def _store_secret_and_datum(context, secret_model, kek_datum_model,
generated_dto):
# Create Secret entities in data store.
if not secret_model.id:
secret_model.project_id = context.project_model.id
repositories.get_secret_repository().create_from(secret_model)
# setup and store encrypted datum
datum_model = models.EncryptedDatum(secret_model, kek_datum_model)
datum_model.content_type = context.content_type
datum_model.cypher_text = base64.b64encode(generated_dto.cypher_text)
datum_model.kek_meta_extended = generated_dto.kek_meta_extended
repositories.get_encrypted_datum_repository().create_from(datum_model)
def _store_secret_and_datum(
context, secret_model, kek_datum_model, generated_dto):
# Create Secret entities in data store.
if not secret_model.id:
secret_model.project_id = context.project_model.id
repositories.get_secret_repository().create_from(secret_model)
# setup and store encrypted datum
datum_model = models.EncryptedDatum(secret_model, kek_datum_model)
datum_model.content_type = context.content_type
datum_model.cypher_text = base64.b64encode(generated_dto.cypher_text)
datum_model.kek_meta_extended = generated_dto.kek_meta_extended
repositories.get_encrypted_datum_repository().create_from(
datum_model)
def __init__(self, container):
LOG.debug('=== Creating ContainerSecretsController ===')
super().__init__()
self.container = container
self.container_secret_repo = repo.get_container_secret_repository()
self.secret_repo = repo.get_secret_repository()
self.validator = validators.ContainerSecretValidator()
def setUp(self):
super(WhenUsingKeystoneEventConsumer, self).setUp()
self.kek_repo = rep.get_kek_datum_repository()
self.project_repo = rep.get_project_repository()
self.secret_meta_repo = rep.get_secret_meta_repository()
self.secret_repo = rep.get_secret_repository()
self.transport_key_repo = rep.get_transport_key_repository()
def __init__(self):
self.consumer_repo = repo.get_container_consumer_repository()
self.container_repo = repo.get_container_repository()
self.secret_repo = repo.get_secret_repository()
self.validator = validators.ContainerValidator()
self.quota_enforcer = quota.QuotaEnforcer('containers',
self.container_repo)
def setUp(self):
super(WhenUsingKeystoneEventConsumer, self).setUp()
self.kek_repo = rep.get_kek_datum_repository()
self.project_repo = rep.get_project_repository()
self.secret_meta_repo = rep.get_secret_meta_repository()
self.secret_repo = rep.get_secret_repository()
self.transport_key_repo = rep.get_transport_key_repository()
def __init__(self):
self.consumer_repo = repo.get_container_consumer_repository()
self.container_repo = repo.get_container_repository()
self.secret_repo = repo.get_secret_repository()
self.validator = validators.ContainerValidator()
self.quota_enforcer = quota.QuotaEnforcer('containers',
self.container_repo)
def _generate_csr_from_private_key(order_model, project_model):
"""Generate a CSR from the private key.
:param: order_model - order for the request
:param: project_model - project for this request
:return: CSR (certificate signing request) in PEM format
:raise: :class:`StoredKeyPrivateKeyNotFound` if private key not found
:class:`StoredKeyContainerNotFound` if container not found
"""
container_id, container = _get_container_from_order_meta(order_model, project_model)
if not container:
raise excep.StoredKeyContainerNotFound(container_id)
passphrase = None
private_key = None
for cs in container.container_secrets:
secret_repo = repos.get_secret_repository()
if cs.name == "private_key":
private_key_model = secret_repo.get(cs.secret_id, project_model.external_id)
private_key = plugin.get_secret("application/pkcs8", private_key_model, project_model)
elif cs.name == "private_key_passphrase":
passphrase_model = secret_repo.get(cs.secret_id, project_model.external_id)
passphrase = plugin.get_secret("text/plain;charset=utf-8", passphrase_model, project_model)
passphrase = str(passphrase)
if not private_key:
raise excep.StoredKeyPrivateKeyNotFound(container.id)
if passphrase is None:
pkey = crypto.load_privatekey(crypto.FILETYPE_PEM, private_key)
else:
pkey = crypto.load_privatekey(crypto.FILETYPE_PEM, private_key, passphrase)
subject_name = order_model.meta.get("subject_dn")
subject_name_dns = ldap.dn.str2dn(subject_name)
extensions = order_model.meta.get("extensions", None)
req = crypto.X509Req()
subj = req.get_subject()
