236 lines
9.4 KiB
Python
236 lines
9.4 KiB
Python
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
import mock
|
|
import six
|
|
|
|
from heat.common import exception
|
|
from heat.common import template_format
|
|
from heat.engine.resources.openstack.barbican import order
|
|
from heat.engine import rsrc_defn
|
|
from heat.engine import scheduler
|
|
from heat.tests import common
|
|
from heat.tests import utils
|
|
|
|
stack_template = '''
|
|
heat_template_version: 2013-05-23
|
|
description: Test template
|
|
resources:
|
|
order:
|
|
type: OS::Barbican::Order
|
|
properties:
|
|
name: foobar-order
|
|
algorithm: aes
|
|
bit_length: 256
|
|
mode: cbc
|
|
type: key
|
|
'''
|
|
|
|
|
|
class FakeOrder(object):
|
|
|
|
def __init__(self, name):
|
|
self.name = name
|
|
|
|
def submit(self):
|
|
return self.name
|
|
|
|
|
|
class TestOrder(common.HeatTestCase):
|
|
|
|
def setUp(self):
|
|
super(TestOrder, self).setUp()
|
|
tmpl = template_format.parse(stack_template)
|
|
self.stack = utils.parse_stack(tmpl)
|
|
|
|
resource_defns = self.stack.t.resource_definitions(self.stack)
|
|
self.res_template = resource_defns['order']
|
|
self.props = tmpl['resources']['order']['properties']
|
|
|
|
self.patcher_client = mock.patch.object(order.Order, 'client')
|
|
mock_client = self.patcher_client.start()
|
|
self.barbican = mock_client.return_value
|
|
|
|
def tearDown(self):
|
|
super(TestOrder, self).tearDown()
|
|
self.patcher_client.stop()
|
|
|
|
def _create_resource(self, name, snippet, stack):
|
|
res = order.Order(name, snippet, stack)
|
|
res.check_create_complete = mock.Mock(return_value=True)
|
|
self.barbican.orders.create.return_value = FakeOrder(name)
|
|
scheduler.TaskRunner(res.create)()
|
|
return res
|
|
|
|
def test_create_order(self):
|
|
res = self._create_resource('foo', self.res_template, self.stack)
|
|
expected_state = (res.CREATE, res.COMPLETE)
|
|
self.assertEqual(expected_state, res.state)
|
|
args = self.barbican.orders.create.call_args[1]
|
|
self.assertEqual('foobar-order', args['name'])
|
|
self.assertEqual('aes', args['algorithm'])
|
|
self.assertEqual('cbc', args['mode'])
|
|
self.assertEqual(256, args['bit_length'])
|
|
|
|
def test_create_order_without_type_fail(self):
|
|
props = self.props.copy()
|
|
del props['type']
|
|
snippet = self.res_template.freeze(properties=props)
|
|
|
|
self.assertRaisesRegexp(exception.ResourceFailure,
|
|
'Property type not assigned',
|
|
self._create_resource,
|
|
'foo',
|
|
snippet, self.stack)
|
|
|
|
def test_validate_non_certificate_order(self):
|
|
props = self.props.copy()
|
|
del props['bit_length']
|
|
del props['algorithm']
|
|
snippet = self.res_template.freeze(properties=props)
|
|
res = self._create_resource('test', snippet, self.stack)
|
|
msg = ("Properties algorithm and bit_length are required for "
|
|
"key type of order.")
|
|
self.assertRaisesRegexp(exception.StackValidationFailed,
|
|
msg,
|
|
res.validate)
|
|
|
|
def test_validate_certificate_with_profile_without_ca_id(self):
|
|
props = self.props.copy()
|
|
props['profile'] = 'cert'
|
|
props['type'] = 'certificate'
|
|
snippet = self.res_template.freeze(properties=props)
|
|
res = self._create_resource('test', snippet, self.stack)
|
|
msg = ("profile cannot be specified without ca_id.")
|
|
self.assertRaisesRegexp(exception.ResourcePropertyDependency,
|
|
msg,
|
|
res.validate)
|
|
|
|
def test_key_order_validation_fail(self):
|
|
props = self.props.copy()
|
|
props['pass_phrase'] = "something"
|
|
snippet = self.res_template.freeze(properties=props)
|
|
res = self._create_resource('test', snippet, self.stack)
|
|
msg = ("Unexpected properties: pass_phrase. Only these properties "
|
|
"are allowed for key type of order: algorithm, "
|
|
"bit_length, expiration, mode, name, payload_content_type.")
|
|
self.assertRaisesRegexp(exception.StackValidationFailed,
|
|
msg,
|
|
res.validate)
|
|
|
|
def test_certificate_validation_fail(self):
|
|
props = self.props.copy()
|
|
props['type'] = 'certificate'
|
|
snippet = self.res_template.freeze(properties=props)
|
|
res = self._create_resource('test', snippet, self.stack)
|
|
msg = ("Unexpected properties: algorithm, bit_length, mode. Only "
|
|
"these properties are allowed for certificate type of order: "
|
|
"ca_id, name, profile, request_data, request_type, "
|
|
"source_container_ref, subject_dn.")
