def test_censored_copy(self): d1 = {'a': '1', 'password': '******', 'payload': 'my_key', 'b': '2'} d2 = base.censored_copy(d1, None) self.assertEqual(d1, d2, 'd2 contents are unchanged') self.assertFalse(d1 is d2, 'd1 and d2 are different instances') d3 = base.censored_copy(d1, ['payload']) self.assertNotEqual(d1, d3, 'd3 has redacted payload value') self.assertNotEqual(d3['payload'], 'my_key', 'no key in payload')
def test_censored_copy(self): d1 = { 'a': '1', 'password': '******', 'payload': 'my_key', 'b': '2' } d2 = base.censored_copy(d1, None) self.assertEqual(d1, d2, 'd2 contents are unchanged') self.assertFalse(d1 is d2, 'd1 and d2 are different instances') d3 = base.censored_copy(d1, ['payload']) self.assertNotEqual(d1, d3, 'd3 has redacted payload value') self.assertNotEqual(d3['payload'], 'my_key', 'no key in payload')
def store(self): """ Stores the Secret in Barbican. New Secret objects are not persisted in Barbican until this method is called. :raises: PayloadException """ secret_dict = { 'name': self.name, 'algorithm': self.algorithm, 'mode': self.mode, 'bit_length': self.bit_length, 'secret_type': self.secret_type, 'expiration': self.expiration } if self.payload == '': raise exceptions.PayloadException("Invalid Payload: " "Cannot Be Empty String") if self.payload is not None and not isinstance( self.payload, (six.text_type, six.binary_type)): raise exceptions.PayloadException("Invalid Payload Type") if self.payload_content_type or self.payload_content_encoding: """ Setting the payload_content_type and payload_content_encoding manually is deprecated. This clause of the if statement is here for backwards compatibility and should be removed in a future release. """ secret_dict['payload'] = self.payload secret_dict['payload_content_type'] = self.payload_content_type secret_dict['payload_content_encoding'] = ( self.payload_content_encoding) elif type(self.payload) is six.binary_type: """ six.binary_type is stored as application/octet-stream and it is base64 encoded for a one-step POST """ secret_dict['payload'] = (base64.b64encode( self.payload)).decode('UTF-8') secret_dict['payload_content_type'] = u'application/octet-stream' secret_dict['payload_content_encoding'] = u'base64' elif type(self.payload) is six.text_type: """ six.text_type is stored as text/plain """ secret_dict['payload'] = self.payload secret_dict['payload_content_type'] = u'text/plain' secret_dict = base.filter_null_keys(secret_dict) LOG.debug("Request body: {0}".format( base.censored_copy(secret_dict, ['payload']))) # Save, store secret_ref and return response = self._api.post(self._entity, json=secret_dict) if response: self._secret_ref = response.get('secret_ref') return self.secret_ref
def _get_secrets_and_store_them_if_necessary(self): # Save all secrets if they are not yet saved LOG.debug("Storing secrets: {0}".format( base.censored_copy(self.secrets, ['payload']))) secret_refs = [] for name, secret in self.secrets.items(): if secret and not secret.secret_ref: secret.store() secret_refs.append({'name': name, 'secret_ref': secret.secret_ref}) return secret_refs
def _get_secrets_and_store_them_if_necessary(self): # Save all secrets if they are not yet saved LOG.debug("Storing secrets: {0}".format(base.censored_copy( self.secrets, ['payload']))) secret_refs = [] for name, secret in self.secrets.items(): if secret and not secret.secret_ref: secret.store() secret_refs.append({'name': name, 'secret_ref': secret.secret_ref}) return secret_refs
def store(self): """Stores the Secret in Barbican. New Secret objects are not persisted in Barbican until this method is called. :raises: PayloadException """ secret_dict = { 'name': self.name, 'algorithm': self.algorithm, 'mode': self.mode, 'bit_length': self.bit_length, 'secret_type': self.secret_type, 'expiration': self.expiration } if self.payload == '': raise exceptions.PayloadException("Invalid Payload: " "Cannot Be Empty String") if self.payload is not None and not isinstance(self.payload, (six.text_type, six.binary_type)): raise exceptions.PayloadException("Invalid Payload Type") if self.payload_content_type or self.payload_content_encoding: ''' Setting the payload_content_type and payload_content_encoding manually is deprecated. This clause of the if statement is here for backwards compatibility and should be removed in a future release. ''' secret_dict['payload'] = self.payload secret_dict['payload_content_type'] = self.payload_content_type secret_dict['payload_content_encoding'] = ( self.payload_content_encoding ) elif type(self.payload) is six.binary_type: ''' six.binary_type is stored as application/octet-stream and it is base64 encoded for a one-step POST ''' secret_dict['payload'] = ( base64.b64encode(self.payload) ).decode('UTF-8') secret_dict['payload_content_type'] = u'application/octet-stream' secret_dict['payload_content_encoding'] = u'base64' elif type(self.payload) is six.text_type: ''' six.text_type is stored as text/plain ''' secret_dict['payload'] = self.payload secret_dict['payload_content_type'] = u'text/plain' secret_dict = base.filter_null_keys(secret_dict) LOG.debug("Request body: {0}".format(base.censored_copy(secret_dict, ['payload']))) # Save, store secret_ref and return response = self._api.post(self._entity, json=secret_dict) if response: self._secret_ref = response.get('secret_ref') return self.secret_ref