# Note: must iterate over the DNs in reverse order, or the resulting
# subject name will be reversed.
for ava in reversed(subject_name_dns):
for key, val, extra in ava:
setattr(subj, key.upper(), val)
req.set_pubkey(pkey)
if extensions:
# TODO(alee-3) We need code here to parse the encoded extensions and
# convert them into X509Extension objects. This code will also be
# used in the validation code. Commenting out for now till we figure
# out how to do this.
# req.add_extensions(extensions)
pass
req.sign(pkey, "sha256")
csr = crypto.dump_certificate_request(crypto.FILETYPE_PEM, req)
return csr
def __init__(self, secret):
LOG.debug('=== Creating SecretMetadataController ===')
self.secret = secret
self.secret_project_id = self.secret.project.external_id
self.secret_repo = repo.get_secret_repository()
self.user_meta_repo = repo.get_secret_user_meta_repository()
self.metadata_validator = validators.NewSecretMetadataValidator()
self.metadatum_validator = validators.NewSecretMetadatumValidator()
def __init__(self, secret):
LOG.debug('=== Creating SecretMetadataController ===')
self.secret = secret
self.secret_project_id = self.secret.project.external_id
self.secret_repo = repo.get_secret_repository()
self.user_meta_repo = repo.get_secret_user_meta_repository()
self.metadata_validator = validators.NewSecretMetadataValidator()
self.metadatum_validator = validators.NewSecretMetadatumValidator()
def test_rollback_with_error_during_project_cleanup(
self, mock_delete, mock_handle_error):
self._init_memory_db_setup()
secret = self._create_secret_for_project(self.project1_data)
self.assertIsNotNone(secret)
secret_id = secret.id
project1_id = self.project1_data.id
secret_repo = rep.get_secret_repository()
db_secrets = secret_repo.get_project_entities(project1_id)
self.assertEqual(1, len(db_secrets))
self.assertEqual(secret.id, db_secrets[0].id)
kek_repo = rep.get_kek_datum_repository()
db_kek = kek_repo.get_project_entities(project1_id)
self.assertEqual(1, len(db_kek))
# Commit changes made so far before creating rollback scenario
rep.commit()
handle_error_mock = mock.MagicMock()
self.task.handler_error = handle_error_mock
self.assertRaises(exception.BarbicanException,
self.task.process,
project_id=self.project_id1,
resource_type='project',
operation_type='deleted')
mock_handle_error.assert_called_once_with(
self.project1_data,
500,
mock.ANY,
mock.ANY,
operation_type='deleted',
project_id=mock.ANY,
resource_type='project',
)
args, kwargs = mock_handle_error.call_args
self.assertEqual(500, args[1])
self.assertEqual(self.project_id1, kwargs['project_id'])
self.assertEqual('project', kwargs['resource_type'])
self.assertEqual('deleted', kwargs['operation_type'])
# Make sure entities are still present after rollback
db_secrets = secret_repo.get_project_entities(project1_id)
self.assertEqual(1, len(db_secrets))
self.assertEqual(secret_id, db_secrets[0].id)
db_kek = kek_repo.get_project_entities(project1_id)
self.assertEqual(1, len(db_kek))
project_repo = rep.get_project_repository()
db_project = project_repo.get_project_entities(project1_id)
self.assertEqual(1, len(db_project))
def __init__(self, secret):
super().__init__()
self.secret = secret
self.secret_id = secret.id
self.consumer_repo = repo.get_secret_consumer_repository()
self.secret_repo = repo.get_secret_repository()
self.project_repo = repo.get_project_repository()
self.validator = validators.SecretConsumerValidator()
self.quota_enforcer = quota.QuotaEnforcer('consumers',
self.consumer_repo)
def _save_secret_in_repo(secret_model, project_model):
"""Save a Secret entity."""
