def test_should_get_count_one_after_delete(self): session = self.repo.get_session() project = models.Project() project.external_id = "my keystone id" project.save(session=session) container_model = models.Container() container_model.project_id = project.id self.repo.create_from(container_model, session=session) container_model = models.Container() container_model.project_id = project.id self.repo.create_from(container_model, session=session) session.commit() count = self.repo.get_count(project.id, session=session) self.assertEqual(2, count) self.repo.delete_entity_by_id(container_model.id, "my keystone id", session=session) session.commit() count = self.repo.get_count(project.id, session=session) self.assertEqual(1, count)
def test_parse_secret_ref_uri(self): self.parsed_container['secret_refs'][0]['secret_ref'] =\ 'http://localhost:9110/123/secrets/123456' container = models.Container(self.parsed_container) self.assertEqual(container.container_secrets[0].secret_id, '123456') self.parsed_container['secret_refs'][0]['secret_ref'] =\ 'http://localhost:9110/123/secrets/123456/' container = models.Container(self.parsed_container) self.assertEqual(container.container_secrets[0].secret_id, '123456')
def test_should_update_with_duplicate_consumer(self): session = self.repo.get_session() project = models.Project() project.external_id = "my keystone id" project.save(session=session) container = models.Container() container.project_id = project.id container.save(session=session) # Create a consumer. consumer = models.ContainerConsumerMetadatum( container.id, project.id, {'name': 'name', 'URL': 'www.foo.com'}) consumer.save(session=session) # Commit things so far, because the 'create_or_update_from' call below # will handle consumer metadata with same composite key items already # existing, and then rollback this session's transaction, which would # remove the items added above and result in a not-found error below. session.commit() # Try to create a consumer on the container...should re-use the # one added above. consumer2 = models.ContainerConsumerMetadatum( container.id, project.id, {'name': 'name', 'URL': 'www.foo.com'}) self.repo.create_or_update_from(consumer2, container, session=session) container2 = self.repo_container.get( container.id, project.external_id, session=session) self.assertEqual(1, len(container2.consumers))
def test_new_container_is_created_from_dict(self): container = models.Container(self.parsed_container) self.assertEqual(self.parsed_container['name'], container.name) self.assertEqual(self.parsed_container['type'], container.type) self.assertEqual(self.parsed_container['creator_id'], container.creator_id) self.assertEqual(len(self.parsed_container['secret_refs']), len(container.container_secrets)) self.assertEqual(self.parsed_container['secret_refs'][0]['name'], container.container_secrets[0].name) self.assertEqual(self.parsed_container['secret_refs'][0]['secret_ref'], container.container_secrets[0].secret_id) self.assertEqual(self.parsed_container['secret_refs'][1]['name'], container.container_secrets[1].name) self.assertEqual(self.parsed_container['secret_refs'][1]['secret_ref'], container.container_secrets[1].secret_id) self.assertEqual(self.parsed_container['secret_refs'][2]['name'], container.container_secrets[2].name) self.assertEqual(self.parsed_container['secret_refs'][2]['secret_ref'], container.container_secrets[2].secret_id) fields = container.to_dict_fields() self.assertEqual(self.parsed_container['name'], fields['name']) self.assertEqual(self.parsed_container['type'], fields['type']) self.assertEqual(self.parsed_container['creator_id'], fields['creator_id'])
def on_post(self, keystone_id): tenant = res.get_or_create_tenant(keystone_id, self.tenant_repo) data = api.load_body(pecan.request, validator=self.validator) LOG.debug('Start on_post...{0}'.format(data)) new_container = models.Container(data) new_container.tenant_id = tenant.id #TODO(hgedikli): performance optimizations for secret_ref in new_container.container_secrets: secret = self.secret_repo.get(entity_id=secret_ref.secret_id, keystone_id=keystone_id, suppress_exception=True) if not secret: # This only partially localizes the error message and # doesn't localize secret_ref.name. pecan.abort( 404, u._("Secret provided for '{0}' doesn't" " exist.").format(secret_ref.name)) self.container_repo.create_from(new_container) pecan.response.status = 202 pecan.response.headers['Location'] = '/{0}/containers/{1}'.format( keystone_id, new_container.id) url = controllers.hrefs.convert_container_to_href( keystone_id, new_container.id) return {'container_ref': url}
