def test_create_list_delete_empty_container(self):
# Create a container to test against.
body = self.create_container(type="generic", name="empty-container")
container_id = base._get_uuid(body.get('container_ref'))
# Verify that the container can be found via specific listing.
body = self.container_client.get_container(container_id)
self.assertEqual(container_id,
base._get_uuid(body.get('container_ref')), body)
self.assertEqual("generic", body.get('type'), body)
self.assertEqual("empty-container", body.get('name'), body)
self.assertEqual("ACTIVE", body.get('status'), body)
self.assertEmpty(body.get('secret_refs'), body)
self.assertEmpty(body.get('consumers'), body)
self.assertIn('created', body, body)
self.assertIn('updated', body, body)
self.assertIn('creator_id', body, body)
# Verify that the container can be found via generic listing.
body = self.container_client.list_containers()
self.assertEqual(1, body.get('total'), body)
self.assertEqual(1, len(body.get('containers')), body)
container = body.get('containers')[0]
self.assertEqual(container_id,
base._get_uuid(container.get('container_ref')),
container)
self.assertEqual("generic", container.get('type'), container)
self.assertEqual("empty-container", container.get('name'), container)
self.assertEqual("ACTIVE", container.get('status'), container)
self.assertEmpty(container.get('secret_refs'), container)
self.assertEmpty(container.get('consumers'), container)
self.assertIn('created', container, container)
self.assertIn('updated', container, container)
self.assertIn('creator_id', container, container)
def test_create_delete_symmetric_key(self):
password = b"password"
salt = os.urandom(16)
kdf = PBKDF2HMAC(
algorithm=hashes.SHA256(), length=32, salt=salt,
iterations=1000, backend=default_backend()
)
key = base64.b64encode(kdf.derive(password))
expire_time = (datetime.utcnow() + timedelta(days=5))
sec = self.create_secret(
expiration=expire_time.isoformat(), algorithm="aes",
bit_length=256, mode="cbc", payload=key,
payload_content_type="application/octet-stream",
payload_content_encoding="base64"
)
uuid = base._get_uuid(sec['secret_ref'])
self.delete_secret(uuid)
def test_add_to_delete_from_container(self):
# Create a container to test against.
body = self.create_container(type="generic", name="test-container")
container_id = base._get_uuid(body.get('container_ref'))
# Create some secrets to store in the container
body = self.create_secret()
secret1_id = base._get_uuid(body.get('secret_ref'))
body = self.create_secret()
secret2_id = base._get_uuid(body.get('secret_ref'))
# Confirm that the container is empty
body = self.container_client.get_container(container_id)
self.assertEqual(container_id,
base._get_uuid(body.get('container_ref')), body)
self.assertEmpty(body.get('secret_refs'), body)
# Add the secrets to the container
self.container_client.add_secret_to_container(container_id, secret1_id)
self.container_client.add_secret_to_container(container_id, secret2_id)
# Confirm that the secrets are in the container
body = self.container_client.get_container(container_id)
self.assertEqual(container_id,
base._get_uuid(body.get('container_ref')), body)
self.assertEqual(2, len(body.get('secret_refs')), body)
for secret_ref in body.get('secret_refs'):
secret_id = base._get_uuid(secret_ref.get('secret_ref'))
self.assertIn(secret_id, (secret1_id, secret2_id))
# Remove the secrets from the container
self.container_client.delete_secret_from_container(
container_id, secret1_id)
self.container_client.delete_secret_from_container(
container_id, secret2_id)
# Confirm that the container is empty
body = self.container_client.get_container(container_id)
self.assertEqual(container_id,
base._get_uuid(body.get('container_ref')), body)
