From e688a6fc305ea8b64d48ce97cfae65e57558a3a5 Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Fri, 15 Mar 2024 11:16:15 +0900 Subject: [PATCH] Remove support for certificate order ... because certificate order was removed from Barbican. Also make sure that a supported value is given in CLI. Change-Id: I8c431d8bceedc90d091f49ccb7313ffbbb0e2256 --- barbicanclient/barbican_cli/v1/orders.py | 46 ++------- barbicanclient/tests/v1/test_orders.py | 76 --------------- barbicanclient/v1/orders.py | 97 +------------------ ...ve-certificate-order-b7ba806f1a918657.yaml | 4 + 4 files changed, 13 insertions(+), 210 deletions(-) create mode 100644 releasenotes/notes/remove-certificate-order-b7ba806f1a918657.yaml diff --git a/barbicanclient/barbican_cli/v1/orders.py b/barbicanclient/barbican_cli/v1/orders.py index 385d2654..20238ac6 100644 --- a/barbicanclient/barbican_cli/v1/orders.py +++ b/barbicanclient/barbican_cli/v1/orders.py @@ -23,9 +23,9 @@ class CreateOrder(show.ShowOne): def get_parser(self, prog_name): parser = super(CreateOrder, self).get_parser(prog_name) - parser.add_argument('type', help='the type of the order ' - '(key, asymmetric, certificate)' - ' to create.') + parser.add_argument('type', + choices=('key', 'asymmetric'), + help='the type of the order to create.') parser.add_argument('--name', '-n', help='a human-friendly name.') parser.add_argument('--algorithm', '-a', default='aes', @@ -46,44 +46,14 @@ class CreateOrder(show.ShowOne): parser.add_argument('--expiration', '-x', help='the expiration ' 'time for the secret in ISO 8601 format.') - parser.add_argument('--request-type', - help='the type of the certificate request.') - parser.add_argument('--subject-dn', - help='the subject of the certificate.') - parser.add_argument('--source-container-ref', - help='the source of the certificate when using ' - 'stored-key requests.') - parser.add_argument('--ca-id', - help='the identifier of the CA to use for the ' - 'certificate request.') - parser.add_argument('--profile', - help='the profile of certificate to use.') - parser.add_argument('--request-file', - help='the file containing the CSR.') return parser def take_action(self, args): - if args.type == 'certificate': - request_data = None - if args.request_file: - try: - request_data = open(args.request_file, 'r').read() - except IOError: - raise ValueError( - 'Couldn\'t read request file %s.' % args.request_file) - - entity = self.app.client_manager.key_manager.orders.create( - name=args.name, type=args.type, subject_dn=args.subject_dn, - request_type=args.request_type, - source_container_ref=args.source_container_ref, - ca_id=args.ca_id, profile=args.profile, - request_data=request_data) - else: - entity = self.app.client_manager.key_manager.orders.create( - name=args.name, type=args.type, - payload_content_type=args.payload_content_type, - algorithm=args.algorithm, bit_length=args.bit_length, - mode=args.mode, expiration=args.expiration) + entity = self.app.client_manager.key_manager.orders.create( + name=args.name, type=args.type, + payload_content_type=args.payload_content_type, + algorithm=args.algorithm, bit_length=args.bit_length, + mode=args.mode, expiration=args.expiration) entity.submit() return entity._get_formatted_entity() diff --git a/barbicanclient/tests/v1/test_orders.py b/barbicanclient/tests/v1/test_orders.py index 6053cd04..4d5f6e3d 100644 --- a/barbicanclient/tests/v1/test_orders.py +++ b/barbicanclient/tests/v1/test_orders.py @@ -372,79 +372,3 @@ class WhenTestingOrderManager(OrdersTestCase): self.assertEqual(timeutils.parse_isotime( order_args['created']).isoformat(), data[4]) - - -class WhenTestingCertificateOrders(OrdersTestCase): - - def test_get(self, order_ref=None): - order_ref = order_ref or self.entity_href - - self.responses.get(self.entity_href, text=self.cert_order_data) - - order = self.manager.get(order_ref=order_ref) - self.assertIsInstance(order, orders.CertificateOrder) - self.assertEqual(self.entity_href, order.order_ref) - - # Verify the correct URL was used to make the call. - self.assertEqual(self.entity_href, self.responses.last_request.url) - - def test_get_using_stripped_uuid(self): - bad_href = "http://badsite.com/" + self.entity_id - self.test_get(bad_href) - - def test_get_using_only_uuid(self): - self.test_get(self.entity_id) - - def test_repr(self): - order_args = self._get_order_args(self.cert_order_data) - order_obj = orders.CertificateOrder(api=None, **order_args) - self.assertIn('order_ref=' + self.entity_href, repr(order_obj)) - - def test_constructor(self): - data = {'order_ref': self.entity_href} - self.responses.post(self.entity_base + '/', json=data) - - order = self.manager.create_certificate( - name='name', - subject_dn='cn=server.example.com,o=example.com', - request_type='stored-key', - source_container_ref=self.source_container_ref - ) - order_href = order.submit() - - self.assertEqual(self.entity_href, order_href) - - # Verify the correct URL was used to make the call. - self.assertEqual(self.entity_base + '/', - self.responses.last_request.url) - - # Verify that correct information was sent in the call. - order_req = jsonutils.loads(self.responses.last_request.text) - self.assertEqual('name', order_req['meta']['name']) - self.assertEqual('cn=server.example.com,o=example.com', - order_req['meta']['subject_dn']) - self.assertEqual('stored-key', - order_req['meta']['request_type']) - self.assertEqual(self.source_container_ref, - order_req['meta']['container_ref']) - - def