def test_plugin_created_kmip_default_mulitple_backend_conf(self):
"""Check plugins are created as per multiple backend conf
Here KMIP plugin is marked as global default plugin
"""
store_plugin_names = ['store_crypto', 'kmip_plugin', 'store_crypto']
crypto_plugin_names = ['p11_crypto', '', 'simple_crypto']
self.init_via_conf_file(store_plugin_names,
crypto_plugin_names,
enabled=True,
global_default_index=1)
with mock.patch('barbican.plugin.crypto.p11_crypto.P11CryptoPlugin.'
'_create_pkcs11') as m_pkcs11, \
mock.patch('kmip.pie.client.ProxyKmipClient') as m_kmip:
manager = str.SecretStorePluginManager()
# check pkcs11 and kmip plugin instantiation call is invoked
m_pkcs11.called_once_with(mock.ANY, mock.ANY)
m_kmip.called_once_with(mock.ANY)
# check kmip store is matched as its global default store.
keySpec = str.KeySpec(str.KeyAlgorithm.AES, 128)
plugin_found = manager.get_plugin_store(keySpec)
self.assertIsInstance(plugin_found, kss.KMIPSecretStore)
def test_plugin_created_as_per_mulitple_backend_conf(self):
"""Check plugins are created as per multiple backend conf"""
store_plugin_names = ['store_crypto', 'kmip_plugin', 'store_crypto']
crypto_plugin_names = ['p11_crypto', '', 'simple_crypto']
self.init_via_conf_file(store_plugin_names,
crypto_plugin_names,
enabled=True)
with mock.patch('barbican.plugin.crypto.p11_crypto.P11CryptoPlugin.'
'_create_pkcs11') as m_pkcs11, \
mock.patch('kmip.pie.client.ProxyKmipClient') as m_kmip:
manager = str.SecretStorePluginManager()
# check pkcs11 and kmip plugin instantiation call is invoked
m_pkcs11.called_once_with(mock.ANY, mock.ANY)
m_kmip.called_once_with(mock.ANY)
# check store crypto adapter is matched as its defined first.
keySpec = str.KeySpec(str.KeyAlgorithm.AES, 128)
plugin_found = manager.get_plugin_store(keySpec)
self.assertIsInstance(plugin_found,
store_crypto.StoreCryptoAdapterPlugin)
# check pkcs11 crypto is matched as its defined first.
crypto_plugin = cm.get_manager().get_plugin_store_generate(
base.PluginSupportTypes.ENCRYPT_DECRYPT)
self.assertIsInstance(crypto_plugin, p11_crypto.P11CryptoPlugin)
def _init_multiple_backends(self, enabled=True, global_default_index=0):
store_plugin_names = ['store_crypto', 'kmip_plugin', 'store_crypto']
crypto_plugin_names = ['p11_crypto', '', 'simple_crypto']
self.init_via_conf_file(store_plugin_names,
crypto_plugin_names, enabled=enabled,
global_default_index=global_default_index)
with mock.patch('barbican.plugin.crypto.p11_crypto.P11CryptoPlugin.'
'_create_pkcs11'), \
mock.patch('kmip.pie.client.ProxyKmipClient'):
secret_store.SecretStorePluginManager()
def test_no_preferred_default_plugin(self, dataset):
"""Check name, plugin and crypto class used for default secret store
Secret store name is crypto class plugin name if defined otherwise user
friendly name is derived from store class plugin name
"""
self.init_via_conf_file(dataset['store_plugins'],
dataset['crypto_plugins'],
enabled=True)
with mock.patch('barbican.plugin.crypto.p11_crypto.P11CryptoPlugin.'
