRepo):
@@ -1089,7 +1089,7 @@ class ContainerRepo(BaseRepo):
The list is ordered by the date they were created at and paged
based on the offset and limit fields. The keystone_id is
external-to-Barbican value assigned to the tenant by Keystone.
external-to-Barbican value assigned to the project by Keystone.
"""
offset, limit = clean_paging_values(offset_arg, limit_arg)
@@ -1140,14 +1140,14 @@ class ContainerRepo(BaseRepo):
"""Sub-class hook: validate values."""
pass
def _build_get_project_entities_query(self, tenant_id, session):
def _build_get_project_entities_query(self, project_id, session):
"""Builds query for retrieving container related to given project.
:param tenant_id: id of barbican tenant (project) entity
:param project_id: id of barbican project entity
:param session: existing db session reference.
"""
return session.query(models.Container).filter_by(
deleted=False).filter_by(tenant_id=tenant_id)
deleted=False).filter_by(tenant_id=project_id)
class ContainerSecretRepo(BaseRepo):
@@ -1179,7 +1179,7 @@ class ContainerConsumerRepo(BaseRepo):
The list is ordered by the date they were created at and paged
based on the offset and limit fields. The keystone_id is
external-to-Barbican value assigned to the tenant by Keystone.
external-to-Barbican value assigned to the project by Keystone.
"""
offset, limit = clean_paging_values(offset_arg, limit_arg)
@@ -1351,10 +1351,10 @@ def get_secret_repository():
return _get_repository(_SECRET_REPOSITORY, SecretRepo)
def get_tenant_secret_repository():
"""Returns a singleton TenantSecret repository instance."""
global _TENANT_SECRET_REPOSITORY
return _get_repository(_TENANT_SECRET_REPOSITORY, TenantSecretRepo)
def get_project_secret_repository():
"""Returns a singleton ProjectSecret repository instance."""
global _PROJECT_SECRET_REPOSITORY
return _get_repository(_PROJECT_SECRET_REPOSITORY, ProjectSecretRepo)
def get_encrypted_datum_repository():

12
barbican/openstack/common/context.py
View File

@@ -36,15 +36,15 @@ class RequestContext(object):
accesses the system, as well as additional request information.
"""
user_idt_format = '{user} {tenant} {domain} {user_domain} {p_domain}'
user_idt_format = '{user} {project} {domain} {user_domain} {p_domain}'
def __init__(self, auth_token=None, user=None, tenant=None, domain=None,
def __init__(self, auth_token=None, user=None, project=None, domain=None,
user_domain=None, project_domain=None, is_admin=False,
read_only=False, show_deleted=False, request_id=None,
instance_uuid=None):
self.auth_token = auth_token
self.user = user
self.tenant = tenant
self.project = project
self.domain = domain
self.user_domain = user_domain
self.project_domain = project_domain
@@ -59,13 +59,13 @@ class RequestContext(object):
def to_dict(self):
user_idt = (
self.user_idt_format.format(user=self.user or '-',
tenant=self.tenant or '-',
project=self.project or '-',
domain=self.domain or '-',
user_domain=self.user_domain or '-',
p_domain=self.project_domain or '-'))
return {'user': self.user,
'tenant': self.tenant,
'project': self.project,
'domain': self.domain,
'user_domain': self.user_domain,
'project_domain': self.project_domain,
@@ -80,7 +80,7 @@ class RequestContext(object):
def get_admin_context(show_deleted=False):
context = RequestContext(None,
tenant=None,
project=None,
is_admin=True,
show_deleted=show_deleted)
return context

32
barbican/plugin/crypto/crypto.py
View File

@@ -88,17 +88,16 @@ class KEKMetaDTO(object):
Key Encryption Keys (KEKs) in Barbican are intended to represent a
distinct key that is used to perform encryption on secrets for a particular
project (tenant).
project.
``KEKMetaDTO`` objects are provided to cryptographic backends by Barbican
to allow plugins to persist metadata related to the project's (tenant's)
KEK.
to allow plugins to persist metadata related to the project's KEK.
For example, a plugin that interfaces with a Hardware Security Module (HSM)
may want to use a different encryption key for each tenant. Such a plugin
may want to use a different encryption key for each project. Such a plugin
could use the ``KEKMetaDTO`` object to save the key ID used for that
tenant. Barbican will persist the KEK metadata and ensure that it is
provided to the plugin every time a request from that same tenant is
project. Barbican will persist the KEK metadata and ensure that it is
provided to the plugin every time a request from that same project is
processed.
.. attribute:: plugin_name
@@ -108,9 +107,9 @@ class KEKMetaDTO(object):
.. attribute:: kek_label
String attribute used to label the project's (tenant's) KEK by the
plugin. The value of this attribute should be meaningful to the
plugin. Barbican does not use this value.
String attribute used to label the project's KEK by the plugin.
The value of this attribute should be meaningful to the plugin.
Barbican does not use this value.
.. attribute:: algorithm
@@ -272,19 +271,18 @@ class CryptoPluginBase(object):
"""Encryption handler function
This method will be called by Barbican when requesting an encryption
operation on a secret on behalf of a project (tenant).
operation on a secret on behalf of a project.
:param encrypt_dto: :class:`EncryptDTO` instance containing the raw
secret byte data to be encrypted.
:type encrypt_dto: :class:`EncryptDTO`
:param kek_meta_dto: :class:`KEKMetaDTO` instance containing
information about the project's (tenant's) Key Encryption Key (KEK)
to be used for encryption. Plugins may assume that binding via
information about the project's Key Encryption Key (KEK) to be
used for encryption. Plugins may assume that binding via
:meth:`bind_kek_metadata` has already taken place before this
instance is passed in.
:type kek_meta_dto: :class:`KEKMetaDTO`
:param keystone_id: Project (tenant) ID associated with the unencrypted
data.
:param keystone_id: Project ID associated with the unencrypted data.
:return: A response DTO containing the cyphertext and KEK information.
:rtype: :class:`ResponseDTO`
"""
@@ -293,7 +291,7 @@ class CryptoPluginBase(object):
@abc.abstractmethod
def decrypt(self, decrypt_dto, kek_meta_dto, kek_meta_extended,
keystone_id):
"""Decrypt encrypted_datum in the context of the provided tenant.
"""Decrypt encrypted_datum in the context of the provided project.
:param decrypt_dto: data transfer object containing the cyphertext
to be decrypted.
@@ -342,7 +340,7 @@ class CryptoPluginBase(object):
:returns: An object of type ResponseDTO containing encrypted data and
kek_meta_extended, the former the resultant cypher text, the latter
being optional per-secret metadata needed to decrypt (over and
above the per-tenant metadata managed outside of the plugins)
above the per-project metadata managed outside of the plugins)
"""
raise NotImplementedError # pragma: no cover
@@ -363,7 +361,7 @@ class CryptoPluginBase(object):
Each object containing encrypted data and kek_meta_extended, the
former the resultant cypher text, the latter being optional
per-secret metadata needed to decrypt (over and above the
per-tenant metadata managed outside of the plugins)
per-project metadata managed outside of the plugins)
"""
raise NotImplementedError # pragma: no cover

4
barbican/plugin/crypto/p11_crypto.py
View File

@@ -60,8 +60,8 @@ class P11CryptoPlugin(plugin.CryptoPluginBase):
"""PKCS11 supporting implementation of the crypto plugin.
Generates a single master key and a single HMAC key that remain in the
HSM, then generates a key per tenant in the HSM, wraps the key, computes
an HMAC, and stores it in the DB. The tenant key is never unencrypted
HSM, then generates a key per project in the HSM, wraps the key, computes
an HMAC, and stores it in the DB. The project key is never unencrypted
outside the HSM.
This implementation currently relies on an unreleased fork of PyKCS11.

4
barbican/plugin/interface/certificate_manager.py
View File

@@ -159,7 +159,7 @@ class CertificateEventPluginBase(object):
self, project_id, order_ref, container_ref):
"""Notify that a certificate has been generated and is ready to use.
:param project_id: Project/tenant ID associated with this certificate
:param project_id: Project ID associated with this certificate
:param order_ref: HATEOS reference URI to the submitted Barbican Order
:param container_ref: HATEOS reference URI to the Container storing
the certificate
@@ -172,7 +172,7 @@ class CertificateEventPluginBase(object):
self, project_id, order_ref, error_msg, retry_in_msec):
"""Notify that the certificate authority (CA) isn't available.
:param project_id: Project/tenant ID associated with this order
:param project_id: Project ID associated with this order
:param order_ref: HATEOS reference URI to the submitted Barbican Order
:param error_msg: Error message if it is available
:param retry_in_msec: Delay before attempting to talk to the CA again.

56
barbican/plugin/resources.py
View File

@@ -60,7 +60,7 @@ def get_plugin_name_and_transport_key(repos, transport_key_id):
def store_secret(unencrypted_raw, content_type_raw, content_encoding,
spec, secret_model, tenant_model, repos,
spec, secret_model, project_model, repos,
transport_key_needed=False,
transport_key_id=None):
"""Store a provided secret into secure backend."""
@@ -89,7 +89,7 @@ def store_secret(unencrypted_raw, content_type_raw, content_encoding,
repos,
transport_key_needed)
_save_secret(secret_model, tenant_model, repos)
_save_secret(secret_model, project_model, repos)
return secret_model, key_model
plugin_name, transport_key = get_plugin_name_and_transport_key(
@@ -119,17 +119,17 @@ def store_secret(unencrypted_raw, content_type_raw, content_encoding,
content_type=content_type,
transport_key=transport_key)
secret_metadata = _store_secret(
store_plugin, secret_dto, secret_model, tenant_model)
store_plugin, secret_dto, secret_model, project_model)
# Save secret and metadata.
_save_secret(secret_model, tenant_model, repos)
_save_secret(secret_model, project_model, repos)
_save_secret_metadata(secret_model, secret_metadata, store_plugin,
content_type, repos)
return secret_model, None
def get_secret(requesting_content_type, secret_model, tenant_model, repos,
def get_secret(requesting_content_type, secret_model, project_model, repos,
twsk=None, transport_key=None):
tr.analyze_before_decryption(requesting_content_type)
@@ -148,7 +148,7 @@ def get_secret(requesting_content_type, secret_model, tenant_model, repos,
# Retrieve the secret.
secret_dto = _get_secret(
retrieve_plugin, secret_metadata, secret_model, tenant_model)
retrieve_plugin, secret_metadata, secret_model, project_model)
if twsk is not None:
del secret_metadata['transport_key']
@@ -173,7 +173,7 @@ def get_transport_key_id_for_retrieval(secret_model, repos):
def generate_secret(spec, content_type,
tenant_model, repos):
project_model, repos):
"""Generate a secret and store into a secure backend."""
# Locate a suitable plugin to store the secret.
@@ -189,10 +189,10 @@ def generate_secret(spec, content_type,
# Generate the secret.
secret_metadata = _generate_symmetric_key(
generate_plugin, key_spec, secret_model, tenant_model, content_type)
generate_plugin, key_spec, secret_model, project_model, content_type)
# Save secret and metadata.
_save_secret(secret_model, tenant_model, repos)
_save_secret(secret_model, project_model, repos)
_save_secret_metadata(secret_model, secret_metadata, generate_plugin,
content_type, repos)
@@ -200,7 +200,7 @@ def generate_secret(spec, content_type,
def generate_asymmetric_secret(spec, content_type,
tenant_model, repos):
project_model, repos):
"""Generate an asymmetric secret and store into a secure backend."""
# Locate a suitable plugin to store the secret.
key_spec = secret_store.KeySpec(alg=spec.get('algorithm'),
@@ -223,31 +223,31 @@ def generate_asymmetric_secret(spec, content_type,
private_secret_model,
public_secret_model,
passphrase_secret_model,
tenant_model
project_model
)
# Save secret and metadata.
_save_secret(private_secret_model, tenant_model, repos)
_save_secret(private_secret_model, project_model, repos)
_save_secret_metadata(private_secret_model,
asymmetric_meta_dto.private_key_meta,
generate_plugin,
content_type, repos)
_save_secret(public_secret_model, tenant_model, repos)
_save_secret(public_secret_model, project_model, repos)
_save_secret_metadata(public_secret_model,
asymmetric_meta_dto.public_key_meta,
generate_plugin,
content_type, repos)
if spec.get('passphrase'):
_save_secret(passphrase_secret_model, tenant_model, repos)
_save_secret(passphrase_secret_model, project_model, repos)
_save_secret_metadata(passphrase_secret_model,
asymmetric_meta_dto.passphrase_meta,
generate_plugin,
content_type, repos)
# Now create container
container_model = _save_container(spec, tenant_model, repos,
container_model = _save_container(spec, project_model, repos,
private_secret_model,
public_secret_model,
passphrase_secret_model)
@@ -275,10 +275,10 @@ def delete_secret(secret_model, project_id, repos):
keystone_id=project_id)
def _store_secret(store_plugin, secret_dto, secret_model, tenant_model):
def _store_secret(store_plugin, secret_dto, secret_model, project_model):
if isinstance(store_plugin, store_crypto.StoreCryptoAdapterPlugin):
context = store_crypto.StoreCryptoContext(
tenant_model,
project_model,
secret_model=secret_model)
secret_metadata = store_plugin.store_secret(secret_dto, context)
else:
@@ -287,10 +287,10 @@ def _store_secret(store_plugin, secret_dto, secret_model, tenant_model):
def _generate_symmetric_key(
generate_plugin, key_spec, secret_model, tenant_model, content_type):
generate_plugin, key_spec, secret_model, project_model, content_type):
if isinstance(generate_plugin, store_crypto.StoreCryptoAdapterPlugin):
context = store_crypto.StoreCryptoContext(
tenant_model,
project_model,
secret_model=secret_model,
content_type=content_type)
secret_metadata = generate_plugin.generate_symmetric_key(
@@ -306,10 +306,10 @@ def _generate_asymmetric_key(
private_secret_model,
public_secret_model,
passphrase_secret_model,
tenant_model):
project_model):
if isinstance(generate_plugin, store_crypto.StoreCryptoAdapterPlugin):
context = store_crypto.StoreCryptoContext(
tenant_model,
project_model,
private_secret_model=private_secret_model,
public_secret_model=public_secret_model,
passphrase_secret_model=passphrase_secret_model)
@@ -321,10 +321,10 @@ def _generate_asymmetric_key(
def _get_secret(
retrieve_plugin, secret_metadata, secret_model, tenant_model):
retrieve_plugin, secret_metadata, secret_model, project_model):
if isinstance(retrieve_plugin, store_crypto.StoreCryptoAdapterPlugin):
context = store_crypto.StoreCryptoContext(
tenant_model,
project_model,
secret_model=secret_model)
secret_dto = retrieve_plugin.get_secret(secret_metadata, context)
else:
@@ -354,18 +354,18 @@ def _save_secret_metadata(secret_model, secret_metadata,
repos.secret_meta_repo.save(secret_metadata, secret_model)
def _save_secret(secret_model, tenant_model, repos):
def _save_secret(secret_model, project_model, repos):
"""Save a Secret entity."""
# Create Secret entities in data store.
if not secret_model.id:
repos.secret_repo.create_from(secret_model)
new_assoc = models.TenantSecret()
new_assoc.tenant_id = tenant_model.id
new_assoc.tenant_id = project_model.id
new_assoc.secret_id = secret_model.id
new_assoc.role = "admin"
new_assoc.status = models.States.ACTIVE
repos.tenant_secret_repo.create_from(new_assoc)
repos.project_secret_repo.create_from(new_assoc)
else:
repos.secret_repo.save(secret_model)
@@ -376,13 +376,13 @@ def _secret_already_has_stored_data(secret_model):
return secret_model.encrypted_data or secret_model.secret_store_metadata
def _save_container(spec, tenant_model, repos, private_secret_model,
def _save_container(spec, project_model, repos, private_secret_model,
public_secret_model, passphrase_secret_model):
container_model = models.Container()
container_model.name = spec.get('name')
container_model.type = spec.get('algorithm', '').lower()
container_model.status = models.States.ACTIVE
container_model.tenant_id = tenant_model.id
container_model.tenant_id = project_model.id
repos.container_repo.create_from(container_model)
# create container_secret for private_key

