def on_get(self, external_project_id, **kw):
LOG.debug('Start transport_keys on_get')
plugin_name = kw.get('plugin_name', None)
if plugin_name is not None:
plugin_name = urllib.unquote_plus(plugin_name)
result = self.repo.get_by_create_date(
plugin_name=plugin_name,
offset_arg=kw.get('offset', 0),
limit_arg=kw.get('limit', None),
suppress_exception=True
)
transport_keys, offset, limit, total = result
if not transport_keys:
transport_keys_resp_overall = {'transport_keys': [],
'total': total}
else:
transport_keys_resp = [
hrefs.convert_transport_key_to_href(s.id)
for s in transport_keys
]
transport_keys_resp_overall = hrefs.add_nav_hrefs(
'transport_keys', offset, limit, total,
{'transport_keys': transport_keys_resp}
)
transport_keys_resp_overall.update({'total': total})
return transport_keys_resp_overall
def on_post(self, keystone_id, **kwargs):
LOG.debug('Start on_post for project-ID %s:...', keystone_id)
data = api.load_body(pecan.request, validator=self.validator)
project = res.get_or_create_project(keystone_id,
self.repos.project_repo)
transport_key_needed = data.get('transport_key_needed',
'false').lower() == 'true'
new_secret, transport_key_model = plugin.store_secret(
data.get('payload'),
data.get('payload_content_type',
'application/octet-stream'),
data.get('payload_content_encoding'),
data, None, project,
self.repos,
transport_key_needed=transport_key_needed,
transport_key_id=data.get('transport_key_id'))
pecan.response.status = 201
pecan.response.headers['Location'] = '/secrets/{0}'.format(
new_secret.id
)
url = hrefs.convert_secret_to_href(new_secret.id)
LOG.debug('URI to secret is %s', url)
if transport_key_model is not None:
tkey_url = hrefs.convert_transport_key_to_href(
transport_key_model.id)
return {'secret_ref': url, 'transport_key_ref': tkey_url}
else:
return {'secret_ref': url}
def on_post(self, external_project_id, **kwargs):
LOG.debug('Start on_post for project-ID %s:...', external_project_id)
data = api.load_body(pecan.request, validator=self.validator)
project = res.get_or_create_project(external_project_id,
self.repos.project_repo)
transport_key_needed = data.get('transport_key_needed',
'false').lower() == 'true'
new_secret, transport_key_model = plugin.store_secret(
data.get('payload'),
data.get('payload_content_type', 'application/octet-stream'),
data.get('payload_content_encoding'),
data,
None,
project,
self.repos,
transport_key_needed=transport_key_needed,
transport_key_id=data.get('transport_key_id'))
pecan.response.status = 201
pecan.response.headers['Location'] = '/secrets/{0}'.format(
new_secret.id)
url = hrefs.convert_secret_to_href(new_secret.id)
LOG.debug('URI to secret is %s', url)
if transport_key_model is not None:
tkey_url = hrefs.convert_transport_key_to_href(
transport_key_model.id)
return {'secret_ref': url, 'transport_key_ref': tkey_url}
else:
return {'secret_ref': url}
def test_should_get_secret_meta_for_binary_with_tkey(
self, mock_get_transport_key_id):
mock_get_transport_key_id.return_value = self.transport_key_id
self.datum.content_type = "application/octet-stream"
self.secret.secret_store_metadata['content_type'].value = (
self.datum.content_type
)
self.datum.cypher_text = 'aaaa'
resp = self.app.get(
'/secrets/{0}/?transport_key_needed=true'.format(
self.secret.id),
headers={'Accept': 'application/json', 'Accept-Encoding': 'gzip'}
)
self.secret_repo.get_secret_by_id.assert_called_once_with(
entity_id=self.secret.id,
suppress_exception=True)
self.assertEqual(200, resp.status_int)
self.assertIsNotNone(resp.namespace)
self.assertIn('content_types', resp.namespace)
self.assertIn(self.datum.content_type,
resp.namespace['content_types'].values())
self.assertIn('transport_key_ref', resp.namespace)
self.assertEqual(
hrefs.convert_transport_key_to_href(self.transport_key_id),
resp.namespace['transport_key_ref']
)
def test_should_get_secret_meta_for_binary_with_tkey(
self, mock_get_transport_key_id):
mock_get_transport_key_id.return_value = self.transport_key_id
self.datum.content_type = "application/octet-stream"
self.secret.secret_store_metadata['content_type'].value = (
self.datum.content_type)
self.datum.cypher_text = 'aaaa'
resp = self.app.get('/secrets/{0}/?transport_key_needed=true'.format(
self.secret.id),
headers={
'Accept': 'application/json',
'Accept-Encoding': 'gzip'
})
self.secret_repo.get_secret_by_id.assert_called_once_with(
entity_id=self.secret.id, suppress_exception=True)
self.assertEqual(200, resp.status_int)
