def create_secret_metadatum(secret=None, key="key", value="value", session=None): secret_meta = models.SecretStoreMetadatum(key, value) secret_meta.secret_id = secret.id secret_meta_repo = repositories.get_secret_meta_repository() secret_meta_repo.create_from(secret_meta, session=session) return secret_meta
def setUp(self): super(WhenUsingKeystoneEventConsumer, self).setUp() self.kek_repo = rep.get_kek_datum_repository() self.project_repo = rep.get_project_repository() self.secret_meta_repo = rep.get_secret_meta_repository() self.secret_repo = rep.get_secret_repository() self.transport_key_repo = rep.get_transport_key_repository()
class SecretStoreMetadatum(base.BarbicanObject, base.BarbicanPersistentObject, object_base.VersionedObjectDictCompat): fields = { 'key': fields.StringField(), 'value': fields.StringField(), 'secret_id': fields.StringField() } db_model = models.SecretStoreMetadatum db_repo = repo.get_secret_meta_repository() def _validate_fields(self, change_fields): msg = u._("Must supply non-None {0} argument " "for SecretStoreMetadatum entry.") if change_fields.get('key') is None: raise exception.MissingArgumentError(msg.format('key')) if change_fields.get('value') is None: raise exception.MissingArgumentError(msg.format('value')) @classmethod def save(cls, metadata, secret_obj): """Saves the specified metadata for the secret.""" now = timeutils.utcnow() for k, v in metadata.items(): meta_obj = cls(key=k, value=v) meta_obj.updated_at = now meta_obj.secret_id = secret_obj.id meta_obj.create() @classmethod def get_metadata_for_secret(cls, secret_id): return cls.db_repo.get_metadata_for_secret(secret_id)
def _save_secret_metadata_in_repo(secret_model, secret_metadata, store_plugin, content_type): """Add secret metadata to a secret.""" if not secret_metadata: secret_metadata = {} secret_metadata['plugin_name'] = utils.generate_fullname_for(store_plugin) secret_metadata['content_type'] = content_type secret_meta_repo = repos.get_secret_meta_repository() secret_meta_repo.save(secret_metadata, secret_model)
def _get_secret_meta(secret_model): if secret_model: secret_meta_repo = repos.get_secret_meta_repository() return secret_meta_repo.get_metadata_for_secret(secret_model.id) else: return {}
def test_existing_project_entities_cleanup_for_plain_secret( self, mock_handle_success): self._init_memory_db_setup() secret = self._create_secret_for_project(self.project1_data) self.assertIsNotNone(secret) secret_id = secret.id project1_id = self.project1_data.id secret_repo = rep.get_secret_repository() db_secrets = secret_repo.get_project_entities(project1_id) self.assertEqual(1, len(db_secrets)) self.assertEqual(secret.id, db_secrets[0].id) # Get secret_store_metadata for related secret self.assertGreater(len(db_secrets[0].secret_store_metadata), 0) secret_metadata_id = list(db_secrets[0]. secret_store_metadata.values())[0].id self.assertIsNotNone(secret_metadata_id) # Get db entry for secret_store_metadata by id to make sure its # presence before removing via delete project task secret_meta_repo = rep.get_secret_meta_repository() db_secret_store_meta = secret_meta_repo.get( entity_id=secret_metadata_id) self.assertIsNotNone(db_secret_store_meta) kek_repo = rep.get_kek_datum_repository() db_kek = kek_repo.get_project_entities(project1_id) self.assertEqual(1, len(db_kek)) # task = consumer.KeystoneEventConsumer() result = self.task.process(project_id=self.project_id1, resource_type='project', operation_type='deleted') self.assertIsNone(result, 'No return is expected as result') mock_handle_success.assert_has_calls([]) _, kwargs = mock_handle_success.call_args self.assertEqual(self.project_id1, kwargs['project_id']) self.assertEqual('project', kwargs['resource_type']) self.assertEqual('deleted', kwargs['operation_type']) # After project entities delete, make sure secret is not found ex = self.assertRaises(exception.NotFound, secret_repo.get, entity_id=secret_id, external_project_id=self.project_id1) self.assertIn(secret_id, str(ex)) # After project entities delete, make sure kek data is not found entities = kek_repo.get_project_entities(project1_id) self.assertEqual(0, len(entities)) project_repo = rep.get_project_repository() db_project = project_repo.get_project_entities(project1_id) self.assertEqual(0, len(db_project)) # Should have deleted SecretStoreMetadatum via children delete self.assertRaises(exception.NotFound, secret_meta_repo.get, entity_id=secret_metadata_id)
def test_existing_project_entities_cleanup_for_plain_secret( self, mock_handle_success): self._init_memory_db_setup() secret = self._create_secret_for_project(self.project1_data) self.assertIsNotNone(secret) secret_id = secret.id project1_id = self.project1_data.id secret_repo = rep.get_secret_repository() db_secrets = secret_repo.get_project_entities(project1_id) self.assertEqual(1, len(db_secrets)) self.assertEqual(secret.id, db_secrets[0].id) # Get secret_store_metadata for related secret self.assertGreater(len(db_secrets[0].secret_store_metadata), 0) secret_metadata_id = list( db_secrets[0].secret_store_metadata.values())[0].id self.assertIsNotNone(secret_metadata_id) # Get db entry for secret_store_metadata by id to make sure its # presence before removing via delete project task secret_meta_repo = rep.get_secret_meta_repository() db_secret_store_meta = secret_meta_repo.get( entity_id=secret_metadata_id) self.assertIsNotNone(db_secret_store_meta) kek_repo = rep.get_kek_datum_repository() db_kek = kek_repo.get_project_entities(project1_id) self.assertEqual(1, len(db_kek)) # task = consumer.KeystoneEventConsumer() result = self.task.process(project_id=self.project_id1, resource_type='project', operation_type='deleted') self.assertIsNone(result, 'No return is expected as result') mock_handle_success.assert_has_calls([]) _, kwargs = mock_handle_success.call_args self.assertEqual(self.project_id1, kwargs['project_id']) self.assertEqual('project', kwargs['resource_type']) self.assertEqual('deleted', kwargs['operation_type']) # After project entities delete, make sure secret is not found ex = self.assertRaises(exception.NotFound, secret_repo.get, entity_id=secret_id, external_project_id=self.project_id1) self.assertIn(secret_id, str(ex)) # After project entities delete, make sure kek data is not found entities = kek_repo.get_project_entities(project1_id) self.assertEqual(0, len(entities)) project_repo = rep.get_project_repository() db_project = project_repo.get_project_entities(project1_id) self.assertEqual(0, len(db_project)) # Should have deleted SecretStoreMetadatum via children delete self.assertRaises(exception.NotFound, secret_meta_repo.get, entity_id=secret_metadata_id)