def get_secret(self, secret_ref, src_doc): """Get a secret.""" try: secret = cache.lookup_by_ref(self.barbicanclient, secret_ref) except (barbicanclient.exceptions.HTTPAuthError, barbicanclient.exceptions.HTTPClientError) as e: LOG.exception(str(e)) raise errors.BarbicanClientException(code=e.status_code, details=str(e)) except (barbicanclient.exceptions.HTTPServerError, ValueError) as e: LOG.exception(str(e)) raise errors.BarbicanServerException(details=str(e)) payload = secret.payload if secret.secret_type == 'opaque': LOG.debug( 'Forcibly base64-decoding original non-string payload ' 'for document [%s, %s] %s.', *src_doc.meta) secret = self._base64_decode_payload(payload) else: secret = payload return secret
def test_lookup_by_payload_cache(self): """Validate ``lookup_by_payload`` caching works. Passing in None in lieu of an actual barbican client (or mock object) proves that: * if the payload is in the cache, then no error is thrown since the cache is hit so no further processing is performed, where otherwise a method would be called on `None` * if the payload is not in the cache, then following logic above, method is called on `None`, raising AttributeError """ # Validate that caching the payload returns expected ref. kwargs = {'payload': self.secret_payload} secret_ref = cache.lookup_by_payload(self.barbicanclient, **kwargs) self.assertEqual(self.secret_ref, secret_ref) # Validate that the cache actually works. next_secret_ref = cache.lookup_by_payload(None, **kwargs) self.assertEqual(secret_ref, next_secret_ref) # Validate that the reverse cache works. secret = cache.lookup_by_ref(self.barbicanclient, secret_ref) self.assertEqual(self.secret_payload, secret.payload) # Different payload isn't in cache - expect AttributeError. with testtools.ExpectedException(AttributeError): cache.lookup_by_payload(None, payload='uh-oh') # Invalidate the cache and ensure the original data isn't there. cache.invalidate() # The cache won't be hit this time - expect AttributeError. with testtools.ExpectedException(AttributeError): cache.lookup_by_payload(None, **kwargs)