def test_new_certificate_container_is_created_from_dict(self): self.parsed_container['type'] = 'certificate' container = models.Container(self.parsed_container) self.assertEqual(self.parsed_container['name'], container.name) self.assertEqual(self.parsed_container['type'], container.type) self.assertEqual(self.parsed_container['creator_id'], container.creator_id) self.assertEqual(len(self.parsed_container['secret_refs']), len(container.container_secrets)) self.assertEqual(self.parsed_container['secret_refs'][0]['name'], container.container_secrets[0].name) self.assertEqual(self.parsed_container['secret_refs'][0]['secret_ref'], container.container_secrets[0].secret_id) self.assertEqual( self.parsed_container['secret_refs'][1]['name'], container.container_secrets[1].name, ) self.assertEqual(self.parsed_container['secret_refs'][1]['secret_ref'], container.container_secrets[1].secret_id) self.assertEqual(self.parsed_container['secret_refs'][2]['name'], container.container_secrets[2].name) self.assertEqual(self.parsed_container['secret_refs'][2]['secret_ref'], container.container_secrets[2].secret_id)
def on_post(self, req, resp, keystone_id): tenant = res.get_or_create_tenant(keystone_id, self.tenant_repo) data = api.load_body(req, resp, self.validator) LOG.debug('Start on_post...{0}'.format(data)) new_container = models.Container(data) new_container.tenant_id = tenant.id #TODO: (hgedikli) performance optimizations for secret_ref in new_container.container_secrets: secret = self.secret_repo.get(entity_id=secret_ref.secret_id, keystone_id=keystone_id, suppress_exception=True) if not secret: api.abort(falcon.HTTP_404, u._("Secret provided for '%s'" " doesn't exist." % secret_ref.name), req, resp) self.container_repo.create_from(new_container) resp.status = falcon.HTTP_202 resp.set_header('Location', '/{0}/containers/{1}'.format(keystone_id, new_container.id)) url = convert_container_to_href(keystone_id, new_container.id) resp.body = json.dumps({'container_ref': url})
def test_should_raise_constraint_create_same_composite_key_no_id(self): session = self.repo.get_session() project = models.Project() project.external_id = "my keystone id" project.save(session=session) container = models.Container() container.project_id = project.id container.save(session=session) # Create a consumer. consumer = models.ContainerConsumerMetadatum( container.id, project.id, {'name': 'name', 'URL': 'www.foo.com'}) consumer.save(session=session) # Commit things so far, because the 'create_from' call below will # handle consumer metadata with same composite key items already # existing, and then rollback this session's transaction, which would # remove the items added above and result in a not-found error below. session.commit() # Create a new entity with the same composite key as the first one. consumer2 = models.ContainerConsumerMetadatum( container.id, project.id, {'name': 'name', 'URL': 'www.foo.com'}) exception_result = self.assertRaises( exception.ConstraintCheck, self.repo.create_from, consumer2, session=session) self.assertIn( "SQL constraint check failed", six.text_type(exception_result))
def test_should_get_count_one_after_delete(self): session = self.repo.get_session() project = models.Project() project.external_id = "my keystone id" project.save(session=session) container = models.Container() container.project_id = project.id container.save(session=session) consumer = models.ContainerConsumerMetadatum( container.id, project.id, {'name': 'name1', 'URL': 'www.foo.com'}) consumer.save(session=session) consumer = models.ContainerConsumerMetadatum( container.id, project.id, {'name': 'name2', 'URL': 'www.foo.com'}) consumer.save(session=session) session.commit() count = self.repo.get_count(project.id, session=session) self.assertEqual(2, count) self.repo.delete_entity_by_id(consumer.id, "my keystone id", session=session) session.commit() count = self.repo.get_count(project.id, session=session) self.assertEqual(1, count)
