Python secret_too_bigの例、barbican.common.validators.secret_too_big Pythonの例

コード例 #1

0

ファイルを表示

ファイル: test_validators.py プロジェクト: Daviey/barbican

    def test_secret_too_big_is_true_for_big_secrets(self):
        data = b'\x01' * validators.CONF.max_allowed_secret_in_bytes
        data += b'\x01'

        is_too_big = validators.secret_too_big(data)

        self.assertTrue(is_too_big)

コード例 #2

0

ファイルを表示

ファイル: secrets.py プロジェクト: abattye/barbican

    def on_put(self, external_project_id, **kwargs):
        if (not pecan.request.content_type or
                pecan.request.content_type == 'application/json'):
            pecan.abort(
                415,
                u._("Content-Type of '{content_type}' is not supported for "
                    "PUT.").format(content_type=pecan.request.content_type)
            )

        transport_key_id = kwargs.get('transport_key_id')

        payload = pecan.request.body
        if not payload:
            raise exception.NoDataToProcess()
        if validators.secret_too_big(payload):
            raise exception.LimitExceeded()

        if self.secret.encrypted_data or self.secret.secret_store_metadata:
            _secret_already_has_data()

        project_model = res.get_or_create_project(external_project_id)
        content_type = pecan.request.content_type
        content_encoding = pecan.request.headers.get('Content-Encoding')

        plugin.store_secret(
            unencrypted_raw=payload,
            content_type_raw=content_type,
            content_encoding=content_encoding,
            secret_model=self.secret,
            project_model=project_model,
            transport_key_id=transport_key_id)
        LOG.info(u._LI('Updated secret for project: %s'), external_project_id)

コード例 #3

0

ファイルを表示

ファイル: secrets.py プロジェクト: AngelaJubeJudy/barbican

    def on_put(self, external_project_id, **kwargs):
        if (not pecan.request.content_type
                or pecan.request.content_type == 'application/json'):
            pecan.abort(
                415,
                u._("Content-Type of '{content_type}' is not supported for "
                    "PUT.").format(content_type=pecan.request.content_type))

        transport_key_id = kwargs.get('transport_key_id')

        payload = pecan.request.body
        if not payload:
            raise exception.NoDataToProcess()
        if validators.secret_too_big(payload):
            raise exception.LimitExceeded()

        if self.secret.encrypted_data or self.secret.secret_store_metadata:
            _secret_already_has_data()

        project_model = res.get_or_create_project(external_project_id)
        content_type = pecan.request.content_type
        content_encoding = pecan.request.headers.get('Content-Encoding')

        plugin.store_secret(unencrypted_raw=payload,
                            content_type_raw=content_type,
                            content_encoding=content_encoding,
                            secret_model=self.secret,
                            project_model=project_model,
                            transport_key_id=transport_key_id)
        LOG.info('Updated secret for project: %s', external_project_id)

コード例 #4

0

ファイルを表示

    def test_secret_too_big_is_true_for_big_secrets(self):
        data = b'\x01' * validators.CONF.max_allowed_secret_in_bytes
        data += b'\x01'

        is_too_big = validators.secret_too_big(data)

        self.assertTrue(is_too_big)

コード例 #5

0

ファイルを表示

ファイル: resources.py プロジェクト: 98pm/barbican

def create_encrypted_datum(secret, payload,
                           content_type, content_encoding,
                           tenant, crypto_manager, datum_repo, kek_repo):
    """Modifies the secret to add the plain_text secret information.

    :param secret: the secret entity to associate the secret data to
    :param payload: secret data to store
    :param content_type: payload content mime type
    :param content_encoding: payload content encoding
    :param tenant: the tenant (entity) who owns the secret
    :param crypto_manager: the crypto plugin manager
    :param datum_repo: the encrypted datum repository
    :param kek_repo: the KEK metadata repository
    :retval The response body, None if N/A
    """
    if not payload:
        raise exception.NoDataToProcess()

    if validators.secret_too_big(payload):
        raise exception.LimitExceeded()

    if secret.encrypted_data:
        raise ValueError('Secret already has encrypted data stored for it.')

