def on_get(self, external_project_id, **kw): LOG.debug('Start transport_keys on_get') plugin_name = kw.get('plugin_name', None) if plugin_name is not None: plugin_name = urllib.unquote_plus(plugin_name) result = self.repo.get_by_create_date( plugin_name=plugin_name, offset_arg=kw.get('offset', 0), limit_arg=kw.get('limit', None), suppress_exception=True ) transport_keys, offset, limit, total = result if not transport_keys: transport_keys_resp_overall = {'transport_keys': [], 'total': total} else: transport_keys_resp = [ hrefs.convert_transport_key_to_href(s.id) for s in transport_keys ] transport_keys_resp_overall = hrefs.add_nav_hrefs( 'transport_keys', offset, limit, total, {'transport_keys': transport_keys_resp} ) transport_keys_resp_overall.update({'total': total}) return transport_keys_resp_overall
def on_post(self, keystone_id, **kwargs): LOG.debug('Start on_post for project-ID %s:...', keystone_id) data = api.load_body(pecan.request, validator=self.validator) project = res.get_or_create_project(keystone_id, self.repos.project_repo) transport_key_needed = data.get('transport_key_needed', 'false').lower() == 'true' new_secret, transport_key_model = plugin.store_secret( data.get('payload'), data.get('payload_content_type', 'application/octet-stream'), data.get('payload_content_encoding'), data, None, project, self.repos, transport_key_needed=transport_key_needed, transport_key_id=data.get('transport_key_id')) pecan.response.status = 201 pecan.response.headers['Location'] = '/secrets/{0}'.format( new_secret.id ) url = hrefs.convert_secret_to_href(new_secret.id) LOG.debug('URI to secret is %s', url) if transport_key_model is not None: tkey_url = hrefs.convert_transport_key_to_href( transport_key_model.id) return {'secret_ref': url, 'transport_key_ref': tkey_url} else: return {'secret_ref': url}
def on_post(self, external_project_id, **kwargs): LOG.debug('Start on_post for project-ID %s:...', external_project_id) data = api.load_body(pecan.request, validator=self.validator) project = res.get_or_create_project(external_project_id, self.repos.project_repo) transport_key_needed = data.get('transport_key_needed', 'false').lower() == 'true' new_secret, transport_key_model = plugin.store_secret( data.get('payload'), data.get('payload_content_type', 'application/octet-stream'), data.get('payload_content_encoding'), data, None, project, self.repos, transport_key_needed=transport_key_needed, transport_key_id=data.get('transport_key_id')) pecan.response.status = 201 pecan.response.headers['Location'] = '/secrets/{0}'.format( new_secret.id) url = hrefs.convert_secret_to_href(new_secret.id) LOG.debug('URI to secret is %s', url) if transport_key_model is not None: tkey_url = hrefs.convert_transport_key_to_href( transport_key_model.id) return {'secret_ref': url, 'transport_key_ref': tkey_url} else: return {'secret_ref': url}
def test_should_get_secret_meta_for_binary_with_tkey( self, mock_get_transport_key_id): mock_get_transport_key_id.return_value = self.transport_key_id self.datum.content_type = "application/octet-stream" self.secret.secret_store_metadata['content_type'].value = ( self.datum.content_type ) self.datum.cypher_text = 'aaaa' resp = self.app.get( '/secrets/{0}/?transport_key_needed=true'.format( self.secret.id), headers={'Accept': 'application/json', 'Accept-Encoding': 'gzip'} ) self.secret_repo.get_secret_by_id.assert_called_once_with( entity_id=self.secret.id, suppress_exception=True) self.assertEqual(200, resp.status_int) self.assertIsNotNone(resp.namespace) self.assertIn('content_types', resp.namespace) self.assertIn(self.datum.content_type, resp.namespace['content_types'].values()) self.assertIn('transport_key_ref', resp.namespace) self.assertEqual( hrefs.convert_transport_key_to_href(self.transport_key_id), resp.namespace['transport_key_ref'] )
def test_should_get_secret_meta_for_binary_with_tkey( self, mock_get_transport_key_id): mock_get_transport_key_id.return_value = self.transport_key_id self.datum.content_type = "application/octet-stream" self.secret.secret_store_metadata['content_type'].value = ( self.datum.content_type) self.datum.cypher_text = 'aaaa' resp = self.app.get('/secrets/{0}/?transport_key_needed=true'.format( self.secret.id), headers={ 'Accept': 'application/json', 'Accept-Encoding': 'gzip' }) self.secret_repo.get_secret_by_id.assert_called_once_with( entity_id=self.secret.id, suppress_exception=True) self.assertEqual(200, resp.status_int) self.assertIsNotNone(resp.namespace) self.assertIn('content_types', resp.namespace) self.assertIn(self.datum.content_type, resp.namespace['content_types'].values()) self.assertIn('transport_key_ref', resp.namespace) self.assertEqual( hrefs.convert_transport_key_to_href(self.transport_key_id), resp.namespace['transport_key_ref'])
