def test_should_raise_when_delete_pref_subca_with_other_project_ca(self): subca = cert_res.create_subordinate_ca( project_model=self.project, name=self.name, description=self.description, subject_dn=self.subject_name, parent_ca_ref=self.parent_ca_ref, creator_id=self.creator_id) project_ca = models.ProjectCertificateAuthority( self.project.id, subca.id) project_ca_repo.create_from(project_ca) preferred_ca = models.PreferredCertificateAuthority( self.project.id, subca.id) preferred_ca_repo.create_from(preferred_ca) subca2 = cert_res.create_subordinate_ca( project_model=self.project, name=self.name, description=self.description, subject_dn=self.subject_name, parent_ca_ref=self.parent_ca_ref, creator_id=self.creator_id) project_ca2 = models.ProjectCertificateAuthority( self.project.id, subca2.id) project_ca_repo.create_from(project_ca2) self.assertRaises(excep.CannotDeletePreferredCA, cert_res.delete_subordinate_ca, self.project.external_id, subca)
def on_post(self, external_project_id, **kwargs): LOG.debug(u._('Start on_post for project-ID %s:...'), external_project_id) data = api.load_body(pecan.request, validator=self.validator) project = res.get_or_create_project(external_project_id) ctxt = controllers._get_barbican_context(pecan.request) if ctxt: # in authenticated pipeline case, always use auth token user creator_id = ctxt.user self.quota_enforcer.enforce(project) new_ca = cert_resources.create_subordinate_ca( project_model=project, name=data.get('name'), description=data.get('description'), subject_dn=data.get('subject_dn'), parent_ca_ref=data.get('parent_ca_ref'), creator_id=creator_id) url = hrefs.convert_certificate_authority_to_href(new_ca.id) LOG.debug(u._('URI to sub-CA is %s'), url) pecan.response.status = 201 pecan.response.headers['Location'] = url LOG.info(u._LI('Created a sub CA for project: %s'), external_project_id) return {'ca_ref': url}
def on_post(self, external_project_id, **kwargs): LOG.debug('Start on_post for project-ID %s:...', external_project_id) data = api.load_body(pecan.request, validator=self.validator) project = res.get_or_create_project(external_project_id) ctxt = controllers._get_barbican_context(pecan.request) if ctxt: # in authenticated pipeline case, always use auth token user creator_id = ctxt.user self.quota_enforcer.enforce(project) new_ca = cert_resources.create_subordinate_ca( project_model=project, name=data.get('name'), description=data.get('description'), subject_dn=data.get('subject_dn'), parent_ca_ref=data.get('parent_ca_ref'), creator_id=creator_id ) url = hrefs.convert_certificate_authority_to_href(new_ca.id) LOG.debug('URI to sub-CA is %s', url) pecan.response.status = 201 pecan.response.headers['Location'] = url LOG.info(u._LI('Created a sub CA for project: %s'), external_project_id) return {'ca_ref': url}
def test_should_raise_unauthorized_subca_delete(self): subca = cert_res.create_subordinate_ca( project_model=self.project, name=self.name, description=self.description, subject_dn=self.subject_name, parent_ca_ref=self.parent_ca_ref, creator_id=self.creator_id) self.assertRaises(excep.UnauthorizedSubCA, cert_res.delete_subordinate_ca, self.project2.external_id, subca)
def test_should_delete_subca(self): subca = cert_res.create_subordinate_ca( project_model=self.project, name=self.name, description=self.description, subject_dn=self.subject_name, parent_ca_ref=self.parent_ca_ref, creator_id=self.creator_id) self.assertIsInstance(subca, models.CertificateAuthority) cert_res.delete_subordinate_ca(self.project.external_id, subca) self.cert_plugin.delete_ca.assert_called_once_with(subca.plugin_ca_id)
def test_should_delete_subca(self): subca = cert_res.create_subordinate_ca( project_model=self.project, name=self.name, description=self.description, subject_dn=self.subject_name, parent_ca_ref=self.parent_ca_ref, creator_id=self.creator_id ) self.assertIsInstance(subca, models.CertificateAuthority) cert_res.delete_subordinate_ca(self.project.external_id, subca) self.cert_plugin.delete_ca.assert_called_once_with(subca.plugin_ca_id)
def test_should_create_subordinate_ca(self): subca = cert_res.create_subordinate_ca( project_model=self.project, name=self.name, description=self.description, subject_dn=self.subject_name, parent_ca_ref=self.parent_ca_ref, creator_id=self.creator_id) self.assertIsInstance(subca, models.CertificateAuthority) self.assertEqual(self.project.id, subca.project_id) self.assertEqual(self.creator_id, subca.creator_id) self.assertEqual(self.plugin_name, subca.plugin_name)
