def test_secret_create_all_none(self):
"""Covers case of a POST request with no JSON data."""
test_model = secret_models.SecretModel(
**self.default_secret_create_all_none_data)
resp, secret_ref = self.behaviors.create_secret(test_model)
self.assertEqual(resp.status_code, 201)
def test_secret_create_defaults_then_expire_then_check(self):
"""Covers case where you try to retrieve a secret that is expired.
This test creates a secret that will soon expire.
After it expires, check it and verify that it is no longer
a valid secret.
"""
# create a secret that expires in 5 seconds
timestamp = utils.create_timestamp_w_tz_and_offset(seconds=5)
test_model = secret_models.SecretModel(**secret_create_defaults_data)
overrides = {"expiration": timestamp}
test_model.override_values(**overrides)
resp, secret_ref = self.behaviors.create_secret(test_model)
self.assertEqual(resp.status_code, 201)
# now get the secret - will be still valid
get_resp = self.behaviors.get_secret_metadata(secret_ref)
self.assertEqual(get_resp.status_code, 200)
# now wait 10 seconds
time.sleep(10)
# now get the secret - should be invalid (expired)
resp = self.behaviors.get_secret_metadata(secret_ref)
self.assertEqual(resp.status_code, 404)
def _create_secret_list(self,
user,
delete=False,
expiration="2050-02-28T19:14:44.180394"):
secret_defaults_data = {
"name": "AES key",
"expiration": expiration,
"algorithm": "aes",
"bit_length": 256,
"mode": "cbc",
"payload": "gF6+lLoF3ohA9aPRpt+6bQ==",
"payload_content_type": "application/octet-stream",
"payload_content_encoding": "base64",
}
secret_list = []
for i in range(0, 5):
secret_model = secret_models.SecretModel(**secret_defaults_data)
resp, secret_ref = self.sbehaviors.create_secret(secret_model,
user_name=user)
self.assertEqual(resp.status_code, 201)
self.assertIsNotNone(secret_ref)
secret_list.append(secret_ref)
if delete is True:
self._delete_secret_list(secret_list, user)
return secret_list
def test_secret_update_two_phase(self):
"""Covers updating a secret's payload data."""
# Create
test_model = secret_models.SecretModel(**self.create_two_phase_data)
resp, secret_ref = self.behaviors.create_secret(test_model)
self.assertEqual(resp.status_code, 201)
# Update
payload = "gF6+lLoF3ohA9aPRpt+6bQ=="
payload_content_type = "application/octet-stream"
payload_content_encoding = "base64"
update_resp = self.behaviors.update_secret_payload(
secret_ref,
payload=payload,
payload_content_type=payload_content_type,
payload_content_encoding=payload_content_encoding)
self.assertEqual(update_resp.status_code, 204)
# Get/Check Updated
sec_resp = self.behaviors.get_secret(
secret_ref=secret_ref, payload_content_type=payload_content_type)
self.assertEqual(sec_resp.status_code, 200)
self.assertIn('gF6+lLoF3ohA9aPRpt+6bQ==',
binascii.b2a_base64(sec_resp.content))
def test_secret_create_defaults_invalid_types_and_encoding(self, **kwargs):
"""Creating secrets with invalid payload types and encodings."""
test_model = secret_models.SecretModel(**secret_create_defaults_data)
test_model.override_values(**kwargs)
resp, secret_ref = self.behaviors.create_secret(test_model)
self.assertEqual(resp.status_code, 400)
def _create_a_secret(self):
secret_model = secret_models.SecretModel(**create_secret_defaults_data)
resp, secret_ref = self.secret_behaviors.create_secret(secret_model)
self.assertEqual(201, resp.status_code)
self.assertIsNotNone(secret_ref)
return secret_ref
def store_secret(self, user_name=creator_a, admin=admin_a):
test_model = secret_models.SecretModel(
**get_default_secret_data())
resp, secret_ref = self.secret_behaviors.create_secret(
test_model, user_name=user_name, admin=admin)
self.assertEqual(201, resp.status_code)
return secret_ref
def test_secret_acl_put_as_observer(self):
"""Observer can not put to a secret when granted access via acl"""
secret_no_payload = {
"name": "AES key",
"expiration": "2020-02-28T19:14:44.180394",
"algorithm": "aes",
"bit_length": 256,
"mode": "cbc",
}
secret_model = secret_models.SecretModel(**secret_no_payload)
resp, secret_ref = self.secret_behaviors.create_secret(
model=secret_model, user_name=creator_a)
self.set_secret_acl(secret_ref, get_rbac_plus_acl(observer_a))
# Update
payload = "gF6+lLoF3ohA9aPRpt+6bQ=="
payload_content_type = "application/octet-stream"
payload_content_encoding = "base64"
update_resp = self.secret_behaviors.update_secret_payload(
secret_ref,
user_name=observer_a,
payload=payload,
payload_content_type=payload_content_type,
payload_content_encoding=payload_content_encoding)
self.assertEqual(403, update_resp.status_code)
def test_secret_create_defaults_invalid_algorithms(self, algorithm):
"""Creates secrets with various invalid algorithms."""