|
|
self.assertRaisesRegexp(exception.StackValidationFailed,
|
|
msg,
|
|
res.validate)
|
|
|
|
def test_asymmetric_order_validation_fail(self):
|
|
props = self.props.copy()
|
|
props['type'] = 'asymmetric'
|
|
props['subject_dn'] = 'asymmetric'
|
|
snippet = self.res_template.freeze(properties=props)
|
|
res = self._create_resource('test', snippet, self.stack)
|
|
msg = ("Unexpected properties: subject_dn. Only these properties are "
|
|
"allowed for asymmetric type of order: algorithm, bit_length, "
|
|
"expiration, mode, name, pass_phrase, payload_content_type")
|
|
self.assertRaisesRegexp(exception.StackValidationFailed,
|
|
msg,
|
|
res.validate)
|
|
|
|
def test_attributes(self):
|
|
mock_order = mock.Mock()
|
|
mock_order.status = 'test-status'
|
|
mock_order.order_ref = 'test-order-ref'
|
|
mock_order.secret_ref = 'test-secret-ref'
|
|
|
|
res = self._create_resource('foo', self.res_template, self.stack)
|
|
self.barbican.orders.get.return_value = mock_order
|
|
|
|
self.assertEqual('test-order-ref', res.FnGetAtt('order_ref'))
|
|
self.assertEqual('test-secret-ref', res.FnGetAtt('secret_ref'))
|
|
|
|
def test_attributes_handle_exceptions(self):
|
|
mock_order = mock.Mock()
|
|
res = self._create_resource('foo', self.res_template, self.stack)
|
|
self.barbican.orders.get.return_value = mock_order
|
|
|
|
self.barbican.barbican_client.HTTPClientError = Exception
|
|
self.barbican.orders.get.side_effect = Exception('boom')
|
|
self.assertRaises(self.barbican.barbican_client.HTTPClientError,
|
|
res.FnGetAtt, 'order_ref')
|
|
|
|
def test_container_attributes(self):
|
|
mock_order = mock.Mock()
|
|
mock_order.container_ref = 'test-container-ref'
|
|
|
|
mock_container = mock.Mock()
|
|
mock_container.public_key = mock.Mock(payload='public-key')
|
|
mock_container.private_key = mock.Mock(payload='private-key')
|
|
mock_container.certificate = mock.Mock(payload='cert')
|
|
mock_container.intermediates = mock.Mock(payload='interm')
|
|
|
|
res = self._create_resource('foo', self.res_template, self.stack)
|
|
self.barbican.orders.get.return_value = mock_order
|
|
|
|
self.barbican.containers.get.return_value = mock_container
|
|
|
|
self.assertEqual('public-key', res.FnGetAtt('public_key'))
|
|
self.barbican.containers.get.assert_called_once_with(
|
|
'test-container-ref')
|
|
|
|
self.assertEqual('private-key', res.FnGetAtt('private_key'))
|
|
self.assertEqual('cert', res.FnGetAtt('certificate'))
|
|
self.assertEqual('interm', res.FnGetAtt('intermediates'))
|
|
|
|
def test_create_order_sets_resource_id(self):
|
|
self.barbican.orders.create.return_value = FakeOrder('foo')
|
|
res = self._create_resource('foo', self.res_template, self.stack)
|
|
|
|
self.assertEqual('foo', res.resource_id)
|
|
|
|
def test_create_order_with_octet_stream(self):
|
|
content_type = 'application/octet-stream'
|
|
self.props['payload_content_type'] = content_type
|
|
defn = rsrc_defn.ResourceDefinition('foo', 'OS::Barbican::Order',
|
|
self.props)
|
|
res = self._create_resource(defn.name, defn, self.stack)
|
|
|
|
args = self.barbican.orders.create.call_args[1]
|
|
self.assertEqual(content_type, args[res.PAYLOAD_CONTENT_TYPE])
|
|
|
|
def test_check_create_complete(self):
|
|
res = order.Order('foo', self.res_template, self.stack)
|
|
|
|
mock_active = mock.Mock(status='ACTIVE')
|
|
self.barbican.orders.get.return_value = mock_active
|
|
self.assertTrue(res.check_create_complete('foo'))
|
|
|
|
mock_not_active = mock.Mock(status='PENDING')
|
|
self.barbican.orders.get.return_value = mock_not_active
|
|
self.assertFalse(res.check_create_complete('foo'))
|
|
|
|
mock_not_active = mock.Mock(status='ERROR', error_reason='foo',
|
|
error_status_code=500)
|
|
self.barbican.orders.get.return_value = mock_not_active
|
|
exc = self.assertRaises(exception.Error,
|
|
res.check_create_complete, 'foo')
|
|
self.assertIn('foo', six.text_type(exc))
|
|
self.assertIn('500', six.text_type(exc))
|