def _store_secret_and_datum(context, secret_model, kek_datum_model, generated_dto): # Create Secret entities in data store. if not secret_model.id: secret_model.project_id = context.project_model.id repositories.get_secret_repository().create_from(secret_model) # setup and store encrypted datum datum_model = models.EncryptedDatum(secret_model, kek_datum_model) datum_model.content_type = context.content_type datum_model.cypher_text = base64.b64encode(generated_dto.cypher_text) datum_model.kek_meta_extended = generated_dto.kek_meta_extended repositories.get_encrypted_datum_repository().create_from(datum_model)
def _store_secret_and_datum( context, secret_model, kek_datum_model, generated_dto): # Create Secret entities in data store. if not secret_model.id: secret_model.project_id = context.project_model.id repositories.get_secret_repository().create_from(secret_model) # setup and store encrypted datum datum_model = models.EncryptedDatum(secret_model, kek_datum_model) datum_model.content_type = context.content_type datum_model.cypher_text = base64.b64encode(generated_dto.cypher_text) datum_model.kek_meta_extended = generated_dto.kek_meta_extended repositories.get_encrypted_datum_repository().create_from( datum_model)
def __init__(self, container): LOG.debug('=== Creating ContainerSecretsController ===') super().__init__() self.container = container self.container_secret_repo = repo.get_container_secret_repository() self.secret_repo = repo.get_secret_repository() self.validator = validators.ContainerSecretValidator()
def setUp(self): super(WhenUsingKeystoneEventConsumer, self).setUp() self.kek_repo = rep.get_kek_datum_repository() self.project_repo = rep.get_project_repository() self.secret_meta_repo = rep.get_secret_meta_repository() self.secret_repo = rep.get_secret_repository() self.transport_key_repo = rep.get_transport_key_repository()
def __init__(self): self.consumer_repo = repo.get_container_consumer_repository() self.container_repo = repo.get_container_repository() self.secret_repo = repo.get_secret_repository() self.validator = validators.ContainerValidator() self.quota_enforcer = quota.QuotaEnforcer('containers', self.container_repo)
def setUp(self): super(WhenUsingKeystoneEventConsumer, self).setUp() self.kek_repo = rep.get_kek_datum_repository() self.project_repo = rep.get_project_repository() self.secret_meta_repo = rep.get_secret_meta_repository() self.secret_repo = rep.get_secret_repository() self.transport_key_repo = rep.get_transport_key_repository()
def __init__(self): self.consumer_repo = repo.get_container_consumer_repository() self.container_repo = repo.get_container_repository() self.secret_repo = repo.get_secret_repository() self.validator = validators.ContainerValidator() self.quota_enforcer = quota.QuotaEnforcer('containers', self.container_repo)
def _generate_csr_from_private_key(order_model, project_model): """Generate a CSR from the private key. :param: order_model - order for the request :param: project_model - project for this request :return: CSR (certificate signing request) in PEM format :raise: :class:`StoredKeyPrivateKeyNotFound` if private key not found :class:`StoredKeyContainerNotFound` if container not found """ container_id, container = _get_container_from_order_meta(order_model, project_model) if not container: raise excep.StoredKeyContainerNotFound(container_id) passphrase = None private_key = None for cs in container.container_secrets: secret_repo = repos.get_secret_repository() if cs.name == "private_key": private_key_model = secret_repo.get(cs.secret_id, project_model.external_id) private_key = plugin.get_secret("application/pkcs8", private_key_model, project_model) elif cs.name == "private_key_passphrase": passphrase_model = secret_repo.get(cs.secret_id, project_model.external_id) passphrase = plugin.get_secret("text/plain;charset=utf-8", passphrase_model, project_model) passphrase = str(passphrase) if not private_key: raise excep.StoredKeyPrivateKeyNotFound(container.id) if passphrase is None: pkey = crypto.load_privatekey(crypto.FILETYPE_PEM, private_key) else: pkey = crypto.load_privatekey(crypto.FILETYPE_PEM, private_key, passphrase) subject_name = order_model.meta.get("subject_dn") subject_name_dns = ldap.dn.str2dn(subject_name) extensions = order_model.meta.get("extensions", None) req = crypto.X509Req() subj = req.get_subject() # Note: must iterate over the DNs in reverse order, or the resulting # subject name will be reversed. for ava in reversed(subject_name_dns): for key, val, extra in ava: setattr(subj, key.upper(), val) req.set_pubkey(pkey) if extensions: # TODO(alee-3) We need code here to parse the encoded extensions and # convert them into X509Extension objects. This code will also be # used in the validation code. Commenting out for now till we figure # out how to do this. # req.add_extensions(extensions) pass req.sign(pkey, "sha256") csr = crypto.dump_certificate_request(crypto.FILETYPE_PEM, req) return csr
def __init__(self, secret): LOG.debug('=== Creating SecretMetadataController ===') self.secret = secret self.secret_project_id = self.secret.project.external_id self.secret_repo = repo.get_secret_repository() self.user_meta_repo = repo.get_secret_user_meta_repository() self.metadata_validator = validators.NewSecretMetadataValidator() self.metadatum_validator = validators.NewSecretMetadatumValidator()
def __init__(self, secret): LOG.debug('=== Creating SecretMetadataController ===') self.secret = secret self.secret_project_id = self.secret.project.external_id self.secret_repo = repo.get_secret_repository() self.user_meta_repo = repo.get_secret_user_meta_repository() self.metadata_validator = validators.NewSecretMetadataValidator() self.metadatum_validator = validators.NewSecretMetadatumValidator()
def test_rollback_with_error_during_project_cleanup( self, mock_delete, mock_handle_error): self._init_memory_db_setup() secret = self._create_secret_for_project(self.project1_data) self.assertIsNotNone(secret) secret_id = secret.id project1_id = self.project1_data.id secret_repo = rep.get_secret_repository() db_secrets = secret_repo.get_project_entities(project1_id) self.assertEqual(1, len(db_secrets)) self.assertEqual(secret.id, db_secrets[0].id) kek_repo = rep.get_kek_datum_repository() db_kek = kek_repo.get_project_entities(project1_id) self.assertEqual(1, len(db_kek)) # Commit changes made so far before creating rollback scenario rep.commit() handle_error_mock = mock.MagicMock() self.task.handler_error = handle_error_mock self.assertRaises(exception.BarbicanException, self.task.process, project_id=self.project_id1, resource_type='project', operation_type='deleted') mock_handle_error.assert_called_once_with( self.project1_data, 500, mock.ANY, mock.ANY, operation_type='deleted', project_id=mock.ANY, resource_type='project', ) args, kwargs = mock_handle_error.call_args self.assertEqual(500, args[1]) self.assertEqual(self.project_id1, kwargs['project_id']) self.assertEqual('project', kwargs['resource_type']) self.assertEqual('deleted', kwargs['operation_type']) # Make sure entities are still present after rollback db_secrets = secret_repo.get_project_entities(project1_id) self.assertEqual(1, len(db_secrets)) self.assertEqual(secret_id, db_secrets[0].id) db_kek = kek_repo.get_project_entities(project1_id) self.assertEqual(1, len(db_kek)) project_repo = rep.get_project_repository() db_project = project_repo.get_project_entities(project1_id) self.assertEqual(1, len(db_project))
def __init__(self, secret): super().__init__() self.secret = secret self.secret_id = secret.id self.consumer_repo = repo.get_secret_consumer_repository() self.secret_repo = repo.get_secret_repository() self.project_repo = repo.get_project_repository() self.validator = validators.SecretConsumerValidator() self.quota_enforcer = quota.QuotaEnforcer('consumers', self.consumer_repo)
def _save_secret_in_repo(secret_model, project_model): """Save a Secret entity.""" secret_repo = repos.get_secret_repository() # Create Secret entities in data store. if not secret_model.id: secret_model.project_id = project_model.id secret_repo.create_from(secret_model) else: secret_repo.save(secret_model)