self.assertEmpty(body.get('secret_refs'), body)
# Clean up the containe
self.delete_container(container_id)
def test_secret_metadata(self):
# Create a secret
sec = self.create_secret()
uuid = base._get_uuid(sec['secret_ref'])
# Add multiple metadata fields
self.secret_metadata_client.put_secret_metadata(
uuid,
description='contains the AES key',
geolocation='12.3456, -98.7654')
metadata = self.secret_metadata_client.get_secret_metadata(uuid)
self.assertEqual(2, len(metadata.keys()))
self.assertIn('description', metadata.keys())
self.assertIn('geolocation', metadata.keys())
self.assertEqual('contains the AES key', metadata['description'])
self.assertEqual('12.3456, -98.7654', metadata['geolocation'])
# Add a single metadata field
self.secret_metadata_client.create_key_value_pair(uuid,
key='extra',
value='extra value')
metadata = self.secret_metadata_client.get_secret_metadata(uuid)
self.assertEqual(3, len(metadata.keys()))
self.assertEqual('extra value', metadata['extra'])
# Modify the metadata field
self.secret_metadata_client.update_secret_metadata(uuid,
key='extra',
value='new value')
metadata = self.secret_metadata_client.get_secret_metadata(uuid)
self.assertEqual('new value', metadata['extra'])
# Delete the extra key-value pair
self.secret_metadata_client.delete_secret_metadata_by_key(
uuid, 'extra')
metadata = self.secret_metadata_client.get_secret_metadata(uuid)
self.assertEqual(2, len(metadata.keys()))
def test_get_and_put_payload(self):
# Create secret without payload
secret = self.create_secret()
uuid = base._get_uuid(secret['secret_ref'])
# Create AES key payload
password = b"password"
salt = os.urandom(16)
kdf = PBKDF2HMAC(
algorithm=hashes.SHA256(), length=32, salt=salt,
iterations=1000, backend=default_backend()
)
key = base64.b64encode(kdf.derive(password))
# Associate the payload with the created secret
self.secret_client.put_secret_payload(uuid, key)
# Retrieve the payload
payload = self.secret_client.get_secret_payload(uuid)
self.assertEqual(key, base64.b64encode(payload))
# Clean up
self.delete_secret(uuid)
def test_get_secret_metadata(self):
secret = self.create_secret()
uuid = base._get_uuid(secret['secret_ref'])
resp = self.secret_client.get_secret_metadata(uuid)
self.assertEqual(uuid, base._get_uuid(resp['secret_ref']))
self.delete_secret(uuid)
def test_create_delete_empty_secret(self):
sec = self.create_secret()
uuid = base._get_uuid(sec['secret_ref'])
self.delete_secret(uuid)
def test_create_list_delete_orders(self):
# Confirm that there are no orders
body = self.order_client.list_orders()
self.assertEqual(0, body.get('total'), body)
self.assertEqual(0, len(body.get('orders')), body)
# Create some orders
body = self.create_order(type="key",
meta={
"name":
"order-key-1",
"algorithm":
"AES",
"bit_length":
256,
"mode":
"cbc",
"payload_content_type":
"application/octet-stream"
})
order_id_1 = base._get_uuid(body.get('order_ref'))
body = self.create_order(type="key",
meta={
"name":
"order-key-2",
"algorithm":
"AES",
"bit_length":
256,
"mode":
"cbc",
"payload_content_type":
"application/octet-stream"
})
order_id_2 = base._get_uuid(body.get('order_ref'))
# Verify that the orders can be found via generic listing.
body = self.order_client.list_orders()
self.assertEqual(2, body.get('total'), body)
self.assertEqual(2, len(body.get('orders')), body)
# Wait max 60 seconds for orders to finish
for _ in range(12):
orders = self.order_client.list_orders().get('orders')
statuses = [o['status'] for o in orders]
if len(set(statuses)) == 1 and statuses[0] == 'ACTIVE':
break
time.sleep(5)
for order in orders:
self.assertIn(base._get_uuid(order.get('order_ref')),
[order_id_1, order_id_2], body)
self.assertIn('secret_ref', order.keys())