def test_should_create_subordinate_ca(self): subca = cert_res.create_subordinate_ca( project_model=self.project, name=self.name, description=self.description, subject_dn=self.subject_name, parent_ca_ref=self.parent_ca_ref, creator_id=self.creator_id ) self.assertIsInstance(subca, models.CertificateAuthority) self.assertEqual(self.project.id, subca.project_id) self.assertEqual(self.creator_id, subca.creator_id) self.assertEqual(self.plugin_name, subca.plugin_name)
def test_should_raise_when_delete_pref_subca_with_other_project_ca(self): subca = cert_res.create_subordinate_ca( project_model=self.project, name=self.name, description=self.description, subject_dn=self.subject_name, parent_ca_ref=self.parent_ca_ref, creator_id=self.creator_id ) project_ca = models.ProjectCertificateAuthority( self.project.id, subca.id ) project_ca_repo.create_from(project_ca) preferred_ca = models.PreferredCertificateAuthority( self.project.id, subca.id) preferred_ca_repo.create_from(preferred_ca) subca2 = cert_res.create_subordinate_ca( project_model=self.project, name=self.name, description=self.description, subject_dn=self.subject_name, parent_ca_ref=self.parent_ca_ref, creator_id=self.creator_id ) project_ca2 = models.ProjectCertificateAuthority( self.project.id, subca2.id ) project_ca_repo.create_from(project_ca2) self.assertRaises( excep.CannotDeletePreferredCA, cert_res.delete_subordinate_ca, self.project.external_id, subca )
def test_should_raise_unauthorized_subca_delete(self): subca = cert_res.create_subordinate_ca( project_model=self.project, name=self.name, description=self.description, subject_dn=self.subject_name, parent_ca_ref=self.parent_ca_ref, creator_id=self.creator_id ) self.assertRaises( excep.UnauthorizedSubCA, cert_res.delete_subordinate_ca, self.project2.external_id, subca )
def test_should_delete_subca_and_all_related_db_entities(self): subca = cert_res.create_subordinate_ca( project_model=self.project, name=self.name, description=self.description, subject_dn=self.subject_name, parent_ca_ref=self.parent_ca_ref, creator_id=self.creator_id) project_ca = models.ProjectCertificateAuthority( self.project.id, subca.id) project_ca_repo.create_from(project_ca) preferred_ca = models.PreferredCertificateAuthority( self.project.id, subca.id) preferred_ca_repo.create_from(preferred_ca) cert_res.delete_subordinate_ca(self.project.external_id, subca) self.cert_plugin.delete_ca.assert_called_once_with(subca.plugin_ca_id)
def test_should_raise_unauthorized_parent_ca(self): subca = cert_res.create_subordinate_ca( project_model=self.project2, name=self.name, description=self.description, subject_dn=self.subject_name, parent_ca_ref=self.parent_ca_ref, creator_id=self.creator_id) subca_ref = hrefs.convert_certificate_authority_to_href(subca.id) self.assertRaises(excep.UnauthorizedSubCA, cert_res.create_subordinate_ca, project_model=self.project, name=self.name, description=self.description, subject_dn=self.subject_name, parent_ca_ref=subca_ref, creator_id=self.creator_id)
def test_should_raise_unauthorized_parent_ca(self): subca = cert_res.create_subordinate_ca( project_model=self.project2, name=self.name, description=self.description, subject_dn=self.subject_name, parent_ca_ref=self.parent_ca_ref, creator_id=self.creator_id ) subca_ref = hrefs.convert_certificate_authority_to_href(subca.id) self.assertRaises( excep.UnauthorizedSubCA, cert_res.create_subordinate_ca, project_model=self.project, name=self.name, description=self.description, subject_dn=self.subject_name, parent_ca_ref=subca_ref, creator_id=self.creator_id)
def test_should_delete_subca_and_all_related_db_entities(self): subca = cert_res.create_subordinate_ca( project_model=self.project, name=self.name, description=self.description, subject_dn=self.subject_name, parent_ca_ref=self.parent_ca_ref, creator_id=self.creator_id ) project_ca = models.ProjectCertificateAuthority( self.project.id, subca.id ) project_ca_repo.create_from(project_ca) preferred_ca = models.PreferredCertificateAuthority( self.project.id, subca.id) preferred_ca_repo.create_from(preferred_ca) cert_res.delete_subordinate_ca(self.project.external_id, subca) self.cert_plugin.delete_ca.assert_called_once_with(subca.plugin_ca_id)