def setUp(self): super(WhenTestingSecretConsumerRepository, self).setUp() self.secret_repo = repositories.get_secret_repository() self.consumer_repo = repositories.get_secret_consumer_repository() self.session = self.consumer_repo.get_session() self.project = utils.create_project(session=self.session) self.secret = self._create_secret() self.session.commit()
def _save_secret_in_repo(secret_model, project_model): """Save a Secret entity.""" secret_repo = repos.get_secret_repository() # Create Secret entities in data store. if not secret_model.id: secret_model.project_id = project_model.id secret_repo.create_from(secret_model) else: secret_repo.save(secret_model)
def test_rollback_with_error_during_project_cleanup(self, mock_delete, mock_handle_error): self._init_memory_db_setup() secret = self._create_secret_for_project(self.project1_data) self.assertIsNotNone(secret) secret_id = secret.id project1_id = self.project1_data.id secret_repo = rep.get_secret_repository() db_secrets = secret_repo.get_project_entities(project1_id) self.assertEqual(1, len(db_secrets)) self.assertEqual(secret.id, db_secrets[0].id) kek_repo = rep.get_kek_datum_repository() db_kek = kek_repo.get_project_entities(project1_id) self.assertEqual(1, len(db_kek)) # Commit changes made so far before creating rollback scenario rep.commit() handle_error_mock = mock.MagicMock() self.task.handler_error = handle_error_mock self.assertRaises(exception.BarbicanException, self.task.process, project_id=self.project_id1, resource_type='project', operation_type='deleted') mock_handle_error.assert_called_once_with( self.project1_data, 500, mock.ANY, mock.ANY, operation_type='deleted', project_id=mock.ANY, resource_type='project', ) args, kwargs = mock_handle_error.call_args self.assertEqual(500, args[1]) self.assertEqual(self.project_id1, kwargs['project_id']) self.assertEqual('project', kwargs['resource_type']) self.assertEqual('deleted', kwargs['operation_type']) # Make sure entities are still present after rollback db_secrets = secret_repo.get_project_entities(project1_id) self.assertEqual(1, len(db_secrets)) self.assertEqual(secret_id, db_secrets[0].id) db_kek = kek_repo.get_project_entities(project1_id) self.assertEqual(1, len(db_kek)) project_repo = rep.get_project_repository() db_project = project_repo.get_project_entities(project1_id) self.assertEqual(1, len(db_project))
def _store_secret_and_datum(context, secret_model, kek_datum_model, generated_dto): # Create Secret entities in data store. if not secret_model.id: repositories.get_secret_repository().create_from(secret_model) new_assoc = models.ProjectSecret() new_assoc.project_id = context.project_model.id new_assoc.secret_id = secret_model.id new_assoc.role = "admin" new_assoc.status = models.States.ACTIVE repositories.get_project_secret_repository().create_from(new_assoc) # setup and store encrypted datum datum_model = models.EncryptedDatum(secret_model, kek_datum_model) datum_model.content_type = context.content_type datum_model.cypher_text = base64.b64encode(generated_dto.cypher_text) datum_model.kek_meta_extended = generated_dto.kek_meta_extended datum_model.secret_id = secret_model.id repositories.get_encrypted_datum_repository().create_from(datum_model)
def _store_secret_and_datum( context, secret_model, kek_datum_model, generated_dto): # Create Secret entities in data store. if not secret_model.id: repositories.get_secret_repository().create_from(secret_model) new_assoc = models.TenantSecret() new_assoc.tenant_id = context.tenant_model.id new_assoc.secret_id = secret_model.id new_assoc.role = "admin" new_assoc.status = models.States.ACTIVE repositories.get_tenant_secret_repository().create_from(new_assoc) # setup and store encrypted datum datum_model = models.EncryptedDatum(secret_model, kek_datum_model) datum_model.content_type = context.content_type datum_model.cypher_text = base64.b64encode(generated_dto.cypher_text) datum_model.kek_meta_extended = generated_dto.kek_meta_extended datum_model.secret_id = secret_model.id repositories.get_encrypted_datum_repository().create_from( datum_model)
