def create_secret_metadatum(secret=None, key="key", value="value",
session=None):
secret_meta = models.SecretStoreMetadatum(key, value)
secret_meta.secret_id = secret.id
secret_meta_repo = repositories.get_secret_meta_repository()
secret_meta_repo.create_from(secret_meta, session=session)
return secret_meta
def setUp(self):
super(WhenUsingKeystoneEventConsumer, self).setUp()
self.kek_repo = rep.get_kek_datum_repository()
self.project_repo = rep.get_project_repository()
self.secret_meta_repo = rep.get_secret_meta_repository()
self.secret_repo = rep.get_secret_repository()
self.transport_key_repo = rep.get_transport_key_repository()
def setUp(self):
super(WhenUsingKeystoneEventConsumer, self).setUp()
self.kek_repo = rep.get_kek_datum_repository()
self.project_repo = rep.get_project_repository()
self.secret_meta_repo = rep.get_secret_meta_repository()
self.secret_repo = rep.get_secret_repository()
self.transport_key_repo = rep.get_transport_key_repository()
class SecretStoreMetadatum(base.BarbicanObject, base.BarbicanPersistentObject,
object_base.VersionedObjectDictCompat):
fields = {
'key': fields.StringField(),
'value': fields.StringField(),
'secret_id': fields.StringField()
}
db_model = models.SecretStoreMetadatum
db_repo = repo.get_secret_meta_repository()
def _validate_fields(self, change_fields):
msg = u._("Must supply non-None {0} argument "
"for SecretStoreMetadatum entry.")
if change_fields.get('key') is None:
raise exception.MissingArgumentError(msg.format('key'))
if change_fields.get('value') is None:
raise exception.MissingArgumentError(msg.format('value'))
@classmethod
def save(cls, metadata, secret_obj):
"""Saves the specified metadata for the secret."""
now = timeutils.utcnow()
for k, v in metadata.items():
meta_obj = cls(key=k, value=v)
meta_obj.updated_at = now
meta_obj.secret_id = secret_obj.id
meta_obj.create()
@classmethod
def get_metadata_for_secret(cls, secret_id):
return cls.db_repo.get_metadata_for_secret(secret_id)
def create_secret_metadatum(secret=None,
key="key",
value="value",
session=None):
secret_meta = models.SecretStoreMetadatum(key, value)
secret_meta.secret_id = secret.id
secret_meta_repo = repositories.get_secret_meta_repository()
secret_meta_repo.create_from(secret_meta, session=session)
return secret_meta
def _save_secret_metadata_in_repo(secret_model, secret_metadata,
store_plugin, content_type):
"""Add secret metadata to a secret."""
if not secret_metadata:
secret_metadata = {}
secret_metadata['plugin_name'] = utils.generate_fullname_for(store_plugin)
secret_metadata['content_type'] = content_type
secret_meta_repo = repos.get_secret_meta_repository()
secret_meta_repo.save(secret_metadata, secret_model)
def _save_secret_metadata_in_repo(secret_model, secret_metadata,
store_plugin, content_type):
"""Add secret metadata to a secret."""
if not secret_metadata:
secret_metadata = {}
secret_metadata['plugin_name'] = utils.generate_fullname_for(store_plugin)
secret_metadata['content_type'] = content_type
secret_meta_repo = repos.get_secret_meta_repository()
secret_meta_repo.save(secret_metadata, secret_model)
def _get_secret_meta(secret_model):
if secret_model:
secret_meta_repo = repos.get_secret_meta_repository()
return secret_meta_repo.get_metadata_for_secret(secret_model.id)
else:
return {}
def _get_secret_meta(secret_model):
if secret_model:
secret_meta_repo = repos.get_secret_meta_repository()
return secret_meta_repo.get_metadata_for_secret(secret_model.id)
else:
return {}
def test_existing_project_entities_cleanup_for_plain_secret(
self, mock_handle_success):
self._init_memory_db_setup()
secret = self._create_secret_for_project(self.project1_data)
self.assertIsNotNone(secret)
secret_id = secret.id
project1_id = self.project1_data.id
secret_repo = rep.get_secret_repository()
db_secrets = secret_repo.get_project_entities(project1_id)
self.assertEqual(1, len(db_secrets))
self.assertEqual(secret.id, db_secrets[0].id)
# Get secret_store_metadata for related secret
self.assertGreater(len(db_secrets[0].secret_store_metadata), 0)
secret_metadata_id = list(db_secrets[0].
