def _test_create_secret(self, encryption_type, secret_type):
secret_data = test_utils.rand_password()
secret_doc = self.factory.gen_test(secret_type, encryption_type,
secret_data)
payload = secret_doc['data']
self.mock_barbican_driver.get_secret.return_value = (mock.Mock(
payload=payload))
created_secret = secrets_manager.SecretsManager.create(secret_doc)
if encryption_type == 'cleartext':
self.assertEqual(secret_data, created_secret)
elif encryption_type == 'encrypted':
expected_kwargs = {
'name':
secret_doc['metadata']['name'],
'secret_type':
secrets_manager.SecretsManager._get_secret_type('deckhand/' +
secret_type),
'payload':
payload
}
self.mock_barbican_driver.create_secret.assert_called_once_with(
**expected_kwargs)
self.assertEqual(self.secret_ref, created_secret)
return created_secret, payload
def _test_create_secret(self, encryption_type, secret_type):
secret_payload = test_utils.rand_password()
secret_doc = self.factory.gen_test(secret_type, encryption_type,
secret_payload)
payload = secret_doc['data']
self._mock_barbican_client_call(payload)
secret_ref = secrets_manager.SecretsManager.create(secret_doc)
if encryption_type == 'cleartext':
self.assertEqual(secret_payload, secret_ref)
elif encryption_type == 'encrypted':
expected_kwargs = {
'name':
secret_doc['metadata']['name'],
'secret_type':
driver.BarbicanDriver._get_secret_type('deckhand/' +
secret_type),
'payload':
payload
}
self.assertEqual(self.secret_ref, secret_ref)
self.mock_barbicanclient.call.assert_called_once_with(
'secrets.create', **expected_kwargs)
return secret_ref, payload
def gen_test(self, schema, storage_policy, data=None):
if data is None:
data = test_utils.rand_password()
document_secret_template = copy.deepcopy(self.DOCUMENT_SECRET_TEMPLATE)
document_secret_template['metadata']['storagePolicy'] = storage_policy
document_secret_template['schema'] = (
document_secret_template['schema'] % schema)
document_secret_template['data'] = data
return document_secret_template
def test_create_passphrase(self):
rand_secret = {'secret': test_utils.rand_password()}
bucket_name = test_utils.rand_name('bucket')
for storage_policy in ('encrypted', 'cleartext'):
secret_doc_payload = self.secrets_factory.gen_test(
'Passphrase', storage_policy, rand_secret)
created_documents = self.create_documents(bucket_name,
secret_doc_payload)
self.assertEqual(1, len(created_documents))
self.assertIn('Passphrase', created_documents[0]['schema'])
self.assertEqual(storage_policy,
created_documents[0]['metadata']['storagePolicy'])
self.assertTrue(created_documents[0]['is_secret'])
self.assertEqual(rand_secret, created_documents[0]['data'])
def test_create_certificate_key(self):
rand_secret = {'secret': test_utils.rand_password()}
bucket_name = test_utils.rand_name('bucket')
for expected_len, storage_policy in enumerate(
('encrypted', 'cleartext')):
secret_doc_payload = self.secrets_factory.gen_test(
'CertificateKey', storage_policy, rand_secret)
created_documents = self.create_documents(bucket_name,
secret_doc_payload)
self.assertEqual(expected_len + 1, len(created_documents))
self.assertIn('CertificateKey', created_documents[-1]['schema'])
self.assertEqual(
storage_policy,
created_documents[-1]['metadata']['storagePolicy'])
self.assertEqual(rand_secret, created_documents[-1]['data'])
def _test_create_secret(self, encryption_type, secret_type):
secret_data = test_utils.rand_password()
secret_doc = self.factory.gen_test(secret_type, encryption_type,
secret_data)
created_secret = self.secrets_manager.create(secret_doc)
if encryption_type == 'cleartext':
self.assertEqual(secret_data, created_secret)
elif encryption_type == 'encrypted':
expected_kwargs = {
'name':
secret_doc['metadata']['name'],
'secret_type': ('private' if secret_type == 'CertificateKey'
else secret_type.lower()),
'payload':
secret_doc['data']
}
self.mock_barbican_driver.create_secret.assert_called_once_with(
**expected_kwargs)
self.assertEqual(self.secret_ref, created_secret)