def _create_base_secret(self): # Setup the secret and needed base relationship secret_repo = repositories.get_secret_repository() session = secret_repo.get_session() secret = secret_repo.create_from(models.Secret(), session=session) project = models.Project() project.external_id = "keystone_project_id" project.save(session=session) project_secret = models.ProjectSecret() project_secret.secret_id = secret.id project_secret.project_id = project.id project_secret.save(session=session) session.commit() return secret
def _save_secret(secret_model, project_model): """Save a Secret entity.""" secret_repo = repos.get_secret_repository() # Create Secret entities in data store. if not secret_model.id: secret_repo.create_from(secret_model) new_assoc = models.ProjectSecret() new_assoc.project_id = project_model.id new_assoc.secret_id = secret_model.id new_assoc.role = "admin" new_assoc.status = models.States.ACTIVE project_secret_repo = repos.get_project_secret_repository() project_secret_repo.create_from(new_assoc) else: secret_repo.save(secret_model)
def _create_base_secret(self, project_id=None): # Setup the secret and needed base relationship secret_repo = repositories.get_secret_repository() session = secret_repo.get_session() if project_id is None: # don't re-create project if it created earlier project = models.Project() project.external_id = "keystone_project_id" project.save(session=session) project_id = project.id secret_model = models.Secret() secret_model.project_id = project_id secret = secret_repo.create_from(secret_model, session=session) secret.save(session=session) session.commit() return secret
def _create_base_secret(self, project_id=None): # Setup the secret and needed base relationship secret_repo = repositories.get_secret_repository() session = secret_repo.get_session() if project_id is None: # don't re-create project if it created earlier project = models.Project() project.external_id = "keystone_project_id" project.save(session=session) project_id = project.id secret_model = models.Secret() secret_model.project_id = project_id secret = secret_repo.create_from(secret_model, session=session) secret.save(session=session) session.commit() return secret
def delete_secret(secret_model, project_id): """Remove a secret from secure backend.""" secret_metadata = _get_secret_meta(secret_model) # We should only try to delete a secret using the plugin interface if # there's the metadata available. This addresses bug/1377330. if secret_metadata: # Locate a suitable plugin to delete the secret from. plugin_manager = secret_store.get_manager() delete_plugin = plugin_manager.get_plugin_retrieve_delete( secret_metadata.get('plugin_name')) # Delete the secret from plugin storage. delete_plugin.delete_secret(secret_metadata) # Delete the secret from data model. secret_repo = repos.get_secret_repository() secret_repo.delete_entity_by_id(entity_id=secret_model.id, external_project_id=project_id)
def delete_secret(secret_model, project_id): """Remove a secret from secure backend.""" secret_metadata = _get_secret_meta(secret_model) # We should only try to delete a secret using the plugin interface if # there's the metadata available. This addresses bug/1377330. if secret_metadata: # Locate a suitable plugin to delete the secret from. plugin_manager = secret_store.get_manager() delete_plugin = plugin_manager.get_plugin_retrieve_delete( secret_metadata.get('plugin_name')) # Delete the secret from plugin storage. delete_plugin.delete_secret(secret_metadata) # Delete the secret from data model. secret_repo = repos.get_secret_repository() secret_repo.delete_entity_by_id(entity_id=secret_model.id, external_project_id=project_id)
