class SecretTestCase(CmdLineTestCase):
    def setUp(self):
        super(SecretTestCase, self).setUp()
        self.secret_behaviors = SecretBehaviors()
        self.expected_payload = "Top secret payload for secret smoke tests"
        self.payload_content_type = "text/plain"

    def tearDown(self):
        super(SecretTestCase, self).tearDown()
        self.secret_behaviors.delete_all_created_secrets()

    @utils.parameterized_dataset({
        'symmetric': [
            'symmetric', 'aes', '128',
            ('\x00\x01\x02\x03\x04\x05\x06\x07'
             '\x00\x01\x02\x03\x04\x05\x06\x07')
        ],
        'private': ['private', 'rsa', '2048',
                    keys.get_private_key_pem()],
        'public': ['public', 'rsa', '2048',
                   keys.get_public_key_pem()],
        'certificate':
        ['certificate', 'rsa', '2048',
         keys.get_certificate_pem()],
        'opaque':
        ['opaque', None, None, (b'\x00\x01\x02\x03\x04\x05\x06\x07')],
        'passphrase': ['passphrase', None, None,
                       keys.get_passphrase_txt()],
    })
    @testcase.attr('positive')
    def test_secret_store_with_secret_type(self, secret_type, algorithm,
                                           bit_length, secret):
        payload = secret
        secret_argv = ['--secret-type', secret_type]
        if algorithm:
            secret_argv.extend(['--algorithm', algorithm])
        if bit_length:
            secret_argv.extend(['--bit-length', bit_length])
        secret_href = self.secret_behaviors.store_secret(payload, secret_argv)
        self.assertIsNotNone(secret_href)

        secret = self.secret_behaviors.get_secret(secret_href)
        self.assertEqual(secret_href, secret['Secret href'])

    @testcase.attr('positive')
    def test_secret_store(self):
        secret_href = self.secret_behaviors.store_secret()
        self.assertIsNotNone(secret_href)

        secret = self.secret_behaviors.get_secret(secret_href)
        self.assertEqual(secret_href, secret['Secret href'])

    @testcase.attr('positive')
    def test_secret_update(self):
        secret_href = self.secret_behaviors.store_secret(payload=None)

        payload = 'time for an ice cold!!!'
        self.assertIsNotNone(secret_href)
        self.secret_behaviors.update_secret(secret_href, payload)

        payload_update = self.secret_behaviors.get_secret_payload(secret_href)
        self.assertEqual(payload, payload_update)

    @testcase.attr('positive')
    def test_secret_list(self):
        secrets_to_create = 10
        for _ in range(secrets_to_create):
            self.secret_behaviors.store_secret()
        secret_list = self.secret_behaviors.list_secrets()
        self.assertGreaterEqual(len(secret_list), secrets_to_create)

    @testcase.attr('positive')
    def test_secret_delete(self):
        secret_href = self.secret_behaviors.store_secret()
        self.secret_behaviors.delete_secret(secret_href)

        secret = self.secret_behaviors.get_secret(secret_href)
        self.assertEqual(0, len(secret))

    @testcase.attr('positive')
    def test_secret_get(self):
        secret_href = self.secret_behaviors.store_secret()
        secret = self.secret_behaviors.get_secret(secret_href)
        self.assertIsNotNone(secret)

    @testcase.attr('positive')
    def test_secret_get_payload(self):
        secret_href = self.secret_behaviors.store_secret(
            payload=self.expected_payload)
        payload = self.secret_behaviors.get_secret_payload(secret_href)
        self.assertEqual(payload, self.expected_payload)

    @testcase.attr('positive')
    def test_secret_get_raw_payload(self):
        secret_href = self.secret_behaviors.store_secret(
            payload=self.expected_payload)
        payload = self.secret_behaviors.get_secret_payload(secret_href,
                                                           raw=True)
        self.assertEqual(payload, self.expected_payload)

