def __init__(self, ca):
LOG.debug('=== Creating CertificateAuthorityController ===')
self.ca = ca
self.ca_repo = repo.get_ca_repository()
self.project_ca_repo = repo.get_project_ca_repository()
self.preferred_ca_repo = repo.get_preferred_ca_repository()
self.project_repo = repo.get_project_repository()
def __init__(self, ca):
LOG.debug('=== Creating CertificateAuthorityController ===')
self.ca = ca
self.ca_repo = repo.get_ca_repository()
self.project_ca_repo = repo.get_project_ca_repository()
self.preferred_ca_repo = repo.get_preferred_ca_repository()
self.project_repo = repo.get_project_repository()
def __init__(self):
LOG.debug('Creating CertificateAuthoritiesController')
self.ca_repo = repo.get_ca_repository()
self.project_ca_repo = repo.get_project_ca_repository()
self.preferred_ca_repo = repo.get_preferred_ca_repository()
self.project_repo = repo.get_project_repository()
self.validator = None
def _create_project(self):
session = repositories.get_project_repository().get_session()
project = models.Project()
project.external_id = "keystone_project_id" + uuid.uuid4().hex
project.save(session=session)
return project
def retrieve_entity(self,
project_id,
resource_type=None,
operation_type=None):
project_repo = rep.get_project_repository()
return project_repo.find_by_external_project_id(
external_project_id=project_id, suppress_exception=True)
def _store_project_policy(project_id, policy, mk_attribute):
project_repo = repositories.get_project_repository()
project = project_repo.find_by_external_project_id(project_id,
suppress_exception=True)
project_policy_repo = repositories.get_project_policy_repository()
project_policy_repo.create_or_update_by_project_id(project.id, policy,
mk_attribute)
def __init__(self):
LOG.debug('Creating CertificateAuthoritiesController')
self.ca_repo = repo.get_ca_repository()
self.project_ca_repo = repo.get_project_ca_repository()
self.preferred_ca_repo = repo.get_preferred_ca_repository()
self.project_repo = repo.get_project_repository()
self.validator = None
def get_or_create_project(project_id):
"""Returns project with matching project_id.
Creates it if it does not exist.
:param project_id: The external-to-Barbican ID for this project.
:param project_repo: Project repository.
:return: Project model instance
"""
project_repo = repositories.get_project_repository()
project = project_repo.find_by_external_project_id(project_id,
suppress_exception=True)
if not project:
LOG.debug('Creating project for %s', project_id)
project = models.Project()
project.external_id = project_id
project.status = models.States.ACTIVE
try:
project_repo.create_from(project)
except exception.ConstraintCheck:
# catch race condition for when another thread just created one
project = project_repo.find_by_external_project_id(
project_id,
suppress_exception=False)
return project
def setUp(self):
super(WhenUsingKeystoneEventConsumer, self).setUp()
self.kek_repo = rep.get_kek_datum_repository()
self.project_repo = rep.get_project_repository()
self.secret_meta_repo = rep.get_secret_meta_repository()
self.secret_repo = rep.get_secret_repository()
self.transport_key_repo = rep.get_transport_key_repository()
def setUp(self):
super(WhenUsingKeystoneEventConsumer, self).setUp()
self.kek_repo = rep.get_kek_datum_repository()
self.project_repo = rep.get_project_repository()
self.secret_meta_repo = rep.get_secret_meta_repository()
self.secret_repo = rep.get_secret_repository()
self.transport_key_repo = rep.get_transport_key_repository()
def __init__(self, container_id):
self.container_id = container_id
self.consumer_repo = repo.get_container_consumer_repository()
self.container_repo = repo.get_container_repository()
self.project_repo = repo.get_project_repository()
self.validator = validators.ContainerConsumerValidator()
self.quota_enforcer = quota.QuotaEnforcer('consumers',
self.consumer_repo)
def _create_project(self):
session = repos.get_project_repository().get_session()
project = models.Project()
project.external_id = ("keystone_project_id" +
uuidutils.generate_uuid(dashed=False))
project.save(session=session)
return project
def _create_project(self):
session = repos.get_project_repository().get_session()
project = models.Project()
project.external_id = ("keystone_project_id" +
uuidutils.generate_uuid(dashed=False))
project.save(session=session)
return project
def __init__(self, container_id):
self.container_id = container_id
self.consumer_repo = repo.get_container_consumer_repository()
self.container_repo = repo.get_container_repository()
self.project_repo = repo.get_project_repository()
self.validator = validators.ContainerConsumerValidator()
self.quota_enforcer = quota.QuotaEnforcer('consumers',
self.consumer_repo)
def test_rollback_with_error_during_project_cleanup(
self, mock_delete, mock_handle_error):
self._init_memory_db_setup()
secret = self._create_secret_for_project(self.project1_data)
self.assertIsNotNone(secret)
secret_id = secret.id
project1_id = self.project1_data.id
secret_repo = rep.get_secret_repository()