def setUp(self): super(BaseOrderTestCase, self).setUp() self.requestor = 'requestor1234' self.order = models.Order() self.order.id = "id1" self.order.requestor = self.requestor self.order.type = "key" self.meta = { 'name': 'name', 'payload_content_type': 'application/octet-stream', 'algorithm': 'AES', 'bit_length': 256, 'expiration': timeutils.utcnow(), 'mode': 'CBC' } self.order.meta = self.meta self.external_project_id = 'keystone1234' self.project_id = 'projectid1234' self.project = models.Project() self.project.id = self.project_id self.project.external_id = self.external_project_id self.project_repo = mock.MagicMock() self.project_repo.get.return_value = self.project self.setup_project_repository_mock(self.project_repo) self.order.status = models.States.PENDING self.order.id = 'orderid1234' self.order.project_id = self.project_id self.order_repo = mock.MagicMock() self.order_repo.get.return_value = self.order self.setup_order_repository_mock(self.order_repo) self.setup_order_plugin_meta_repository_mock() self.setup_order_barbican_meta_repository_mock() self.secret = models.Secret() self.secret_repo = mock.MagicMock() self.secret_repo.create_from.return_value = None self.setup_secret_repository_mock(self.secret_repo) self.datum_repo = mock.MagicMock() self.datum_repo.create_from.return_value = None self.setup_encrypted_datum_repository_mock(self.datum_repo) self.setup_kek_datum_repository_mock() self.setup_secret_meta_repository_mock() self.container_repo = mock.MagicMock() self.container_repo.create_from.return_value = None self.setup_container_repository_mock(self.container_repo) self.container_secret_repo = mock.MagicMock() self.container_secret_repo.create_from.return_value = None self.setup_container_secret_repository_mock(self.container_secret_repo) self.container = models.Container()
def _create_container_for_asymmetric_secret(spec, project_model): container_model = models.Container() container_model.name = spec.get('name') container_model.type = spec.get('algorithm', '').lower() container_model.status = models.States.ACTIVE container_model.project_id = project_model.id container_model.creator_id = spec.get('creator_id') return container_model
def _save_secrets(result, project_model, request_type, order_model): cert_secret_model, transport_key_model = plugin.store_secret( unencrypted_raw=result.certificate, content_type_raw='application/pkix-cert', content_encoding='base64', secret_model=models.Secret(), project_model=project_model) # save the certificate chain as a secret. if result.intermediates: intermediates_secret_model, transport_key_model = plugin.store_secret( unencrypted_raw=result.intermediates, content_type_raw='application/pkix-cert', content_encoding='base64', secret_model=models.Secret(), project_model=project_model ) else: intermediates_secret_model = None container_model = models.Container() container_model.type = "certificate" container_model.status = models.States.ACTIVE container_model.project_id = project_model.id container_repo = repos.get_container_repository() container_repo.create_from(container_model) # create container_secret for certificate new_consec_assoc = models.ContainerSecret() new_consec_assoc.name = 'certificate' new_consec_assoc.container_id = container_model.id new_consec_assoc.secret_id = cert_secret_model.id container_secret_repo = repos.get_container_secret_repository() container_secret_repo.create_from(new_consec_assoc) if intermediates_secret_model: # create container_secret for intermediate certs new_consec_assoc = models.ContainerSecret() new_consec_assoc.name = 'intermediates' new_consec_assoc.container_id = container_model.id new_consec_assoc.secret_id = intermediates_secret_model.id container_secret_repo.create_from(new_consec_assoc) if request_type == cert.CertificateRequestType.STORED_KEY_REQUEST: _add_private_key_to_generated_cert_container(container_model.id, order_model, project_model) return container_model
def test_get_container_by_id(self): session = self.repo.get_session() project = models.Project() project.external_id = "my keystone id" project.save(session=session) container = models.Container() container.project_id = project.id container.save(session=session) session.commit() db_container = self.repo.get_container_by_id(container.id) self.assertIsNotNone(db_container)