test_list(self): - data = {"orders": [jsonutils.loads(self.cert_order_data) - for _ in range(3)]} - self.responses.get(self.entity_base, json=data) - - orders_list = self.manager.list(limit=10, offset=5) - self.assertEqual(3, len(orders_list)) - self.assertIsInstance(orders_list[0], orders.CertificateOrder) - self.assertEqual(self.entity_href, orders_list[0].order_ref) - - def test_get_formatted_data(self): - self.responses.get(self.entity_href, text=self.cert_order_data) - - order = self.manager.get(order_ref=self.entity_href) - data = order._get_formatted_data() - - order_args = self._get_order_args(self.cert_order_data) - self.assertEqual(timeutils.parse_isotime( - order_args['created']).isoformat(), - data[4]) diff --git a/barbicanclient/v1/orders.py b/barbicanclient/v1/orders.py index b9c11be8..74969241 100644 --- a/barbicanclient/v1/orders.py +++ b/barbicanclient/v1/orders.py @@ -86,32 +86,6 @@ class AsymmetricOrderFormatter(formatter.EntityFormatter): return data -class CertificateOrderFormatter(formatter.EntityFormatter): - - columns = ("Order href", - "Type", - "Container href", - "Secret href", - "Created", - "Status", - "Error code", - "Error message" - ) - - def _get_formatted_data(self): - created = self.created.isoformat() if self.created else None - data = (self.order_ref, - "Certificate", - self.container_ref, - "N/A", - created, - self.status, - self.error_status_code, - self.error_reason - ) - return data - - class Order(object, metaclass=abc.ABCMeta): """Base order object to hold common functionality @@ -336,49 +310,12 @@ class AsymmetricOrder(Order, AsymmetricOrderFormatter): return 'AsymmetricOrder(order_ref={0})'.format(self.order_ref) -class CertificateOrder(Order, CertificateOrderFormatter): - _type = 'certificate' - - def __init__(self, api, name=None, - status=None, created=None, updated=None, order_ref=None, - container_ref=None, error_status_code=None, error_reason=None, - sub_status=None, sub_status_message=None, creator_id=None, - request_type=None, subject_dn=None, - source_container_ref=None, ca_id=None, profile=None, - request_data=None, requestor_name=None, requestor_email=None, - requestor_phone=None): - super(CertificateOrder, self).__init__( - api, self._type, status=status, created=created, updated=updated, - meta={ - 'name': name, - 'request_type': request_type, - 'subject_dn': subject_dn, - 'container_ref': source_container_ref, - 'ca_id': ca_id, - 'profile': profile, - 'request_data': request_data, - 'requestor_name': requestor_name, - 'requestor_email': requestor_email, - 'requestor_phone': requestor_phone}, - order_ref=order_ref, error_status_code=error_status_code, - error_reason=error_reason) - self._container_ref = container_ref - - @property - def container_ref(self): - return self._container_ref - - def __repr__(self): - return 'CertificateOrder(order_ref={0})'.format(self.order_ref) - - class OrderManager(base.BaseEntityManager): """Entity Manager for Order entitites""" _order_type_to_class_map = { 'key': KeyOrder, - 'asymmetric': AsymmetricOrder, - 'certificate': CertificateOrder + 'asymmetric': AsymmetricOrder } def __init__(self, api): @@ -407,11 +344,6 @@ class OrderManager(base.BaseEntityManager): resp_type = response.pop('type').lower() order_type = self._order_type_to_class_map.get(resp_type) - if (resp_type == 'certificate' and - 'container_ref' in response.get('meta', ())): - response['source_container_ref'] = response['meta'].pop( - 'container_ref') - # validate key_order meta fields. if resp_type == 'key' and ( set(response['meta'].keys()) - set(KeyOrder._validMeta)): @@ -486,33 +418,6 @@ class OrderManager(base.BaseEntityManager): payload_content_type=payload_content_type, expiration=expiration) - def create_certificate(self, name=None, request_type=None, subject_dn=None, - source_container_ref=None, ca_id=None, - profile=None, request_data=None): - """Factory method for `CertificateOrder` objects - - `CertificateOrder` objects returned by this method have not yet been - submitted to the Barbican service. - - :param name: A friendly name for the container to be created - :param request_type: The type of the certificate request - :param subject_dn: A subject for the certificate - :param source_container_ref: A container with a public/private key pair - to use as source for stored-key requests - :param ca_id: The identifier of the CA to use - :param profile: The profile of certificate to use - :param request_data: The CSR content - :returns: CertificateOrder - :rtype: :class:`barbicanclient.v1.orders.CertificateOrder` - """ - return CertificateOrder(api=self._api, name=name, - request_type=request_type, - subject_dn=subject_dn, - source_container_ref=source_container_ref, - ca_id=ca_id, - profile=profile, - request_data=request_data) - def delete(self, order_ref): """Delete an Order from Barbican diff --git a/releasenotes/notes/remove-certificate-order-b7ba806f1a918657.yaml b/releasenotes/notes/remove-certificate-order-b7ba806f1a918657.yaml new file mode 100644 index 00000000..7785d0af --- /dev/null +++ b/releasenotes/notes/remove-certificate-order-b7ba806f1a918657.yaml @@ -0,0 +1,4 @@ +--- +upgrade: + - | + Support for certificate order has been removed.