    @testcase.attr('positive')
    def test_secret_file_parameter_read(self):
        secret_href = self.secret_behaviors.store_secret(
            payload=self.expected_payload)
        self.secret_behaviors.get_secret_file(secret_href=secret_href)
        payload = self.secret_behaviors.read_secret_test_file()
        self.assertEqual(payload, self.expected_payload)

    @testcase.attr('positive')
    def test_secret_file_parameter_write(self):
        self.secret_behaviors.write_secret_test_file(
            payload=self.expected_payload)
        secret_href = self.secret_behaviors.store_secret_file()
        payload = self.secret_behaviors.get_secret_payload(secret_href)
        self.assertEqual(payload, self.expected_payload)
Пример #2
0
class SecretsTestCase(base.TestCase):
    def setUp(self):
        super(SecretsTestCase, self).setUp()
        self.behaviors = secret_behaviors.SecretBehaviors(self.barbicanclient)

    def tearDown(self):
        self.behaviors.delete_all_created_secrets()
        super(SecretsTestCase, self).tearDown()

    @testcase.attr('positive')
    def test_create_secret_defaults(self):
        """Creates a secret with default values"""
        test_model = self.behaviors.create_secret(secret_create_defaults_data)

        secret_ref = self.behaviors.store_secret(test_model)
        self.assertIsNotNone(secret_ref)

    @testcase.attr('positive')
    @utils.parameterized_dataset({
        'symmetric': [
            'symmetric', 'aes', 128,
            ('\x00\x01\x02\x03\x04\x05\x06\x07'
             '\x00\x01\x02\x03\x04\x05\x06\x07')
        ],
        'private': ['private', 'rsa', 2048,
                    keys.get_private_key_pem()],
        'public': ['public', 'rsa', 2048,
                   keys.get_public_key_pem()],
        'certificate':
        ['certificate', 'rsa', 2048,
         keys.get_certificate_pem()],
        'opaque':
        ['opaque', None, None, (b'\x00\x01\x02\x03\x04\x05\x06\x07')],
        'passphrase': ['passphrase', None, None,
                       keys.get_passphrase_txt()],
    })
    def test_create_secret_with_type(self, secret_type, algorithm, bit_length,
                                     secret):
        """Creates a secret with default values"""
        secret_data = secret_create_defaults_data
        secret_data['secret_type'] = secret_type
        secret_data['algorithm'] = algorithm
        secret_data['bit_length'] = bit_length
        secret_data['payload'] = base64.b64encode(secret)
        test_model = self.behaviors.create_secret(secret_create_defaults_data)

        secret_ref = self.behaviors.store_secret(test_model)
        self.assertIsNotNone(secret_ref)

    @testcase.attr('positive')
    def test_secret_create_defaults_no_expiration(self):
        """Covers creating a secret without an expiration."""
        test_model = self.behaviors.create_secret(secret_create_defaults_data)
        test_model.expiration = None

        secret_ref = self.behaviors.store_secret(test_model)
        self.assertIsNotNone(secret_ref)

    @testcase.attr('positive')
    def test_secret_delete_defaults(self):
        """Covers deleting a secret."""
        test_model = self.behaviors.create_secret(secret_create_defaults_data)

        secret_ref = self.behaviors.store_secret(test_model)

        del_response = self.behaviors.delete_secret(secret_ref)
        self.assertIsNone(del_response)

    @testcase.attr('positive')
    def test_secret_delete_minimal_secret_w_no_metadata(self):
        """Covers deleting a secret with nones data."""
        test_model = self.behaviors.create_secret(secret_create_nones_data)

        secret_ref = self.behaviors.store_secret(test_model)
        self.assertIsNotNone(secret_ref)

        del_resp = self.behaviors.delete_secret(secret_ref)
        self.assertIsNone(del_resp)

    @testcase.attr('positive')
    def test_secret_get_defaults_payload(self):
        """Covers getting a secret's payload data."""
        test_model = self.behaviors.create_secret(secret_create_defaults_data)
        secret_ref = self.behaviors.store_secret(test_model)

        get_resp = self.behaviors.get_secret(secret_ref)
        self.assertEqual(test_model.payload, get_resp.payload)

    @testcase.attr('positive')
    def test_secrets_get_defaults_multiple_secrets(self):
        """Covers getting a list of secrets.