4
barbican/plugin/simple_certificate_manager.py
View File

@@ -106,7 +106,7 @@ class SimpleCertificateEventPlugin(cert.CertificateEventPluginBase):
self, project_id, order_ref, container_ref):
"""Notify that a certificate has been generated and is ready to use.
:param project_id: Project/tenant ID associated with this certificate
:param project_id: Project ID associated with this certificate
:param order_ref: HATEOS reference URI to the submitted Barbican Order
:param container_ref: HATEOS reference URI to the Container storing
the certificate
@@ -118,7 +118,7 @@ class SimpleCertificateEventPlugin(cert.CertificateEventPluginBase):
self, project_id, order_ref, error_msg, retry_in_msec):
"""Notify that the certificate authority (CA) isn't available.
:param project_id: Project/tenant ID associated with this order
:param project_id: Project ID associated with this order
:param order_ref: HATEOS reference URI to the submitted Barbican Order
:param error_msg: Error message if it is available
:param retry_in_msec: Delay before attempting to talk to the CA again.

26
barbican/plugin/store_crypto.py
View File

@@ -33,7 +33,7 @@ class StoreCryptoContext(object):
"""
def __init__(
self,
tenant_model,
project_model,
secret_model=None,
private_secret_model=None,
public_secret_model=None,
@@ -43,7 +43,7 @@ class StoreCryptoContext(object):
self.private_secret_model = private_secret_model
self.public_secret_model = public_secret_model
self.passphrase_secret_model = passphrase_secret_model
self.tenant_model = tenant_model
self.project_model = project_model
self.content_type = content_type
@@ -79,7 +79,7 @@ class StoreCryptoAdapterPlugin(object):
# Find or create a key encryption key metadata.
kek_datum_model, kek_meta_dto = _find_or_create_kek_objects(
encrypting_plugin, context.tenant_model)
encrypting_plugin, context.project_model)
encrypt_dto = crypto.EncryptDTO(secret_dto.secret)
@@ -90,7 +90,7 @@ class StoreCryptoAdapterPlugin(object):
# Create an encrypted datum instance and add the encrypted cyphertext.
response_dto = encrypting_plugin.encrypt(
encrypt_dto, kek_meta_dto, context.tenant_model.keystone_id
encrypt_dto, kek_meta_dto, context.project_model.keystone_id
)
# Convert binary data into a text-based format.
@@ -128,7 +128,7 @@ class StoreCryptoAdapterPlugin(object):
secret = decrypting_plugin.decrypt(decrypt_dto,
kek_meta_dto,
datum_model.kek_meta_extended,
context.tenant_model.keystone_id)
context.project_model.keystone_id)
key_spec = sstore.KeySpec(alg=context.secret_model.algorithm,
bit_length=context.secret_model.bit_length,
mode=context.secret_model.mode)
@@ -162,7 +162,7 @@ class StoreCryptoAdapterPlugin(object):
# Find or create a key encryption key metadata.
kek_datum_model, kek_meta_dto = _find_or_create_kek_objects(
generating_plugin, context.tenant_model)
generating_plugin, context.project_model)
# Create an encrypted datum instance and add the created cypher text.
generate_dto = crypto.GenerateDTO(key_spec.alg,
@@ -170,7 +170,7 @@ class StoreCryptoAdapterPlugin(object):
key_spec.mode, None)
# Create the encrypted meta.
response_dto = generating_plugin.generate_symmetric(
generate_dto, kek_meta_dto, context.tenant_model.keystone_id)
generate_dto, kek_meta_dto, context.project_model.keystone_id)
# Convert binary data into a text-based format.
_store_secret_and_datum(
@@ -196,7 +196,7 @@ class StoreCryptoAdapterPlugin(object):
# Find or create a key encryption key metadata.
kek_datum_model, kek_meta_dto = _find_or_create_kek_objects(
generating_plugin, context.tenant_model)
generating_plugin, context.project_model)
generate_dto = crypto.GenerateDTO(key_spec.alg,
key_spec.bit_length,
@@ -205,7 +205,7 @@ class StoreCryptoAdapterPlugin(object):
# Create the encrypted meta.
private_key_dto, public_key_dto, passwd_dto = (
generating_plugin.generate_asymmetric(
generate_dto, kek_meta_dto, context.tenant_model.keystone_id
generate_dto, kek_meta_dto, context.project_model.keystone_id
)
)
@@ -268,12 +268,12 @@ def _determine_generation_type(algorithm):
raise sstore.SecretAlgorithmNotSupportedException(algorithm)
def _find_or_create_kek_objects(plugin_inst, tenant_model):
def _find_or_create_kek_objects(plugin_inst, project_model):
kek_repo = repositories.get_kek_datum_repository()
# Find or create a key encryption key.
full_plugin_name = utils.generate_fullname_for(plugin_inst)
kek_datum_model = kek_repo.find_or_create_kek_datum(tenant_model,
kek_datum_model = kek_repo.find_or_create_kek_datum(project_model,
full_plugin_name)
# Bind to the plugin's key management.
@@ -301,11 +301,11 @@ def _store_secret_and_datum(
if not secret_model.id:
repositories.get_secret_repository().create_from(secret_model)
new_assoc = models.TenantSecret()
new_assoc.tenant_id = context.tenant_model.id
new_assoc.tenant_id = context.project_model.id
new_assoc.secret_id = secret_model.id
new_assoc.role = "admin"
new_assoc.status = models.States.ACTIVE
repositories.get_tenant_secret_repository().create_from(new_assoc)
repositories.get_project_secret_repository().create_from(new_assoc)
# setup and store encrypted datum
datum_model = models.EncryptedDatum(secret_model, kek_datum_model)

36
barbican/tasks/certificate_resources.py
View File

@@ -60,11 +60,11 @@ ORDER_STATUS_CA_UNAVAIL_FOR_CHECK = models.OrderStatus(
)
def issue_certificate_request(order_model, tenant_model, repos):
def issue_certificate_request(order_model, project_model, repos):
"""Create the initial order with CA.
:param: order_model - order associated with this cert request
:param: tenant_model - tenant associated with this request
:param: project_model - project associated with this request
:param: repos - repos (to be removed)
:returns: container_model - container with the relevant cert if
the request has been completed. None otherwise
@@ -88,11 +88,11 @@ def issue_certificate_request(order_model, tenant_model, repos):
# TODO(alee-3): Add code to set sub status of "waiting for CA"
_update_order_status(ORDER_STATUS_REQUEST_PENDING)
_schedule_check_cert_request(cert_plugin, order_model, plugin_meta,
repos, result, tenant_model,
repos, result, project_model,
cert.RETRY_MSEC)
elif cert.CertificateStatus.CERTIFICATE_GENERATED == result.status:
_update_order_status(ORDER_STATUS_CERT_GENERATED)
container_model = _save_secrets(result, tenant_model, repos)
container_model = _save_secrets(result, project_model, repos)
elif cert.CertificateStatus.CLIENT_DATA_ISSUE_SEEN == result.status:
_update_order_status(ORDER_STATUS_DATA_INVALID)
raise cert.CertificateStatusClientDataIssue(result.status_message)
@@ -101,7 +101,7 @@ def issue_certificate_request(order_model, tenant_model, repos):
_update_order_status(ORDER_STATUS_CA_UNAVAIL_FOR_ISSUE)
_schedule_issue_cert_request(cert_plugin, order_model, plugin_meta,
repos, result, tenant_model,
repos, result, project_model,
cert.ERROR_RETRY_MSEC)
_notify_ca_unavailable(order_model, result)
elif cert.CertificateStatus.INVALID_OPERATION == result.status:
@@ -115,11 +115,11 @@ def issue_certificate_request(order_model, tenant_model, repos):
return container_model
def check_certificate_request(order_model, tenant_model, plugin_name, repos):
def check_certificate_request(order_model, project_model, plugin_name, repos):
"""Check the status of a certificate request with the CA.
:param: order_model - order associated with this cert request
:param: tenant_model - tenant associated with this request
:param: project_model - project associated with this request
:param: plugin_name - plugin the issued the certificate request
:param; repos - repos (to be removed)
:returns: container_model - container with the relevant cert if the
@@ -142,11 +142,11 @@ def check_certificate_request(order_model, tenant_model, plugin_name, repos):
if cert.CertificateStatus.WAITING_FOR_CA == result.status:
_update_order_status(ORDER_STATUS_REQUEST_PENDING)
_schedule_check_cert_request(cert_plugin, order_model, plugin_meta,
repos, result, tenant_model,
repos, result, project_model,
cert.RETRY_MSEC)
elif cert.CertificateStatus.CERTIFICATE_GENERATED == result.status:
_update_order_status(ORDER_STATUS_CERT_GENERATED)
container_model = _save_secrets(result, tenant_model, repos)
container_model = _save_secrets(result, project_model, repos)
elif cert.CertificateStatus.CLIENT_DATA_ISSUE_SEEN == result.status:
_update_order_status(cert.ORDER_STATUS_DATA_INVALID)
raise cert.CertificateStatusClientDataIssue(result.status_message)
@@ -154,7 +154,7 @@ def check_certificate_request(order_model, tenant_model, plugin_name, repos):
# TODO(alee-3): decide what to do about retries here
_update_order_status(ORDER_STATUS_CA_UNAVAIL_FOR_CHECK)
_schedule_check_cert_request(cert_plugin, order_model, plugin_meta,
repos, result, tenant_model,
repos, result, project_model,
cert.ERROR_RETRY_MSEC)
elif cert.CertificateStatus.INVALID_OPERATION == result.status:
@@ -192,9 +192,9 @@ def _schedule_cert_retry_task(cert_result_dto, cert_plugin, order_model,
def _schedule_issue_cert_request(cert_plugin, order_model, plugin_meta, repos,
cert_result_dto, tenant_model, retry_time):
cert_result_dto, project_model, retry_time):
retry_args = [order_model,
tenant_model,
project_model,
repos]
_schedule_cert_retry_task(
cert_result_dto, cert_plugin, order_model, plugin_meta,
@@ -205,9 +205,9 @@ def _schedule_issue_cert_request(cert_plugin, order_model, plugin_meta, repos,
def _schedule_check_cert_request(cert_plugin, order_model, plugin_meta, repos,
cert_result_dto, tenant_model, retry_time):
cert_result_dto, project_model, retry_time):
retry_args = [order_model,
tenant_model,
project_model,
utils.generate_fullname_for(cert_plugin),
repos]
_schedule_cert_retry_task(
@@ -255,14 +255,14 @@ def _save_plugin_metadata(order_model, plugin_meta, repos):
repos.order_plugin_meta_repo.save(plugin_meta, order_model)
def _save_secrets(result, tenant_model, repos):
def _save_secrets(result, project_model, repos):
cert_secret_model, transport_key_model = plugin.store_secret(
unencrypted_raw=result.certificate,
content_type_raw='text/plain',
content_encoding='base64',
spec={},
secret_model=None,
tenant_model=tenant_model,
project_model=project_model,
repos=repos)
# save the certificate chain as a secret.
@@ -273,7 +273,7 @@ def _save_secrets(result, tenant_model, repos):
content_encoding='base64',
spec={},
secret_model=None,
tenant_model=tenant_model,
project_model=project_model,
repos=repos
)
else:
@@ -282,7 +282,7 @@ def _save_secrets(result, tenant_model, repos):
container_model = models.Container()
container_model.type = "certificate"
container_model.status = models.States.ACTIVE
container_model.tenant_id = tenant_model.id
container_model.tenant_id = project_model.id
repos.container_repo.create_from(container_model)
# create container_secret for certificate