# Verify that the orders can be found via specific listing.
body = self.order_client.get_order(order_id_1)
self.assertEqual(order_id_1, base._get_uuid(body.get('order_ref')),
body)
self.assertIn('created', body, body)
self.assertIn('creator_id', body, body)
self.assertIn('meta', body, body)
meta = body.get('meta')
self.assertEqual("order-key-1", meta.get('name'), meta)
self.assertEqual("AES", meta.get('algorithm'), meta)
self.assertEqual(256, meta.get('bit_length'), meta)
self.assertEqual("cbc", meta.get('mode'), meta)
self.assertEqual("application/octet-stream",
meta.get('payload_content_type'), meta)
self.assertIn('secret_ref', body, body)
self.assertEqual("ACTIVE", body.get('status'), body)
self.assertEqual("key", body.get('type'), body)
self.assertIn('updated', body, body)
body = self.order_client.get_order(order_id_2)
self.assertEqual(order_id_2, base._get_uuid(body.get('order_ref')),
body)
self.assertIn('created', body, body)
self.assertIn('creator_id', body, body)
self.assertIn('meta', body, body)
meta = body.get('meta')
self.assertEqual("order-key-2", meta.get('name'), meta)
self.assertEqual("AES", meta.get('algorithm'), meta)
self.assertEqual(256, meta.get('bit_length'), meta)
self.assertEqual("cbc", meta.get('mode'), meta)
self.assertEqual("application/octet-stream",
meta.get('payload_content_type'), meta)
self.assertIn('secret_ref', body, body)
self.assertEqual("ACTIVE", body.get('status'), body)
self.assertEqual("key", body.get('type'), body)
self.assertIn('updated', body, body)
# Delete one order and confirm that it got deleted
self.delete_order(order_id_1)
body = self.order_client.list_orders()
self.assertEqual(1, body.get('total'), body)
self.assertEqual(1, len(body.get('orders')), body)
order = body.get('orders')[0]
self.assertEqual(order_id_2, base._get_uuid(order.get('order_ref')),
body)
def test_add_delete_consumers_in_container(self):
# Create a container to test against
body = self.create_container(
type="generic",
name="consumer-container"
)
container_id = base._get_uuid(body.get('container_ref'))
# Confirm that the container has no consumers
body = self.consumer_client.list_consumers_in_container(container_id)
self.assertEqual(0, body.get('total'), body)
self.assertEmpty(body.get('consumers'), body)
# Add some consumers to the container
body = self.consumer_client.add_consumer_to_container(
container_id,
name="consumer1",
URL="url1"
)
self.assertEqual(
container_id,
base._get_uuid(body.get('container_ref')),
body
)
self.assertEqual(1, len(body.get('consumers')), body)
body = self.consumer_client.add_consumer_to_container(
container_id,
name="consumer2",
URL="url2"
)
self.assertEqual(
container_id,
base._get_uuid(body.get('container_ref')),
body
)
self.assertEqual(2, len(body.get('consumers')), body)
# Confirm that the consumers are in the container
body = self.consumer_client.list_consumers_in_container(container_id)
self.assertEqual(2, body.get('total'), body)
self.assertEqual(2, len(body.get('consumers')), body)
for consumer in body.get('consumers'):
self.assertIn(consumer.get('name'), ("consumer1", "consumer2"))
self.assertIn(consumer.get('URL'), ("url1", "url2"))
# Remove the consumers from the container
body = self.consumer_client.delete_consumer_from_container(
container_id,
name="consumer1",
URL="url1"
)
self.assertEqual(
container_id,
base._get_uuid(body.get('container_ref')),
body
)
self.assertEqual(1, len(body.get('consumers')), body)
body = self.consumer_client.delete_consumer_from_container(
container_id,
name="consumer2",
URL="url2"
)
self.assertEqual(
container_id,
base._get_uuid(body.get('container_ref')),
body
)
self.assertEqual(0, len(body.get('consumers')), body)
# Confirm that the container has no consumers
body = self.consumer_client.list_consumers_in_container(container_id)
self.assertEqual(0, body.get('total'), body)
self.assertEqual(0, len(body.get('consumers')), body)
# Clean up the container
self.delete_container(container_id)