secret_repo = repos.get_secret_repository()
# Create Secret entities in data store.
if not secret_model.id:
secret_model.project_id = project_model.id
secret_repo.create_from(secret_model)
else:
secret_repo.save(secret_model)
def setUp(self):
super(WhenTestingSecretConsumerRepository, self).setUp()
self.secret_repo = repositories.get_secret_repository()
self.consumer_repo = repositories.get_secret_consumer_repository()
self.session = self.consumer_repo.get_session()
self.project = utils.create_project(session=self.session)
self.secret = self._create_secret()
self.session.commit()
def _save_secret_in_repo(secret_model, project_model):
"""Save a Secret entity."""
secret_repo = repos.get_secret_repository()
# Create Secret entities in data store.
if not secret_model.id:
secret_model.project_id = project_model.id
secret_repo.create_from(secret_model)
else:
secret_repo.save(secret_model)
def test_rollback_with_error_during_project_cleanup(self, mock_delete,
mock_handle_error):
self._init_memory_db_setup()
secret = self._create_secret_for_project(self.project1_data)
self.assertIsNotNone(secret)
secret_id = secret.id
project1_id = self.project1_data.id
secret_repo = rep.get_secret_repository()
db_secrets = secret_repo.get_project_entities(project1_id)
self.assertEqual(1, len(db_secrets))
self.assertEqual(secret.id, db_secrets[0].id)
kek_repo = rep.get_kek_datum_repository()
db_kek = kek_repo.get_project_entities(project1_id)
self.assertEqual(1, len(db_kek))
# Commit changes made so far before creating rollback scenario
rep.commit()
handle_error_mock = mock.MagicMock()
self.task.handler_error = handle_error_mock
self.assertRaises(exception.BarbicanException,
self.task.process, project_id=self.project_id1,
resource_type='project', operation_type='deleted')
mock_handle_error.assert_called_once_with(
self.project1_data,
500,
mock.ANY,
mock.ANY,
operation_type='deleted',
project_id=mock.ANY,
resource_type='project',
)
args, kwargs = mock_handle_error.call_args
self.assertEqual(500, args[1])
self.assertEqual(self.project_id1, kwargs['project_id'])
self.assertEqual('project', kwargs['resource_type'])
self.assertEqual('deleted', kwargs['operation_type'])
# Make sure entities are still present after rollback
db_secrets = secret_repo.get_project_entities(project1_id)
self.assertEqual(1, len(db_secrets))
self.assertEqual(secret_id, db_secrets[0].id)
db_kek = kek_repo.get_project_entities(project1_id)
self.assertEqual(1, len(db_kek))
project_repo = rep.get_project_repository()
db_project = project_repo.get_project_entities(project1_id)
self.assertEqual(1, len(db_project))
def _store_secret_and_datum(context, secret_model, kek_datum_model,
generated_dto):
# Create Secret entities in data store.
if not secret_model.id:
repositories.get_secret_repository().create_from(secret_model)
new_assoc = models.ProjectSecret()
new_assoc.project_id = context.project_model.id
new_assoc.secret_id = secret_model.id
new_assoc.role = "admin"
new_assoc.status = models.States.ACTIVE
repositories.get_project_secret_repository().create_from(new_assoc)
# setup and store encrypted datum
datum_model = models.EncryptedDatum(secret_model, kek_datum_model)
datum_model.content_type = context.content_type
datum_model.cypher_text = base64.b64encode(generated_dto.cypher_text)
datum_model.kek_meta_extended = generated_dto.kek_meta_extended
datum_model.secret_id = secret_model.id
repositories.get_encrypted_datum_repository().create_from(datum_model)
def _store_secret_and_datum(
context, secret_model, kek_datum_model, generated_dto):