26
barbican/tasks/keystone_consumer.py
View File

@@ -36,15 +36,15 @@ class KeystoneEventConsumer(resources.BaseTask):
def get_name(self):
return u._('Project cleanup via Keystone notifications')
def __init__(self, tenant_repo=None, order_repo=None,
secret_repo=None, tenant_secret_repo=None,
def __init__(self, project_repo=None, order_repo=None,
secret_repo=None, project_secret_repo=None,
datum_repo=None, kek_repo=None, secret_meta_repo=None,
container_repo=None):
LOG.debug('Creating KeystoneEventConsumer task processor')
self.repos = rep.Repositories(tenant_repo=tenant_repo,
self.repos = rep.Repositories(project_repo=project_repo,
order_repo=order_repo,
secret_repo=secret_repo,
tenant_secret_repo=tenant_secret_repo,
project_secret_repo=project_secret_repo,
datum_repo=datum_repo,
kek_repo=kek_repo,
secret_meta_repo=secret_meta_repo,
@@ -67,9 +67,9 @@ class KeystoneEventConsumer(resources.BaseTask):
def retrieve_entity(self, project_id, resource_type=None,
operation_type=None):
tenant_repo = self.repos.tenant_repo
return tenant_repo.find_by_keystone_id(keystone_id=project_id,
suppress_exception=True)
project_repo = self.repos.project_repo
return project_repo.find_by_keystone_id(keystone_id=project_id,
suppress_exception=True)
def handle_processing(self, barbican_project, *args, **kwargs):
self.handle_cleanup(barbican_project, *args, **kwargs)
@@ -78,7 +78,7 @@ class KeystoneEventConsumer(resources.BaseTask):
project_id=None, resource_type=None, operation_type=None):
LOG.error('Error processing Keystone event, project_id={0}, event '
'resource={1}, event operation={2}, status={3}, error '
'message={4}'.format(project.tenant_id, resource_type,
'message={4}'.format(project.project_id, resource_type,
operation_type, status, message))
def handle_success(self, project, project_id=None, resource_type=None,
@@ -107,12 +107,12 @@ class KeystoneEventConsumer(resources.BaseTask):
'present for Keystone project_id={0}'.format(project_id))
return
# barbican entities use tenants table 'id' field as foreign key. Delete
# apis are using that id to lookup related entities and not keystone
# project id which requires additional tenant table join.
tenant_id = project.id
# barbican entities use projects table 'id' field as foreign key.
# Delete apis are using that id to lookup related entities and not
# keystone project id which requires additional project table join.
project_id = project.id
rep.delete_all_project_resources(tenant_id, self.repos)
rep.delete_all_project_resources(project_id, self.repos)
# reached here means there is no error so log the successful
# cleanup log entry.

26
barbican/tasks/resources.py
View File

@@ -148,15 +148,15 @@ class BeginTypeOrder(BaseTask):
def get_name(self):
return u._('Process TypeOrder')
def __init__(self, tenant_repo=None, order_repo=None,
secret_repo=None, tenant_secret_repo=None, datum_repo=None,
def __init__(self, project_repo=None, order_repo=None,
secret_repo=None, project_secret_repo=None, datum_repo=None,
kek_repo=None, container_repo=None,
container_secret_repo=None, secret_meta_repo=None,
order_plugin_meta_repo=None):
LOG.debug('Creating BeginTypeOrder task processor')
self.repos = rep.Repositories(
tenant_repo=tenant_repo,
tenant_secret_repo=tenant_secret_repo,
project_repo=project_repo,
project_secret_repo=project_secret_repo,
secret_repo=secret_repo,
datum_repo=datum_repo,
kek_repo=kek_repo,
@@ -207,8 +207,8 @@ class BeginTypeOrder(BaseTask):
order_type = order_info.get('type')
meta_info = order_info.get('meta')
# Retrieve the tenant.
tenant = self.repos.tenant_repo.get(order.tenant_id)
# Retrieve the project.
project = self.repos.project_repo.get(order.tenant_id)
if order_type == models.OrderType.KEY:
# Create Secret
@@ -216,7 +216,7 @@ class BeginTypeOrder(BaseTask):
meta_info,
meta_info.get('payload_content_type',
'application/octet-stream'),
tenant,
project,
self.repos
)
order.secret_id = new_secret.id
@@ -227,13 +227,13 @@ class BeginTypeOrder(BaseTask):
meta_info,
meta_info.get('payload_content_type',
'application/octet-stream'),
tenant, self.repos)
project, self.repos)
order.container_id = new_container.id
LOG.debug("...done creating asymmetric order's secret.")
elif order_type == models.OrderType.CERTIFICATE:
# Request a certificate
new_container = cert.issue_certificate_request(
order, tenant, self.repos)
order, project, self.repos)
if new_container:
order.container_id = new_container.id
LOG.debug("...done requesting a certificate.")
@@ -247,16 +247,16 @@ class UpdateOrder(BaseTask):
def get_name(self):
return u._('Update Order')
def __init__(self, tenant_repo=None, order_repo=None,
secret_repo=None, tenant_secret_repo=None, datum_repo=None,
def __init__(self, project_repo=None, order_repo=None,
secret_repo=None, project_secret_repo=None, datum_repo=None,
kek_repo=None, container_repo=None,
container_secret_repo=None, secret_meta_repo=None):
LOG.debug('Creating UpdateOrder task processor')
self.repos = rep.Repositories(
tenant_repo=tenant_repo,
project_repo=project_repo,
order_repo=order_repo,
secret_repo=secret_repo,
tenant_secret_repo=tenant_secret_repo,
project_secret_repo=project_secret_repo,
datum_repo=datum_repo,
kek_repo=kek_repo,
container_repo=container_repo,