        Creates 11 secrets then returns a list of 5 secrets
        """
        limit = 5
        offset = 5
        total = 10

        for i in range(0, total + 1):
            test_model = self.behaviors.create_secret(
                secret_create_defaults_data)
            self.behaviors.store_secret(test_model)

        secret_list = self.behaviors.get_secrets(limit=limit, offset=offset)
        self.assertEqual(len(secret_list), limit)
Пример #3
0
class SecretsTestCase(base.TestCase):
    def setUp(self):
        super(SecretsTestCase, self).setUp()
        self.cleanup = cleanup.CleanUp(self.barbicanclient)

    def tearDown(self):
        self.cleanup.delete_all_entities()
        super(SecretsTestCase, self).tearDown()

    @testcase.attr('positive')
    def test_secret_create_defaults_check_content_types(self):
        """Check that set content-type attribute is retained in metadata."""
        secret = self.barbicanclient.secrets.create(
            **secret_create_defaults_data)

        secret_ref = self.cleanup.add_entity(secret)
        self.assertIsNotNone(secret_ref)

        resp = self.barbicanclient.secrets.get(secret_ref)
        content_types = resp.content_types
        self.assertIsNotNone(content_types)
        self.assertIn('default', content_types)
        self.assertEqual('application/octet-stream', content_types['default'])

    @testcase.attr('positive')
    def test_secret_create_defaults_non_standard_algorithm(self):
        """Create a secret with a non standard algorithm.

         Currently the client will accept any string for the algorithm.
         """
        secret = self.barbicanclient.secrets.create(
            **secret_create_defaults_data)
        secret.algorithm = "not-an-algorithm"

        secret_ref = self.cleanup.add_entity(secret)
        self.assertIsNotNone(secret_ref)

        resp = self.barbicanclient.secrets.get(secret_ref)
        self.assertEqual(secret.algorithm, resp.algorithm)

    @testcase.attr('positive')
    def test_secret_read_with_acls(self):
        """Access default ACL settings data on recently created secret.

        By default, 'read' ACL settings are there for a secret.
         """
        test_model = self.barbicanclient.secrets.create(
            **secret_create_defaults_data)

        secret_ref = self.cleanup.add_entity(test_model)
        self.assertIsNotNone(secret_ref)

        secret_entity = self.barbicanclient.secrets.get(secret_ref)
        self.assertIsNotNone(secret_entity.acls)
        self.assertIsNotNone(secret_entity.acls.read)
        self.assertEqual([], secret_entity.acls.read.users)

    @testcase.attr('positive')
    def test_secret_create_defaults_non_standard_mode(self):
        """Create a secret with a non standard mode.

        Currently the client will accept any string for the mode.
        """
        secret = self.barbicanclient.secrets.create(
            **secret_create_defaults_data)
        secret.mode = 'not-a-mode'

        secret_ref = self.cleanup.add_entity(secret)
        self.assertIsNotNone(secret_ref)

        resp = self.barbicanclient.secrets.get(secret_ref)
        self.assertEqual(secret.mode, resp.mode)

    @testcase.attr('negative')
    def test_secret_delete_doesnt_exist(self):
        """Deletes a non-existent secret.

        This delete uses a reference with an invalid UUID format
        """
        url = self.barbicanclient.secrets._api.endpoint_override + \
            '/secrets/notauuid'

        e = self.assertRaises(ValueError, self.barbicanclient.secrets.delete,
                              url)

        self.assertEqual('Secret incorrectly specified.', str(e))

    @testcase.attr('negative')
    def test_secret_delete_doesnt_exist_valid_uuid_format(self):
        """Deletes a non-existent secret.