# Create Secret entities in data store.
if not secret_model.id:
repositories.get_secret_repository().create_from(secret_model)
new_assoc = models.TenantSecret()
new_assoc.tenant_id = context.tenant_model.id
new_assoc.secret_id = secret_model.id
new_assoc.role = "admin"
new_assoc.status = models.States.ACTIVE
repositories.get_tenant_secret_repository().create_from(new_assoc)
# setup and store encrypted datum
datum_model = models.EncryptedDatum(secret_model, kek_datum_model)
datum_model.content_type = context.content_type
datum_model.cypher_text = base64.b64encode(generated_dto.cypher_text)
datum_model.kek_meta_extended = generated_dto.kek_meta_extended
datum_model.secret_id = secret_model.id
repositories.get_encrypted_datum_repository().create_from(
datum_model)
def _create_base_secret(self):
# Setup the secret and needed base relationship
secret_repo = repositories.get_secret_repository()
session = secret_repo.get_session()
secret = secret_repo.create_from(models.Secret(), session=session)
project = models.Project()
project.external_id = "keystone_project_id"
project.save(session=session)
project_secret = models.ProjectSecret()
project_secret.secret_id = secret.id
project_secret.project_id = project.id
project_secret.save(session=session)
session.commit()
return secret
def _save_secret(secret_model, project_model):
"""Save a Secret entity."""
secret_repo = repos.get_secret_repository()
# Create Secret entities in data store.
if not secret_model.id:
secret_repo.create_from(secret_model)
new_assoc = models.ProjectSecret()
new_assoc.project_id = project_model.id
new_assoc.secret_id = secret_model.id
new_assoc.role = "admin"
new_assoc.status = models.States.ACTIVE
project_secret_repo = repos.get_project_secret_repository()
project_secret_repo.create_from(new_assoc)
else:
secret_repo.save(secret_model)
def _create_base_secret(self, project_id=None):
# Setup the secret and needed base relationship
secret_repo = repositories.get_secret_repository()
session = secret_repo.get_session()
if project_id is None: # don't re-create project if it created earlier
project = models.Project()
project.external_id = "keystone_project_id"
project.save(session=session)
project_id = project.id
secret_model = models.Secret()
secret_model.project_id = project_id
secret = secret_repo.create_from(secret_model, session=session)
secret.save(session=session)
session.commit()
return secret
def _create_base_secret(self, project_id=None):
# Setup the secret and needed base relationship
secret_repo = repositories.get_secret_repository()
session = secret_repo.get_session()
if project_id is None: # don't re-create project if it created earlier
project = models.Project()
project.external_id = "keystone_project_id"
project.save(session=session)
project_id = project.id
secret_model = models.Secret()
secret_model.project_id = project_id
secret = secret_repo.create_from(secret_model, session=session)
secret.save(session=session)
session.commit()
return secret
def delete_secret(secret_model, project_id):
"""Remove a secret from secure backend."""
secret_metadata = _get_secret_meta(secret_model)
# We should only try to delete a secret using the plugin interface if
# there's the metadata available. This addresses bug/1377330.
if secret_metadata:
# Locate a suitable plugin to delete the secret from.
plugin_manager = secret_store.get_manager()
delete_plugin = plugin_manager.get_plugin_retrieve_delete(
secret_metadata.get('plugin_name'))
# Delete the secret from plugin storage.
delete_plugin.delete_secret(secret_metadata)
# Delete the secret from data model.
secret_repo = repos.get_secret_repository()
secret_repo.delete_entity_by_id(entity_id=secret_model.id,
external_project_id=project_id)
def delete_secret(secret_model, project_id):
"""Remove a secret from secure backend."""
secret_metadata = _get_secret_meta(secret_model)
# We should only try to delete a secret using the plugin interface if
# there's the metadata available. This addresses bug/1377330.
if secret_metadata:
# Locate a suitable plugin to delete the secret from.
plugin_manager = secret_store.get_manager()
delete_plugin = plugin_manager.get_plugin_retrieve_delete(
secret_metadata.get('plugin_name'))
# Delete the secret from plugin storage.
delete_plugin.delete_secret(secret_metadata)
# Delete the secret from data model.
secret_repo = repos.get_secret_repository()
secret_repo.delete_entity_by_id(entity_id=secret_model.id,
external_project_id=project_id)
def _generate_csr(order_model, project_model):
"""Generate a CSR from the public key.