test_model = secret_models.SecretModel(**secret_create_defaults_data)
overrides = {"algorithm": algorithm}
test_model.override_values(**overrides)
resp, secret_ref = self.behaviors.create_secret(test_model)
self.assertEqual(resp.status_code, 400)
def test_secret_create_defaults_invalid_mode(self, mode):
"""Covers cases of creating secrets with invalid modes."""
test_model = secret_models.SecretModel(**secret_create_defaults_data)
overrides = {"mode": mode}
test_model.override_values(**overrides)
resp, secret_ref = self.behaviors.create_secret(test_model)
self.assertEqual(resp.status_code, 400)
def test_secret_create_defaults_invalid_bit_length(self, bit_length):
"""Covers cases of creating secrets with invalid bit lengths."""
test_model = secret_models.SecretModel(**secret_create_defaults_data)
overrides = {"bit_length": bit_length}
test_model.override_values(**overrides)
resp, secret_ref = self.behaviors.create_secret(test_model)
self.assertEqual(resp.status_code, 400)
def store_passphrase(self):
passphrase = keys.get_passphrase_txt()
test_model = secret_models.SecretModel(
**get_passphrase_req(passphrase))
resp, passphrase_secret_ref = self.secret_behaviors.create_secret(
test_model)
self.assertEqual(201, resp.status_code)
return passphrase_secret_ref
def test_secret_create_defaults_valid_name(self, name):
"""Covers cases of creating secrets with valid names."""
test_model = secret_models.SecretModel(**secret_create_defaults_data)
overrides = {"name": name}
test_model.override_values(**overrides)
resp, secret_ref = self.behaviors.create_secret(test_model)
self.assertEqual(resp.status_code, 201)
def test_secret_get_invalid_mime_type(self):
"""Covers getting a secret with an invalid mime type."""
test_model = secret_models.SecretModel(**secret_create_defaults_data)
resp, secret_ref = self.behaviors.create_secret(test_model)
resp = self.behaviors.get_secret(secret_ref,
payload_content_type="i/m")
self.assertEqual(resp.status_code, 406)
def test_secret_create_defaults_invalid_mode(self, mode):
"""Covers cases of creating secrets with invalid modes."""
test_model = secret_models.SecretModel(
**self.default_secret_create_data)
test_model.mode = mode
resp, secret_ref = self.behaviors.create_secret(test_model)
self.assertEqual(resp.status_code, 400)
def test_secret_create_defaults_invalid_bit_length(self, bit_length):
"""Covers cases of creating secrets with invalid bit lengths."""
test_model = secret_models.SecretModel(
**self.default_secret_create_data)
test_model.bit_length = bit_length
resp, secret_ref = self.behaviors.create_secret(test_model)
self.assertEqual(resp.status_code, 400)
def test_secret_create_invalid_algorithms(self, algorithm):
"""Creates secrets with various invalid algorithms."""
test_model = secret_models.SecretModel(
**self.default_secret_create_data)
test_model.algorithm = algorithm
resp, secret_ref = self.behaviors.create_secret(test_model)
self.assertEqual(resp.status_code, 400)
def test_secret_create_defaults_valid_name(self, name):
"""Covers cases of creating secrets with valid names."""
