def test_plugin_created_kmip_default_mulitple_backend_conf(self): """Check plugins are created as per multiple backend conf Here KMIP plugin is marked as global default plugin """ store_plugin_names = ['store_crypto', 'kmip_plugin', 'store_crypto'] crypto_plugin_names = ['p11_crypto', '', 'simple_crypto'] self.init_via_conf_file(store_plugin_names, crypto_plugin_names, enabled=True, global_default_index=1) with mock.patch('barbican.plugin.crypto.p11_crypto.P11CryptoPlugin.' '_create_pkcs11') as m_pkcs11, \ mock.patch('kmip.pie.client.ProxyKmipClient') as m_kmip: manager = str.SecretStorePluginManager() # check pkcs11 and kmip plugin instantiation call is invoked m_pkcs11.called_once_with(mock.ANY, mock.ANY) m_kmip.called_once_with(mock.ANY) # check kmip store is matched as its global default store. keySpec = str.KeySpec(str.KeyAlgorithm.AES, 128) plugin_found = manager.get_plugin_store(keySpec) self.assertIsInstance(plugin_found, kss.KMIPSecretStore)
def test_plugin_created_as_per_mulitple_backend_conf(self): """Check plugins are created as per multiple backend conf""" store_plugin_names = ['store_crypto', 'kmip_plugin', 'store_crypto'] crypto_plugin_names = ['p11_crypto', '', 'simple_crypto'] self.init_via_conf_file(store_plugin_names, crypto_plugin_names, enabled=True) with mock.patch('barbican.plugin.crypto.p11_crypto.P11CryptoPlugin.' '_create_pkcs11') as m_pkcs11, \ mock.patch('kmip.pie.client.ProxyKmipClient') as m_kmip: manager = str.SecretStorePluginManager() # check pkcs11 and kmip plugin instantiation call is invoked m_pkcs11.called_once_with(mock.ANY, mock.ANY) m_kmip.called_once_with(mock.ANY) # check store crypto adapter is matched as its defined first. keySpec = str.KeySpec(str.KeyAlgorithm.AES, 128) plugin_found = manager.get_plugin_store(keySpec) self.assertIsInstance(plugin_found, store_crypto.StoreCryptoAdapterPlugin) # check pkcs11 crypto is matched as its defined first. crypto_plugin = cm.get_manager().get_plugin_store_generate( base.PluginSupportTypes.ENCRYPT_DECRYPT) self.assertIsInstance(crypto_plugin, p11_crypto.P11CryptoPlugin)
def _init_multiple_backends(self, enabled=True, global_default_index=0): store_plugin_names = ['store_crypto', 'kmip_plugin', 'store_crypto'] crypto_plugin_names = ['p11_crypto', '', 'simple_crypto'] self.init_via_conf_file(store_plugin_names, crypto_plugin_names, enabled=enabled, global_default_index=global_default_index) with mock.patch('barbican.plugin.crypto.p11_crypto.P11CryptoPlugin.' '_create_pkcs11'), \ mock.patch('kmip.pie.client.ProxyKmipClient'): secret_store.SecretStorePluginManager()
def test_no_preferred_default_plugin(self, dataset): """Check name, plugin and crypto class used for default secret store Secret store name is crypto class plugin name if defined otherwise user friendly name is derived from store class plugin name """ self.init_via_conf_file(dataset['store_plugins'], dataset['crypto_plugins'], enabled=True) with mock.patch('barbican.plugin.crypto.p11_crypto.P11CryptoPlugin.' '_create_pkcs11'), \ mock.patch('kmip.pie.client.ProxyKmipClient'): manager = secret_store.SecretStorePluginManager() keySpec = secret_store.KeySpec(secret_store.KeyAlgorithm.AES, 128) plugin_found = manager.get_plugin_store(keySpec) self.assertIsInstance(plugin_found, dataset['default_store_class']) global_secret_store = multiple_backends.\ get_global_default_secret_store() if dataset['default_crypto_class']: crypto_plugin = cm.get_manager().get_plugin_store_generate( base.PluginSupportTypes.ENCRYPT_DECRYPT) self.assertIsInstance(crypto_plugin, dataset['default_crypto_class']) # make sure secret store name is same as crypto class friendly name # as store_plugin class is not direct impl of SecretStoreBase self.assertEqual(global_secret_store.name, crypto_plugin.get_plugin_name()) else: # crypto class is not used # make sure secret store name is same as store plugin class # friendly name self.assertEqual(global_secret_store.name, plugin_found.get_plugin_name()) # error raised for no crypto plugin self.assertRaises(base.CryptoPluginNotFound, cm.get_manager().get_plugin_store_generate, base.PluginSupportTypes.ENCRYPT_DECRYPT)
def setUp(self): super(WhenTestingSecretStorePluginManager, self).setUp() self.manager = str.SecretStorePluginManager()
def test_project_preferred_default_plugin(self, dataset): """Check project preferred behavior with different global default""" self.init_via_conf_file(dataset['store_plugins'], dataset['crypto_plugins'], enabled=True) with mock.patch('barbican.plugin.crypto.p11_crypto.P11CryptoPlugin.' '_create_pkcs11'), \ mock.patch('kmip.pie.client.ProxyKmipClient'): manager = secret_store.SecretStorePluginManager() pkcs11_secret_store = self._get_secret_store_entry('store_crypto', 'p11_crypto') kmip_secret_store = self._get_secret_store_entry('kmip_plugin', None) db_secret_store = self._get_secret_store_entry('store_crypto', 'simple_crypto') project1 = self._create_project() project2 = self._create_project() project3 = self._create_project() # For project1 , make pkcs11 as preferred secret store self._create_project_store(project1.id, pkcs11_secret_store.id) # For project2 , make kmip as preferred secret store self._create_project_store(project2.id, kmip_secret_store.id) # For project3 , make db backend as preferred secret store self._create_project_store(project3.id, db_secret_store.id) keySpec = secret_store.KeySpec(secret_store.KeyAlgorithm.AES, 128) cm_manager = cm.get_manager() # For project1, verify store and crypto plugin instance used are pkcs11 # specific plugin_found = manager.get_plugin_store(keySpec, project_id=project1.id) self.assertIsInstance(plugin_found, store_crypto.StoreCryptoAdapterPlugin) crypto_plugin = cm.get_manager().get_plugin_store_generate( base.PluginSupportTypes.ENCRYPT_DECRYPT, project_id=project1.id) self.assertIsInstance(crypto_plugin, p11_crypto.P11CryptoPlugin) # For project2, verify store plugin instance is kmip specific # and there is no crypto plugin instance plugin_found = manager.get_plugin_store(keySpec, project_id=project2.id) self.assertIsInstance(plugin_found, kss.KMIPSecretStore) self.assertRaises( base.CryptoPluginNotFound, cm_manager.get_plugin_store_generate, base.PluginSupportTypes.ENCRYPT_DECRYPT, project_id=project2.id) # For project3, verify store and crypto plugin instance used are db # backend specific plugin_found = manager.get_plugin_store(keySpec, project_id=project3.id) self.assertIsInstance(plugin_found, store_crypto.StoreCryptoAdapterPlugin) crypto_plugin = cm.get_manager().get_plugin_store_generate( base.PluginSupportTypes.ENCRYPT_DECRYPT, project_id=project3.id) self.assertIsInstance(crypto_plugin, simple_crypto.SimpleCryptoPlugin) # Make sure for project with no preferred setting, uses global default project4 = self._create_project() plugin_found = manager.get_plugin_store(keySpec, project_id=project4.id) self.assertIsInstance(plugin_found, dataset['default_store_class'])