:param: order_model - order for the request
:param: project_model - project for this request
:return: CSR (certificate signing request) in PEM format
:raise: :class:`StoredKeyPrivateKeyNotFound` if private key not found
:class:`StoredKeyContainerNotFound` if container not found
"""
container_ref = order_model.meta.get('container_ref')
# extract container_id as the last part of the URL
container_id = hrefs.get_container_id_from_ref(container_ref)
container_repo = repos.get_container_repository()
container = container_repo.get(container_id,
project_model.external_id,
suppress_exception=True)
if not container:
raise excep.StoredKeyContainerNotFound(container_id)
passphrase = None
private_key = None
for cs in container.container_secrets:
secret_repo = repos.get_secret_repository()
if cs.name == 'private_key':
private_key_model = secret_repo.get(cs.secret_id,
project_model.external_id)
private_key = plugin.get_secret('application/pkcs8',
private_key_model, project_model)
elif cs.name == 'private_key_passphrase':
passphrase_model = secret_repo.get(cs.secret_id,
project_model.external_id)
passphrase = plugin.get_secret('text/plain;charset=utf-8',
passphrase_model, project_model)
passphrase = str(passphrase)
if not private_key:
raise excep.StoredKeyPrivateKeyNotFound(container_id)
if passphrase is None:
pkey = crypto.load_privatekey(crypto.FILETYPE_PEM, private_key)
else:
pkey = crypto.load_privatekey(crypto.FILETYPE_PEM, private_key,
passphrase)
subject_name = order_model.meta.get('subject_dn')
subject_name_dns = ldap.dn.str2dn(subject_name)
extensions = order_model.meta.get('extensions', None)
req = crypto.X509Req()
subj = req.get_subject()
# Note: must iterate over the DNs in reverse order, or the resulting
# subject name will be reversed.
for ava in reversed(subject_name_dns):
for key, val, extra in ava:
setattr(subj, key.upper(), val)
req.set_pubkey(pkey)
if extensions:
# TODO(alee-3) We need code here to parse the encoded extensions and
# convert them into X509Extension objects. This code will also be
# used in the validation code. Commenting out for now till we figure
# out how to do this.
# req.add_extensions(extensions)
pass
req.sign(pkey, 'sha256')
csr = crypto.dump_certificate_request(crypto.FILETYPE_PEM, req)
return csr
def __init__(self):
LOG.debug('Creating SecretsController')
self.validator = validators.NewSecretValidator()
self.secret_repo = repo.get_secret_repository()
self.quota_enforcer = quota.QuotaEnforcer('secrets', self.secret_repo)
def __init__(self):
self.consumer_repo = repo.get_container_consumer_repository()
self.container_repo = repo.get_container_repository()
self.secret_repo = repo.get_secret_repository()
self.validator = validators.ContainerValidator()
def test_existing_project_entities_cleanup_for_plain_secret(
self, mock_handle_success):
self._init_memory_db_setup()
secret = self._create_secret_for_project(self.project1_data)
self.assertIsNotNone(secret)
secret_id = secret.id
project1_id = self.project1_data.id
secret_repo = rep.get_secret_repository()
db_secrets = secret_repo.get_project_entities(project1_id)
self.assertEqual(1, len(db_secrets))
self.assertEqual(secret.id, db_secrets[0].id)
# Get secret_store_metadata for related secret
self.assertGreater(len(db_secrets[0].secret_store_metadata), 0)
secret_metadata_id = list(db_secrets[0].