292
barbican/tests/api/test_resources.py
View File

@@ -49,7 +49,7 @@ def get_barbican_env(keystone_id):
"""
kwargs = {'roles': None,
'user': None,
'tenant': keystone_id,
'project': keystone_id,
'is_admin': True}
ctx = barbican.context.RequestContext(**kwargs)
ctx.policy_enforcer = None
@@ -190,8 +190,8 @@ class BaseSecretsResource(FunctionalTest):
class RootController(object):
secrets = controllers.secrets.SecretsController(
self.tenant_repo, self.secret_repo,
self.tenant_secret_repo, self.datum_repo, self.kek_repo,
self.project_repo, self.secret_repo,
self.project_secret_repo, self.datum_repo, self.kek_repo,
self.secret_meta_repo, self.transport_key_repo
)
@@ -220,20 +220,20 @@ class BaseSecretsResource(FunctionalTest):
payload_content_encoding)
self.keystone_id = 'keystone1234'
self.tenant_entity_id = 'tid1234'
self.tenant = models.Tenant()
self.tenant.id = self.tenant_entity_id
self.tenant.keystone_id = self.keystone_id
self.tenant_repo = mock.MagicMock()
self.tenant_repo.find_by_keystone_id.return_value = self.tenant
self.project_entity_id = 'tid1234'
self.project = models.Tenant()
self.project.id = self.project_entity_id
self.project.keystone_id = self.keystone_id
self.project_repo = mock.MagicMock()
self.project_repo.find_by_keystone_id.return_value = self.project
self.secret = models.Secret()
self.secret.id = '123'
self.secret_repo = mock.MagicMock()
self.secret_repo.create_from.return_value = self.secret
self.tenant_secret_repo = mock.MagicMock()
self.tenant_secret_repo.create_from.return_value = None
self.project_secret_repo = mock.MagicMock()
self.project_secret_repo.create_from.return_value = None
self.datum_repo = mock.MagicMock()
self.datum_repo.create_from.return_value = None
@@ -285,7 +285,7 @@ class BaseSecretsResource(FunctionalTest):
self.secret_req.get('payload_content_encoding'),
expected,
None,
self.tenant,
self.project,
mock.ANY,
transport_key_needed=False,
transport_key_id=None
@@ -293,11 +293,12 @@ class BaseSecretsResource(FunctionalTest):
@mock.patch('barbican.plugin.resources.store_secret')
def _test_should_add_new_secret_one_step(self, mock_store_secret,
check_tenant_id=True):
check_project_id=True):
"""Test the one-step secret creation.
:param check_tenant_id: True if the retrieved Tenant id needs to be
verified, False to skip this check (necessary for new-Tenant flows).
:param check_project_id: True if the retrieved Project id needs to be
verified, False to skip this check (necessary
for new-Project flows).
"""
mock_store_secret.return_value = self.secret, None
@@ -316,7 +317,7 @@ class BaseSecretsResource(FunctionalTest):
self.secret_req.get('payload_content_encoding'),
expected,
None,
self.tenant if check_tenant_id else mock.ANY,
self.project if check_project_id else mock.ANY,
mock.ANY,
transport_key_needed=False,
transport_key_id=None
@@ -324,11 +325,12 @@ class BaseSecretsResource(FunctionalTest):
@mock.patch('barbican.plugin.resources.store_secret')
def _test_should_add_new_secret_one_step_with_tkey_id(
self, mock_store_secret, check_tenant_id=True):
self, mock_store_secret, check_project_id=True):
"""Test the one-step secret creation with transport_key_id set
:param check_tenant_id: True if the retrieved Tenant id needs to be
verified, False to skip this check (necessary for new-Tenant flows).
:param check_project_id: True if the retrieved Project id needs to be
verified, False to skip this check (necessary
for new-Project flows).
"""
mock_store_secret.return_value = self.secret, None
self.secret_req['transport_key_id'] = self.transport_key_id
@@ -345,22 +347,22 @@ class BaseSecretsResource(FunctionalTest):
self.secret_req.get('payload_content_encoding'),
expected,
None,
self.tenant if check_tenant_id else mock.ANY,
self.project if check_project_id else mock.ANY,
mock.ANY,
transport_key_needed=False,
transport_key_id=self.transport_key_id
)
def _test_should_add_new_secret_if_tenant_does_not_exist(self):
self.tenant_repo.get.return_value = None
self.tenant_repo.find_by_keystone_id.return_value = None
def _test_should_add_new_secret_if_project_does_not_exist(self):
self.project_repo.get.return_value = None
self.project_repo.find_by_keystone_id.return_value = None
self._test_should_add_new_secret_one_step(check_tenant_id=False)
self._test_should_add_new_secret_one_step(check_project_id=False)
args, kwargs = self.tenant_repo.create_from.call_args
tenant = args[0]
self.assertIsInstance(tenant, models.Tenant)
self.assertEqual(self.keystone_id, tenant.keystone_id)
args, kwargs = self.project_repo.create_from.call_args
project = args[0]
self.assertIsInstance(project, models.Tenant)
self.assertEqual(self.keystone_id, project.keystone_id)
def _test_should_add_new_secret_metadata_without_payload(self):
self.app.post_json(
@@ -373,11 +375,11 @@ class BaseSecretsResource(FunctionalTest):
self.assertIsInstance(secret, models.Secret)
self.assertEqual(secret.name, self.name)
args, kwargs = self.tenant_secret_repo.create_from.call_args
tenant_secret = args[0]
self.assertIsInstance(tenant_secret, models.TenantSecret)
self.assertEqual(tenant_secret.tenant_id, self.tenant_entity_id)
self.assertEqual(tenant_secret.secret_id, secret.id)
args, kwargs = self.project_secret_repo.create_from.call_args
project_secret = args[0]
self.assertIsInstance(project_secret, models.TenantSecret)
self.assertEqual(project_secret.tenant_id, self.project_entity_id)
self.assertEqual(project_secret.secret_id, secret.id)
self.assertFalse(self.datum_repo.create_from.called)
@@ -477,8 +479,8 @@ class WhenCreatingPlainTextSecretsUsingSecretsResource(BaseSecretsResource):
def test_should_add_new_secret_with_expiration(self):
self._test_should_add_new_secret_with_expiration()
def test_should_add_new_secret_if_tenant_does_not_exist(self):
self._test_should_add_new_secret_if_tenant_does_not_exist()
def test_should_add_new_secret_if_project_does_not_exist(self):
self._test_should_add_new_secret_if_project_does_not_exist()
def test_should_add_new_secret_metadata_without_payload(self):
self._test_should_add_new_secret_metadata_without_payload()
@@ -612,8 +614,8 @@ class WhenCreatingBinarySecretsUsingSecretsResource(BaseSecretsResource):
def test_should_add_new_secret_with_expiration(self):
self._test_should_add_new_secret_with_expiration()
def test_should_add_new_secret_if_tenant_does_not_exist(self):
self._test_should_add_new_secret_if_tenant_does_not_exist()
def test_should_add_new_secret_if_project_does_not_exist(self):
self._test_should_add_new_secret_if_project_does_not_exist()
def test_should_add_new_secret_metadata_without_payload(self):
self._test_should_add_new_secret_metadata_without_payload()
@@ -713,15 +715,15 @@ class WhenGettingSecretsListUsingSecretsResource(FunctionalTest):
class RootController(object):
secrets = controllers.secrets.SecretsController(
self.tenant_repo, self.secret_repo,
self.tenant_secret_repo, self.datum_repo, self.kek_repo,
self.project_repo, self.secret_repo,
self.project_secret_repo, self.datum_repo, self.kek_repo,
self.secret_meta_repo, self.transport_key_repo
)
return RootController()
def _init(self):
self.tenant_id = 'tenant1234'
self.project_id = 'project1234'
self.keystone_id = 'keystone1234'
self.name = 'name 1234 !@#$%^&*()_+=-{}[];:<>,./?'
self.secret_algorithm = "AES"
@@ -749,10 +751,10 @@ class WhenGettingSecretsListUsingSecretsResource(FunctionalTest):
self.limit,
self.total)
self.tenant_repo = mock.MagicMock()
self.project_repo = mock.MagicMock()
self.tenant_secret_repo = mock.MagicMock()
self.tenant_secret_repo.create_from.return_value = None
self.project_secret_repo = mock.MagicMock()
self.project_secret_repo.create_from.return_value = None
self.datum_repo = mock.MagicMock()
self.datum_repo.create_from.return_value = None
@@ -905,15 +907,15 @@ class WhenGettingPuttingOrDeletingSecretUsingSecretResource(FunctionalTest):
class RootController(object):
secrets = controllers.secrets.SecretsController(
self.tenant_repo, self.secret_repo,
self.tenant_secret_repo, self.datum_repo, self.kek_repo,
self.project_repo, self.secret_repo,
self.project_secret_repo, self.datum_repo, self.kek_repo,
self.secret_meta_repo, self.transport_key_repo
)
return RootController()
def _init(self):
self.tenant_id = 'tenantid1234'
self.project_id = 'projectid1234'
self.keystone_id = 'keystone1234'
self.name = 'name1234'
@@ -925,17 +927,17 @@ class WhenGettingPuttingOrDeletingSecretUsingSecretResource(FunctionalTest):
self.secret_bit_length = 256
self.secret_mode = "CBC"
self.kek_tenant = models.KEKDatum()
self.kek_tenant.id = kek_id
self.kek_tenant.active = True
self.kek_tenant.bind_completed = False
self.kek_tenant.kek_label = "kek_label"
self.kek_project = models.KEKDatum()
self.kek_project.id = kek_id
self.kek_project.active = True
self.kek_project.bind_completed = False
self.kek_project.kek_label = "kek_label"
self.datum = models.EncryptedDatum()
self.datum.id = datum_id
self.datum.secret_id = secret_id
self.datum.kek_id = kek_id
self.datum.kek_meta_tenant = self.kek_tenant
self.datum.kek_meta_project = self.kek_project
self.datum.content_type = "text/plain"
self.datum.cypher_text = "aaaa" # base64 value.
@@ -946,18 +948,18 @@ class WhenGettingPuttingOrDeletingSecretUsingSecretResource(FunctionalTest):
mode=self.secret_mode,
encrypted_datum=self.datum)
self.tenant = models.Tenant()
self.tenant.id = self.tenant_id
self.project = models.Tenant()
self.project.id = self.project_id
self.keystone_id = self.keystone_id
self.tenant_repo = mock.MagicMock()
self.tenant_repo.get.return_value = self.tenant
self.tenant_repo.find_by_keystone_id.return_value = self.tenant
self.project_repo = mock.MagicMock()
self.project_repo.get.return_value = self.project
self.project_repo.find_by_keystone_id.return_value = self.project
self.secret_repo = mock.MagicMock()
self.secret_repo.get.return_value = self.secret
self.secret_repo.delete_entity_by_id.return_value = None
self.tenant_secret_repo = mock.MagicMock()
self.project_secret_repo = mock.MagicMock()
self.datum_repo = mock.MagicMock()
self.datum_repo.create_from.return_value = None
@@ -1012,7 +1014,7 @@ class WhenGettingPuttingOrDeletingSecretUsingSecretResource(FunctionalTest):
mock_get_secret.assert_called_once_with(
'text/plain',
self.secret,
self.tenant,
self.project,
mock.ANY,
None,
None
@@ -1040,7 +1042,7 @@ class WhenGettingPuttingOrDeletingSecretUsingSecretResource(FunctionalTest):
mock_get_secret.assert_called_once_with(
'text/plain',
self.secret,
self.tenant,
self.project,
mock.ANY,
twsk,
self.transport_key_model.transport_key
@@ -1141,7 +1143,7 @@ class WhenGettingPuttingOrDeletingSecretUsingSecretResource(FunctionalTest):
mock_get_secret.assert_called_once_with(
'application/octet-stream',
self.secret,
self.tenant,
self.project,
mock.ANY,
None,
None
@@ -1182,7 +1184,7 @@ class WhenGettingPuttingOrDeletingSecretUsingSecretResource(FunctionalTest):
'text/plain', None,
self.secret.to_dict_fields(),
self.secret,
self.tenant,
self.project,
mock.ANY,
transport_key_id=None
)
@@ -1205,7 +1207,7 @@ class WhenGettingPuttingOrDeletingSecretUsingSecretResource(FunctionalTest):
'text/plain', None,
self.secret.to_dict_fields(),
self.secret,
self.tenant,
self.project,
mock.ANY,
transport_key_id=self.transport_key_id
)
@@ -1231,7 +1233,7 @@ class WhenGettingPuttingOrDeletingSecretUsingSecretResource(FunctionalTest):
None,
self.secret.to_dict_fields(),
self.secret,
self.tenant,
self.project,
mock.ANY,
transport_key_id=None
)
@@ -1258,7 +1260,7 @@ class WhenGettingPuttingOrDeletingSecretUsingSecretResource(FunctionalTest):
None,
self.secret.to_dict_fields(),
self.secret,
self.tenant,
self.project,
mock.ANY,
transport_key_id=self.transport_key_id
)
@@ -1284,7 +1286,7 @@ class WhenGettingPuttingOrDeletingSecretUsingSecretResource(FunctionalTest):
'application/octet-stream',
'base64', self.secret.to_dict_fields(),
self.secret,
self.tenant,
self.project,
mock.ANY,
transport_key_id=None
)
@@ -1432,14 +1434,14 @@ class WhenCreatingOrdersUsingOrdersResource(FunctionalTest):
WhenCreatingOrdersUsingOrdersResource, self
).setUp()
self.app = webtest.TestApp(app.PecanAPI(self.root))
self.app.extra_environ = get_barbican_env(self.tenant_keystone_id)
self.app.extra_environ = get_barbican_env(self.project_keystone_id)
@property
def root(self):
self._init()
class RootController(object):
orders = controllers.orders.OrdersController(self.tenant_repo,
orders = controllers.orders.OrdersController(self.project_repo,
self.order_repo,
self.queue_resource)
@@ -1452,15 +1454,15 @@ class WhenCreatingOrdersUsingOrdersResource(FunctionalTest):
self.secret_bit_length = 128
self.secret_mode = "cbc"
self.tenant_internal_id = 'tenantid1234'
self.tenant_keystone_id = 'keystoneid1234'
self.project_internal_id = 'projectid1234'
self.project_keystone_id = 'keystoneid1234'
self.tenant = models.Tenant()
self.tenant.id = self.tenant_internal_id
self.tenant.keystone_id = self.tenant_keystone_id
self.project = models.Tenant()
self.project.id = self.project_internal_id
self.project.keystone_id = self.project_keystone_id
self.tenant_repo = mock.MagicMock()
self.tenant_repo.get.return_value = self.tenant
self.project_repo = mock.MagicMock()
self.project_repo.get.return_value = self.project
self.order_repo = mock.MagicMock()
self.order_repo.create_from.return_value = None
@@ -1487,7 +1489,7 @@ class WhenCreatingOrdersUsingOrdersResource(FunctionalTest):
self.assertEqual(resp.status_int, 202)
self.queue_resource.process_type_order.assert_called_once_with(
order_id=None, keystone_id=self.tenant_keystone_id)
order_id=None, keystone_id=self.project_keystone_id)
args, kwargs = self.order_repo.create_from.call_args
order = args[0]
@@ -1554,14 +1556,14 @@ class WhenGettingOrdersListUsingOrdersResource(FunctionalTest):
self._init()
class RootController(object):
orders = controllers.orders.OrdersController(self.tenant_repo,
orders = controllers.orders.OrdersController(self.project_repo,
self.order_repo,
self.queue_resource)
return RootController()
def _init(self):
self.tenant_id = 'tenant1234'
self.project_id = 'project1234'
self.keystone_id = 'keystoneid1234'
self.name = 'name1234'
self.mime_type = 'text/plain'
@@ -1589,7 +1591,7 @@ class WhenGettingOrdersListUsingOrdersResource(FunctionalTest):
self.offset,
self.limit,
self.total)
self.tenant_repo = mock.MagicMock()
self.project_repo = mock.MagicMock()
self.queue_resource = mock.MagicMock()
self.queue_resource.process_order.return_value = None
@@ -1661,21 +1663,21 @@ class WhenGettingOrDeletingOrderUsingOrderResource(FunctionalTest):
WhenGettingOrDeletingOrderUsingOrderResource, self
).setUp()
self.app = webtest.TestApp(app.PecanAPI(self.root))
self.app.extra_environ = get_barbican_env(self.tenant_keystone_id)
self.app.extra_environ = get_barbican_env(self.project_keystone_id)
@property
def root(self):
self._init()
class RootController(object):
orders = controllers.orders.OrdersController(self.tenant_repo,
orders = controllers.orders.OrdersController(self.project_repo,
self.order_repo,
self.queue_resource)
return RootController()
def _init(self):
self.tenant_keystone_id = 'keystoneid1234'
self.project_keystone_id = 'keystoneid1234'
self.requestor = 'requestor1234'
self.order = create_order_with_meta(id_ref="id1",
@@ -1687,7 +1689,7 @@ class WhenGettingOrDeletingOrderUsingOrderResource(FunctionalTest):
self.order_repo.save.return_value = None
self.order_repo.delete_entity_by_id.return_value = None
self.tenant_repo = mock.MagicMock()
self.project_repo = mock.MagicMock()
self.queue_resource = mock.MagicMock()
def test_should_get_order(self):
@@ -1695,13 +1697,13 @@ class WhenGettingOrDeletingOrderUsingOrderResource(FunctionalTest):
self.order_repo.get.assert_called_once_with(
entity_id=self.order.id,
keystone_id=self.tenant_keystone_id,
keystone_id=self.project_keystone_id,
suppress_exception=True)
def test_should_delete_order(self):
self.app.delete('/orders/{0}/'.format(self.order.id))
self.order_repo.delete_entity_by_id.assert_called_once_with(
entity_id=self.order.id, keystone_id=self.tenant_keystone_id)
entity_id=self.order.id, keystone_id=self.project_keystone_id)
def test_should_throw_exception_for_get_when_order_not_found(self):
self.order_repo.get.return_value = None
@@ -1729,21 +1731,21 @@ class WhenPuttingOrderWithMetadataUsingOrderResource(FunctionalTest):
WhenPuttingOrderWithMetadataUsingOrderResource, self
).setUp()
self.app = webtest.TestApp(app.PecanAPI(self.root))
self.app.extra_environ = get_barbican_env(self.tenant_keystone_id)
self.app.extra_environ = get_barbican_env(self.project_keystone_id)
@property
def root(self):
self._init()
class RootController(object):
orders = controllers.orders.OrdersController(self.tenant_repo,
orders = controllers.orders.OrdersController(self.project_repo,
self.order_repo,
self.queue_resource)
return RootController()
def _init(self):
self.tenant_keystone_id = 'keystoneid1234'
self.project_keystone_id = 'keystoneid1234'
self.requestor = 'requestor1234'
self.order = create_order_with_meta(
@@ -1763,7 +1765,7 @@ class WhenPuttingOrderWithMetadataUsingOrderResource(FunctionalTest):
self.params = {'type': self.type, 'meta': self.meta}
self.tenant_repo = mock.MagicMock()
self.project_repo = mock.MagicMock()
self.queue_resource = mock.MagicMock()
def test_should_put_order(self):
@@ -1778,7 +1780,7 @@ class WhenPuttingOrderWithMetadataUsingOrderResource(FunctionalTest):
self.assertEqual(resp.status_int, 204)
self.order_repo.get.assert_called_once_with(
entity_id=self.order.id,
keystone_id=self.tenant_keystone_id,
keystone_id=self.project_keystone_id,
suppress_exception=True)
def test_should_fail_bad_type(self):
@@ -1795,7 +1797,7 @@ class WhenPuttingOrderWithMetadataUsingOrderResource(FunctionalTest):
self.assertEqual(resp.status_int, 400)
self.order_repo.get.assert_called_once_with(
entity_id=self.order.id,
keystone_id=self.tenant_keystone_id,
keystone_id=self.project_keystone_id,
suppress_exception=True)
def test_should_fail_bad_status(self):
@@ -1812,7 +1814,7 @@ class WhenPuttingOrderWithMetadataUsingOrderResource(FunctionalTest):
self.assertEqual(resp.status_int, 400)
self.order_repo.get.assert_called_once_with(
entity_id=self.order.id,
keystone_id=self.tenant_keystone_id,
keystone_id=self.project_keystone_id,
suppress_exception=True)
@@ -1828,7 +1830,7 @@ class WhenCreatingTypeOrdersUsingOrdersResource(FunctionalTest):
self._init()
class RootController(object):
orders = controllers.orders.OrdersController(self.tenant_repo,
orders = controllers.orders.OrdersController(self.project_repo,
self.order_repo,
self.queue_resource)
@@ -1846,15 +1848,15 @@ class WhenCreatingTypeOrdersUsingOrdersResource(FunctionalTest):
self.key_order_req = {'type': self.type,
'meta': self.meta}
self.tenant_internal_id = 'tenantid1234'
self.tenant_keystone_id = 'keystoneid1234'
self.project_internal_id = 'projectid1234'
self.project_keystone_id = 'keystoneid1234'
self.tenant = models.Tenant()
self.tenant.id = self.tenant_internal_id
self.tenant.keystone_id = self.tenant_keystone_id
self.project = models.Tenant()
self.project.id = self.project_internal_id
self.project.keystone_id = self.project_keystone_id
self.tenant_repo = mock.MagicMock()
self.tenant_repo.get.return_value = self.tenant
self.project_repo = mock.MagicMock()
self.project_repo.get.return_value = self.project
self.order_repo = mock.MagicMock()
self.order_repo.create_from.return_value = None
@@ -1870,7 +1872,7 @@ class WhenCreatingTypeOrdersUsingOrdersResource(FunctionalTest):
self.assertEqual(resp.status_int, 202)
self.queue_resource.process_type_order.assert_called_once_with(
order_id=None, keystone_id=self.tenant_keystone_id)
order_id=None, keystone_id=self.project_keystone_id)
args, kwargs = self.order_repo.create_from.call_args
order = args[0]
@@ -1976,7 +1978,7 @@ class WhenCreatingContainersUsingContainersResource(FunctionalTest):
WhenCreatingContainersUsingContainersResource, self
).setUp()
self.app = webtest.TestApp(app.PecanAPI(self.root))
self.app.extra_environ = get_barbican_env(self.tenant_keystone_id)
self.app.extra_environ = get_barbican_env(self.project_keystone_id)
@property
def root(self):
@@ -1984,7 +1986,7 @@ class WhenCreatingContainersUsingContainersResource(FunctionalTest):
class RootController(object):
containers = controllers.containers.ContainersController(
self.tenant_repo, self.container_repo, self.secret_repo,
self.project_repo, self.container_repo, self.secret_repo,
self.consumer_repo
)
@@ -2008,15 +2010,15 @@ class WhenCreatingContainersUsingContainersResource(FunctionalTest):
}
]
self.tenant_internal_id = 'tenantid1234'
self.tenant_keystone_id = 'keystoneid1234'
self.project_internal_id = 'projectid1234'
self.project_keystone_id = 'keystoneid1234'
self.tenant = models.Tenant()
self.tenant.id = self.tenant_internal_id
self.tenant.keystone_id = self.tenant_keystone_id
self.project = models.Tenant()
self.project.id = self.project_internal_id
self.project.keystone_id = self.project_keystone_id
self.tenant_repo = mock.MagicMock()
self.tenant_repo.get.return_value = self.tenant
self.project_repo = mock.MagicMock()
self.project_repo.get.return_value = self.project
self.container_repo = mock.MagicMock()
self.container_repo.create_from.return_value = None
@@ -2037,7 +2039,7 @@ class WhenCreatingContainersUsingContainersResource(FunctionalTest):
self.container_req
)
self.assertEqual(resp.status_int, 201)
self.assertNotIn(self.tenant_keystone_id, resp.headers['Location'])
self.assertNotIn(self.project_keystone_id, resp.headers['Location'])
args, kwargs = self.container_repo.create_from.call_args
container = args[0]
@@ -2076,7 +2078,7 @@ class WhenGettingOrDeletingContainerUsingContainerResource(FunctionalTest):
WhenGettingOrDeletingContainerUsingContainerResource, self
).setUp()
self.app = webtest.TestApp(app.PecanAPI(self.root))
self.app.extra_environ = get_barbican_env(self.tenant_keystone_id)
self.app.extra_environ = get_barbican_env(self.project_keystone_id)
@property
def root(self):
@@ -2084,22 +2086,22 @@ class WhenGettingOrDeletingContainerUsingContainerResource(FunctionalTest):
class RootController(object):
containers = controllers.containers.ContainersController(
self.tenant_repo, self.container_repo, self.secret_repo,
self.project_repo, self.container_repo, self.secret_repo,
self.consumer_repo
)
return RootController()
def _init(self):
self.tenant_keystone_id = 'keystoneid1234'
self.tenant_internal_id = 'tenantid1234'
self.project_keystone_id = 'keystoneid1234'
self.project_internal_id = 'projectid1234'
self.tenant = models.Tenant()
self.tenant.id = self.tenant_internal_id
self.tenant.keystone_id = self.tenant_keystone_id
self.project = models.Tenant()
self.project.id = self.project_internal_id
self.project.keystone_id = self.project_keystone_id
self.tenant_repo = mock.MagicMock()
self.tenant_repo.get.return_value = self.tenant
self.project_repo = mock.MagicMock()
self.project_repo.get.return_value = self.project
self.container = create_container(id_ref='id1')
@@ -2118,7 +2120,7 @@ class WhenGettingOrDeletingContainerUsingContainerResource(FunctionalTest):
self.container_repo.get.assert_called_once_with(
entity_id=self.container.id,
keystone_id=self.tenant_keystone_id,
keystone_id=self.project_keystone_id,
suppress_exception=True)
def test_should_delete_container(self):
@@ -2127,7 +2129,7 @@ class WhenGettingOrDeletingContainerUsingContainerResource(FunctionalTest):
))
self.container_repo.delete_entity_by_id.assert_called_once_with(
entity_id=self.container.id, keystone_id=self.tenant_keystone_id)
entity_id=self.container.id, keystone_id=self.project_keystone_id)
def test_should_throw_exception_for_get_when_container_not_found(self):
self.container_repo.get.return_value = None
@@ -2154,7 +2156,7 @@ class WhenCreatingConsumersUsingConsumersResource(FunctionalTest):
WhenCreatingConsumersUsingConsumersResource, self
).setUp()
self.app = webtest.TestApp(app.PecanAPI(self.root))
self.app.extra_environ = get_barbican_env(self.tenant_keystone_id)
self.app.extra_environ = get_barbican_env(self.project_keystone_id)
@property
def root(self):
@@ -2162,7 +2164,7 @@ class WhenCreatingConsumersUsingConsumersResource(FunctionalTest):
class RootController(object):
containers = controllers.containers.ContainersController(
self.tenant_repo, self.container_repo, self.secret_repo,
self.project_repo, self.container_repo, self.secret_repo,
self.consumer_repo
)
@@ -2191,16 +2193,16 @@ class WhenCreatingConsumersUsingConsumersResource(FunctionalTest):
'URL': 'http://consumer/1'
}
self.tenant_internal_id = 'tenantid1234'
self.tenant_keystone_id = 'keystoneid1234'
self.project_internal_id = 'projectid1234'
self.project_keystone_id = 'keystoneid1234'
self.container = create_container(id_ref='id1')
self.tenant = models.Tenant()
self.tenant.id = self.tenant_internal_id
self.tenant.keystone_id = self.tenant_keystone_id
self.project = models.Tenant()
self.project.id = self.project_internal_id
self.project.keystone_id = self.project_keystone_id
self.tenant_repo = mock.MagicMock()
self.tenant_repo.get.return_value = self.tenant
self.project_repo = mock.MagicMock()
self.project_repo.get.return_value = self.project
self.container_repo = mock.MagicMock()
self.container_repo.get.return_value = self.container
@@ -2221,7 +2223,7 @@ class WhenCreatingConsumersUsingConsumersResource(FunctionalTest):
self.consumer_ref
)
self.assertEqual(resp.status_int, 200)
self.assertNotIn(self.tenant_keystone_id, resp.headers['Location'])
self.assertNotIn(self.project_keystone_id, resp.headers['Location'])
args, kwargs = self.consumer_repo.create_from.call_args
consumer = args[0]
@@ -2260,7 +2262,7 @@ class WhenGettingOrDeletingConsumersUsingConsumerResource(FunctionalTest):
WhenGettingOrDeletingConsumersUsingConsumerResource, self
).setUp()
self.app = webtest.TestApp(app.PecanAPI(self.root))
self.app.extra_environ = get_barbican_env(self.tenant_keystone_id)
self.app.extra_environ = get_barbican_env(self.project_keystone_id)
@property
def root(self):
@@ -2268,22 +2270,22 @@ class WhenGettingOrDeletingConsumersUsingConsumerResource(FunctionalTest):
class RootController(object):
containers = controllers.containers.ContainersController(
self.tenant_repo, self.container_repo, self.secret_repo,
self.project_repo, self.container_repo, self.secret_repo,
self.consumer_repo
)
return RootController()
def _init(self):
self.tenant_keystone_id = 'keystoneid1234'
self.tenant_internal_id = 'tenantid1234'
self.project_keystone_id = 'keystoneid1234'
self.project_internal_id = 'projectid1234'
self.tenant = models.Tenant()
self.tenant.id = self.tenant_internal_id
self.tenant.keystone_id = self.tenant_keystone_id
self.project = models.Tenant()
self.project.id = self.project_internal_id
self.project.keystone_id = self.project_keystone_id
self.tenant_repo = mock.MagicMock()
self.tenant_repo.get.return_value = self.tenant
self.project_repo = mock.MagicMock()
self.project_repo.get.return_value = self.project
self.consumer_repo = mock.MagicMock()
@@ -2356,7 +2358,7 @@ class WhenGettingOrDeletingConsumersUsingConsumerResource(FunctionalTest):
), self.consumer_ref)
self.consumer_repo.delete_entity_by_id.assert_called_once_with(
self.consumer.id, self.tenant_keystone_id)
self.consumer.id, self.project_keystone_id)
def test_should_fail_deleting_consumer_bad_json(self):
resp = self.app.delete(
@@ -2402,14 +2404,14 @@ class WhenGettingContainersListUsingResource(FunctionalTest):
class RootController(object):
containers = controllers.containers.ContainersController(
self.tenant_repo, self.container_repo, self.secret_repo,
self.project_repo, self.container_repo, self.secret_repo,
self.consumer_repo
)
return RootController()
def _init(self):
self.tenant_id = 'tenant1234'
self.project_id = 'project1234'
self.keystone_id = 'keystoneid1234'
self.num_containers = 10
@@ -2424,7 +2426,7 @@ class WhenGettingContainersListUsingResource(FunctionalTest):
self.offset,
self.limit,
self.total)
self.tenant_repo = mock.MagicMock()
self.project_repo = mock.MagicMock()
self.secret_repo = mock.MagicMock()
self.consumer_repo = mock.MagicMock()

