def test_censored_copy(self):
d1 = {'a': '1', 'password': '******', 'payload': 'my_key',
'b': '2'}
d2 = base.censored_copy(d1, None)
self.assertEqual(d1, d2, 'd2 contents are unchanged')
self.assertFalse(d1 is d2, 'd1 and d2 are different instances')
d3 = base.censored_copy(d1, ['payload'])
self.assertNotEqual(d1, d3, 'd3 has redacted payload value')
self.assertNotEqual(d3['payload'], 'my_key', 'no key in payload')
def test_censored_copy(self):
d1 = {
'a': '1',
'password': '******',
'payload': 'my_key',
'b': '2'
}
d2 = base.censored_copy(d1, None)
self.assertEqual(d1, d2, 'd2 contents are unchanged')
self.assertFalse(d1 is d2, 'd1 and d2 are different instances')
d3 = base.censored_copy(d1, ['payload'])
self.assertNotEqual(d1, d3, 'd3 has redacted payload value')
self.assertNotEqual(d3['payload'], 'my_key', 'no key in payload')
def store(self):
"""
Stores the Secret in Barbican. New Secret objects are not persisted
in Barbican until this method is called.
:raises: PayloadException
"""
secret_dict = {
'name': self.name,
'algorithm': self.algorithm,
'mode': self.mode,
'bit_length': self.bit_length,
'secret_type': self.secret_type,
'expiration': self.expiration
}
if self.payload == '':
raise exceptions.PayloadException("Invalid Payload: "
"Cannot Be Empty String")
if self.payload is not None and not isinstance(
self.payload, (six.text_type, six.binary_type)):
raise exceptions.PayloadException("Invalid Payload Type")
if self.payload_content_type or self.payload_content_encoding:
"""
Setting the payload_content_type and payload_content_encoding
manually is deprecated. This clause of the if statement is here
for backwards compatibility and should be removed in a future
release.
"""
secret_dict['payload'] = self.payload
secret_dict['payload_content_type'] = self.payload_content_type
secret_dict['payload_content_encoding'] = (
self.payload_content_encoding)
elif type(self.payload) is six.binary_type:
"""
six.binary_type is stored as application/octet-stream
and it is base64 encoded for a one-step POST
"""
secret_dict['payload'] = (base64.b64encode(
self.payload)).decode('UTF-8')
secret_dict['payload_content_type'] = u'application/octet-stream'
secret_dict['payload_content_encoding'] = u'base64'
elif type(self.payload) is six.text_type:
"""
six.text_type is stored as text/plain
"""
secret_dict['payload'] = self.payload
secret_dict['payload_content_type'] = u'text/plain'
secret_dict = base.filter_null_keys(secret_dict)
LOG.debug("Request body: {0}".format(
base.censored_copy(secret_dict, ['payload'])))
# Save, store secret_ref and return
response = self._api.post(self._entity, json=secret_dict)
if response:
self._secret_ref = response.get('secret_ref')
return self.secret_ref
def _get_secrets_and_store_them_if_necessary(self):
# Save all secrets if they are not yet saved
LOG.debug("Storing secrets: {0}".format(
base.censored_copy(self.secrets, ['payload'])))
secret_refs = []
for name, secret in self.secrets.items():
if secret and not secret.secret_ref:
secret.store()
secret_refs.append({'name': name, 'secret_ref': secret.secret_ref})
return secret_refs
def _get_secrets_and_store_them_if_necessary(self):
# Save all secrets if they are not yet saved
LOG.debug("Storing secrets: {0}".format(base.censored_copy(
self.secrets, ['payload'])))
secret_refs = []
for name, secret in self.secrets.items():
if secret and not secret.secret_ref:
secret.store()
secret_refs.append({'name': name, 'secret_ref': secret.secret_ref})
return secret_refs
def store(self):
"""Stores the Secret in Barbican.
New Secret objects are not persisted in Barbican until this method
is called.
:raises: PayloadException
"""
secret_dict = {
'name': self.name,
'algorithm': self.algorithm,
'mode': self.mode,
'bit_length': self.bit_length,
'secret_type': self.secret_type,
'expiration': self.expiration
}
if self.payload == '':
raise exceptions.PayloadException("Invalid Payload: "
"Cannot Be Empty String")
if self.payload is not None and not isinstance(self.payload,
(six.text_type,
six.binary_type)):
raise exceptions.PayloadException("Invalid Payload Type")
if self.payload_content_type or self.payload_content_encoding:
'''
Setting the payload_content_type and payload_content_encoding
manually is deprecated. This clause of the if statement is here
for backwards compatibility and should be removed in a future
release.
'''
secret_dict['payload'] = self.payload
secret_dict['payload_content_type'] = self.payload_content_type
secret_dict['payload_content_encoding'] = (
self.payload_content_encoding
)
elif type(self.payload) is six.binary_type:
'''
six.binary_type is stored as application/octet-stream
and it is base64 encoded for a one-step POST
'''
secret_dict['payload'] = (
base64.b64encode(self.payload)
).decode('UTF-8')
secret_dict['payload_content_type'] = u'application/octet-stream'
secret_dict['payload_content_encoding'] = u'base64'
elif type(self.payload) is six.text_type:
'''
six.text_type is stored as text/plain
'''
secret_dict['payload'] = self.payload
secret_dict['payload_content_type'] = u'text/plain'
secret_dict = base.filter_null_keys(secret_dict)
LOG.debug("Request body: {0}".format(base.censored_copy(secret_dict,
['payload'])))
# Save, store secret_ref and return
response = self._api.post(self._entity, json=secret_dict)
if response:
self._secret_ref = response.get('secret_ref')
return self.secret_ref