self.assertIsNotNone(resp.namespace)
self.assertIn('content_types', resp.namespace)
self.assertIn(self.datum.content_type,
resp.namespace['content_types'].values())
self.assertIn('transport_key_ref', resp.namespace)
self.assertEqual(
hrefs.convert_transport_key_to_href(self.transport_key_id),
resp.namespace['transport_key_ref'])
def on_get(self, external_project_id, **kw):
LOG.debug('Start transport_keys on_get')
plugin_name = kw.get('plugin_name', None)
if plugin_name is not None:
plugin_name = parse.unquote_plus(plugin_name)
result = self.repo.get_by_create_date(
plugin_name=plugin_name,
offset_arg=kw.get('offset', 0),
limit_arg=kw.get('limit', None),
suppress_exception=True
)
transport_keys, offset, limit, total = result
if not transport_keys:
transport_keys_resp_overall = {'transport_keys': [],
'total': total}
else:
transport_keys_resp = [
hrefs.convert_transport_key_to_href(s.id)
for s in transport_keys
]
transport_keys_resp_overall = hrefs.add_nav_hrefs(
'transport_keys',
offset,
limit,
total,
{'transport_keys': transport_keys_resp}
)
transport_keys_resp_overall.update({'total': total})
return transport_keys_resp_overall
def on_post(self, external_project_id, **kwargs):
LOG.debug('Start on_post for project-ID %s:...', external_project_id)
data = api.load_body(pecan.request, validator=self.validator)
project = res.get_or_create_project(external_project_id)
transport_key_needed = data.get('transport_key_needed',
'false').lower() == 'true'
ctxt = controllers._get_barbican_context(pecan.request)
if ctxt: # in authenticated pipleline case, always use auth token user
data['creator_id'] = ctxt.user
new_secret, transport_key_model = plugin.store_secret(
data.get('payload'),
data.get('payload_content_type',
'application/octet-stream'),
data.get('payload_content_encoding'),
data, None, project,
transport_key_needed=transport_key_needed,
transport_key_id=data.get('transport_key_id'))
url = hrefs.convert_secret_to_href(new_secret.id)
LOG.debug('URI to secret is %s', url)
pecan.response.status = 201
pecan.response.headers['Location'] = url
LOG.info(u._LI('Created a secret for project: %s'),
external_project_id)
if transport_key_model is not None:
tkey_url = hrefs.convert_transport_key_to_href(
transport_key_model.id)
return {'secret_ref': url, 'transport_key_ref': tkey_url}
else:
return {'secret_ref': url}
def on_post(self, external_project_id, **kwargs):
LOG.debug('Start on_post for project-ID %s:...',
external_project_id)
data = api.load_body(pecan.request, validator=self.validator)
project = res.get_or_create_project(external_project_id)
self.quota_enforcer.enforce(project)
transport_key_needed = data.get('transport_key_needed',
'false').lower() == 'true'
ctxt = controllers._get_barbican_context(pecan.request)
if ctxt: # in authenticated pipleline case, always use auth token user
data['creator_id'] = ctxt.user
secret_model = models.Secret(data)
new_secret, transport_key_model = plugin.store_secret(
unencrypted_raw=data.get('payload'),
content_type_raw=data.get('payload_content_type',
'application/octet-stream'),
content_encoding=data.get('payload_content_encoding'),
secret_model=secret_model,
project_model=project,
transport_key_needed=transport_key_needed,
transport_key_id=data.get('transport_key_id'))
url = hrefs.convert_secret_to_href(new_secret.id)
LOG.debug('URI to secret is %s', url)
pecan.response.status = 201
pecan.response.headers['Location'] = url
LOG.info('Created a secret for project: %s',
external_project_id)
if transport_key_model is not None:
tkey_url = hrefs.convert_transport_key_to_href(
transport_key_model.id)
return {'secret_ref': url, 'transport_key_ref': tkey_url}
else:
return {'secret_ref': url}
def on_post(self, external_project_id, **kwargs):
LOG.debug('Start transport_keys on_post')
# TODO(alee) POST should determine the plugin name and call the
# relevant get_transport_key() call. We will implement this once
# we figure out how the plugins will be enumerated.
data = api.load_body(pecan.request, validator=self.validator)
new_key = models.TransportKey(data.get('plugin_name'),
data.get('transport_key'))
self.repo.create_from(new_key)
pecan.response.status = 201
pecan.response.headers['Location'] = '/transport_keys/{0}'.format(
new_key.id
)
url = hrefs.convert_transport_key_to_href(new_key.id)
LOG.debug('URI to transport key is %s', url)
return {'transport_key_ref': url}
def on_post(self, external_project_id, **kwargs):
LOG.debug('Start transport_keys on_post')