23
barbican/tests/api/test_resources_policy.py
View File

@@ -113,7 +113,7 @@ class BaseTestCase(utils.BaseTestCase):
kwargs = {
'user': None,
'tenant': None,
'project': None,
'roles': roles or [],
'policy_enforcer': self.policy_enforcer,
}
@@ -243,10 +243,9 @@ class WhenTestingSecretsResource(BaseTestCase):
._generate_get_error())
self.secret_repo.get_by_create_date = get_by_create_date
self.resource = SecretsResource(tenant_repo=mock.MagicMock(),
self.resource = SecretsResource(project_repo=mock.MagicMock(),
secret_repo=self.secret_repo,
tenant_secret_repo=mock
.MagicMock(),
project_secret_repo=mock.MagicMock(),
datum_repo=mock.MagicMock(),
kek_repo=mock.MagicMock(),
secret_meta_repo=mock.MagicMock(),
@@ -286,7 +285,7 @@ class WhenTestingSecretResource(BaseTestCase):
def setUp(self):
super(WhenTestingSecretResource, self).setUp()
self.keystone_id = '12345tenant'
self.keystone_id = '12345project'
self.secret_id = '12345secret'
# Force an error on GET and DELETE calls that pass RBAC,
@@ -298,7 +297,7 @@ class WhenTestingSecretResource(BaseTestCase):
self.secret_repo.delete_entity_by_id = fail_method
self.resource = SecretResource(self.secret_id,
tenant_repo=mock.MagicMock(),
project_repo=mock.MagicMock(),
secret_repo=self.secret_repo,
datum_repo=mock.MagicMock(),
kek_repo=mock.MagicMock(),
@@ -371,7 +370,7 @@ class WhenTestingOrdersResource(BaseTestCase):
._generate_get_error())
self.order_repo.get_by_create_date = get_by_create_date
self.resource = OrdersResource(tenant_repo=mock.MagicMock(),
self.resource = OrdersResource(project_repo=mock.MagicMock(),
order_repo=self.order_repo,
queue_resource=mock.MagicMock())
@@ -406,7 +405,7 @@ class WhenTestingOrderResource(BaseTestCase):
def setUp(self):
super(WhenTestingOrderResource, self).setUp()
self.keystone_id = '12345tenant'
self.keystone_id = '12345project'
self.order_id = '12345order'
# Force an error on GET and DELETE calls that pass RBAC,
@@ -450,7 +449,7 @@ class WhenTestingConsumersResource(BaseTestCase):
def setUp(self):
super(WhenTestingConsumersResource, self).setUp()
self.keystone_id = '12345tenant'
self.keystone_id = '12345project'
self.container_id = '12345container'
# Force an error on GET calls that pass RBAC, as we are not testing
@@ -462,7 +461,7 @@ class WhenTestingConsumersResource(BaseTestCase):
self.consumer_repo.get_by_container_id = get_by_container_id
self.resource = ConsumersResource(container_id=self.container_id,
tenant_repo=mock.MagicMock(),
project_repo=mock.MagicMock(),
consumer_repo=self.consumer_repo,
container_repo=mock.MagicMock())
@@ -511,7 +510,7 @@ class WhenTestingConsumerResource(BaseTestCase):
def setUp(self):
super(WhenTestingConsumerResource, self).setUp()
self.keystone_id = '12345tenant'
self.keystone_id = '12345project'
self.consumer_id = '12345consumer'
# Force an error on GET calls that pass RBAC, as we are not testing
@@ -522,7 +521,7 @@ class WhenTestingConsumerResource(BaseTestCase):
self.consumer_repo.get = fail_method
self.resource = ConsumerResource(consumer_id=self.consumer_id,
tenant_repo=mock.MagicMock(),
project_repo=mock.MagicMock(),
consumer_repo=self.consumer_repo)
def test_rules_should_be_loaded(self):