        This delete has a valid UUID format but there is no secret
        associated with this UUID
        """
        uuid = 'de20ad54-85b4-421b-adb2-eb7b9e546013'
        url = self.barbicanclient.secrets._api.endpoint_override + \
            '/secrets/' + uuid

        e = self.assertRaises(exceptions.HTTPClientError,
                              self.barbicanclient.secrets.delete, url)

        self.assertEqual(404, e.status_code)

    @testcase.attr('negative')
    def test_secret_get_secret_doesnt_exist(self):
        """GET an invalid secret ref.

        Will get value error secret incorrectly specified since "notauuid"
        is not a properly formatted uuid.
        """
        url = self.barbicanclient.secrets._api.endpoint_override + \
            '/secrets/notauuid'

        e = self.assertRaises(ValueError, self.barbicanclient.secrets.get, url,
                              'text/plain')

        self.assertIn("Secret incorrectly specified", str(e))

    @testcase.attr('negative')
    def test_secret_create_defaults_expiration_passed(self):
        """Create a secret with an expiration that has already passed.

        Returns a 400.
        """
        secret = self.barbicanclient.secrets.create(
            **secret_create_defaults_data)
        secret.expiration = '2000-01-10T14:58:52.546795'

        e = self.assertRaises(exceptions.HTTPClientError, secret.store)
        self.assertEqual(400, e.status_code)

    @testcase.attr('negative')
    def test_secret_create_emptystrings(self):
        """Secret create with empty Strings for all attributes.

        Fails with a value error, Payload incorrectly specified.
        """
        secret = self.barbicanclient.secrets.create(
            **secret_create_emptystrings_data)

        self.assertRaises(exceptions.PayloadException, secret.store)

    @testcase.attr('negative')
    def test_secret_create_defaults_oversized_payload(self):
        """Create a secret with a payload that is larger than the allowed size.

        Should return a 413 if the secret size is greater than the
        maximum allowed size.
        """
        secret = self.barbicanclient.secrets.create(
            **secret_create_defaults_data)
        secret.payload = str(self.oversized_payload)

        e = self.assertRaises(exceptions.HTTPClientError, secret.store)
        self.assertEqual(413, e.status_code)

    @utils.parameterized_dataset({
        'alphanumeric': ['1f34ds'],
        'punctuation': ['~!@#$%^&*()_+`-={}[]|:;<>,.?'],
        'uuid': ['54262d9d-4bc7-4821-8df0-dc2ca8e112bb'],
        'len_255': [base.TestCase.max_sized_field],
        'empty': [''],
        'null': [None]
    })
    @testcase.attr('positive')
    def test_secret_create_defaults_valid_name(self, name):
        """Covers cases of creating secrets with valid names."""
        secret = self.barbicanclient.secrets.create(
            **secret_create_defaults_data)
        secret.name = name

        secret_ref = self.cleanup.add_entity(secret)
        self.assertIsNotNone(secret_ref)

        resp = self.barbicanclient.secrets.get(secret_ref)
        self.assertEqual(secret.name, resp.name)

    @utils.parameterized_dataset({'int': [400]})
    @testcase.attr('negative')
    def test_secret_create_defaults_invalid_name(self, name):
        """Create secrets with various invalid names.

        Should return 400.
        """
        secret = self.barbicanclient.secrets.create(
            **secret_create_defaults_data)
        secret.name = name

        e = self.assertRaises(exceptions.HTTPClientError, secret.store)

        self.assertEqual(400, e.status_code)

    @utils.parameterized_dataset({'aes': ['aes']})
    @testcase.attr('positive')
    def test_secret_create_defaults_valid_algorithms(self, algorithm):
        """Creates secrets with various valid algorithms."""
        secret = self.barbicanclient.secrets.create(
            **secret_create_defaults_data)
        secret.algorithm = algorithm

        secret_ref = self.cleanup.add_entity(secret)
        self.assertIsNotNone(secret_ref)

        resp = self.barbicanclient.secrets.get(secret_ref)
        self.assertEqual(secret.algorithm, resp.algorithm)

