def test_create_list_delete_empty_container(self): # Create a container to test against. body = self.create_container(type="generic", name="empty-container") container_id = base._get_uuid(body.get('container_ref')) # Verify that the container can be found via specific listing. body = self.container_client.get_container(container_id) self.assertEqual(container_id, base._get_uuid(body.get('container_ref')), body) self.assertEqual("generic", body.get('type'), body) self.assertEqual("empty-container", body.get('name'), body) self.assertEqual("ACTIVE", body.get('status'), body) self.assertEmpty(body.get('secret_refs'), body) self.assertEmpty(body.get('consumers'), body) self.assertIn('created', body, body) self.assertIn('updated', body, body) self.assertIn('creator_id', body, body) # Verify that the container can be found via generic listing. body = self.container_client.list_containers() self.assertEqual(1, body.get('total'), body) self.assertEqual(1, len(body.get('containers')), body) container = body.get('containers')[0] self.assertEqual(container_id, base._get_uuid(container.get('container_ref')), container) self.assertEqual("generic", container.get('type'), container) self.assertEqual("empty-container", container.get('name'), container) self.assertEqual("ACTIVE", container.get('status'), container) self.assertEmpty(container.get('secret_refs'), container) self.assertEmpty(container.get('consumers'), container) self.assertIn('created', container, container) self.assertIn('updated', container, container) self.assertIn('creator_id', container, container)
def test_create_delete_symmetric_key(self): password = b"password" salt = os.urandom(16) kdf = PBKDF2HMAC( algorithm=hashes.SHA256(), length=32, salt=salt, iterations=1000, backend=default_backend() ) key = base64.b64encode(kdf.derive(password)) expire_time = (datetime.utcnow() + timedelta(days=5)) sec = self.create_secret( expiration=expire_time.isoformat(), algorithm="aes", bit_length=256, mode="cbc", payload=key, payload_content_type="application/octet-stream", payload_content_encoding="base64" ) uuid = base._get_uuid(sec['secret_ref']) self.delete_secret(uuid)
def test_add_to_delete_from_container(self): # Create a container to test against. body = self.create_container(type="generic", name="test-container") container_id = base._get_uuid(body.get('container_ref')) # Create some secrets to store in the container body = self.create_secret() secret1_id = base._get_uuid(body.get('secret_ref')) body = self.create_secret() secret2_id = base._get_uuid(body.get('secret_ref')) # Confirm that the container is empty body = self.container_client.get_container(container_id) self.assertEqual(container_id, base._get_uuid(body.get('container_ref')), body) self.assertEmpty(body.get('secret_refs'), body) # Add the secrets to the container self.container_client.add_secret_to_container(container_id, secret1_id) self.container_client.add_secret_to_container(container_id, secret2_id) # Confirm that the secrets are in the container body = self.container_client.get_container(container_id) self.assertEqual(container_id, base._get_uuid(body.get('container_ref')), body) self.assertEqual(2, len(body.get('secret_refs')), body) for secret_ref in body.get('secret_refs'): secret_id = base._get_uuid(secret_ref.get('secret_ref')) self.assertIn(secret_id, (secret1_id, secret2_id)) # Remove the secrets from the container self.container_client.delete_secret_from_container( container_id, secret1_id) self.container_client.delete_secret_from_container( container_id, secret2_id) # Confirm that the container is empty body = self.container_client.get_container(container_id) self.assertEqual(container_id, base._get_uuid(body.get('container_ref')), body) self.assertEmpty(body.get('secret_refs'), body) # Clean up the containe self.delete_container(container_id)
def test_secret_metadata(self): # Create a secret sec = self.create_secret() uuid = base._get_uuid(sec['secret_ref']) # Add multiple metadata fields self.secret_metadata_client.put_secret_metadata( uuid, description='contains the AES key', geolocation='12.3456, -98.7654') metadata = self.secret_metadata_client.get_secret_metadata(uuid) self.assertEqual(2, len(metadata.keys())) self.assertIn('description', metadata.keys()) self.assertIn('geolocation', metadata.keys()) self.assertEqual('contains the AES key', metadata['description']) self.assertEqual('12.3456, -98.7654', metadata['geolocation']) # Add a single metadata field self.secret_metadata_client.create_key_value_pair(uuid, key='extra', value='extra value') metadata = self.secret_metadata_client.get_secret_metadata(uuid) self.assertEqual(3, len(metadata.keys())) self.assertEqual('extra value', metadata['extra']) # Modify the metadata field self.secret_metadata_client.update_secret_metadata(uuid, key='extra', value='new value') metadata = self.secret_metadata_client.get_secret_metadata(uuid) self.assertEqual('new value', metadata['extra']) # Delete the extra key-value pair self.secret_metadata_client.delete_secret_metadata_by_key( uuid, 'extra') metadata = self.secret_metadata_client.get_secret_metadata(uuid) self.assertEqual(2, len(metadata.keys()))
def test_get_and_put_payload(self): # Create secret without payload secret = self.create_secret() uuid = base._get_uuid(secret['secret_ref']) # Create AES key payload password = b"password" salt = os.urandom(16) kdf = PBKDF2HMAC( algorithm=hashes.SHA256(), length=32, salt=salt, iterations=1000, backend=default_backend() ) key = base64.b64encode(kdf.derive(password)) # Associate the payload with the created secret self.secret_client.put_secret_payload(uuid, key) # Retrieve the payload payload = self.secret_client.get_secret_payload(uuid) self.assertEqual(key, base64.b64encode(payload)) # Clean up self.delete_secret(uuid)