db_secrets = secret_repo.get_project_entities(project1_id)
self.assertEqual(1, len(db_secrets))
self.assertEqual(secret.id, db_secrets[0].id)
kek_repo = rep.get_kek_datum_repository()
db_kek = kek_repo.get_project_entities(project1_id)
self.assertEqual(1, len(db_kek))
# Commit changes made so far before creating rollback scenario
rep.commit()
handle_error_mock = mock.MagicMock()
self.task.handler_error = handle_error_mock
self.assertRaises(exception.BarbicanException,
self.task.process,
project_id=self.project_id1,
resource_type='project',
operation_type='deleted')
mock_handle_error.assert_called_once_with(
self.project1_data,
500,
mock.ANY,
mock.ANY,
operation_type='deleted',
project_id=mock.ANY,
resource_type='project',
)
args, kwargs = mock_handle_error.call_args
self.assertEqual(500, args[1])
self.assertEqual(self.project_id1, kwargs['project_id'])
self.assertEqual('project', kwargs['resource_type'])
self.assertEqual('deleted', kwargs['operation_type'])
# Make sure entities are still present after rollback
db_secrets = secret_repo.get_project_entities(project1_id)
self.assertEqual(1, len(db_secrets))
self.assertEqual(secret_id, db_secrets[0].id)
db_kek = kek_repo.get_project_entities(project1_id)
self.assertEqual(1, len(db_kek))
project_repo = rep.get_project_repository()
db_project = project_repo.get_project_entities(project1_id)
self.assertEqual(1, len(db_project))
def __init__(self):
LOG.debug('Creating CertificateAuthoritiesController')
self.ca_repo = repo.get_ca_repository()
self.project_ca_repo = repo.get_project_ca_repository()
self.preferred_ca_repo = repo.get_preferred_ca_repository()
self.project_repo = repo.get_project_repository()
self.validator = validators.NewCAValidator()
self.quota_enforcer = quota.QuotaEnforcer('cas', self.ca_repo)
# Populate the CA table at start up
cert_resources.refresh_certificate_resources()
def __init__(self, secret):
super().__init__()
self.secret = secret
self.secret_id = secret.id
self.consumer_repo = repo.get_secret_consumer_repository()
self.secret_repo = repo.get_secret_repository()
self.project_repo = repo.get_project_repository()
self.validator = validators.SecretConsumerValidator()
self.quota_enforcer = quota.QuotaEnforcer('consumers',
self.consumer_repo)
def __init__(self):
LOG.debug('Creating CertificateAuthoritiesController')
self.ca_repo = repo.get_ca_repository()
self.project_ca_repo = repo.get_project_ca_repository()
self.preferred_ca_repo = repo.get_preferred_ca_repository()
self.project_repo = repo.get_project_repository()
self.validator = validators.NewCAValidator()
self.quota_enforcer = quota.QuotaEnforcer('cas', self.ca_repo)
# Populate the CA table at start up
cert_resources.refresh_certificate_resources()
def test_rollback_with_error_during_project_cleanup(self, mock_delete,
mock_handle_error):
self._init_memory_db_setup()
secret = self._create_secret_for_project(self.project1_data)
self.assertIsNotNone(secret)
secret_id = secret.id
project1_id = self.project1_data.id
secret_repo = rep.get_secret_repository()
db_secrets = secret_repo.get_project_entities(project1_id)
self.assertEqual(1, len(db_secrets))
self.assertEqual(secret.id, db_secrets[0].id)
kek_repo = rep.get_kek_datum_repository()
db_kek = kek_repo.get_project_entities(project1_id)
self.assertEqual(1, len(db_kek))
# Commit changes made so far before creating rollback scenario
rep.commit()
handle_error_mock = mock.MagicMock()
self.task.handler_error = handle_error_mock
self.assertRaises(exception.BarbicanException,
self.task.process, project_id=self.project_id1,
resource_type='project', operation_type='deleted')
mock_handle_error.assert_called_once_with(
self.project1_data,
500,
mock.ANY,
mock.ANY,
operation_type='deleted',
project_id=mock.ANY,
resource_type='project',
)
args, kwargs = mock_handle_error.call_args
self.assertEqual(500, args[1])
self.assertEqual(self.project_id1, kwargs['project_id'])
self.assertEqual('project', kwargs['resource_type'])
self.assertEqual('deleted', kwargs['operation_type'])
# Make sure entities are still present after rollback
db_secrets = secret_repo.get_project_entities(project1_id)
self.assertEqual(1, len(db_secrets))
self.assertEqual(secret_id, db_secrets[0].id)
db_kek = kek_repo.get_project_entities(project1_id)
self.assertEqual(1, len(db_kek))
project_repo = rep.get_project_repository()
db_project = project_repo.get_project_entities(project1_id)
self.assertEqual(1, len(db_project))
class Project(base.BarbicanObject, base.BarbicanPersistentObject,
object_base.VersionedObjectDictCompat):
fields = {
'external_id': fields.StringField(nullable=True, default=None),
}
db_model = models.Project
db_repo = repo.get_project_repository()
@classmethod
def find_by_external_project_id(cls, external_project_id,
suppress_exception=False, session=None):
project_db = cls.db_repo.find_by_external_project_id(
external_project_id, suppress_exception, session)
return cls()._from_db_object(project_db)
def get_or_create_project(project_id):
"""Returns project with matching project_id.