    @utils.parameterized_dataset({'int': [400]})
    @testcase.attr('negative')
    def test_secret_create_defaults_invalid_algorithms(self, algorithm):
        """Creates secrets with various invalid algorithms."""

        secret = self.barbicanclient.secrets.create(
            **secret_create_defaults_data)
        secret.algorithm = algorithm

        # We are currently testing for exception with http_code
        # launchpad bug 1431514 will address the change to this functionality
        e = self.assertRaises(exceptions.HTTPClientError, secret.store)

        self.assertEqual(400, e.status_code)

    @utils.parameterized_dataset({
        'symmetric': [
            'symmetric', 'aes', 128,
            (b'\x00\x01\x02\x03\x04\x05\x06\x07'
             b'\x00\x01\x02\x03\x04\x05\x06\x07')
        ],
        'private': ['private', 'rsa', 2048,
                    keys.get_private_key_pem()],
        'public': ['public', 'rsa', 2048,
                   keys.get_public_key_pem()],
        'certificate':
        ['certificate', 'rsa', 2048,
         keys.get_certificate_pem()],
        'opaque':
        ['opaque', None, None, (b'\x00\x01\x02\x03\x04\x05\x06\x07')],
        'passphrase': ['passphrase', None, None,
                       keys.get_passphrase_txt()],
    })
    @testcase.attr('positive')
    def test_secret_create_defaults_valid_secret_type(self, secret_type,
                                                      algorithm, bit_length,
                                                      payload):
        """Covers cases of creating secrets with valid secret types."""
        secret = self.barbicanclient.secrets.create(
            **secret_create_defaults_data)
        secret.secret_type = secret_type
        secret.algorithm = algorithm
        secret.bit_length = bit_length
        # payload should not be encoded.
        secret.payload = payload

        secret_ref = self.cleanup.add_entity(secret)
        self.assertIsNotNone(secret_ref)

        resp = self.barbicanclient.secrets.get(secret_ref)
        self.assertEqual(secret_type, resp.secret_type)

    @testcase.attr('negative')
    def test_secret_create_defaults_invalid_secret_type(self):
        """Covers cases of creating secrets with invalid secret types."""
        secret = self.barbicanclient.secrets.create(
            **secret_create_defaults_data)
        secret.secret_type = 'not a valid secret type'

        e = self.assertRaises(exceptions.HTTPClientError, secret.store)

        self.assertEqual(400, e.status_code)

    @utils.parameterized_dataset({
        '512': [512],
        'sixteen': [16],
        'fifteen': [15],
        'eight': [8],
        'seven': [7],
        'one': [1],
        'none': [None]
    })
    @testcase.attr('positive')
    def test_secret_create_defaults_valid_bit_length(self, bit_length):
        """Covers cases of creating secrets with valid bit lengths."""
        secret = self.barbicanclient.secrets.create(
            **secret_create_defaults_data)
        secret.bit_length = bit_length

        secret_ref = self.cleanup.add_entity(secret)
        self.assertIsNotNone(secret_ref)

        resp = self.barbicanclient.secrets.get(secret_ref)
        self.assertEqual(secret.bit_length, resp.bit_length)

    @utils.parameterized_dataset({
        'str_type': ['not-an-int'],
        'empty': [''],
        'blank': [' '],
        'negative_maxsize': [-sys.maxsize],
        'negative_one': [-1],
        'zero': [0]
    })
    @testcase.attr('negative')
    def test_secret_create_defaults_invalid_bit_length(self, bit_length):
        """Covers cases of creating secrets with invalid bit lengths."""
        secret = self.barbicanclient.secrets.create(
            **secret_create_defaults_data)
        secret.bit_length = bit_length

        e = self.assertRaises(exceptions.HTTPClientError, secret.store)

        self.assertEqual(400, e.status_code)

