def test_should_raise_when_delete_pref_subca_with_other_project_ca(self):
subca = cert_res.create_subordinate_ca(
project_model=self.project,
name=self.name,
description=self.description,
subject_dn=self.subject_name,
parent_ca_ref=self.parent_ca_ref,
creator_id=self.creator_id)
project_ca = models.ProjectCertificateAuthority(
self.project.id, subca.id)
project_ca_repo.create_from(project_ca)
preferred_ca = models.PreferredCertificateAuthority(
self.project.id, subca.id)
preferred_ca_repo.create_from(preferred_ca)
subca2 = cert_res.create_subordinate_ca(
project_model=self.project,
name=self.name,
description=self.description,
subject_dn=self.subject_name,
parent_ca_ref=self.parent_ca_ref,
creator_id=self.creator_id)
project_ca2 = models.ProjectCertificateAuthority(
self.project.id, subca2.id)
project_ca_repo.create_from(project_ca2)
self.assertRaises(excep.CannotDeletePreferredCA,
cert_res.delete_subordinate_ca,
self.project.external_id, subca)
def on_post(self, external_project_id, **kwargs):
LOG.debug(u._('Start on_post for project-ID %s:...'),
external_project_id)
data = api.load_body(pecan.request, validator=self.validator)
project = res.get_or_create_project(external_project_id)
ctxt = controllers._get_barbican_context(pecan.request)
if ctxt: # in authenticated pipeline case, always use auth token user
creator_id = ctxt.user
self.quota_enforcer.enforce(project)
new_ca = cert_resources.create_subordinate_ca(
project_model=project,
name=data.get('name'),
description=data.get('description'),
subject_dn=data.get('subject_dn'),
parent_ca_ref=data.get('parent_ca_ref'),
creator_id=creator_id)
url = hrefs.convert_certificate_authority_to_href(new_ca.id)
LOG.debug(u._('URI to sub-CA is %s'), url)
pecan.response.status = 201
pecan.response.headers['Location'] = url
LOG.info(u._LI('Created a sub CA for project: %s'),
external_project_id)
return {'ca_ref': url}
def on_post(self, external_project_id, **kwargs):
LOG.debug('Start on_post for project-ID %s:...', external_project_id)
data = api.load_body(pecan.request, validator=self.validator)
project = res.get_or_create_project(external_project_id)
ctxt = controllers._get_barbican_context(pecan.request)
if ctxt: # in authenticated pipeline case, always use auth token user
creator_id = ctxt.user
self.quota_enforcer.enforce(project)
new_ca = cert_resources.create_subordinate_ca(
project_model=project,
name=data.get('name'),
description=data.get('description'),
subject_dn=data.get('subject_dn'),
parent_ca_ref=data.get('parent_ca_ref'),
creator_id=creator_id
)
url = hrefs.convert_certificate_authority_to_href(new_ca.id)
LOG.debug('URI to sub-CA is %s', url)
pecan.response.status = 201
pecan.response.headers['Location'] = url
LOG.info(u._LI('Created a sub CA for project: %s'),
external_project_id)
return {'ca_ref': url}
def test_should_raise_unauthorized_subca_delete(self):
subca = cert_res.create_subordinate_ca(
project_model=self.project,
name=self.name,
description=self.description,
subject_dn=self.subject_name,
parent_ca_ref=self.parent_ca_ref,
creator_id=self.creator_id)
self.assertRaises(excep.UnauthorizedSubCA,
cert_res.delete_subordinate_ca,
self.project2.external_id, subca)
def test_should_delete_subca(self):
subca = cert_res.create_subordinate_ca(
project_model=self.project,
name=self.name,
description=self.description,
subject_dn=self.subject_name,
parent_ca_ref=self.parent_ca_ref,
creator_id=self.creator_id)
self.assertIsInstance(subca, models.CertificateAuthority)
cert_res.delete_subordinate_ca(self.project.external_id, subca)
self.cert_plugin.delete_ca.assert_called_once_with(subca.plugin_ca_id)
def test_should_delete_subca(self):
subca = cert_res.create_subordinate_ca(
project_model=self.project,
name=self.name,
description=self.description,
subject_dn=self.subject_name,
parent_ca_ref=self.parent_ca_ref,
creator_id=self.creator_id
)
self.assertIsInstance(subca, models.CertificateAuthority)
cert_res.delete_subordinate_ca(self.project.external_id, subca)
self.cert_plugin.delete_ca.assert_called_once_with(subca.plugin_ca_id)
def test_should_create_subordinate_ca(self):
subca = cert_res.create_subordinate_ca(
project_model=self.project,
name=self.name,
description=self.description,
subject_dn=self.subject_name,
parent_ca_ref=self.parent_ca_ref,
creator_id=self.creator_id)
self.assertIsInstance(subca, models.CertificateAuthority)