def create_container(id_ref, project_id=None, external_project_id=None): """Generate a Container entity instance.""" container = models.Container() container.id = id_ref container.name = 'test name' container.type = 'rsa' container_secret = models.ContainerSecret() container_secret.container_id = id_ref container_secret.secret_id = '123' container.container_secrets.append(container_secret) if project_id: project = models.Project() project.id = project_id project.external_id = external_project_id container.project = project return container
def _save_secrets(result, project_model, repos): cert_secret_model, transport_key_model = plugin.store_secret( unencrypted_raw=result.certificate, content_type_raw='text/plain', content_encoding='base64', spec={}, secret_model=None, project_model=project_model, repos=repos) # save the certificate chain as a secret. if result.intermediates: intermediates_secret_model, transport_key_model = plugin.store_secret( unencrypted_raw=result.intermediates, content_type_raw='text/plain', content_encoding='base64', spec={}, secret_model=None, project_model=project_model, repos=repos) else: intermediates_secret_model = None container_model = models.Container() container_model.type = "certificate" container_model.status = models.States.ACTIVE container_model.project_id = project_model.id repos.container_repo.create_from(container_model) # create container_secret for certificate new_consec_assoc = models.ContainerSecret() new_consec_assoc.name = 'certificate' new_consec_assoc.container_id = container_model.id new_consec_assoc.secret_id = cert_secret_model.id repos.container_secret_repo.create_from(new_consec_assoc) if intermediates_secret_model: # create container_secret for intermediate certs new_consec_assoc = models.ContainerSecret() new_consec_assoc.name = 'intermediates' new_consec_assoc.container_id = container_model.id new_consec_assoc.secret_id = intermediates_secret_model.id repos.container_secret_repo.create_from(new_consec_assoc) return container_model
def _create_base_container(self, project_id=None): # Setup the container and needed base relationship container_repo = repositories.get_container_repository() session = container_repo.get_session() if project_id is None: project = models.Project() project.external_id = "keystone_project_id" project.save(session=session) project_id = project.id container = models.Container() container.project_id = project_id container.save(session=session) session.commit() return container
def on_post(self, external_project_id, **kwargs): project = res.get_or_create_project(external_project_id) data = api.load_body(pecan.request, validator=self.validator) ctxt = controllers._get_barbican_context(pecan.request) if ctxt: # in authenticated pipleline case, always use auth token user data['creator_id'] = ctxt.user self.quota_enforcer.enforce(project) LOG.debug('Start on_post...%s', data) new_container = models.Container(data) new_container.project_id = project.id # TODO(hgedikli): performance optimizations for secret_ref in new_container.container_secrets: secret = self.secret_repo.get( entity_id=secret_ref.secret_id, external_project_id=external_project_id, suppress_exception=True) if not secret: # This only partially localizes the error message and # doesn't localize secret_ref.name. pecan.abort( 404, u._("Secret provided for '{secret_name}' doesn't " "exist.").format(secret_name=secret_ref.name) ) self.container_repo.create_from(new_container) url = hrefs.convert_container_to_href(new_container.id) pecan.response.status = 201 pecan.response.headers['Location'] = url LOG.info(u._LI('Created a container for project: %s'), external_project_id) return {'container_ref': url}
def test_new_container_is_created_from_dict(self): container = models.Container(self.parsed_container) self.assertEqual(container.name, self.parsed_container['name']) self.assertEqual(container.type, self.parsed_container['type']) self.assertEqual(len(container.container_secrets), len(self.parsed_container['secret_refs'])) self.assertEqual(container.container_secrets[0].name, self.parsed_container['secret_refs'][0]['name']) self.assertEqual(container.container_secrets[0].secret_id, self.parsed_container['secret_refs'][0]['secret_ref']) self.assertEqual(container.container_secrets[1].name, self.parsed_container['secret_refs'][1]['name']) self.assertEqual(container.container_secrets[1].secret_id, self.parsed_container['secret_refs'][1]['secret_ref']) self.assertEqual(container.container_secrets[2].name, self.parsed_container['secret_refs'][2]['name']) self.assertEqual(container.container_secrets[2].secret_id, self.parsed_container['secret_refs'][2]['secret_ref'])