def test_get_secret_metadata(self): secret = self.create_secret() uuid = base._get_uuid(secret['secret_ref']) resp = self.secret_client.get_secret_metadata(uuid) self.assertEqual(uuid, base._get_uuid(resp['secret_ref'])) self.delete_secret(uuid)
def test_create_delete_empty_secret(self): sec = self.create_secret() uuid = base._get_uuid(sec['secret_ref']) self.delete_secret(uuid)
def test_create_list_delete_orders(self): # Confirm that there are no orders body = self.order_client.list_orders() self.assertEqual(0, body.get('total'), body) self.assertEqual(0, len(body.get('orders')), body) # Create some orders body = self.create_order(type="key", meta={ "name": "order-key-1", "algorithm": "AES", "bit_length": 256, "mode": "cbc", "payload_content_type": "application/octet-stream" }) order_id_1 = base._get_uuid(body.get('order_ref')) body = self.create_order(type="key", meta={ "name": "order-key-2", "algorithm": "AES", "bit_length": 256, "mode": "cbc", "payload_content_type": "application/octet-stream" }) order_id_2 = base._get_uuid(body.get('order_ref')) # Verify that the orders can be found via generic listing. body = self.order_client.list_orders() self.assertEqual(2, body.get('total'), body) self.assertEqual(2, len(body.get('orders')), body) # Wait max 60 seconds for orders to finish for _ in range(12): orders = self.order_client.list_orders().get('orders') statuses = [o['status'] for o in orders] if len(set(statuses)) == 1 and statuses[0] == 'ACTIVE': break time.sleep(5) for order in orders: self.assertIn(base._get_uuid(order.get('order_ref')), [order_id_1, order_id_2], body) self.assertIn('secret_ref', order.keys()) # Verify that the orders can be found via specific listing. body = self.order_client.get_order(order_id_1) self.assertEqual(order_id_1, base._get_uuid(body.get('order_ref')), body) self.assertIn('created', body, body) self.assertIn('creator_id', body, body) self.assertIn('meta', body, body) meta = body.get('meta') self.assertEqual("order-key-1", meta.get('name'), meta) self.assertEqual("AES", meta.get('algorithm'), meta) self.assertEqual(256, meta.get('bit_length'), meta) self.assertEqual("cbc", meta.get('mode'), meta) self.assertEqual("application/octet-stream", meta.get('payload_content_type'), meta) self.assertIn('secret_ref', body, body) self.assertEqual("ACTIVE", body.get('status'), body) self.assertEqual("key", body.get('type'), body) self.assertIn('updated', body, body) body = self.order_client.get_order(order_id_2) self.assertEqual(order_id_2, base._get_uuid(body.get('order_ref')), body) self.assertIn('created', body, body) self.assertIn('creator_id', body, body) self.assertIn('meta', body, body) meta = body.get('meta') self.assertEqual("order-key-2", meta.get('name'), meta) self.assertEqual("AES", meta.get('algorithm'), meta) self.assertEqual(256, meta.get('bit_length'), meta) self.assertEqual("cbc", meta.get('mode'), meta) self.assertEqual("application/octet-stream", meta.get('payload_content_type'), meta) self.assertIn('secret_ref', body, body) self.assertEqual("ACTIVE", body.get('status'), body) self.assertEqual("key", body.get('type'), body) self.assertIn('updated', body, body) # Delete one order and confirm that it got deleted self.delete_order(order_id_1) body = self.order_client.list_orders() self.assertEqual(1, body.get('total'), body) self.assertEqual(1, len(body.get('orders')), body) order = body.get('orders')[0] self.assertEqual(order_id_2, base._get_uuid(order.get('order_ref')), body)
def test_add_delete_consumers_in_container(self): # Create a container to test against body = self.create_container( type="generic", name="consumer-container" ) container_id = base._get_uuid(body.get('container_ref')) # Confirm that the container has no consumers body = self.consumer_client.list_consumers_in_container(container_id) self.assertEqual(0, body.get('total'), body) self.assertEmpty(body.get('consumers'), body) # Add some consumers to the container body = self.consumer_client.add_consumer_to_container( container_id, name="consumer1", URL="url1" ) self.assertEqual( container_id, base._get_uuid(body.get('container_ref')), body ) self.assertEqual(1, len(body.get('consumers')), body) body = self.consumer_client.add_consumer_to_container( container_id, name="consumer2", URL="url2" ) self.assertEqual( container_id, base._get_uuid(body.get('container_ref')), body ) self.assertEqual(2, len(body.get('consumers')), body) # Confirm that the consumers are in the container body = self.consumer_client.list_consumers_in_container(container_id) self.assertEqual(2, body.get('total'), body) self.assertEqual(2, len(body.get('consumers')), body) for consumer in body.get('consumers'): self.assertIn(consumer.get('name'), ("consumer1", "consumer2")) self.assertIn(consumer.get('URL'), ("url1", "url2")) # Remove the consumers from the container body = self.consumer_client.delete_consumer_from_container( container_id, name="consumer1", URL="url1" ) self.assertEqual( container_id, base._get_uuid(body.get('container_ref')), body ) self.assertEqual(1, len(body.get('consumers')), body) body = self.consumer_client.delete_consumer_from_container( container_id, name="consumer2", URL="url2" ) self.assertEqual( container_id, base._get_uuid(body.get('container_ref')), body ) self.assertEqual(0, len(body.get('consumers')), body) # Confirm that the container has no consumers body = self.consumer_client.list_consumers_in_container(container_id) self.assertEqual(0, body.get('total'), body) self.assertEqual(0, len(body.get('consumers')), body) # Clean up the container self.delete_container(container_id)