def _generate_csr(order_model, project_model): """Generate a CSR from the public key. :param: order_model - order for the request :param: project_model - project for this request :return: CSR (certificate signing request) in PEM format :raise: :class:`StoredKeyPrivateKeyNotFound` if private key not found :class:`StoredKeyContainerNotFound` if container not found """ container_ref = order_model.meta.get('container_ref') # extract container_id as the last part of the URL container_id = hrefs.get_container_id_from_ref(container_ref) container_repo = repos.get_container_repository() container = container_repo.get(container_id, project_model.external_id, suppress_exception=True) if not container: raise excep.StoredKeyContainerNotFound(container_id) passphrase = None private_key = None for cs in container.container_secrets: secret_repo = repos.get_secret_repository() if cs.name == 'private_key': private_key_model = secret_repo.get(cs.secret_id, project_model.external_id) private_key = plugin.get_secret('application/pkcs8', private_key_model, project_model) elif cs.name == 'private_key_passphrase': passphrase_model = secret_repo.get(cs.secret_id, project_model.external_id) passphrase = plugin.get_secret('text/plain;charset=utf-8', passphrase_model, project_model) passphrase = str(passphrase) if not private_key: raise excep.StoredKeyPrivateKeyNotFound(container_id) if passphrase is None: pkey = crypto.load_privatekey(crypto.FILETYPE_PEM, private_key) else: pkey = crypto.load_privatekey(crypto.FILETYPE_PEM, private_key, passphrase) subject_name = order_model.meta.get('subject_dn') subject_name_dns = ldap.dn.str2dn(subject_name) extensions = order_model.meta.get('extensions', None) req = crypto.X509Req() subj = req.get_subject() # Note: must iterate over the DNs in reverse order, or the resulting # subject name will be reversed. for ava in reversed(subject_name_dns): for key, val, extra in ava: setattr(subj, key.upper(), val) req.set_pubkey(pkey) if extensions: # TODO(alee-3) We need code here to parse the encoded extensions and # convert them into X509Extension objects. This code will also be # used in the validation code. Commenting out for now till we figure # out how to do this. # req.add_extensions(extensions) pass req.sign(pkey, 'sha256') csr = crypto.dump_certificate_request(crypto.FILETYPE_PEM, req) return csr
def __init__(self): LOG.debug('Creating SecretsController') self.validator = validators.NewSecretValidator() self.secret_repo = repo.get_secret_repository() self.quota_enforcer = quota.QuotaEnforcer('secrets', self.secret_repo)
def __init__(self): self.consumer_repo = repo.get_container_consumer_repository() self.container_repo = repo.get_container_repository() self.secret_repo = repo.get_secret_repository() self.validator = validators.ContainerValidator()
def test_existing_project_entities_cleanup_for_plain_secret( self, mock_handle_success): self._init_memory_db_setup() secret = self._create_secret_for_project(self.project1_data) self.assertIsNotNone(secret) secret_id = secret.id project1_id = self.project1_data.id secret_repo = rep.get_secret_repository() db_secrets = secret_repo.get_project_entities(project1_id) self.assertEqual(1, len(db_secrets)) self.assertEqual(secret.id, db_secrets[0].id) # Get secret_store_metadata for related secret self.assertGreater(len(db_secrets[0].secret_store_metadata), 0) secret_metadata_id = list(db_secrets[0]. secret_store_metadata.values())[0].id self.assertIsNotNone(secret_metadata_id) # Get db entry for secret_store_metadata by id to make sure its # presence before removing via delete project task secret_meta_repo = rep.get_secret_meta_repository() db_secret_store_meta = secret_meta_repo.get( entity_id=secret_metadata_id) self.assertIsNotNone(db_secret_store_meta) kek_repo = rep.get_kek_datum_repository() db_kek = kek_repo.get_project_entities(project1_id) self.assertEqual(1, len(db_kek)) # task = consumer.KeystoneEventConsumer() result = self.task.process(project_id=self.project_id1, resource_type='project', operation_type='deleted') self.assertIsNone(result, 'No return is expected as result') mock_handle_success.assert_has_calls([]) _, kwargs = mock_handle_success.call_args self.assertEqual(self.project_id1, kwargs['project_id']) self.assertEqual('project', kwargs['resource_type']) self.assertEqual('deleted', kwargs['operation_type']) # After