    @utils.parameterized_dataset({'cbc': ['cbc']})
    @testcase.attr('positive')
    def test_secret_create_defaults_valid_mode(self, mode):
        """Covers cases of creating secrets with valid modes."""
        secret = self.barbicanclient.secrets.create(
            **secret_create_defaults_data)
        secret.mode = mode

        secret_ref = self.cleanup.add_entity(secret)
        self.assertIsNotNone(secret_ref)

        resp = self.barbicanclient.secrets.get(secret_ref)
        self.assertEqual(secret.mode, resp.mode)

    @utils.parameterized_dataset({
        'zero': [0],
        'oversized_string': [base.TestCase.oversized_field],
        'int': [400]
    })
    @testcase.attr('negative')
    def test_secret_create_defaults_invalid_mode(self, mode):
        """Covers cases of creating secrets with invalid modes."""
        secret = self.barbicanclient.secrets.create(
            **secret_create_defaults_data)
        secret.mode = mode

        e = self.assertRaises(exceptions.HTTPClientError, secret.store)

        self.assertEqual(400, e.status_code)

    @utils.parameterized_dataset({
        'text_content_type_none_encoding': {
            'payload_content_type': 'text/plain',
            'payload_content_encoding': None
        },
        'utf8_text_content_type_none_encoding': {
            'payload_content_type': 'text/plain; charset=utf-8',
            'payload_content_encoding': None
        },
        'no_space_utf8_text_content_type_none_encoding': {
            'payload_content_type': 'text/plain;charset=utf-8',
            'payload_content_encoding': None
        },
        'octet_content_type_base64_encoding': {
            'payload_content_type': 'application/octet-stream',
            'payload_content_encoding': 'base64'
        }
    })
    @testcase.attr('positive')
    def test_secret_create_deprecated_types_and_encoding(
            self, payload_content_type, payload_content_encoding):
        """Creates secrets with various content types and encodings."""
        secret = self.barbicanclient.secrets.create(
            **secret_create_defaults_data)
        secret.payload_content_type = payload_content_type
        secret.payload_content_encoding = payload_content_encoding

        secret_ref = self.cleanup.add_entity(secret)
        self.assertIsNotNone(secret_ref)

        resp = self.barbicanclient.secrets.get(secret_ref)
        if secret.payload_content_encoding == 'base64':
            self.assertEqual(base64.b64decode(secret.payload), resp.payload)
        else:
            self.assertEqual(secret.payload, resp.payload.encode('utf-8'))

    @utils.parameterized_dataset({
        'large_string_content_type_and_encoding': {
            'payload_content_type': base.TestCase.oversized_field,
            'payload_content_encoding': base.TestCase.oversized_field
        },
        'int_content_type_and_encoding': {
            'payload_content_type': 123,
            'payload_content_encoding': 123
        },
        'text_content_type_none_content_encoding': {
            'payload_content_type': 'text/plain',
            'payload_content_encoding': ''
        },
        'text_no_subtype_content_type_none_content_encoding': {
            'payload_content_type': 'text',
            'payload_content_encoding': None
        },
        'text_slash_no_subtype_content_type_none_content_encoding': {
            'payload_content_type': 'text/',
            'payload_content_encoding': None
        },
        'text_content_type_empty_content_encoding': {
            'payload_content_type': 'text/plain',
            'payload_content_encoding': ' '
        },
        'text_content_type_spaces_content_encoding': {
            'payload_content_type': 'text/plain',
            'payload_content_encoding': ' '
        },
        'text_content_type_base64_content_encoding': {
            'payload_content_type': 'text/plain',
            'payload_content_encoding': 'base64'
        },
        'text_and_utf88_content_type_none_content_encoding': {
            'payload_content_type': 'text/plain; charset=utf-88',
            'payload_content_encoding': None
        },
        'invalid_content_type_base64_content_encoding': {
            'payload_content_type': 'invalid',
            'payload_content_encoding': 'base64'
        },
        'invalid_content_type_none_content_encoding': {
            'payload_content_type': 'invalid',
            'payload_content_encoding': None
        },
        'octet_content_type_invalid_content_encoding': {
            'payload_content_type': 'application/octet-stream',
            'payload_content_encoding': 'invalid'
        },
        'text_content_type_invalid_content_encoding': {
            'payload_content_type': 'text/plain',
            'payload_content_encoding': 'invalid'
        },
        'none_content_type_invalid_content_encoding': {
            'payload_content_type': None,
            'payload_content_encoding': 'invalid'
        },
        'none_content_type_base64_content_encoding': {
            'payload_content_type': None,
            'payload_content_encoding': 'base64'
        }
    })
    @testcase.attr('negative')
    def test_secret_create_defaults_invalid_types_and_encoding(self, **kwargs):
        """Creating secrets with invalid payload types and encodings."""
        secret = self.barbicanclient.secrets.create(
            **secret_create_defaults_data)
        secret.payload_content_encoding = kwargs['payload_content_encoding']
        secret.payload_content_type = kwargs['payload_content_type']