Creates it if it does not exist.
:param project_id: The external-to-Barbican ID for this project.
:param project_repo: Project repository.
:return: Project model instance
"""
project_repo = repositories.get_project_repository()
project = project_repo.find_by_external_project_id(project_id,
suppress_exception=True)
if not project:
LOG.debug('Creating project for %s', project_id)
project = models.Project()
project.external_id = project_id
project.status = models.States.ACTIVE
project_repo.create_from(project)
return project
def __init__(self):
LOG.debug('Creating CheckCertificateStatusOrder task processor')
self.project_repo = rep.get_project_repository()
self.helper = _OrderTaskHelper()
def __init__(self):
super(BeginTypeOrder, self).__init__()
LOG.debug('Creating BeginTypeOrder task processor')
self.project_repo = rep.get_project_repository()
self.helper = _OrderTaskHelper()
# See the License for the specific language governing permissions and
# limitations under the License.
import os
import uuid
import mock
from barbican.common import resources
from barbican.model import models
from barbican.model import repositories
from barbican.tests.api.controllers import test_acls
from barbican.tests.api import test_resources_policy as test_policy
from barbican.tests import utils
order_repo = repositories.get_order_repository()
project_repo = repositories.get_project_repository()
ca_repo = repositories.get_ca_repository()
project_ca_repo = repositories.get_project_ca_repository()
container_repo = repositories.get_container_repository()
generic_key_meta = {
'name': 'secretname',
'algorithm': 'AES',
'bit_length': 256,
'mode': 'cbc',
'payload_content_type': 'application/octet-stream'
}
class WhenCreatingOrdersUsingOrdersResource(utils.BarbicanAPIBaseTestCase):
def test_can_create_a_new_order(self):
def retrieve_entity(self, project_id, resource_type=None,
operation_type=None):
project_repo = rep.get_project_repository()
return project_repo.find_by_external_project_id(
external_project_id=project_id,
suppress_exception=True)
def create_project(external_id="my keystone id", session=None):
project = models.Project()
project.external_id = external_id
project_repo = repositories.get_project_repository()
project_repo.create_from(project, session=session)
return project
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import mock
from six import moves
from barbican.common import exception
from barbican.common import hrefs
from barbican.common import resources as res
from barbican.model import models
from barbican.model import repositories
from barbican.tests import utils
project_repo = repositories.get_project_repository()
ca_repo = repositories.get_ca_repository()
project_ca_repo = repositories.get_project_repository()
preferred_ca_repo = repositories.get_preferred_ca_repository()
def create_ca(parsed_ca, id_ref="id"):
"""Generate a CA entity instance."""