def on_get(self, external_project_id, **kw): LOG.debug('Start transport_keys on_get') plugin_name = kw.get('plugin_name', None) if plugin_name is not None: plugin_name = parse.unquote_plus(plugin_name) result = self.repo.get_by_create_date( plugin_name=plugin_name, offset_arg=kw.get('offset', 0), limit_arg=kw.get('limit', None), suppress_exception=True ) transport_keys, offset, limit, total = result if not transport_keys: transport_keys_resp_overall = {'transport_keys': [], 'total': total} else: transport_keys_resp = [ hrefs.convert_transport_key_to_href(s.id) for s in transport_keys ] transport_keys_resp_overall = hrefs.add_nav_hrefs( 'transport_keys', offset, limit, total, {'transport_keys': transport_keys_resp} ) transport_keys_resp_overall.update({'total': total}) return transport_keys_resp_overall
def on_post(self, external_project_id, **kwargs): LOG.debug('Start on_post for project-ID %s:...', external_project_id) data = api.load_body(pecan.request, validator=self.validator) project = res.get_or_create_project(external_project_id) transport_key_needed = data.get('transport_key_needed', 'false').lower() == 'true' ctxt = controllers._get_barbican_context(pecan.request) if ctxt: # in authenticated pipleline case, always use auth token user data['creator_id'] = ctxt.user new_secret, transport_key_model = plugin.store_secret( data.get('payload'), data.get('payload_content_type', 'application/octet-stream'), data.get('payload_content_encoding'), data, None, project, transport_key_needed=transport_key_needed, transport_key_id=data.get('transport_key_id')) url = hrefs.convert_secret_to_href(new_secret.id) LOG.debug('URI to secret is %s', url) pecan.response.status = 201 pecan.response.headers['Location'] = url LOG.info(u._LI('Created a secret for project: %s'), external_project_id) if transport_key_model is not None: tkey_url = hrefs.convert_transport_key_to_href( transport_key_model.id) return {'secret_ref': url, 'transport_key_ref': tkey_url} else: return {'secret_ref': url}
def on_post(self, external_project_id, **kwargs): LOG.debug('Start on_post for project-ID %s:...', external_project_id) data = api.load_body(pecan.request, validator=self.validator) project = res.get_or_create_project(external_project_id) self.quota_enforcer.enforce(project) transport_key_needed = data.get('transport_key_needed', 'false').lower() == 'true' ctxt = controllers._get_barbican_context(pecan.request) if ctxt: # in authenticated pipleline case, always use auth token user data['creator_id'] = ctxt.user secret_model = models.Secret(data) new_secret, transport_key_model = plugin.store_secret( unencrypted_raw=data.get('payload'), content_type_raw=data.get('payload_content_type', 'application/octet-stream'), content_encoding=data.get('payload_content_encoding'), secret_model=secret_model, project_model=project, transport_key_needed=transport_key_needed, transport_key_id=data.get('transport_key_id')) url = hrefs.convert_secret_to_href(new_secret.id) LOG.debug('URI to secret is %s', url) pecan.response.status = 201 pecan.response.headers['Location'] = url LOG.info('Created a secret for project: %s', external_project_id) if transport_key_model is not None: tkey_url = hrefs.convert_transport_key_to_href( transport_key_model.id) return {'secret_ref': url, 'transport_key_ref': tkey_url} else: return {'secret_ref': url}
def on_post(self, external_project_id, **kwargs): LOG.debug('Start transport_keys on_post') # TODO(alee) POST should determine the plugin name and call the # relevant get_transport_key() call. We will implement this once # we figure out how the plugins will be enumerated. data = api.load_body(pecan.request, validator=self.validator) new_key = models.TransportKey(data.get('plugin_name'), data.get('transport_key')) self.repo.create_from(new_key) pecan.response.status = 201 pecan.response.headers['Location'] = '/transport_keys/{0}'.format( new_key.id ) url = hrefs.convert_transport_key_to_href(new_key.id) LOG.debug('URI to transport key is %s', url) return {'transport_key_ref': url}