8
barbican/tests/api/test_transport_keys_resource.py
View File

@@ -37,7 +37,7 @@ def get_barbican_env(keystone_id):
kwargs = {'roles': None,
'user': None,
'tenant': keystone_id,
'project': keystone_id,
'is_admin': True,
'policy_enforcer': NoopPolicyEnforcer()}
barbican_env = {'barbican.context':
@@ -273,7 +273,7 @@ class WhenGettingOrDeletingTransKeyUsingTransportKeyResource(FunctionalTest):
WhenGettingOrDeletingTransKeyUsingTransportKeyResource, self
).setUp()
self.app = webtest.TestApp(app.PecanAPI(self.root))
self.app.extra_environ = get_barbican_env(self.tenant_keystone_id)
self.app.extra_environ = get_barbican_env(self.project_keystone_id)
@property
def root(self):
@@ -286,7 +286,7 @@ class WhenGettingOrDeletingTransKeyUsingTransportKeyResource(FunctionalTest):
return RootController()
def _init(self):
self.tenant_keystone_id = 'keystoneid1234'
self.project_keystone_id = 'keystoneid1234'
self.transport_key = SAMPLE_TRANSPORT_KEY
self.tkey_id = "id1"
@@ -314,7 +314,7 @@ class WhenGettingOrDeletingTransKeyUsingTransportKeyResource(FunctionalTest):
def test_should_delete_transport_key(self):
self.app.delete('/transport_keys/{0}/'.format(self.tkey.id))
self.repo.delete_entity_by_id.assert_called_once_with(
entity_id=self.tkey.id, keystone_id=self.tenant_keystone_id)
entity_id=self.tkey.id, keystone_id=self.project_keystone_id)
def test_should_throw_exception_for_delete_when_trans_key_not_found(self):
self.repo.delete_entity_by_id.side_effect = excep.NotFound(

82
barbican/tests/model/test_repositories.py
View File

@@ -53,13 +53,13 @@ class TestSecretRepository(RepositoryTestCase):
session = self.repo.get_session()
secret = self.repo.create_from(models.Secret(), session=session)
tenant = models.Tenant(keystone_id="my keystone id")
tenant.save(session=session)
tenant_secret = models.TenantSecret(
project = models.Tenant(keystone_id="my keystone id")
project.save(session=session)
project_secret = models.TenantSecret(
secret_id=secret.id,
tenant_id=tenant.id,
tenant_id=project.id,
)
tenant_secret.save(session=session)
project_secret.save(session=session)
secrets, offset, limit, total = self.repo.get_by_create_date(
"my keystone id",
@@ -82,18 +82,18 @@ class TestSecretRepository(RepositoryTestCase):
models.Secret(dict(name="name2")),
session=session,
)
tenant = models.Tenant(keystone_id="my keystone id")
tenant.save(session=session)
tenant_secret1 = models.TenantSecret(
project = models.Tenant(keystone_id="my keystone id")
project.save(session=session)
project_secret1 = models.TenantSecret(
secret_id=secret1.id,
tenant_id=tenant.id,
tenant_id=project.id,
)
tenant_secret1.save(session=session)
tenant_secret2 = models.TenantSecret(
project_secret1.save(session=session)
project_secret2 = models.TenantSecret(
secret_id=secret2.id,
tenant_id=tenant.id,
tenant_id=project.id,
)
tenant_secret2.save(session=session)
project_secret2.save(session=session)
secrets, offset, limit, total = self.repo.get_by_create_date(
"my keystone id",
@@ -117,18 +117,18 @@ class TestSecretRepository(RepositoryTestCase):
models.Secret(dict(algorithm="algorithm2")),
session=session,
)
tenant = models.Tenant(keystone_id="my keystone id")
tenant.save(session=session)
tenant_secret1 = models.TenantSecret(
project = models.Tenant(keystone_id="my keystone id")
project.save(session=session)
project_secret1 = models.TenantSecret(
secret_id=secret1.id,
tenant_id=tenant.id,
tenant_id=project.id,
)
tenant_secret1.save(session=session)
tenant_secret2 = models.TenantSecret(
project_secret1.save(session=session)
project_secret2 = models.TenantSecret(
secret_id=secret2.id,
tenant_id=tenant.id,
tenant_id=project.id,
)
tenant_secret2.save(session=session)
project_secret2.save(session=session)
secrets, offset, limit, total = self.repo.get_by_create_date(
"my keystone id",
@@ -152,18 +152,18 @@ class TestSecretRepository(RepositoryTestCase):
models.Secret(dict(mode="mode2")),
session=session,
)
tenant = models.Tenant(keystone_id="my keystone id")
tenant.save(session=session)
tenant_secret1 = models.TenantSecret(
project = models.Tenant(keystone_id="my keystone id")
project.save(session=session)
project_secret1 = models.TenantSecret(
secret_id=secret1.id,
tenant_id=tenant.id,
tenant_id=project.id,
)
tenant_secret1.save(session=session)
tenant_secret2 = models.TenantSecret(
project_secret1.save(session=session)
project_secret2 = models.TenantSecret(
secret_id=secret2.id,
tenant_id=tenant.id,
tenant_id=project.id,
)
tenant_secret2.save(session=session)
project_secret2.save(session=session)
secrets, offset, limit, total = self.repo.get_by_create_date(
"my keystone id",
@@ -187,18 +187,18 @@ class TestSecretRepository(RepositoryTestCase):
models.Secret(dict(bit_length=2048)),
session=session,
)
tenant = models.Tenant(keystone_id="my keystone id")
tenant.save(session=session)
tenant_secret1 = models.TenantSecret(
project = models.Tenant(keystone_id="my keystone id")
project.save(session=session)
project_secret1 = models.TenantSecret(
secret_id=secret1.id,
tenant_id=tenant.id,
tenant_id=project.id,
)
tenant_secret1.save(session=session)
tenant_secret2 = models.TenantSecret(
project_secret1.save(session=session)
project_secret2 = models.TenantSecret(
secret_id=secret2.id,
tenant_id=tenant.id,
tenant_id=project.id,
)
tenant_secret2.save(session=session)
project_secret2.save(session=session)
secrets, offset, limit, total = self.repo.get_by_create_date(
"my keystone id",
@@ -300,7 +300,7 @@ class WhenCleaningRepositoryPagingParameters(utils.BaseTestCase):
def test_should_raise_exception_create_kek_datum_with_null_name(self):
repositories._ENGINE = mock.MagicMock()
tenant = mock.MagicMock(id="1")
project = mock.MagicMock(id="1")
plugin_name = None
suppress_exception = False
session = mock.MagicMock()
@@ -308,12 +308,12 @@ class WhenCleaningRepositoryPagingParameters(utils.BaseTestCase):
kek_repo = repositories.KEKDatumRepo()
self.assertRaises(exception.BarbicanException,
kek_repo.find_or_create_kek_datum, tenant,
kek_repo.find_or_create_kek_datum, project,
plugin_name, suppress_exception, session)
def test_should_raise_exception_create_kek_datum_with_empty_name(self):
repositories._ENGINE = mock.MagicMock()
tenant = mock.MagicMock(id="1")
project = mock.MagicMock(id="1")
plugin_name = ""
suppress_exception = False
session = mock.MagicMock()
@@ -321,5 +321,5 @@ class WhenCleaningRepositoryPagingParameters(utils.BaseTestCase):
kek_repo = repositories.KEKDatumRepo()
self.assertRaises(exception.BarbicanException,
kek_repo.find_or_create_kek_datum, tenant,
kek_repo.find_or_create_kek_datum, project,
plugin_name, suppress_exception, session)

14
barbican/tests/plugin/crypto/test_crypto.py
View File

@@ -75,7 +75,7 @@ class WhenTestingSimpleCryptoPlugin(utils.BaseTestCase):
self.plugin = simple.SimpleCryptoPlugin()
def _get_mocked_kek_meta_dto(self):
# For SimpleCryptoPlugin, per-tenant KEKs are stored in
# For SimpleCryptoPlugin, per-project KEKs are stored in
# kek_meta_dto.plugin_meta. SimpleCryptoPlugin does a get-or-create
# on the plugin_meta field, so plugin_meta should be None initially.
kek_meta_dto = plugin.KEKMetaDTO(mock.MagicMock())
@@ -106,12 +106,12 @@ class WhenTestingSimpleCryptoPlugin(utils.BaseTestCase):
decrypt response cypher_text
Compare with unencrypted
"""
tenant_kek = fernet.Fernet.generate_key()
project_kek = fernet.Fernet.generate_key()
encryptor = fernet.Fernet(self.plugin.master_kek)
ENC_tenant_kek = encryptor.encrypt(tenant_kek)
UENC_tenant_kek = six.u(ENC_tenant_kek)
ENC_project_kek = encryptor.encrypt(project_kek)
UENC_project_kek = six.u(ENC_project_kek)
kek_meta_dto = self._get_mocked_kek_meta_dto()
kek_meta_dto.plugin_meta = UENC_tenant_kek
kek_meta_dto.plugin_meta = UENC_project_kek
unencrypted = 'PlainTextSecret'
encrypt_dto = plugin.EncryptDTO(unencrypted)
@@ -119,8 +119,8 @@ class WhenTestingSimpleCryptoPlugin(utils.BaseTestCase):
kek_meta_dto,
mock.MagicMock())
tenant_encryptor = fernet.Fernet(tenant_kek)
decrypted = tenant_encryptor.decrypt(response_dto.cypher_text)
project_encryptor = fernet.Fernet(project_kek)
decrypted = project_encryptor.decrypt(response_dto.cypher_text)
self.assertEqual(unencrypted, decrypted)
def test_decrypt_kek_not_created(self):

16
barbican/tests/plugin/test_resource.py
View File

@@ -30,7 +30,7 @@ class WhenTestingPluginResource(testtools.TestCase):
'passphrase': 'changeit'
}
self.content_type = 'application/octet-stream'
self.tenant_model = mock.MagicMock()
self.project_model = mock.MagicMock()
asymmetric_meta_dto = secret_store.AsymmetricKeyMetadataDTO()
# Mock plug-in
self.generate_plugin = mock.MagicMock()
@@ -50,24 +50,24 @@ class WhenTestingPluginResource(testtools.TestCase):
self.gen_plugin_patcher.start()
self.addCleanup(self.gen_plugin_patcher.stop)
tenant_repo = mock.MagicMock()
project_repo = mock.MagicMock()
secret_repo = mock.MagicMock()
secret_repo.create_from.return_value = None
container_repo = mock.MagicMock()
container_repo.create_from.return_value = None
container_secret_repo = mock.MagicMock()
container_secret_repo.create_from.return_value = None
tenant_secret_repo = mock.MagicMock()
tenant_secret_repo.create_from.return_value = None
project_secret_repo = mock.MagicMock()
project_secret_repo.create_from.return_value = None
secret_meta_repo = mock.MagicMock()
secret_meta_repo.create_from.return_value = None
self.repos = repo.Repositories(container_repo=container_repo,
container_secret_repo=
container_secret_repo,
tenant_repo=tenant_repo,
project_repo=project_repo,
secret_repo=secret_repo,
tenant_secret_repo=tenant_secret_repo,
project_secret_repo=project_secret_repo,
secret_meta_repo=secret_meta_repo)
def tearDown(self):
@@ -79,7 +79,7 @@ class WhenTestingPluginResource(testtools.TestCase):
self.plugin_resource.\
generate_asymmetric_secret(self.spec,
self.content_type,
self.tenant_model,
self.project_model,
self.repos)
self.assertEqual("rsa", secret_container.type)
@@ -98,7 +98,7 @@ class WhenTestingPluginResource(testtools.TestCase):
self.plugin_resource.\
generate_asymmetric_secret(self.spec,
self.content_type,
self.tenant_model,
self.project_model,
self.repos)
self.assertEqual("rsa", secret_container.type)

