def create_transport_key(plugin_name="plugin",
transport_key="tkey",
session=None):
transport_key = models.TransportKey(plugin_name, transport_key)
transport_key_repo = repositories.get_transport_key_repository()
transport_key_repo.create_from(transport_key, session=session)
return transport_key
def create_transport_key(id_ref="id",
plugin_name="default_plugin",
transport_key=None):
"""Generate a transport cert entity instance."""
tkey = models.TransportKey(plugin_name, transport_key)
tkey.id = id_ref
return tkey
def test_can_create_new_secret_with_transport_key(self, mocked_store):
# TODO(jvrbanac): Look into removing this patch
mocked_store.return_value = models.Secret(), None
# Create Transport Key (keeping for session scoping reasons)
transport_key_model = models.TransportKey('default_plugin', 'tkey1234')
transport_key_id = transport_key_model.id
tkey_repo.create_from(transport_key_model)
# Create a normal secret with the TransportKey
resp, secret_uuid = create_secret(
self.app,
payload='not-encrypted',
content_type='text/plain',
transport_key_id=transport_key_id
)
self.assertEqual(201, resp.status_int)
# We're interested in the transport key values
mocked_store.assert_called_once_with(
unencrypted_raw='not-encrypted',
content_type_raw='text/plain',
content_encoding=None,
secret_model=mock.ANY,
project_model=mock.ANY,
transport_key_id=transport_key_id,
transport_key_needed=False
)
def test_can_create_new_secret_meta_w_transport_key(self, mocked_store):
transport_key_model = models.TransportKey('default_plugin', 'tkey1234')
# TODO(jvrbanac): Look into removing this patch
mocked_store.return_value = models.Secret(), transport_key_model
# Make sure to add the transport key
tkey_repo.create_from(transport_key_model)
transport_key_id = transport_key_model.id
resp, secret_uuid = create_secret(self.app,
name='test',
transport_key_needed='true')
self.assertEqual(201, resp.status_int)
self.assertIsNotNone(secret_uuid)
self.assertIn(transport_key_id, resp.json.get('transport_key_ref'))
def on_post(self, keystone_id):
LOG.debug('Start transport_keys on_post')
# TODO(alee) POST should determine the plugin name and call the
# relevant get_transport_key() call. We will implement this once
# we figure out how the plugins will be enumerated.
data = api.load_body(pecan.request, validator=self.validator)
new_key = models.TransportKey(data.get('plugin_name'),
data.get('transport_key'))
self.repo.create_from(new_key)
pecan.response.status = 201
pecan.response.headers['Location'] = '/{0}/transport_keys/{1}'.format(
keystone_id, new_key.id)
url = hrefs.convert_transport_key_to_href(keystone_id, new_key.id)
LOG.debug('URI to transport key is {0}'.format(url))
return {'transport_key_ref': url}
def _get_transport_key_model(key_spec, transport_key_needed):
key_model = None
if transport_key_needed:
# get_plugin_store() will throw an exception if no suitable
# plugin with transport key is found
plugin_manager = secret_store.get_manager()
store_plugin = plugin_manager.get_plugin_store(
key_spec=key_spec, transport_key_needed=True)
plugin_name = utils.generate_fullname_for(store_plugin)
key_repo = repos.get_transport_key_repository()
key_model = key_repo.get_latest_transport_key(plugin_name)
if not key_model or not store_plugin.is_transport_key_current(
key_model.transport_key):
# transport key does not exist or is not current.
# need to get a new transport key
transport_key = store_plugin.get_transport_key()
new_key_model = models.TransportKey(plugin_name, transport_key)
key_model = key_repo.create_from(new_key_model)
return key_model
def _init(self):
self.project_id = 'projectid1234'
self.external_project_id = 'keystone1234'
self.name = 'name1234'
secret_id = utils.generate_test_valid_uuid()
datum_id = "iddatum1"
kek_id = "idkek1"
self.secret_algorithm = "AES"
self.secret_bit_length = 256
self.secret_mode = "CBC"
self.kek_project = models.KEKDatum()
self.kek_project.id = kek_id
self.kek_project.active = True
self.kek_project.bind_completed = False
self.kek_project.kek_label = "kek_label"
self.datum = models.EncryptedDatum()
self.datum.id = datum_id
self.datum.secret_id = secret_id
self.datum.kek_id = kek_id
self.datum.kek_meta_project = self.kek_project
self.datum.content_type = "text/plain"
self.datum.cypher_text = "aaaa" # base64 value.