test_model = secret_models.SecretModel(
**self.default_secret_create_data)
test_model.name = name
resp, secret_ref = self.behaviors.create_secret(test_model)
self.assertEqual(resp.status_code, 201)
def store_certificate(self):
pem = keys.get_certificate_pem()
test_model = secret_models.SecretModel(
**get_certificate_req(base64.b64encode(pem)))
resp, certificate_secret_ref = self.secret_behaviors.create_secret(
test_model)
self.assertEqual(201, resp.status_code)
return certificate_secret_ref
def test_secret_create_defaults_valid_payload(self, payload):
"""Create secrets with a various valid payloads."""
test_model = secret_models.SecretModel(**secret_create_defaults_data)
overrides = {"payload": payload}
test_model.override_values(**overrides)
resp, secret_ref = self.behaviors.create_secret(test_model)
self.assertEqual(resp.status_code, 201)
def store_encrypted_private_key(self):
pem = keys.get_encrypted_private_key_pem()
test_model = secret_models.SecretModel(
**get_private_key_req(base64.b64encode(pem)))
resp, private_key_secret_ref = self.secret_behaviors.create_secret(
test_model)
self.assertEqual(201, resp.status_code)
return private_key_secret_ref
def test_secret_create_with_only_content_type_no_payload(self):
"""Create secret with valid content type but no payload."""
test_model = secret_models.SecretModel(
**self.default_secret_create_all_none_data)
test_model.payload_content_type = 'application/octet-stream'
resp, secret_ref = self.behaviors.create_secret(test_model)
self.assertEqual(resp.status_code, 400)
def test_secret_create_nones_content_type(self):
"""Create secret with valid content type but no payload."""
test_model = secret_models.SecretModel(**secret_create_nones_data)
overrides = {"payload_content_type": "application/octet-stream"}
test_model.override_values(**overrides)
resp, secret_ref = self.behaviors.create_secret(test_model)
self.assertEqual(resp.status_code, 400)
def create_secrets(self, count=1, expected_return=201):
"""Utility function to create secrets"""
secret_ref = None
for _ in range(count):
test_model = secret_models.SecretModel(**self.secret_data)
resp, secret_ref = self.secret_behaviors.create_secret(
test_model, user_name=admin_b)
self.assertEqual(expected_return, resp.status_code)
return secret_ref
def test_secret_create_unauthed_no_proj_id(self):
"""Attempt to create a secret without a token or project id
Should return 401
"""
model = secret_models.SecretModel(self.default_secret_create_data)
resp, secret_ref = self.behaviors.create_secret(model, use_auth=False)
self.assertEqual(401, resp.status_code)
def test_secret_delete_minimal_secret_w_no_metadata(self):
"""Covers deleting a secret with nones data."""
test_model = secret_models.SecretModel(**self.create_all_none_data)
resp, secret_ref = self.behaviors.create_secret(test_model)
self.assertEqual(resp.status_code, 201)
del_resp = self.behaviors.delete_secret(secret_ref)
self.assertEqual(del_resp.status_code, 204)
def test_secret_delete(self):
"""Covers deleting a secret."""
test_model = secret_models.SecretModel(**self.create_default_data)
resp, secret_ref = self.behaviors.create_secret(test_model)
self.assertEqual(resp.status_code, 201)
del_resp = self.behaviors.delete_secret(secret_ref)
self.assertEqual(del_resp.status_code, 204)
def test_secret_create_defaults_invalid_expiration(self, **kwargs):
"""Create secrets with various invalid expiration data."""
timestamp = utils.create_timestamp_w_tz_and_offset(**kwargs)
test_model = secret_models.SecretModel(**secret_create_defaults_data)
overrides = {"expiration": timestamp}
test_model.override_values(**overrides)
resp, secret_ref = self.behaviors.create_secret(test_model)
self.assertEqual(resp.status_code, 400)
def create_certificate(self):
create_req = get_certificate_req("")
del create_req['payload']
del create_req['payload_content_type']
del create_req['payload_content_encoding']
test_model = secret_models.SecretModel(**create_req)
resp, certificate_secret_ref = self.secret_behaviors.create_secret(
test_model)
self.assertEqual(201, resp.status_code)
return certificate_secret_ref
def create_encrypted_private_key(self):
create_req = get_private_key_req("")
del create_req['payload']
del create_req['payload_content_type']
del create_req['payload_content_encoding']
test_model = secret_models.SecretModel(**create_req)
resp, private_key_secret_ref = self.secret_behaviors.create_secret(
test_model)
self.assertEqual(201, resp.status_code)
return private_key_secret_ref