'_create_pkcs11'), \
mock.patch('kmip.pie.client.ProxyKmipClient'):
manager = secret_store.SecretStorePluginManager()
keySpec = secret_store.KeySpec(secret_store.KeyAlgorithm.AES, 128)
plugin_found = manager.get_plugin_store(keySpec)
self.assertIsInstance(plugin_found,
dataset['default_store_class'])
global_secret_store = multiple_backends.\
get_global_default_secret_store()
if dataset['default_crypto_class']:
crypto_plugin = cm.get_manager().get_plugin_store_generate(
base.PluginSupportTypes.ENCRYPT_DECRYPT)
self.assertIsInstance(crypto_plugin,
dataset['default_crypto_class'])
# make sure secret store name is same as crypto class friendly name
# as store_plugin class is not direct impl of SecretStoreBase
self.assertEqual(global_secret_store.name,
crypto_plugin.get_plugin_name())
else: # crypto class is not used
# make sure secret store name is same as store plugin class
# friendly name
self.assertEqual(global_secret_store.name,
plugin_found.get_plugin_name())
# error raised for no crypto plugin
self.assertRaises(base.CryptoPluginNotFound,
cm.get_manager().get_plugin_store_generate,
base.PluginSupportTypes.ENCRYPT_DECRYPT)
def setUp(self):
super(WhenTestingSecretStorePluginManager, self).setUp()
self.manager = str.SecretStorePluginManager()
def test_project_preferred_default_plugin(self, dataset):
"""Check project preferred behavior with different global default"""
self.init_via_conf_file(dataset['store_plugins'],
dataset['crypto_plugins'],
enabled=True)
with mock.patch('barbican.plugin.crypto.p11_crypto.P11CryptoPlugin.'
'_create_pkcs11'), \
mock.patch('kmip.pie.client.ProxyKmipClient'):
manager = secret_store.SecretStorePluginManager()
pkcs11_secret_store = self._get_secret_store_entry('store_crypto',
'p11_crypto')
kmip_secret_store = self._get_secret_store_entry('kmip_plugin', None)
db_secret_store = self._get_secret_store_entry('store_crypto',
'simple_crypto')
project1 = self._create_project()
project2 = self._create_project()
project3 = self._create_project()
# For project1 , make pkcs11 as preferred secret store
self._create_project_store(project1.id, pkcs11_secret_store.id)
# For project2 , make kmip as preferred secret store
self._create_project_store(project2.id, kmip_secret_store.id)
# For project3 , make db backend as preferred secret store
self._create_project_store(project3.id, db_secret_store.id)
keySpec = secret_store.KeySpec(secret_store.KeyAlgorithm.AES, 128)
cm_manager = cm.get_manager()
# For project1, verify store and crypto plugin instance used are pkcs11
# specific
plugin_found = manager.get_plugin_store(keySpec,
project_id=project1.id)
self.assertIsInstance(plugin_found,
store_crypto.StoreCryptoAdapterPlugin)
crypto_plugin = cm.get_manager().get_plugin_store_generate(
base.PluginSupportTypes.ENCRYPT_DECRYPT, project_id=project1.id)
self.assertIsInstance(crypto_plugin, p11_crypto.P11CryptoPlugin)
# For project2, verify store plugin instance is kmip specific
# and there is no crypto plugin instance
plugin_found = manager.get_plugin_store(keySpec,
project_id=project2.id)
self.assertIsInstance(plugin_found, kss.KMIPSecretStore)
self.assertRaises(
base.CryptoPluginNotFound, cm_manager.get_plugin_store_generate,
base.PluginSupportTypes.ENCRYPT_DECRYPT, project_id=project2.id)
# For project3, verify store and crypto plugin instance used are db
# backend specific
plugin_found = manager.get_plugin_store(keySpec,
project_id=project3.id)
self.assertIsInstance(plugin_found,
store_crypto.StoreCryptoAdapterPlugin)
crypto_plugin = cm.get_manager().get_plugin_store_generate(
base.PluginSupportTypes.ENCRYPT_DECRYPT, project_id=project3.id)
self.assertIsInstance(crypto_plugin, simple_crypto.SimpleCryptoPlugin)
# Make sure for project with no preferred setting, uses global default
project4 = self._create_project()
plugin_found = manager.get_plugin_store(keySpec,
project_id=project4.id)
self.assertIsInstance(plugin_found,
dataset['default_store_class'])