    # Encrypt payload
    LOG.debug('Encrypting secret payload...')
    new_datum = crypto_manager.encrypt(payload,
                                       content_type,
                                       content_encoding,
                                       secret,
                                       tenant,
                                       kek_repo)
    datum_repo.create_from(new_datum)

    return new_datum

コード例 #6

0

ファイルを表示

ファイル: resources.py プロジェクト: stanzikratel/barbican-2

def create_encrypted_datum(secret, payload, content_type, content_encoding,
                           tenant, crypto_manager, datum_repo, kek_repo):
    """Modifies the secret to add the plain_text secret information.

    :param secret: the secret entity to associate the secret data to
    :param payload: secret data to store
    :param content_type: payload content mime type
    :param content_encoding: payload content encoding
    :param tenant: the tenant (entity) who owns the secret
    :param crypto_manager: the crypto plugin manager
    :param datum_repo: the encrypted datum repository
    :param kek_repo: the KEK metadata repository
    :retval The response body, None if N/A
    """
    if not payload:
        raise exception.NoDataToProcess()

    if validators.secret_too_big(payload):
        raise exception.LimitExceeded()

    if secret.encrypted_data:
        raise ValueError('Secret already has encrypted data stored for it.')

    # Encrypt payload
    LOG.debug('Encrypting secret payload...')
    new_datum = crypto_manager.encrypt(payload, content_type, content_encoding,
                                       secret, tenant, kek_repo)
    datum_repo.create_from(new_datum)

    return new_datum

コード例 #7

0

ファイルを表示

ファイル: secrets.py プロジェクト: yian454/barbican

    def on_put(self, keystone_id, **kwargs):

        if not pecan.request.content_type or \
                pecan.request.content_type == 'application/json':
            pecan.abort(
                415,
                u._("Content-Type of '{0}' is not supported for PUT.").format(
                    pecan.request.content_type
                )
            )

        payload = pecan.request.body
        if not payload:
            raise exception.NoDataToProcess()
        if validators.secret_too_big(payload):
            raise exception.LimitExceeded()

        secret_model = self.repos.secret_repo.get(entity_id=self.secret_id,
                                                  keystone_id=keystone_id,
                                                  suppress_exception=True)
        if not secret_model:
            _secret_not_found()

        if secret_model.encrypted_data:
            _secret_already_has_data()

        tenant_model = res.get_or_create_tenant(keystone_id,
                                                self.repos.tenant_repo)
        content_type = pecan.request.content_type
        content_encoding = pecan.request.headers.get('Content-Encoding')

        plugin.store_secret(payload, content_type,
                            content_encoding, secret_model.to_dict_fields,
                            secret_model, tenant_model, self.repos)

コード例 #8

0

ファイルを表示

ファイル: test_validators.py プロジェクト: Daviey/barbican

    def test_secret_too_big_is_true_for_big_unicode_secrets(self):
        beer = u'\U0001F37A'
        data = beer * (validators.CONF.max_allowed_secret_in_bytes / 4)
        data += u'1'

        is_too_big = validators.secret_too_big(data)

        self.assertTrue(is_too_big)

コード例 #9

0

ファイルを表示

    def test_secret_too_big_is_true_for_big_unicode_secrets(self):
        beer = u'\U0001F37A'
        data = beer * (validators.CONF.max_allowed_secret_in_bytes / 4)
        data += u'1'

        is_too_big = validators.secret_too_big(data)

        self.assertTrue(is_too_big)

コード例 #10

0

ファイルを表示

ファイル: resources.py プロジェクト: douglassims/barbican

def create_encrypted_datum(secret, plain_text, tenant, crypto_manager,
                           tenant_secret_repo, datum_repo):
    """
    Modifies the secret to add the plain_text secret information.