secret_store_metadata.values())[0].id
self.assertIsNotNone(secret_metadata_id)
# Get db entry for secret_store_metadata by id to make sure its
# presence before removing via delete project task
secret_meta_repo = rep.get_secret_meta_repository()
db_secret_store_meta = secret_meta_repo.get(
entity_id=secret_metadata_id)
self.assertIsNotNone(db_secret_store_meta)
kek_repo = rep.get_kek_datum_repository()
db_kek = kek_repo.get_project_entities(project1_id)
self.assertEqual(1, len(db_kek))
# task = consumer.KeystoneEventConsumer()
result = self.task.process(project_id=self.project_id1,
resource_type='project',
operation_type='deleted')
self.assertIsNone(result, 'No return is expected as result')
mock_handle_success.assert_has_calls([])
_, kwargs = mock_handle_success.call_args
self.assertEqual(self.project_id1, kwargs['project_id'])
self.assertEqual('project', kwargs['resource_type'])
self.assertEqual('deleted', kwargs['operation_type'])
# After project entities delete, make sure secret is not found
ex = self.assertRaises(exception.NotFound, secret_repo.get,
entity_id=secret_id,
external_project_id=self.project_id1)
self.assertIn(secret_id, str(ex))
# After project entities delete, make sure kek data is not found
entities = kek_repo.get_project_entities(project1_id)
self.assertEqual(0, len(entities))
project_repo = rep.get_project_repository()
db_project = project_repo.get_project_entities(project1_id)
self.assertEqual(0, len(db_project))
# Should have deleted SecretStoreMetadatum via children delete
self.assertRaises(exception.NotFound,
secret_meta_repo.get,
entity_id=secret_metadata_id)
def __init__(self):
LOG.debug('Creating SecretsController')
self.validator = validators.NewSecretValidator()
self.secret_repo = repo.get_secret_repository()
def create_secret(project=None, session=None):
secret = models.Secret()
secret.project_id = project.id
secret_repo = repositories.get_secret_repository()
secret_repo.create_from(secret, session=session)
return secret
from OpenSSL import crypto
from barbican.common import exception as excep
from barbican.common import hrefs
from barbican.common import resources as res
from barbican.model import models
from barbican.model import repositories
from barbican.plugin.interface import certificate_manager as cert_man
from barbican.plugin.interface import secret_store
from barbican.tasks import certificate_resources as cert_res
from barbican.tasks import common
from barbican.tests import database_utils
from barbican.tests import utils
container_repo = repositories.get_container_repository()
secret_repo = repositories.get_secret_repository()
ca_repo = repositories.get_ca_repository()
project_ca_repo = repositories.get_project_ca_repository()
preferred_ca_repo = repositories.get_preferred_ca_repository()
project_repo = repositories.get_project_repository()
order_repo = repositories.get_order_repository()
class WhenPerformingPrivateOperations(utils.BaseTestCase,
utils.MockModelRepositoryMixin):
"""Tests private methods within certificate_resources.py."""
def setUp(self):
super(WhenPerformingPrivateOperations, self).setUp()
self.order_plugin_meta_repo = mock.MagicMock()
self.setup_order_plugin_meta_repository_mock(
class Secret(base.BarbicanObject, base.BarbicanPersistentObject,
object_base.VersionedObjectDictCompat):
"""This class represents Secret object"""
fields = {
'name':
fields.StringField(nullable=True),
'secret_type':
fields.StringField(nullable=True, default=utils.SECRET_TYPE_OPAQUE),
'expiration':
fields.DateTimeField(nullable=True, default=None),
'algorithm':
fields.StringField(nullable=True, default=None),
'bit_length':
fields.IntegerField(nullable=True, default=None),
'mode':
fields.StringField(nullable=True, default=None),
'creator_id':
fields.StringField(nullable=True, default=None),
'project_id':
fields.StringField(nullable=True, default=None),
'encrypted_data':
fields.ListOfObjectsField('EncryptedDatum',
default=list(),
nullable=True),
'secret_acls':
fields.ListOfObjectsField('SecretACL', default=list(), nullable=True),
'secret_store_metadata':
fields.DictOfObjectsField('SecretStoreMetadatum',
default=dict(),
nullable=True),
'secret_user_metadata':
fields.DictOfObjectsField('SecretUserMetadatum',
default=dict(),
nullable=True),
'consumers':
fields.ListOfObjectsField('SecretConsumerMetadatum',
default=list(),
nullable=True),
'status':
fields.StringField(nullable=True, default=base.States.ACTIVE)
}
db_model = models.Secret
db_repo = repo.get_secret_repository()