# TODO(alee) POST should determine the plugin name and call the
# relevant get_transport_key() call. We will implement this once
# we figure out how the plugins will be enumerated.
data = api.load_body(pecan.request, validator=self.validator)
new_key = models.TransportKey(data.get('plugin_name'),
data.get('transport_key'))
self.repo.create_from(new_key)
url = hrefs.convert_transport_key_to_href(new_key.id)
LOG.debug('URI to transport key is %s', url)
pecan.response.status = 201
pecan.response.headers['Location'] = url
return {'transport_key_ref': url}
def test_should_get_secret_meta_for_binary_with_tkey(self, mock_get_transport_key_id):
mock_get_transport_key_id.return_value = self.transport_key_id
self.datum.content_type = "application/octet-stream"
self.secret.secret_store_metadata["content_type"].value = self.datum.content_type
self.datum.cypher_text = "aaaa"
resp = self.app.get(
"/secrets/{0}/?transport_key_needed=true".format(self.secret.id),
headers={"Accept": "application/json", "Accept-Encoding": "gzip"},
)
self.secret_repo.get_secret_by_id.assert_called_once_with(entity_id=self.secret.id, suppress_exception=True)
self.assertEqual(resp.status_int, 200)
self.assertIsNotNone(resp.namespace)
self.assertIn("content_types", resp.namespace)
self.assertIn(self.datum.content_type, resp.namespace["content_types"].itervalues())
self.assertIn("transport_key_ref", resp.namespace)
self.assertEqual(
resp.namespace["transport_key_ref"], hrefs.convert_transport_key_to_href(self.transport_key_id)
)
def _init(self, payload=b'not-encrypted',
payload_content_type='text/plain',
payload_content_encoding=None):
self.name = 'name'
self.payload = payload
self.payload_content_type = payload_content_type
self.payload_content_encoding = payload_content_encoding
self.secret_algorithm = 'AES'
self.secret_bit_length = 256
self.secret_mode = 'CBC'
self.secret_req = {'name': self.name,
'algorithm': self.secret_algorithm,
'bit_length': self.secret_bit_length,
'creator_id': None,
'mode': self.secret_mode}
if payload:
self.secret_req['payload'] = payload
if payload_content_type:
self.secret_req['payload_content_type'] = payload_content_type
if payload_content_encoding:
self.secret_req['payload_content_encoding'] = (
payload_content_encoding)
# Set up mocked project
self.external_project_id = 'keystone1234'
self.project_entity_id = 'tid1234'
self.project = models.Project()
self.project.id = self.project_entity_id
self.project.external_id = self.external_project_id
# Set up mocked project repo
self.project_repo = mock.MagicMock()
self.project_repo.find_by_external_project_id.return_value = (
self.project)
self.setup_project_repository_mock(self.project_repo)
# Set up mocked secret
self.secret = models.Secret()
self.secret.id = utils.generate_test_uuid(tail_value=1)
# Set up mocked secret repo
self.secret_repo = mock.MagicMock()
self.secret_repo.create_from.return_value = self.secret
self.setup_secret_repository_mock(self.secret_repo)
# Set up mocked encrypted datum repo
self.datum_repo = mock.MagicMock()
self.datum_repo.create_from.return_value = None
self.setup_encrypted_datum_repository_mock(self.datum_repo)
# Set up mocked kek datum
self.kek_datum = models.KEKDatum()
self.kek_datum.kek_label = "kek_label"
self.kek_datum.bind_completed = False
self.kek_datum.algorithm = ''
self.kek_datum.bit_length = 0
self.kek_datum.mode = ''
self.kek_datum.plugin_meta = ''
# Set up mocked kek datum repo
self.kek_repo = mock.MagicMock()
self.kek_repo.find_or_create_kek_datum.return_value = self.kek_datum
self.setup_kek_datum_repository_mock(self.kek_repo)
# Set up mocked secret meta repo
self.setup_secret_meta_repository_mock()
# Set up mocked transport key
self.transport_key = models.TransportKey(
'default_plugin_name', 'XXXABCDEF')
self.transport_key_id = 'tkey12345'
self.tkey_url = hrefs.convert_transport_key_to_href(
self.transport_key.id)
# Set up mocked transport key
self.setup_transport_key_repository_mock()
def _init(self,
payload=b'not-encrypted',
payload_content_type='text/plain',
payload_content_encoding=None):
self.name = 'name'
self.payload = payload
self.payload_content_type = payload_content_type
self.payload_content_encoding = payload_content_encoding
self.secret_algorithm = 'AES'
self.secret_bit_length = 256
self.secret_mode = 'CBC'
self.secret_req = {
'name': self.name,
'algorithm': self.secret_algorithm,
'bit_length': self.secret_bit_length,