    :param secret: the secret entity to associate the secret data to
    :param plain_text: plain-text of the secret data to store
    :param tenant: the tenant (entity) who owns the secret
    :param crypto_manager: the crypto plugin manager
    :param tenant_secret_repo: the tenant/secret association repository
    :param datum_repo: the encrypted datum repository
    :retval The response body, None if N/A
    """
    if not plain_text:
        raise exception.NoDataToProcess()

    if validators.secret_too_big(plain_text):
        raise exception.LimitExceeded()

    if secret.encrypted_data:
        raise ValueError('Secret already has encrypted data stored for it.')

    fields = secret.to_dict_fields()
    fields['plain_text'] = plain_text

    # Encrypt plain_text
    LOG.debug('Encrypting plain_text secret')
    new_datum = crypto_manager.encrypt(plain_text,
                                       secret,
                                       tenant)
    datum_repo.create_from(new_datum)

    # Create Tenant/Secret entity.
    new_assoc = models.TenantSecret()
    new_assoc.tenant_id = tenant.id
    new_assoc.secret_id = secret.id
    new_assoc.role = "admin"
    new_assoc.status = models.States.ACTIVE
    tenant_secret_repo.create_from(new_assoc)

    return new_datum

コード例 #11

0

ファイルを表示

    def on_put(self, external_project_id, **kwargs):

        if (not pecan.request.content_type
                or pecan.request.content_type == 'application/json'):
            pecan.abort(
                415,
                u._("Content-Type of '{content_type}' is not supported for "
                    "PUT.").format(content_type=pecan.request.content_type))

        transport_key_id = kwargs.get('transport_key_id')

        payload = pecan.request.body
        if not payload:
            raise exception.NoDataToProcess()
        if validators.secret_too_big(payload):
            raise exception.LimitExceeded()

        secret_model = self.repos.secret_repo.get(
            entity_id=self.secret_id,
            external_project_id=external_project_id,
            suppress_exception=True)
        if not secret_model:
            _secret_not_found()

        if secret_model.encrypted_data:
            _secret_already_has_data()

        project_model = res.get_or_create_project(external_project_id,
                                                  self.repos.project_repo)
        content_type = pecan.request.content_type
        content_encoding = pecan.request.headers.get('Content-Encoding')

        plugin.store_secret(payload,
                            content_type,
                            content_encoding,
                            secret_model.to_dict_fields(),
                            secret_model,
                            project_model,
                            self.repos,
                            transport_key_id=transport_key_id)

コード例 #12

0

ファイルを表示

def create_encrypted_datum(secret, plain_text, tenant, crypto_manager,
                           tenant_secret_repo, datum_repo):
    """
    Modifies the secret to add the plain_text secret information.

    :param secret: the secret entity to associate the secret data to
    :param plain_text: plain-text of the secret data to store
    :param tenant: the tenant (entity) who owns the secret
    :param crypto_manager: the crypto plugin manager
    :param tenant_secret_repo: the tenant/secret association repository
    :param datum_repo: the encrypted datum repository
    :retval The response body, None if N/A
    """
    if not plain_text:
        raise exception.NoDataToProcess()

    if validators.secret_too_big(plain_text):
        raise exception.LimitExceeded()

    if secret.encrypted_data:
        raise ValueError('Secret already has encrypted data stored for it.')

    fields = secret.to_dict_fields()
    fields['plain_text'] = plain_text

    # Encrypt plain_text
    LOG.debug('Encrypting plain_text secret')
    new_datum = crypto_manager.encrypt(plain_text, secret, tenant)
    datum_repo.create_from(new_datum)

    # Create Tenant/Secret entity.
    new_assoc = models.TenantSecret()
    new_assoc.tenant_id = tenant.id
    new_assoc.secret_id = secret.id
    new_assoc.role = "admin"
    new_assoc.status = models.States.ACTIVE
    tenant_secret_repo.create_from(new_assoc)

    return new_datum

コード例 #13

0

ファイルを表示

ファイル: test_validators.py プロジェクト: Daviey/barbican

    def test_secret_too_big_is_false_for_small_secrets(self):
        data = b'\xb0'

        is_too_big = validators.secret_too_big(data)

        self.assertFalse(is_too_big)

コード例 #14

0

ファイルを表示

    def test_secret_too_big_is_false_for_small_secrets(self):
        data = b'\xb0'

        is_too_big = validators.secret_too_big(data)

        self.assertFalse(is_too_big)