115
barbican/tests/plugin/test_store_crypto.py
View File

@@ -40,9 +40,9 @@ class TestSecretStoreBase(testtools.TestCase):
self.spec_rsa = secret_store.KeySpec(
'RSA', 1024, passphrase='changeit')
self.tenant_model = mock.MagicMock()
self.tenant_model.id = 'tenant-model-id'
self.tenant_model.keystone_id = self.project_id
self.project_model = mock.MagicMock()
self.project_model.id = 'project-model-id'
self.project_model.keystone_id = self.project_id
self.secret_dto = secret_store.SecretDTO(
secret_store.SecretType.SYMMETRIC,
self.secret,
@@ -55,16 +55,17 @@ class TestSecretStoreBase(testtools.TestCase):
self.public_key_dto = crypto.ResponseDTO(self.cypher_text)
self.passphrase_dto = crypto.ResponseDTO(self.cypher_text)
self.kek_meta_tenant_model = models.KEKDatum()
self.kek_meta_tenant_model.plugin_name = 'plugin-name'
self.kek_meta_tenant_model.kek_label = 'kek-meta-label'
self.kek_meta_tenant_model.algorithm = 'kek-meta-algo'
self.kek_meta_tenant_model.bit_length = 1024
self.kek_meta_tenant_model.mode = 'kek=meta-mode'
self.kek_meta_tenant_model.plugin_meta = 'kek-meta-plugin-meta'
self.kek_meta_project_model = models.KEKDatum()
self.kek_meta_project_model.plugin_name = 'plugin-name'
self.kek_meta_project_model.kek_label = 'kek-meta-label'
self.kek_meta_project_model.algorithm = 'kek-meta-algo'
self.kek_meta_project_model.bit_length = 1024
self.kek_meta_project_model.mode = 'kek=meta-mode'
self.kek_meta_project_model.plugin_meta = 'kek-meta-plugin-meta'
self.encrypted_datum_model = models.EncryptedDatum()
self.encrypted_datum_model.kek_meta_tenant = self.kek_meta_tenant_model
self.encrypted_datum_model.kek_meta_tenant = (
self.kek_meta_project_model)
self.encrypted_datum_model.cypher_text = base64.b64encode(
'cypher_text')
self.encrypted_datum_model.content_type = 'content_type'
@@ -82,7 +83,7 @@ class TestSecretStoreBase(testtools.TestCase):
self.context = store_crypto.StoreCryptoContext(
secret_model=self.secret_model,
tenant_model=self.tenant_model,
project_model=self.project_model,
content_type=self.content_type)
def tearDown(self):
@@ -92,7 +93,7 @@ class TestSecretStoreBase(testtools.TestCase):
def init_patchers(self):
self._config_get_secret_repository()
self._config_get_tenant_secret_repository()
self._config_get_project_secret_repository()
self._config_get_encrypted_datum_repository()
self._config_get_kek_datum_repository()
@@ -115,19 +116,19 @@ class TestSecretStoreBase(testtools.TestCase):
)
self._start_patcher(self.get_secret_repository_patcher)
def _config_get_tenant_secret_repository(self):
"""Mock the get_tenant_secret_repository() factory function."""
self.tenant_secret_repo = mock.MagicMock()
self.tenant_secret_repo.create_from.return_value = None
def _config_get_project_secret_repository(self):
"""Mock the get_project_secret_repository() factory function."""
self.project_secret_repo = mock.MagicMock()
self.project_secret_repo.create_from.return_value = None
get_tenant_secret_repository_config = {
'return_value': self.tenant_secret_repo
get_project_secret_repository_config = {
'return_value': self.project_secret_repo
}
self.get_tenant_secret_repository_patcher = mock.patch(
'barbican.model.repositories.get_tenant_secret_repository',
**get_tenant_secret_repository_config
self.get_project_secret_repository_patcher = mock.patch(
'barbican.model.repositories.get_project_secret_repository',
**get_project_secret_repository_config
)
self._start_patcher(self.get_tenant_secret_repository_patcher)
self._start_patcher(self.get_project_secret_repository_patcher)
def _config_get_encrypted_datum_repository(self):
"""Mock the get_encrypted_datum_repository() factory function."""
@@ -146,7 +147,7 @@ class TestSecretStoreBase(testtools.TestCase):
def _config_get_kek_datum_repository(self):
"""Mock the get_kek_datum_repository() factory function."""
kek_model = self.kek_meta_tenant_model
kek_model = self.kek_meta_project_model
self.kek_repo = mock.MagicMock()
self.kek_repo.find_or_create_kek_datum.return_value = kek_model
@@ -238,7 +239,7 @@ class WhenTestingStoreCrypto(TestSecretStoreBase):
self.assertIsInstance(test_kek_meta, crypto.KEKMetaDTO)
self.assertEqual(
self.kek_meta_tenant_model.plugin_name, test_kek_meta.plugin_name)
self.kek_meta_project_model.plugin_name, test_kek_meta.plugin_name)
self.assertEqual(
self.encrypted_datum_model.kek_meta_extended,
@@ -440,7 +441,7 @@ class WhenTestingStoreCrypto(TestSecretStoreBase):
self.kek_meta_dto = mock.MagicMock()
find_or_create_kek_objects_config = {
'return_value': (
self.kek_meta_tenant_model, self.kek_meta_dto),
self.kek_meta_project_model, self.kek_meta_dto),
}
self.find_or_create_kek_objects_patcher = mock.patch(
'barbican.plugin.store_crypto._find_or_create_kek_objects',
@@ -516,30 +517,30 @@ class WhenTestingStoreCryptoFindOrCreateKekObjects(TestSecretStoreBase):
self._config_private_methods()
def test_kek_bind_completed(self):
self.kek_meta_tenant_model.bind_completed = True
self.kek_meta_project_model.bind_completed = True
plugin_inst = self
kek_model, kek_meta_dto = store_crypto._find_or_create_kek_objects(
plugin_inst, self.tenant_model)
plugin_inst, self.project_model)
# Verify returns.
self.assertEqual(self.kek_meta_tenant_model, kek_model)
self.assertEqual(self.kek_meta_project_model, kek_model)
self.assertIsInstance(kek_meta_dto, crypto.KEKMetaDTO)
# Verify the KEK repository interactions.
self._verify_kek_repository_interactions(plugin_inst)
def test_kek_bind_not_completed(self):
self.kek_meta_tenant_model.bind_completed = False
self.kek_meta_project_model.bind_completed = False
test_kek_metadata = 'metadata'
plugin_inst = mock.MagicMock()
plugin_inst.bind_kek_metadata.return_value = test_kek_metadata
kek_model, kek_meta_dto = store_crypto._find_or_create_kek_objects(
plugin_inst, self.tenant_model)
plugin_inst, self.project_model)
# Verify returns.
self.assertEqual(self.kek_meta_tenant_model, kek_model)
self.assertEqual(self.kek_meta_project_model, kek_model)
self.assertEqual(test_kek_metadata, kek_meta_dto)
# Verify the KEK repository interactions.
@@ -554,10 +555,10 @@ class WhenTestingStoreCryptoFindOrCreateKekObjects(TestSecretStoreBase):
self.kek_repo.save.call_count, 1)
args, kwargs = self.kek_repo.save.call_args
kek_model = args[0]
self.assertEqual(self.kek_meta_tenant_model, kek_model)
self.assertEqual(self.kek_meta_project_model, kek_model)
def test_kek_raise_no_kek_bind_not_completed(self):
self.kek_meta_tenant_model.bind_completed = False
self.kek_meta_project_model.bind_completed = False
plugin_inst = mock.MagicMock()
plugin_inst.bind_kek_metadata.return_value = None
@@ -565,16 +566,16 @@ class WhenTestingStoreCryptoFindOrCreateKekObjects(TestSecretStoreBase):
crypto.CryptoKEKBindingException,
store_crypto._find_or_create_kek_objects,
plugin_inst,
self.tenant_model)
self.project_model)
def _verify_kek_repository_interactions(self, plugin_inst):
"""Verify the KEK repository interactions."""
self.assertEqual(
self.kek_repo.find_or_create_kek_datum.call_count, 1)
args, kwargs = self.kek_repo.find_or_create_kek_datum.call_args
test_tenant_model = args[0]
test_project_model = args[0]
test_full_plugin_name = args[1]
self.assertEqual(self.tenant_model, test_tenant_model)
self.assertEqual(self.project_model, test_project_model)
plugin_name = utils.generate_fullname_for(plugin_inst)
self.assertEqual(plugin_name, test_full_plugin_name)
@@ -607,19 +608,19 @@ class WhenTestingStoreCryptoStoreSecretAndDatum(TestSecretStoreBase):
store_crypto._store_secret_and_datum(
self.context,
self.secret_model,
self.kek_meta_tenant_model,
self.kek_meta_project_model,
self.response_dto)
# Verify the repository interactions.
self._verify_secret_repository_interactions()
self._verify_tenant_secret_repository_interactions()
self._verify_project_secret_repository_interactions()
self._verify_encrypted_datum_repository_interactions()
def test_with_existing_secret(self):
store_crypto._store_secret_and_datum(
self.context,
self.secret_model,
self.kek_meta_tenant_model,
self.kek_meta_project_model,
self.response_dto)
# Verify the repository interactions.
@@ -629,7 +630,7 @@ class WhenTestingStoreCryptoStoreSecretAndDatum(TestSecretStoreBase):
self.assertEqual(
self.secret_repo.create_from.call_count, 0)
self.assertEqual(
self.tenant_secret_repo.create_from.call_count, 0)
self.project_secret_repo.create_from.call_count, 0)
def _verify_secret_repository_interactions(self):
"""Verify the secret repository interactions."""
@@ -639,17 +640,17 @@ class WhenTestingStoreCryptoStoreSecretAndDatum(TestSecretStoreBase):
test_secret_model = args[0]
self.assertEqual(self.secret_model, test_secret_model)
def _verify_tenant_secret_repository_interactions(self):
"""Verify the tenant-secret repository interactions."""
def _verify_project_secret_repository_interactions(self):
"""Verify the project-secret repository interactions."""
self.assertEqual(
self.tenant_secret_repo.create_from.call_count, 1)
args, kwargs = self.tenant_secret_repo.create_from.call_args
test_tenant_secret_model = args[0]
self.assertIsInstance(test_tenant_secret_model, models.TenantSecret)
self.project_secret_repo.create_from.call_count, 1)
args, kwargs = self.project_secret_repo.create_from.call_args
test_project_secret_model = args[0]
self.assertIsInstance(test_project_secret_model, models.TenantSecret)
self.assertEqual(
self.context.tenant_model.id, test_tenant_secret_model.tenant_id)
self.context.project_model.id, test_project_secret_model.tenant_id)
self.assertEqual(
models.States.ACTIVE, test_tenant_secret_model.status)
models.States.ACTIVE, test_project_secret_model.status)
def _verify_encrypted_datum_repository_interactions(self):
"""Verify the encrypted datum repository interactions."""
@@ -671,18 +672,18 @@ class WhenTestingStoreCryptoIndicateBindCompleted(TestSecretStoreBase):
"""Tests store_crypto.py's _indicate_bind_completed() function."""
def test_bind_operation(self):
kek_meta_dto = crypto.KEKMetaDTO(self.kek_meta_tenant_model)
self.kek_meta_tenant_model.bind_completed = False
kek_meta_dto = crypto.KEKMetaDTO(self.kek_meta_project_model)
self.kek_meta_project_model.bind_completed = False
store_crypto._indicate_bind_completed(
kek_meta_dto, self.kek_meta_tenant_model)
kek_meta_dto, self.kek_meta_project_model)
self.assertTrue(self.kek_meta_tenant_model.bind_completed)
self.assertTrue(self.kek_meta_project_model.bind_completed)
self.assertEqual(
kek_meta_dto.algorithm, self.kek_meta_tenant_model.algorithm)
kek_meta_dto.algorithm, self.kek_meta_project_model.algorithm)
self.assertEqual(
kek_meta_dto.bit_length, self.kek_meta_tenant_model.bit_length)
kek_meta_dto.bit_length, self.kek_meta_project_model.bit_length)
self.assertEqual(
kek_meta_dto.mode, self.kek_meta_tenant_model.mode)
kek_meta_dto.mode, self.kek_meta_project_model.mode)
self.assertEqual(
kek_meta_dto.plugin_meta, self.kek_meta_tenant_model.plugin_meta)
kek_meta_dto.plugin_meta, self.kek_meta_project_model.plugin_meta)