'creator_id': None,
'mode': self.secret_mode
}
if payload:
self.secret_req['payload'] = payload
if payload_content_type:
self.secret_req['payload_content_type'] = payload_content_type
if payload_content_encoding:
self.secret_req['payload_content_encoding'] = (
payload_content_encoding)
# Set up mocked project
self.external_project_id = 'keystone1234'
self.project_entity_id = 'tid1234'
self.project = models.Project()
self.project.id = self.project_entity_id
self.project.external_id = self.external_project_id
# Set up mocked project repo
self.project_repo = mock.MagicMock()
self.project_repo.find_by_external_project_id.return_value = (
self.project)
self.setup_project_repository_mock(self.project_repo)
# Set up mocked secret
self.secret = models.Secret()
self.secret.id = utils.generate_test_valid_uuid()
# Set up mocked secret repo
self.secret_repo = mock.MagicMock()
self.secret_repo.create_from.return_value = self.secret
self.setup_secret_repository_mock(self.secret_repo)
# Set up mocked encrypted datum repo
self.datum_repo = mock.MagicMock()
self.datum_repo.create_from.return_value = None
self.setup_encrypted_datum_repository_mock(self.datum_repo)
# Set up mocked kek datum
self.kek_datum = models.KEKDatum()
self.kek_datum.kek_label = "kek_label"
self.kek_datum.bind_completed = False
self.kek_datum.algorithm = ''
self.kek_datum.bit_length = 0
self.kek_datum.mode = ''
self.kek_datum.plugin_meta = ''
# Set up mocked kek datum repo
self.kek_repo = mock.MagicMock()
self.kek_repo.find_or_create_kek_datum.return_value = self.kek_datum
self.setup_kek_datum_repository_mock(self.kek_repo)
# Set up mocked secret meta repo
self.setup_secret_meta_repository_mock()
# Set up mocked transport key
self.transport_key = models.TransportKey('default_plugin_name',
'XXXABCDEF')
self.transport_key_id = 'tkey12345'
self.tkey_url = hrefs.convert_transport_key_to_href(
self.transport_key.id)
# Set up mocked transport key
self.setup_transport_key_repository_mock()
def _init(self, payload=b"not-encrypted", payload_content_type="text/plain", payload_content_encoding=None):
self.name = "name"
self.payload = payload
self.payload_content_type = payload_content_type
self.payload_content_encoding = payload_content_encoding
self.secret_algorithm = "AES"
self.secret_bit_length = 256
self.secret_mode = "CBC"
self.secret_req = {
"name": self.name,
"algorithm": self.secret_algorithm,
"bit_length": self.secret_bit_length,
"creator_id": None,
"mode": self.secret_mode,
}
if payload:
self.secret_req["payload"] = payload
if payload_content_type:
self.secret_req["payload_content_type"] = payload_content_type
if payload_content_encoding:
self.secret_req["payload_content_encoding"] = payload_content_encoding
# Set up mocked project
self.external_project_id = "keystone1234"
self.project_entity_id = "tid1234"
self.project = models.Project()
self.project.id = self.project_entity_id
self.project.external_id = self.external_project_id
# Set up mocked project repo
self.project_repo = mock.MagicMock()
self.project_repo.find_by_external_project_id.return_value = self.project
self.setup_project_repository_mock(self.project_repo)
# Set up mocked secret
self.secret = models.Secret()
self.secret.id = utils.generate_test_uuid(tail_value=1)
# Set up mocked secret repo
self.secret_repo = mock.MagicMock()
self.secret_repo.create_from.return_value = self.secret
self.setup_secret_repository_mock(self.secret_repo)
# Set up mocked encrypted datum repo
self.datum_repo = mock.MagicMock()
self.datum_repo.create_from.return_value = None
self.setup_encrypted_datum_repository_mock(self.datum_repo)
# Set up mocked kek datum
self.kek_datum = models.KEKDatum()
self.kek_datum.kek_label = "kek_label"
self.kek_datum.bind_completed = False
self.kek_datum.algorithm = ""
self.kek_datum.bit_length = 0
self.kek_datum.mode = ""
self.kek_datum.plugin_meta = ""
# Set up mocked kek datum repo
self.kek_repo = mock.MagicMock()
self.kek_repo.find_or_create_kek_datum.return_value = self.kek_datum
self.setup_kek_datum_repository_mock(self.kek_repo)
# Set up mocked secret meta repo
self.setup_secret_meta_repository_mock()
# Set up mocked transport key
self.transport_key = models.TransportKey("default_plugin_name", "XXXABCDEF")
self.transport_key_id = "tkey12345"
self.tkey_url = hrefs.convert_transport_key_to_href(self.transport_key.id)
# Set up mocked transport key
self.setup_transport_key_repository_mock()