project entities delete, make sure secret is not found ex = self.assertRaises(exception.NotFound, secret_repo.get, entity_id=secret_id, external_project_id=self.project_id1) self.assertIn(secret_id, str(ex)) # After project entities delete, make sure kek data is not found entities = kek_repo.get_project_entities(project1_id) self.assertEqual(0, len(entities)) project_repo = rep.get_project_repository() db_project = project_repo.get_project_entities(project1_id) self.assertEqual(0, len(db_project)) # Should have deleted SecretStoreMetadatum via children delete self.assertRaises(exception.NotFound, secret_meta_repo.get, entity_id=secret_metadata_id)
def __init__(self): LOG.debug('Creating SecretsController') self.validator = validators.NewSecretValidator() self.secret_repo = repo.get_secret_repository()
def create_secret(project=None, session=None): secret = models.Secret() secret.project_id = project.id secret_repo = repositories.get_secret_repository() secret_repo.create_from(secret, session=session) return secret
from OpenSSL import crypto from barbican.common import exception as excep from barbican.common import hrefs from barbican.common import resources as res from barbican.model import models from barbican.model import repositories from barbican.plugin.interface import certificate_manager as cert_man from barbican.plugin.interface import secret_store from barbican.tasks import certificate_resources as cert_res from barbican.tasks import common from barbican.tests import database_utils from barbican.tests import utils container_repo = repositories.get_container_repository() secret_repo = repositories.get_secret_repository() ca_repo = repositories.get_ca_repository() project_ca_repo = repositories.get_project_ca_repository() preferred_ca_repo = repositories.get_preferred_ca_repository() project_repo = repositories.get_project_repository() order_repo = repositories.get_order_repository() class WhenPerformingPrivateOperations(utils.BaseTestCase, utils.MockModelRepositoryMixin): """Tests private methods within certificate_resources.py.""" def setUp(self): super(WhenPerformingPrivateOperations, self).setUp() self.order_plugin_meta_repo = mock.MagicMock() self.setup_order_plugin_meta_repository_mock(
class Secret(base.BarbicanObject, base.BarbicanPersistentObject, object_base.VersionedObjectDictCompat): """This class represents Secret object""" fields = { 'name': fields.StringField(nullable=True), 'secret_type': fields.StringField(nullable=True, default=utils.SECRET_TYPE_OPAQUE), 'expiration': fields.DateTimeField(nullable=True, default=None), 'algorithm': fields.StringField(nullable=True, default=None), 'bit_length': fields.IntegerField(nullable=True, default=None), 'mode': fields.StringField(nullable=True, default=None), 'creator_id': fields.StringField(nullable=True, default=None), 'project_id': fields.StringField(nullable=True, default=None), 'encrypted_data': fields.ListOfObjectsField('EncryptedDatum', default=list(), nullable=True), 'secret_acls': fields.ListOfObjectsField('SecretACL', default=list(), nullable=True), 'secret_store_metadata': fields.DictOfObjectsField('SecretStoreMetadatum', default=dict(), nullable=True), 'secret_user_metadata': fields.DictOfObjectsField('SecretUserMetadatum', default=dict(), nullable=True), 'consumers': fields.ListOfObjectsField('SecretConsumerMetadatum', default=list(), nullable=True), 'status': fields.StringField(nullable=True, default=base.States.ACTIVE) } db_model = models.Secret db_repo = repo.get_secret_repository() synthetic_fields = [ 'encrypted_data', 'secret_acls', 'secret_store_metadata', 'secret_user_metadata', 'consumers' ] @classmethod def get_secret_list(cls, external_project_id, offset_arg=None, limit_arg=None, name=None, alg=None, mode=None, bits=0, secret_type=None, suppress_exception=False, session=None, acl_only=None, user_id=None, created=None, updated=None, expiration=None, sort=None): secrets_db, offset, limit, total = cls.db_repo.get_secret_list( external_project_id, offset_arg, limit_arg, name, alg, mode, bits, secret_type, suppress_exception, session, acl_only, user_id, created, updated, expiration, sort) secrets_object = [ cls()._from_db_object(secret_db) for secret_db in secrets_db ] return secrets_object, offset, limit, total @classmethod def get_secret_by_id(cls, entity_id, suppress_exception=False, session=None): secret_db = cls.db_repo.get_secret_by_id(entity_id, suppress_exception, session) return cls()._from_db_object(secret_db)