14
barbican/tests/tasks/test_certificate_resources.py
View File

@@ -120,7 +120,7 @@ class WhenIssuingCertificateRequests(utils.BaseTestCase):
self.order_model.meta = self.order_meta
self.order_model.tenant_id = self.project_id
self.repos = mock.MagicMock()
self.tenant_model = mock.MagicMock()
self.project_model = mock.MagicMock()
self._config_cert_plugin()
self._config_cert_event_plugin()
@@ -138,7 +138,7 @@ class WhenIssuingCertificateRequests(utils.BaseTestCase):
self.result.status = cert_man.CertificateStatus.WAITING_FOR_CA
cert_res.issue_certificate_request(self.order_model,
self.tenant_model,
self.project_model,
self.repos)
self._verify_issue_certificate_plugins_called()
@@ -147,7 +147,7 @@ class WhenIssuingCertificateRequests(utils.BaseTestCase):
self.result.status = cert_man.CertificateStatus.CERTIFICATE_GENERATED
cert_res.issue_certificate_request(self.order_model,
self.tenant_model,
self.project_model,
self.repos)
self._verify_issue_certificate_plugins_called()
@@ -159,7 +159,7 @@ class WhenIssuingCertificateRequests(utils.BaseTestCase):
cert_man.CertificateStatusClientDataIssue,
cert_res.issue_certificate_request,
self.order_model,
self.tenant_model,
self.project_model,
self.repos
)
@@ -170,7 +170,7 @@ class WhenIssuingCertificateRequests(utils.BaseTestCase):
cert_man.CertificateStatusInvalidOperation,
cert_res.issue_certificate_request,
self.order_model,
self.tenant_model,
self.project_model,
self.repos
)
@@ -184,7 +184,7 @@ class WhenIssuingCertificateRequests(utils.BaseTestCase):
order_ref = hrefs.convert_order_to_href(self.order_id)
cert_res.issue_certificate_request(self.order_model,
self.tenant_model,
self.project_model,
self.repos)
self._verify_issue_certificate_plugins_called()
@@ -204,7 +204,7 @@ class WhenIssuingCertificateRequests(utils.BaseTestCase):
cert_man.CertificateStatusNotSupported,
cert_res.issue_certificate_request,
self.order_model,
self.tenant_model,
self.project_model,
self.repos
)

52
barbican/tests/tasks/test_keystone_consumer.py
View File

@@ -60,20 +60,20 @@ class WhenUsingKeystoneEventConsumer(listener_test.UtilMixin,
rep.configure_db()
self.repos = rep.Repositories(
tenant_repo=None, tenant_secret_repo=None, secret_repo=None,
project_repo=None, project_secret_repo=None, secret_repo=None,
datum_repo=None, kek_repo=None, secret_meta_repo=None,
order_repo=None, order_plugin_meta_repo=None,
transport_key_repo=None, container_repo=None,
container_secret_repo=None)
self.project1_data = c_resources.get_or_create_tenant(
self.project_id1, self.repos.tenant_repo)
self.project1_data = c_resources.get_or_create_project(
self.project_id1, self.repos.project_repo)
self.assertIsNotNone(self.project1_data)
self.engine = rep.get_engine()
self.project2_data = c_resources.get_or_create_tenant(
self.project_id2, self.repos.tenant_repo)
self.project2_data = c_resources.get_or_create_project(
self.project_id2, self.repos.project_repo)
self.assertIsNotNone(self.project2_data)
def _create_secret_for_project(self, project_data):
@@ -99,9 +99,9 @@ class WhenUsingKeystoneEventConsumer(listener_test.UtilMixin,
self.assertEqual(1, len(db_secrets))
self.assertEqual(secret.id, db_secrets[0].id)
db_tenant_secret = self.repos.tenant_secret_repo.get_project_entities(
project2_id)
self.assertEqual(1, len(db_tenant_secret))
db_project_secret = (
self.repos.project_secret_repo.get_project_entities(project2_id))
self.assertEqual(1, len(db_project_secret))
db_kek = self.repos.kek_repo.get_project_entities(project2_id)
self.assertEqual(1, len(db_kek))
@@ -145,9 +145,9 @@ class WhenUsingKeystoneEventConsumer(listener_test.UtilMixin,
entity_id=secret_metadata_id)
self.assertIsNotNone(db_secret_store_meta)
db_tenant_secret = self.repos.tenant_secret_repo.get_project_entities(
project1_id)
self.assertEqual(1, len(db_tenant_secret))
db_project_secret = (
self.repos.project_secret_repo.get_project_entities(project1_id))
self.assertEqual(1, len(db_project_secret))
db_kek = self.repos.kek_repo.get_project_entities(project1_id)
self.assertEqual(1, len(db_kek))
@@ -170,8 +170,8 @@ class WhenUsingKeystoneEventConsumer(listener_test.UtilMixin,
keystone_id=self.project_id1)
self.assertIn(secret_id, str(ex))
# After project entities delete, make sure tenant_secret is not found
entities = self.repos.tenant_secret_repo.get_project_entities(
# After project entities delete, make sure project_secret is not found
entities = self.repos.project_secret_repo.get_project_entities(
project1_id)
self.assertEqual(0, len(entities))
@@ -179,8 +179,8 @@ class WhenUsingKeystoneEventConsumer(listener_test.UtilMixin,
entities = self.repos.kek_repo.get_project_entities(project1_id)
self.assertEqual(0, len(entities))
db_tenant = self.repos.tenant_repo.get_project_entities(project1_id)
self.assertEqual(0, len(db_tenant))
db_project = self.repos.project_repo.get_project_entities(project1_id)
self.assertEqual(0, len(db_project))
# Should have deleted SecretStoreMetadatum via children delete
ex = self.assertRaises(exception.NotFound,
@@ -216,7 +216,7 @@ class WhenUsingKeystoneEventConsumer(listener_test.UtilMixin,
project1_id = self.project1_data.id
# sqlalchemy error is suppressed here
no_error = self.repos.tenant_repo.delete_project_entities(
no_error = self.repos.project_repo.delete_project_entities(
project1_id, suppress_exception=True)
self.assertIsNone(no_error)
@@ -232,7 +232,7 @@ class WhenUsingKeystoneEventConsumer(listener_test.UtilMixin,
project1_id = self.project1_data.id
# sqlalchemy error is not suppressed here
self.assertRaises(exception.BarbicanException,
self.repos.tenant_repo.delete_project_entities,
self.repos.project_repo.delete_project_entities,
project1_id, suppress_exception=False)
def test_delete_project_entities_not_impl_error_suppress_exception_true(
@@ -262,7 +262,7 @@ class WhenUsingKeystoneEventConsumer(listener_test.UtilMixin,
project1_id, suppress_exception=False)
@mock.patch.object(consumer.KeystoneEventConsumer, 'handle_error')
@mock.patch.object(rep.TenantRepo, 'delete_project_entities',
@mock.patch.object(rep.ProjectRepo, 'delete_project_entities',
side_effect=exception.BarbicanException)
def test_rollback_with_error_during_project_cleanup(self, mock_delete,
mock_handle_error):
@@ -279,9 +279,9 @@ class WhenUsingKeystoneEventConsumer(listener_test.UtilMixin,
self.assertEqual(1, len(db_secrets))
self.assertEqual(secret.id, db_secrets[0].id)
db_tenant_secret = self.repos.tenant_secret_repo.get_project_entities(
project1_id)
self.assertEqual(1, len(db_tenant_secret))
db_project_secret = (
self.repos.project_secret_repo.get_project_entities(project1_id))
self.assertEqual(1, len(db_project_secret))
db_kek = self.repos.kek_repo.get_project_entities(project1_id)
self.assertEqual(1, len(db_kek))
@@ -307,12 +307,12 @@ class WhenUsingKeystoneEventConsumer(listener_test.UtilMixin,
self.assertEqual(1, len(db_secrets))
self.assertEqual(secret_id, db_secrets[0].id)
db_tenant_secret = self.repos.tenant_secret_repo.get_project_entities(
project1_id)
self.assertEqual(1, len(db_tenant_secret))
db_project_secret = (
self.repos.project_secret_repo.get_project_entities(project1_id))
self.assertEqual(1, len(db_project_secret))
db_kek = self.repos.kek_repo.get_project_entities(project1_id)
self.assertEqual(1, len(db_kek))
db_tenant = self.repos.tenant_repo.get_project_entities(project1_id)
self.assertEqual(1, len(db_tenant))
db_project = self.repos.project_repo.get_project_entities(project1_id)
self.assertEqual(1, len(db_project))

64
barbican/tests/tasks/test_resources.py
View File

@@ -41,15 +41,15 @@ class WhenBeginningKeyTypeOrder(utils.BaseTestCase):
self.order.meta = self.meta
self.keystone_id = 'keystone1234'
self.tenant_id = 'tenantid1234'
self.tenant = models.Tenant()
self.tenant.id = self.tenant_id
self.tenant.keystone_id = self.keystone_id
self.tenant_repo = mock.MagicMock()
self.tenant_repo.get.return_value = self.tenant
self.project_id = 'projectid1234'
self.project = models.Tenant()
self.project.id = self.project_id
self.project.keystone_id = self.keystone_id
self.project_repo = mock.MagicMock()
self.project_repo.get.return_value = self.project
self.order.status = models.States.PENDING
self.order.tenant_id = self.tenant_id
self.order.project_id = self.project_id
self.order_repo = mock.MagicMock()
self.order_repo.get.return_value = self.order
@@ -63,8 +63,8 @@ class WhenBeginningKeyTypeOrder(utils.BaseTestCase):
self.secret_repo = mock.MagicMock()
self.secret_repo.create_from.return_value = None
self.tenant_secret_repo = mock.MagicMock()
self.tenant_secret_repo.create_from.return_value = None
self.project_secret_repo = mock.MagicMock()
self.project_secret_repo.create_from.return_value = None
self.datum_repo = mock.MagicMock()
self.datum_repo.create_from.return_value = None
@@ -81,10 +81,10 @@ class WhenBeginningKeyTypeOrder(utils.BaseTestCase):
self.secret_meta_repo = mock.MagicMock()
self.resource = resources.BeginTypeOrder(self.tenant_repo,
self.resource = resources.BeginTypeOrder(self.project_repo,
self.order_repo,
self.secret_repo,
self.tenant_secret_repo,
self.project_secret_repo,
self.datum_repo,
self.kek_repo,
self.secret_meta_repo,
@@ -106,7 +106,7 @@ class WhenBeginningKeyTypeOrder(utils.BaseTestCase):
secret_info,
secret_info.get('payload_content_type',
'application/octet-stream'),
self.tenant,
self.project,
mock.ANY
)
@@ -127,8 +127,8 @@ class WhenBeginningKeyTypeOrder(utils.BaseTestCase):
def test_should_fail_during_processing(self):
# Force an error during the processing handler phase.
self.tenant_repo.get = mock.MagicMock(return_value=None,
side_effect=ValueError())
self.project_repo.get = mock.MagicMock(return_value=None,
side_effect=ValueError())
self.assertRaises(
ValueError,
@@ -162,8 +162,8 @@ class WhenBeginningKeyTypeOrder(utils.BaseTestCase):
# error in processing handler phase.
# Force an error during the processing handler phase.
self.tenant_repo.get = mock.MagicMock(return_value=None,
side_effect=TypeError())
self.project_repo.get = mock.MagicMock(return_value=None,
side_effect=TypeError())
# Force exception in the error-reporting phase.
self.order_repo.save = mock.MagicMock(return_value=None,
@@ -197,15 +197,15 @@ class WhenBeginningAsymmetricTypeOrder(utils.BaseTestCase):
self.order.meta = self.meta
self.keystone_id = 'keystone1234'
self.tenant_id = 'tenantid1234'
self.tenant = models.Tenant()
self.tenant.id = self.tenant_id
self.tenant.keystone_id = self.keystone_id
self.tenant_repo = mock.MagicMock()
self.tenant_repo.get.return_value = self.tenant
self.project_id = 'projectid1234'
self.project = models.Tenant()
self.project.id = self.project_id
self.project.keystone_id = self.keystone_id
self.project_repo = mock.MagicMock()
self.project_repo.get.return_value = self.project
self.order.status = models.States.PENDING
self.order.tenant_id = self.tenant_id
self.order.project_id = self.project_id
self.order_repo = mock.MagicMock()
self.order_repo.get.return_value = self.order
@@ -217,8 +217,8 @@ class WhenBeginningAsymmetricTypeOrder(utils.BaseTestCase):
self.secret_repo = mock.MagicMock()
self.secret_repo.create_from.return_value = None
self.tenant_secret_repo = mock.MagicMock()
self.tenant_secret_repo.create_from.return_value = None
self.project_secret_repo = mock.MagicMock()
self.project_secret_repo.create_from.return_value = None
self.datum_repo = mock.MagicMock()
self.datum_repo.create_from.return_value = None
@@ -234,10 +234,10 @@ class WhenBeginningAsymmetricTypeOrder(utils.BaseTestCase):
self.container_secret_repo.create_from.return_value = None
self.container = models.Container()
self.resource = resources.BeginTypeOrder(self.tenant_repo,
self.resource = resources.BeginTypeOrder(self.project_repo,
self.order_repo,
self.secret_repo,
self.tenant_secret_repo,
self.project_secret_repo,
self.datum_repo,
self.kek_repo,
self.secret_meta_repo,
@@ -260,7 +260,7 @@ class WhenBeginningAsymmetricTypeOrder(utils.BaseTestCase):
secret_info,
secret_info.get('payload_content_type',
'application/octet-stream'),
self.tenant,
self.project,
mock.ANY
)
@@ -281,8 +281,8 @@ class WhenBeginningAsymmetricTypeOrder(utils.BaseTestCase):
def test_should_fail_during_processing(self):
# Force an error during the processing handler phase.
self.tenant_repo.get = mock.MagicMock(return_value=None,
side_effect=ValueError())
self.project_repo.get = mock.MagicMock(return_value=None,
side_effect=ValueError())
self.assertRaises(
ValueError,
@@ -316,8 +316,8 @@ class WhenBeginningAsymmetricTypeOrder(utils.BaseTestCase):
# error in processing handler phase.
# Force an error during the processing handler phase.
self.tenant_repo.get = mock.MagicMock(return_value=None,
side_effect=TypeError())
self.project_repo.get = mock.MagicMock(return_value=None,
side_effect=TypeError())
# Force exception in the error-reporting phase.
self.order_repo.save = mock.MagicMock(return_value=None,