self.assertEqual(self.project.id, subca.project_id)
self.assertEqual(self.creator_id, subca.creator_id)
self.assertEqual(self.plugin_name, subca.plugin_name)
def test_should_create_subordinate_ca(self):
subca = cert_res.create_subordinate_ca(
project_model=self.project,
name=self.name,
description=self.description,
subject_dn=self.subject_name,
parent_ca_ref=self.parent_ca_ref,
creator_id=self.creator_id
)
self.assertIsInstance(subca, models.CertificateAuthority)
self.assertEqual(self.project.id, subca.project_id)
self.assertEqual(self.creator_id, subca.creator_id)
self.assertEqual(self.plugin_name, subca.plugin_name)
def test_should_raise_when_delete_pref_subca_with_other_project_ca(self):
subca = cert_res.create_subordinate_ca(
project_model=self.project,
name=self.name,
description=self.description,
subject_dn=self.subject_name,
parent_ca_ref=self.parent_ca_ref,
creator_id=self.creator_id
)
project_ca = models.ProjectCertificateAuthority(
self.project.id,
subca.id
)
project_ca_repo.create_from(project_ca)
preferred_ca = models.PreferredCertificateAuthority(
self.project.id,
subca.id)
preferred_ca_repo.create_from(preferred_ca)
subca2 = cert_res.create_subordinate_ca(
project_model=self.project,
name=self.name,
description=self.description,
subject_dn=self.subject_name,
parent_ca_ref=self.parent_ca_ref,
creator_id=self.creator_id
)
project_ca2 = models.ProjectCertificateAuthority(
self.project.id,
subca2.id
)
project_ca_repo.create_from(project_ca2)
self.assertRaises(
excep.CannotDeletePreferredCA,
cert_res.delete_subordinate_ca,
self.project.external_id,
subca
)
def test_should_raise_unauthorized_subca_delete(self):
subca = cert_res.create_subordinate_ca(
project_model=self.project,
name=self.name,
description=self.description,
subject_dn=self.subject_name,
parent_ca_ref=self.parent_ca_ref,
creator_id=self.creator_id
)
self.assertRaises(
excep.UnauthorizedSubCA,
cert_res.delete_subordinate_ca,
self.project2.external_id,
subca
)
def test_should_delete_subca_and_all_related_db_entities(self):
subca = cert_res.create_subordinate_ca(
project_model=self.project,
name=self.name,
description=self.description,
subject_dn=self.subject_name,
parent_ca_ref=self.parent_ca_ref,
creator_id=self.creator_id)
project_ca = models.ProjectCertificateAuthority(
self.project.id, subca.id)
project_ca_repo.create_from(project_ca)
preferred_ca = models.PreferredCertificateAuthority(
self.project.id, subca.id)
preferred_ca_repo.create_from(preferred_ca)
cert_res.delete_subordinate_ca(self.project.external_id, subca)
self.cert_plugin.delete_ca.assert_called_once_with(subca.plugin_ca_id)
def test_should_raise_unauthorized_parent_ca(self):
subca = cert_res.create_subordinate_ca(
project_model=self.project2,
name=self.name,
description=self.description,
subject_dn=self.subject_name,
parent_ca_ref=self.parent_ca_ref,
creator_id=self.creator_id)
subca_ref = hrefs.convert_certificate_authority_to_href(subca.id)
self.assertRaises(excep.UnauthorizedSubCA,
cert_res.create_subordinate_ca,
project_model=self.project,
name=self.name,
description=self.description,
subject_dn=self.subject_name,
parent_ca_ref=subca_ref,
creator_id=self.creator_id)
def test_should_raise_unauthorized_parent_ca(self):
subca = cert_res.create_subordinate_ca(
project_model=self.project2,
name=self.name,
description=self.description,
subject_dn=self.subject_name,
parent_ca_ref=self.parent_ca_ref,
creator_id=self.creator_id
)
subca_ref = hrefs.convert_certificate_authority_to_href(subca.id)
self.assertRaises(
excep.UnauthorizedSubCA,
cert_res.create_subordinate_ca,
project_model=self.project,
name=self.name,
description=self.description,
subject_dn=self.subject_name,
parent_ca_ref=subca_ref,
creator_id=self.creator_id)
def test_should_delete_subca_and_all_related_db_entities(self):
subca = cert_res.create_subordinate_ca(
project_model=self.project,
name=self.name,
description=self.description,
subject_dn=self.subject_name,
parent_ca_ref=self.parent_ca_ref,
creator_id=self.creator_id
)
project_ca = models.ProjectCertificateAuthority(
self.project.id,
subca.id
)
project_ca_repo.create_from(project_ca)
preferred_ca = models.PreferredCertificateAuthority(
self.project.id,
subca.id)
preferred_ca_repo.create_from(preferred_ca)
cert_res.delete_subordinate_ca(self.project.external_id, subca)
self.cert_plugin.delete_ca.assert_called_once_with(subca.plugin_ca_id)