self.secret = create_secret(id_ref=secret_id,
name=self.name,
algorithm=self.secret_algorithm,
bit_length=self.secret_bit_length,
mode=self.secret_mode,
encrypted_datum=self.datum,
content_type=self.datum.content_type)
self.secret.secret_acls = []
self.secret.project = mock.MagicMock()
self.secret.project.external_id = self.external_project_id
# Set up mocked project
self.project = models.Project()
self.project.id = self.project_id
self.project.external_id = self.external_project_id
# Set up mocked project repo
self.project_repo = mock.MagicMock()
self.project_repo.get.return_value = self.project
self.project_repo.find_by_external_project_id.return_value = (
self.project)
self.setup_project_repository_mock(self.project_repo)
# Set up mocked secret repo
self.secret_repo = mock.Mock()
self.secret_repo.get = mock.Mock(return_value=self.secret)
self.secret_repo.get_secret_by_id = mock.Mock(return_value=self.secret)
self.secret_repo.delete_entity_by_id = mock.Mock(return_value=None)
self.setup_secret_repository_mock(self.secret_repo)
# Set up mocked encrypted datum repo
self.datum_repo = mock.MagicMock()
self.datum_repo.create_from.return_value = None
self.setup_encrypted_datum_repository_mock(self.datum_repo)
# Set up mocked kek datum repo
self.setup_kek_datum_repository_mock()
# Set up mocked secret meta repo
self.secret_meta_repo = mock.MagicMock()
self.secret_meta_repo.get_metadata_for_secret.return_value = None
self.setup_secret_meta_repository_mock(self.secret_meta_repo)
# Set up mocked transport key
self.transport_key_model = models.TransportKey("default_plugin",
"my transport key")
# Set up mocked transport key repo
self.transport_key_repo = mock.MagicMock()
self.transport_key_repo.get.return_value = self.transport_key_model
self.setup_transport_key_repository_mock(self.transport_key_repo)
self.transport_key_id = 'tkey12345'
def _init(self,
payload=b'not-encrypted',
payload_content_type='text/plain',
payload_content_encoding=None):
self.name = 'name'
self.payload = payload
self.payload_content_type = payload_content_type
self.payload_content_encoding = payload_content_encoding
self.secret_algorithm = 'AES'
self.secret_bit_length = 256
self.secret_mode = 'CBC'
self.secret_req = {
'name': self.name,
'algorithm': self.secret_algorithm,
'bit_length': self.secret_bit_length,
'creator_id': None,
'mode': self.secret_mode
}
if payload:
self.secret_req['payload'] = payload
if payload_content_type:
self.secret_req['payload_content_type'] = payload_content_type
if payload_content_encoding:
self.secret_req['payload_content_encoding'] = (
payload_content_encoding)
# Set up mocked project
self.external_project_id = 'keystone1234'
self.project_entity_id = 'tid1234'
self.project = models.Project()
self.project.id = self.project_entity_id
self.project.external_id = self.external_project_id
# Set up mocked project repo
self.project_repo = mock.MagicMock()
self.project_repo.find_by_external_project_id.return_value = (
self.project)
self.setup_project_repository_mock(self.project_repo)
# Set up mocked secret
self.secret = models.Secret()
self.secret.id = utils.generate_test_valid_uuid()
# Set up mocked secret repo
self.secret_repo = mock.MagicMock()
self.secret_repo.create_from.return_value = self.secret
self.setup_secret_repository_mock(self.secret_repo)
# Set up mocked encrypted datum repo
self.datum_repo = mock.MagicMock()
self.datum_repo.create_from.return_value = None
self.setup_encrypted_datum_repository_mock(self.datum_repo)
# Set up mocked kek datum
self.kek_datum = models.KEKDatum()
self.kek_datum.kek_label = "kek_label"
self.kek_datum.bind_completed = False
self.kek_datum.algorithm = ''
self.kek_datum.bit_length = 0
self.kek_datum.mode = ''
self.kek_datum.plugin_meta = ''
# Set up mocked kek datum repo
self.kek_repo = mock.MagicMock()
self.kek_repo.find_or_create_kek_datum.return_value = self.kek_datum
self.setup_kek_datum_repository_mock(self.kek_repo)
# Set up mocked secret meta repo
self.setup_secret_meta_repository_mock()
# Set up mocked transport key
self.transport_key = models.TransportKey('default_plugin_name',
'XXXABCDEF')
self.transport_key_id = 'tkey12345'
self.tkey_url = hrefs.convert_transport_key_to_href(
self.transport_key.id)
# Set up mocked transport key
self.setup_transport_key_repository_mock()
def _do_create_instance(self):
return models.TransportKey()