ca = models.CertificateAuthority(parsed_ca)
ca.id = id_ref
return ca
class WhenTestingCAsResource(utils.BarbicanAPIBaseTestCase):
def test_should_get_list_certificate_authorities(self):
def _store_enc_keys(project_id, session_key, master_key):
project_repo = repositories.get_project_repository()
project = project_repo.find_by_external_project_id(project_id,
suppress_exception=True)
sk_repo = repositories.get_encryption_key_repository()
sk_repo.create_or_update_by_project_id(project.id, session_key, master_key)
def _delete_enc_keys(project_id):
project_repo = repositories.get_project_repository()
project = project_repo.find_by_external_project_id(project_id,
suppress_exception=True)
sk_repo = repositories.get_encryption_key_repository()
sk_repo.delete_by_project_id(project.id)
def create_project(external_id="my keystone id", session=None):
project = models.Project()
project.external_id = external_id
project_repo = repositories.get_project_repository()
project_repo.create_from(project, session=session)
return project
def __init__(self):
super(BeginTypeOrder, self).__init__()
LOG.debug(u._('Creating BeginTypeOrder task processor'))
self.project_repo = rep.get_project_repository()
self.helper = _OrderTaskHelper()
def __init__(self):
LOG.debug(u._('Creating CheckCertificateStatusOrder task processor'))
self.project_repo = rep.get_project_repository()
self.helper = _OrderTaskHelper()
def test_existing_project_entities_cleanup_for_plain_secret(
self, mock_handle_success):
self._init_memory_db_setup()
secret = self._create_secret_for_project(self.project1_data)
self.assertIsNotNone(secret)
secret_id = secret.id
project1_id = self.project1_data.id
secret_repo = rep.get_secret_repository()
db_secrets = secret_repo.get_project_entities(project1_id)
self.assertEqual(1, len(db_secrets))
self.assertEqual(secret.id, db_secrets[0].id)
# Get secret_store_metadata for related secret
self.assertGreater(len(db_secrets[0].secret_store_metadata), 0)
secret_metadata_id = list(
db_secrets[0].secret_store_metadata.values())[0].id
self.assertIsNotNone(secret_metadata_id)
# Get db entry for secret_store_metadata by id to make sure its
# presence before removing via delete project task
secret_meta_repo = rep.get_secret_meta_repository()
db_secret_store_meta = secret_meta_repo.get(
entity_id=secret_metadata_id)
self.assertIsNotNone(db_secret_store_meta)
kek_repo = rep.get_kek_datum_repository()
db_kek = kek_repo.get_project_entities(project1_id)
self.assertEqual(1, len(db_kek))
# task = consumer.KeystoneEventConsumer()
result = self.task.process(project_id=self.project_id1,
resource_type='project',
operation_type='deleted')
self.assertIsNone(result, 'No return is expected as result')
mock_handle_success.assert_has_calls([])
_, kwargs = mock_handle_success.call_args
self.assertEqual(self.project_id1, kwargs['project_id'])
self.assertEqual('project', kwargs['resource_type'])
self.assertEqual('deleted', kwargs['operation_type'])
# After project entities delete, make sure secret is not found
ex = self.assertRaises(exception.NotFound,
secret_repo.get,
entity_id=secret_id,
external_project_id=self.project_id1)
self.assertIn(secret_id, str(ex))
# After project entities delete, make sure kek data is not found
entities = kek_repo.get_project_entities(project1_id)
self.assertEqual(0, len(entities))
project_repo = rep.get_project_repository()
db_project = project_repo.get_project_entities(project1_id)
self.assertEqual(0, len(db_project))
# Should have deleted SecretStoreMetadatum via children delete
self.assertRaises(exception.NotFound,
secret_meta_repo.get,
entity_id=secret_metadata_id)
def test_existing_project_entities_cleanup_for_plain_secret(
self, mock_handle_success):
self._init_memory_db_setup()
secret = self._create_secret_for_project(self.project1_data)
self.assertIsNotNone(secret)
secret_id = secret.id
project1_id = self.project1_data.id
secret_repo = rep.get_secret_repository()
db_secrets = secret_repo.get_project_entities(project1_id)
self.assertEqual(1, len(db_secrets))
self.assertEqual(secret.id, db_secrets[0].id)
# Get secret_store_metadata for related secret
self.assertGreater(len(db_secrets[0].secret_store_metadata), 0)
secret_metadata_id = list(db_secrets[0].
secret_store_metadata.values())[0].id
self.assertIsNotNone(secret_metadata_id)
# Get db entry for secret_store_metadata by id to make sure its
# presence before removing via delete project task
secret_meta_repo = rep.get_secret_meta_repository()
db_secret_store_meta = secret_meta_repo.get(
entity_id=secret_metadata_id)
self.assertIsNotNone(db_secret_store_meta)
kek_repo = rep.get_kek_datum_repository()
db_kek = kek_repo.get_project_entities(project1_id)
self.assertEqual(1, len(db_kek))
# task = consumer.KeystoneEventConsumer()
result = self.task.process(project_id=self.project_id1,
resource_type='project',
operation_type='deleted')
self.assertIsNone(result, 'No return is expected as result')
mock_handle_success.assert_has_calls([])
_, kwargs = mock_handle_success.call_args
self.assertEqual(self.project_id1, kwargs['project_id'])
self.assertEqual('project', kwargs['resource_type'])
self.assertEqual('deleted', kwargs['operation_type'])
# After project entities delete, make sure secret is not found
ex = self.assertRaises(exception.NotFound, secret_repo.get,
entity_id=secret_id,
external_project_id=self.project_id1)
self.assertIn(secret_id, str(ex))
# After project entities delete, make sure kek data is not found
entities = kek_repo.get_project_entities(project1_id)
self.assertEqual(0, len(entities))
project_repo = rep.get_project_repository()
db_project = project_repo.get_project_entities(project1_id)
self.assertEqual(0, len(db_project))
# Should have deleted SecretStoreMetadatum via children delete
self.assertRaises(exception.NotFound,
secret_meta_repo.get,
entity_id=secret_metadata_id)