def create_container(project=None, session=None): container = models.Container() container.project_id = project.id container_repo = repositories.get_container_repository() container_repo.create_from(container, session=session) return container
def setUp(self): super(BaseCertificateRequestsTestCase, self).setUp() self.external_project_id = "56789" self.project = res.get_or_create_project(self.external_project_id) project_repo.save(self.project) self.barbican_meta_dto = mock.MagicMock() self.order_meta = {} self.plugin_meta = {} self.barbican_meta = {} self.result = cert_man.ResultDTO( cert_man.CertificateStatus.WAITING_FOR_CA ) self.result_follow_on = common.FollowOnProcessingStatusDTO() self.cert_plugin = mock.MagicMock() self.cert_plugin.issue_certificate_request.return_value = self.result self.cert_plugin.check_certificate_status.return_value = self.result self.store_plugin = mock.MagicMock() parsed_ca = { 'plugin_name': "cert_plugin", 'plugin_ca_id': "XXXX", 'name': "test ca", 'description': 'Test CA', 'ca_signing_certificate': 'ZZZZZ', 'intermediates': 'YYYYY' } self.ca = models.CertificateAuthority(parsed_ca) ca_repo.create_from(self.ca) self.ca_id = self.ca.id # second ca for testing parsed_ca = { 'plugin_name': "cert_plugin", 'plugin_ca_id': "XXXX2", 'name': "test ca2", 'description': 'Test CA2', 'ca_signing_certificate': 'ZZZZZ2', 'intermediates': 'YYYYY2' } self.ca2 = models.CertificateAuthority(parsed_ca) ca_repo.create_from(self.ca2) self.ca_id2 = self.ca2.id # data for preferred CA and global preferred CA tests # add those to the repo in those tests self.pref_ca = models.PreferredCertificateAuthority( self.project.id, self.ca_id) self.global_pref_ca = models.PreferredCertificateAuthority( self.project.id, self.ca_id) # data for stored key cases self.private_key = models.Secret() self.private_key.secret_type = 'PRIVATE' self.private_key.project_id = self.project.id secret_repo.create_from(self.private_key) self.public_key = models.Secret() self.public_key.secret_type = 'PUBLIC' self.public_key.project_id = self.project.id secret_repo.create_from(self.public_key) self.passphrase = models.Secret() self.passphrase.secret_type = 'PASSPHRASE' self.passphrase.project_id = self.project.id secret_repo.create_from(self.passphrase) self.private_key_value = None self.public_key_value = "public_key" self.passphrase_value = None self.parsed_container_with_passphrase = { 'name': 'container name', 'type': 'rsa', 'secret_refs': [ {'name': 'private_key', 'secret_ref': 'https://localhost/secrets/' + self.private_key.id}, {'name': 'public_key', 'secret_ref': 'https://localhost/secrets/' + self.public_key.id}, {'name': 'private_key_passphrase', 'secret_ref': 'https://localhost/secrets/' + self.passphrase.id} ] } self.parsed_container = { 'name': 'container name', 'type': 'rsa', 'secret_refs': [ {'name': 'private_key', 'secret_ref': 'https://localhost/secrets/' + self.private_key.id}, {'name': 'public_key', 'secret_ref': 'https://localhost/secrets/' + self.public_key.id} ] } self.container_with_passphrase = models.Container( self.parsed_container_with_passphrase) self.container_with_passphrase.project_id = self.project.id container_repo.create_from(self.container_with_passphrase) self.container = models.Container(self.parsed_container) self.container.project_id = self.project.id container_repo.create_from(self.container) repositories.commit() self.stored_key_meta = { cert_man.REQUEST_TYPE: cert_man.CertificateRequestType.STORED_KEY_REQUEST, "container_ref": "https://localhost/containers/" + self.container.id, "subject_dn": "cn=host.example.com,ou=dev,ou=us,o=example.com" } self.order = models.Order() self.order.meta = self.order_meta self.order.project_id = self.project.id self.order.order_barbican_meta = self.barbican_meta self.order.type = 'certificate' order_repo.create_from(self.order) self._config_cert_plugin() self._config_store_plugin() self._config_cert_event_plugin() self._config_save_meta_plugin() self._config_get_meta_plugin() self._config_save_barbican_meta_plugin() self._config_get_barbican_meta_plugin() self._config_barbican_meta_dto()
def _do_create_instance(self): return models.Container()