secret_store_metadata.values())[0].id
self.assertIsNotNone(secret_metadata_id)
# Get db entry for secret_store_metadata by id to make sure its
# presence before removing via delete project task
secret_meta_repo = rep.get_secret_meta_repository()
db_secret_store_meta = secret_meta_repo.get(
entity_id=secret_metadata_id)
self.assertIsNotNone(db_secret_store_meta)
kek_repo = rep.get_kek_datum_repository()
db_kek = kek_repo.get_project_entities(project1_id)
self.assertEqual(1, len(db_kek))
# task = consumer.KeystoneEventConsumer()
result = self.task.process(project_id=self.project_id1,
resource_type='project',
operation_type='deleted')
self.assertIsNone(result, 'No return is expected as result')
mock_handle_success.assert_has_calls([])
_, kwargs = mock_handle_success.call_args
self.assertEqual(self.project_id1, kwargs['project_id'])
self.assertEqual('project', kwargs['resource_type'])
self.assertEqual('deleted', kwargs['operation_type'])
# After project entities delete, make sure secret is not found
ex = self.assertRaises(exception.NotFound, secret_repo.get,
entity_id=secret_id,
external_project_id=self.project_id1)
self.assertIn(secret_id, str(ex))
# After project entities delete, make sure kek data is not found
entities = kek_repo.get_project_entities(project1_id)
self.assertEqual(0, len(entities))
project_repo = rep.get_project_repository()
db_project = project_repo.get_project_entities(project1_id)
self.assertEqual(0, len(db_project))
# Should have deleted SecretStoreMetadatum via children delete
self.assertRaises(exception.NotFound,
secret_meta_repo.get,
entity_id=secret_metadata_id)
def test_existing_project_entities_cleanup_for_plain_secret(
self, mock_handle_success):
self._init_memory_db_setup()
secret = self._create_secret_for_project(self.project1_data)
self.assertIsNotNone(secret)
secret_id = secret.id
project1_id = self.project1_data.id
secret_repo = rep.get_secret_repository()
db_secrets = secret_repo.get_project_entities(project1_id)
self.assertEqual(1, len(db_secrets))
self.assertEqual(secret.id, db_secrets[0].id)
# Get secret_store_metadata for related secret
self.assertGreater(len(db_secrets[0].secret_store_metadata), 0)
secret_metadata_id = list(
db_secrets[0].secret_store_metadata.values())[0].id
self.assertIsNotNone(secret_metadata_id)
# Get db entry for secret_store_metadata by id to make sure its
# presence before removing via delete project task
secret_meta_repo = rep.get_secret_meta_repository()
db_secret_store_meta = secret_meta_repo.get(
entity_id=secret_metadata_id)
self.assertIsNotNone(db_secret_store_meta)
kek_repo = rep.get_kek_datum_repository()
db_kek = kek_repo.get_project_entities(project1_id)
self.assertEqual(1, len(db_kek))
# task = consumer.KeystoneEventConsumer()
result = self.task.process(project_id=self.project_id1,
resource_type='project',
operation_type='deleted')
self.assertIsNone(result, 'No return is expected as result')
mock_handle_success.assert_has_calls([])
_, kwargs = mock_handle_success.call_args
self.assertEqual(self.project_id1, kwargs['project_id'])
self.assertEqual('project', kwargs['resource_type'])
self.assertEqual('deleted', kwargs['operation_type'])
# After project entities delete, make sure secret is not found
ex = self.assertRaises(exception.NotFound,
secret_repo.get,
entity_id=secret_id,
external_project_id=self.project_id1)
self.assertIn(secret_id, str(ex))
# After project entities delete, make sure kek data is not found
entities = kek_repo.get_project_entities(project1_id)
self.assertEqual(0, len(entities))
project_repo = rep.get_project_repository()
db_project = project_repo.get_project_entities(project1_id)
self.assertEqual(0, len(db_project))
# Should have deleted SecretStoreMetadatum via children delete
self.assertRaises(exception.NotFound,
secret_meta_repo.get,
entity_id=secret_metadata_id)