def on_post(self, external_project_id, **kwargs): LOG.debug('Start transport_keys on_post') # TODO(alee) POST should determine the plugin name and call the # relevant get_transport_key() call. We will implement this once # we figure out how the plugins will be enumerated. data = api.load_body(pecan.request, validator=self.validator) new_key = models.TransportKey(data.get('plugin_name'), data.get('transport_key')) self.repo.create_from(new_key) url = hrefs.convert_transport_key_to_href(new_key.id) LOG.debug('URI to transport key is %s', url) pecan.response.status = 201 pecan.response.headers['Location'] = url return {'transport_key_ref': url}
def test_should_get_secret_meta_for_binary_with_tkey(self, mock_get_transport_key_id): mock_get_transport_key_id.return_value = self.transport_key_id self.datum.content_type = "application/octet-stream" self.secret.secret_store_metadata["content_type"].value = self.datum.content_type self.datum.cypher_text = "aaaa" resp = self.app.get( "/secrets/{0}/?transport_key_needed=true".format(self.secret.id), headers={"Accept": "application/json", "Accept-Encoding": "gzip"}, ) self.secret_repo.get_secret_by_id.assert_called_once_with(entity_id=self.secret.id, suppress_exception=True) self.assertEqual(resp.status_int, 200) self.assertIsNotNone(resp.namespace) self.assertIn("content_types", resp.namespace) self.assertIn(self.datum.content_type, resp.namespace["content_types"].itervalues()) self.assertIn("transport_key_ref", resp.namespace) self.assertEqual( resp.namespace["transport_key_ref"], hrefs.convert_transport_key_to_href(self.transport_key_id) )
def _init(self, payload=b'not-encrypted', payload_content_type='text/plain', payload_content_encoding=None): self.name = 'name' self.payload = payload self.payload_content_type = payload_content_type self.payload_content_encoding = payload_content_encoding self.secret_algorithm = 'AES' self.secret_bit_length = 256 self.secret_mode = 'CBC' self.secret_req = {'name': self.name, 'algorithm': self.secret_algorithm, 'bit_length': self.secret_bit_length, 'creator_id': None, 'mode': self.secret_mode} if payload: self.secret_req['payload'] = payload if payload_content_type: self.secret_req['payload_content_type'] = payload_content_type if payload_content_encoding: self.secret_req['payload_content_encoding'] = ( payload_content_encoding) # Set up mocked project self.external_project_id = 'keystone1234' self.project_entity_id = 'tid1234' self.project = models.Project() self.project.id = self.project_entity_id self.project.external_id = self.external_project_id # Set up mocked project repo self.project_repo = mock.MagicMock() self.project_repo.find_by_external_project_id.return_value = ( self.project) self.setup_project_repository_mock(self.project_repo) # Set up mocked secret self.secret = models.Secret() self.secret.id = utils.generate_test_uuid(tail_value=1) # Set up mocked secret repo self.secret_repo = mock.MagicMock() self.secret_repo.create_from.return_value = self.secret self.setup_secret_repository_mock(self.secret_repo) # Set up mocked encrypted datum repo self.datum_repo = mock.MagicMock() self.datum_repo.create_from.return_value = None self.setup_encrypted_datum_repository_mock(self.datum_repo) # Set up mocked kek datum self.kek_datum = models.KEKDatum() self.kek_datum.kek_label = "kek_label" self.kek_datum.bind_completed = False self.kek_datum.algorithm = '' self.kek_datum.bit_length = 0 self.kek_datum.mode = '' self.kek_datum.plugin_meta = '' # Set up mocked kek datum repo self.kek_repo = mock.MagicMock() self.kek_repo.find_or_create_kek_datum.return_value = self.kek_datum self.setup_kek_datum_repository_mock(self.kek_repo) # Set up mocked secret meta repo self.setup_secret_meta_repository_mock() # Set up mocked transport key self.transport_key = models.TransportKey( 'default_plugin_name', 'XXXABCDEF') self.transport_key_id = 'tkey12345' self.tkey_url = hrefs.convert_transport_key_to_href( self.transport_key.id) # Set up mocked transport key self.setup_transport_key_repository_mock()