synthetic_fields = [
'encrypted_data', 'secret_acls', 'secret_store_metadata',
'secret_user_metadata', 'consumers'
]
@classmethod
def get_secret_list(cls,
external_project_id,
offset_arg=None,
limit_arg=None,
name=None,
alg=None,
mode=None,
bits=0,
secret_type=None,
suppress_exception=False,
session=None,
acl_only=None,
user_id=None,
created=None,
updated=None,
expiration=None,
sort=None):
secrets_db, offset, limit, total = cls.db_repo.get_secret_list(
external_project_id, offset_arg, limit_arg, name, alg, mode, bits,
secret_type, suppress_exception, session, acl_only, user_id,
created, updated, expiration, sort)
secrets_object = [
cls()._from_db_object(secret_db) for secret_db in secrets_db
]
return secrets_object, offset, limit, total
@classmethod
def get_secret_by_id(cls,
entity_id,
suppress_exception=False,
session=None):
secret_db = cls.db_repo.get_secret_by_id(entity_id, suppress_exception,
session)
return cls()._from_db_object(secret_db)
def create_secret(project=None, session=None):
secret = models.Secret()
secret.project_id = project.id
secret_repo = repositories.get_secret_repository()
secret_repo.create_from(secret, session=session)
return secret
def test_existing_project_entities_cleanup_for_plain_secret(
self, mock_handle_success):
self._init_memory_db_setup()
secret = self._create_secret_for_project(self.project1_data)
self.assertIsNotNone(secret)
secret_id = secret.id
project1_id = self.project1_data.id
secret_repo = rep.get_secret_repository()
db_secrets = secret_repo.get_project_entities(project1_id)
self.assertEqual(1, len(db_secrets))
self.assertEqual(secret.id, db_secrets[0].id)
# Get secret_store_metadata for related secret
self.assertGreater(len(db_secrets[0].secret_store_metadata), 0)
secret_metadata_id = list(
db_secrets[0].secret_store_metadata.values())[0].id
self.assertIsNotNone(secret_metadata_id)
# Get db entry for secret_store_metadata by id to make sure its
# presence before removing via delete project task
secret_meta_repo = rep.get_secret_meta_repository()
db_secret_store_meta = secret_meta_repo.get(
entity_id=secret_metadata_id)
self.assertIsNotNone(db_secret_store_meta)
kek_repo = rep.get_kek_datum_repository()
db_kek = kek_repo.get_project_entities(project1_id)
self.assertEqual(1, len(db_kek))
# task = consumer.KeystoneEventConsumer()
result = self.task.process(project_id=self.project_id1,
resource_type='project',
operation_type='deleted')
self.assertIsNone(result, 'No return is expected as result')
mock_handle_success.assert_has_calls([])
_, kwargs = mock_handle_success.call_args
self.assertEqual(self.project_id1, kwargs['project_id'])
self.assertEqual('project', kwargs['resource_type'])
self.assertEqual('deleted', kwargs['operation_type'])
# After project entities delete, make sure secret is not found
ex = self.assertRaises(exception.NotFound,
secret_repo.get,
entity_id=secret_id,
external_project_id=self.project_id1)
self.assertIn(secret_id, str(ex))
# After project entities delete, make sure kek data is not found
entities = kek_repo.get_project_entities(project1_id)
self.assertEqual(0, len(entities))
project_repo = rep.get_project_repository()
db_project = project_repo.get_project_entities(project1_id)
self.assertEqual(0, len(db_project))
# Should have deleted SecretStoreMetadatum via children delete
self.assertRaises(exception.NotFound,
secret_meta_repo.get,
entity_id=secret_metadata_id)
def __init__(self):
LOG.debug('Creating SecretsController')
self.validator = validators.NewSecretValidator()
self.secret_repo = repo.get_secret_repository()
def __init__(self, container):
LOG.debug('=== Creating ContainerSecretsController ===')
self.container = container
self.container_secret_repo = repo.get_container_secret_repository()
self.secret_repo = repo.get_secret_repository()
self.validator = validators.ContainerSecretValidator()
def __init__(self):
LOG.debug('Creating SecretsController')
self.validator = validators.NewSecretValidator()
self.secret_repo = repo.get_secret_repository()
self.quota_enforcer = quota.QuotaEnforcer('secrets', self.secret_repo)
def __init__(self):
LOG.debug('=== Creating MutualAttestationController ===')
self.secret_repo = repo.get_secret_repository()
self.quota_enforcer = quota.QuotaEnforcer('secrets', self.secret_repo)
def __init__(self):
self.consumer_repo = repo.get_container_consumer_repository()
self.container_repo = repo.get_container_repository()
self.secret_repo = repo.get_secret_repository()
self.validator = validators.ContainerValidator()