def create_secret(project=None, session=None): secret = models.Secret() secret.project_id = project.id secret_repo = repositories.get_secret_repository() secret_repo.create_from(secret, session=session) return secret
def test_existing_project_entities_cleanup_for_plain_secret( self, mock_handle_success): self._init_memory_db_setup() secret = self._create_secret_for_project(self.project1_data) self.assertIsNotNone(secret) secret_id = secret.id project1_id = self.project1_data.id secret_repo = rep.get_secret_repository() db_secrets = secret_repo.get_project_entities(project1_id) self.assertEqual(1, len(db_secrets)) self.assertEqual(secret.id, db_secrets[0].id) # Get secret_store_metadata for related secret self.assertGreater(len(db_secrets[0].secret_store_metadata), 0) secret_metadata_id = list( db_secrets[0].secret_store_metadata.values())[0].id self.assertIsNotNone(secret_metadata_id) # Get db entry for secret_store_metadata by id to make sure its # presence before removing via delete project task secret_meta_repo = rep.get_secret_meta_repository() db_secret_store_meta = secret_meta_repo.get( entity_id=secret_metadata_id) self.assertIsNotNone(db_secret_store_meta) kek_repo = rep.get_kek_datum_repository() db_kek = kek_repo.get_project_entities(project1_id) self.assertEqual(1, len(db_kek)) # task = consumer.KeystoneEventConsumer() result = self.task.process(project_id=self.project_id1, resource_type='project', operation_type='deleted') self.assertIsNone(result, 'No return is expected as result') mock_handle_success.assert_has_calls([]) _, kwargs = mock_handle_success.call_args self.assertEqual(self.project_id1, kwargs['project_id']) self.assertEqual('project', kwargs['resource_type']) self.assertEqual('deleted', kwargs['operation_type']) # After project entities delete, make sure secret is not found ex = self.assertRaises(exception.NotFound, secret_repo.get, entity_id=secret_id, external_project_id=self.project_id1) self.assertIn(secret_id, str(ex)) # After project entities delete, make sure kek data is not found entities = kek_repo.get_project_entities(project1_id) self.assertEqual(0, len(entities)) project_repo = rep.get_project_repository() db_project = project_repo.get_project_entities(project1_id) self.assertEqual(0, len(db_project)) # Should have deleted SecretStoreMetadatum via children delete self.assertRaises(exception.NotFound, secret_meta_repo.get, entity_id=secret_metadata_id)
def __init__(self): LOG.debug('Creating SecretsController') self.validator = validators.NewSecretValidator() self.secret_repo = repo.get_secret_repository()
def __init__(self, container): LOG.debug('=== Creating ContainerSecretsController ===') self.container = container self.container_secret_repo = repo.get_container_secret_repository() self.secret_repo = repo.get_secret_repository() self.validator = validators.ContainerSecretValidator()
def __init__(self): LOG.debug('Creating SecretsController') self.validator = validators.NewSecretValidator() self.secret_repo = repo.get_secret_repository() self.quota_enforcer = quota.QuotaEnforcer('secrets', self.secret_repo)
def __init__(self): LOG.debug('=== Creating MutualAttestationController ===') self.secret_repo = repo.get_secret_repository() self.quota_enforcer = quota.QuotaEnforcer('secrets', self.secret_repo)
def __init__(self): self.consumer_repo = repo.get_container_consumer_repository() self.container_repo = repo.get_container_repository() self.secret_repo = repo.get_secret_repository() self.validator = validators.ContainerValidator()