def _init(self, payload=b'not-encrypted', payload_content_type='text/plain', payload_content_encoding=None): self.name = 'name' self.payload = payload self.payload_content_type = payload_content_type self.payload_content_encoding = payload_content_encoding self.secret_algorithm = 'AES' self.secret_bit_length = 256 self.secret_mode = 'CBC' self.secret_req = { 'name': self.name, 'algorithm': self.secret_algorithm, 'bit_length': self.secret_bit_length, 'creator_id': None, 'mode': self.secret_mode } if payload: self.secret_req['payload'] = payload if payload_content_type: self.secret_req['payload_content_type'] = payload_content_type if payload_content_encoding: self.secret_req['payload_content_encoding'] = ( payload_content_encoding) # Set up mocked project self.external_project_id = 'keystone1234' self.project_entity_id = 'tid1234' self.project = models.Project() self.project.id = self.project_entity_id self.project.external_id = self.external_project_id # Set up mocked project repo self.project_repo = mock.MagicMock() self.project_repo.find_by_external_project_id.return_value = ( self.project) self.setup_project_repository_mock(self.project_repo) # Set up mocked secret self.secret = models.Secret() self.secret.id = utils.generate_test_valid_uuid() # Set up mocked secret repo self.secret_repo = mock.MagicMock() self.secret_repo.create_from.return_value = self.secret self.setup_secret_repository_mock(self.secret_repo) # Set up mocked encrypted datum repo self.datum_repo = mock.MagicMock() self.datum_repo.create_from.return_value = None self.setup_encrypted_datum_repository_mock(self.datum_repo) # Set up mocked kek datum self.kek_datum = models.KEKDatum() self.kek_datum.kek_label = "kek_label" self.kek_datum.bind_completed = False self.kek_datum.algorithm = '' self.kek_datum.bit_length = 0 self.kek_datum.mode = '' self.kek_datum.plugin_meta = '' # Set up mocked kek datum repo self.kek_repo = mock.MagicMock() self.kek_repo.find_or_create_kek_datum.return_value = self.kek_datum self.setup_kek_datum_repository_mock(self.kek_repo) # Set up mocked secret meta repo self.setup_secret_meta_repository_mock() # Set up mocked transport key self.transport_key = models.TransportKey('default_plugin_name', 'XXXABCDEF') self.transport_key_id = 'tkey12345' self.tkey_url = hrefs.convert_transport_key_to_href( self.transport_key.id) # Set up mocked transport key self.setup_transport_key_repository_mock()
def _init(self, payload=b"not-encrypted", payload_content_type="text/plain", payload_content_encoding=None): self.name = "name" self.payload = payload self.payload_content_type = payload_content_type self.payload_content_encoding = payload_content_encoding self.secret_algorithm = "AES" self.secret_bit_length = 256 self.secret_mode = "CBC" self.secret_req = { "name": self.name, "algorithm": self.secret_algorithm, "bit_length": self.secret_bit_length, "creator_id": None, "mode": self.secret_mode, } if payload: self.secret_req["payload"] = payload if payload_content_type: self.secret_req["payload_content_type"] = payload_content_type if payload_content_encoding: self.secret_req["payload_content_encoding"] = payload_content_encoding # Set up mocked project self.external_project_id = "keystone1234" self.project_entity_id = "tid1234" self.project = models.Project() self.project.id = self.project_entity_id self.project.external_id = self.external_project_id # Set up mocked project repo self.project_repo = mock.MagicMock() self.project_repo.find_by_external_project_id.return_value = self.project self.setup_project_repository_mock(self.project_repo) # Set up mocked secret self.secret = models.Secret() self.secret.id = utils.generate_test_uuid(tail_value=1) # Set up mocked secret repo self.secret_repo = mock.MagicMock() self.secret_repo.create_from.return_value = self.secret self.setup_secret_repository_mock(self.secret_repo) # Set up mocked encrypted datum repo self.datum_repo = mock.MagicMock() self.datum_repo.create_from.return_value = None self.setup_encrypted_datum_repository_mock(self.datum_repo) # Set up mocked kek datum self.kek_datum = models.KEKDatum() self.kek_datum.kek_label = "kek_label" self.kek_datum.bind_completed = False self.kek_datum.algorithm = "" self.kek_datum.bit_length = 0 self.kek_datum.mode = "" self.kek_datum.plugin_meta = "" # Set up mocked kek datum repo self.kek_repo = mock.MagicMock() self.kek_repo.find_or_create_kek_datum.return_value = self.kek_datum self.setup_kek_datum_repository_mock(self.kek_repo) # Set up mocked secret meta repo self.setup_secret_meta_repository_mock() # Set up mocked transport key self.transport_key = models.TransportKey("default_plugin_name", "XXXABCDEF") self.transport_key_id = "tkey12345" self.tkey_url = hrefs.convert_transport_key_to_href(self.transport_key.id) # Set up mocked transport key self.setup_transport_key_repository_mock()