From cf4ec898a0d78720b940587cb19fd75626a82747 Mon Sep 17 00:00:00 2001 From: Max Abidi Date: Mon, 23 May 2016 11:45:37 -0700 Subject: [PATCH] Validate key order meta fields. When using barbican client to list malformed orders, the response meta dictionary has invalid "request_type" key. Added check to validate key order meta fields. Added unit test case. Change-Id: I25c50d252daebe623e2f90e9395d0f77f9589b8d Closes-Bug: #1596851 --- barbicanclient/orders.py | 12 ++++++++++++ barbicanclient/tests/test_orders.py | 29 ++++++++++++++++++++++++++++- 2 files changed, 40 insertions(+), 1 deletion(-) diff --git a/barbicanclient/orders.py b/barbicanclient/orders.py index 91d4e341..f29ef56f 100644 --- a/barbicanclient/orders.py +++ b/barbicanclient/orders.py @@ -251,6 +251,8 @@ class KeyOrder(Order, KeyOrderFormatter): KeyOrders can be used to request random key material from Barbican """ _type = 'key' + _validMeta = (u'name', u'algorithm', u'mode', u'bit_length', u'expiration', + u'payload_content_type') def __init__(self, api, name=None, algorithm=None, bit_length=None, mode=None, expiration=None, payload_content_type=None, @@ -408,6 +410,16 @@ class OrderManager(base.BaseEntityManager): response['source_container_ref'] = response['meta'].pop( 'container_ref') + # validate key_order meta fields. + if resp_type == 'key' and ( + set(response['meta'].keys()) - set(KeyOrder._validMeta)): + invalidFields = ', '.join( + map(str, set( + response['meta'].keys()) - + set(KeyOrder._validMeta))) + raise TypeError( + 'Invalid KeyOrder meta field: [%s]' % invalidFields) + response.update(response.pop('meta')) if order_type is not None: diff --git a/barbicanclient/tests/test_orders.py b/barbicanclient/tests/test_orders.py index 02fcafc6..5fc2dabb 100644 --- a/barbicanclient/tests/test_orders.py +++ b/barbicanclient/tests/test_orders.py @@ -47,6 +47,24 @@ class OrdersTestCase(test_client.BaseEntityResource): "order_ref": "{1}" }}""".format(self.secret_ref, self.entity_href) + self.key_order_invalid_data = """{{ + "status": "ACTIVE", + "secret_ref": "{0}", + "updated": "2014-10-21T17:15:50.871596", + "meta": {{ + "name": "secretname", + "algorithm": "aes", + "request_type":"invalid", + "payload_content_type": "application/octet-stream", + "mode": "cbc", + "bit_length": 256, + "expiration": "2015-02-28T19:14:44.180394" + }}, + "created": "2014-10-21T17:15:50.824202", + "type": "key", + "order_ref": "{1}" + }}""".format(self.secret_ref, self.entity_href) + self.manager = self.client.orders def _get_order_args(self, order_data): @@ -84,7 +102,6 @@ class WhenTestingKeyOrders(OrdersTestCase): order_href = order.submit() self.assertEqual(self.entity_href, order_href) - # Verify that attributes are immutable after store. attributes = [ "name", "expiration", "algorithm", "bit_length", "mode", @@ -206,6 +223,16 @@ class WhenTestingOrderManager(OrdersTestCase): # Verify the correct URL was used to make the call. self.assertEqual(self.entity_href, self.responses.last_request.url) + def test_should_get_invalid_meta(self): + self.responses.get(self.entity_href, text=self.key_order_invalid_data) + + try: + # Verify checking for invalid meta fields. + order = self.manager.get(order_ref=self.entity_href) + self.fail("Didn't raise an TypeError exception") + except TypeError: + pass + def test_should_get_list(self): data = {"orders": [json.loads(self.key_order_data) for _ in range(3)]} self.responses.get(self.entity_base, json=data)