        e = self.assertRaises(exceptions.HTTPClientError, secret.store)

        self.assertEqual(400, e.status_code)

    @utils.parameterized_dataset(
        {'max_payload_string': [base.TestCase.max_sized_payload]})
    @testcase.attr('positive')
    def test_secret_create_defaults_valid_payload(self, payload):
        """Create secrets with a various valid payloads."""

        secret = self.barbicanclient.secrets.create(
            **secret_create_defaults_data)
        secret.payload = payload

        secret_ref = self.cleanup.add_entity(secret)
        self.assertIsNotNone(secret_ref)

        resp = self.barbicanclient.secrets.get(secret_ref)
        self.assertEqual(secret.payload, resp.payload)

    @utils.parameterized_dataset({'list': [['boom']], 'int': [123]})
    @testcase.attr('negative')
    def test_secret_create_with_invalid_payload_(self, payload):
        """Covers attempting to create secret with invalid payload types

        Tests the negative cases of invalid types (list and int).
        """
        secret = self.barbicanclient.secrets.create(
            **secret_create_defaults_data)
        secret.payload = payload

        self.assertRaises(exceptions.PayloadException, secret.store)

    @utils.parameterized_dataset({'empty': [''], 'zero': [0]})
    @testcase.attr('negative')
    def test_secret_with_no_payload_exception(self, payload):
        """Covers creating secrets with various invalid payloads.

        These requests will fail with a value error before the request to the
        server is made
        """
        secret = self.barbicanclient.secrets.create(
            **secret_create_defaults_data)
        secret.payload = payload

        self.assertRaises(exceptions.PayloadException, secret.store)

    @utils.parameterized_dataset({
        'negative_five_long_expire': {
            'timezone': '-05:00',
            'days': 5
        },
        'positive_five_long_expire': {
            'timezone': '+05:00',
            'days': 5
        },
        'negative_one_short_expire': {
            'timezone': '-01',
            'days': 1
        },
        'positive_one_short_expire': {
            'timezone': '+01',
            'days': 1
        }
    })
    @testcase.attr('positive')
    def test_secret_create_defaults_valid_expiration(self, **kwargs):
        """Create secrets with a various valid expiration data."""

        timestamp = utils.create_timestamp_w_tz_and_offset(**kwargs)
        secret = self.barbicanclient.secrets.create(
            **secret_create_defaults_data)
        secret.expiration = timestamp

        secret_ref = self.cleanup.add_entity(secret)
        self.assertIsNotNone(secret_ref)

        resp = self.barbicanclient.secrets.get(secret_ref)
        self.assertIsNotNone(resp)
        self.assertEqual(secret.name, resp.name)

    @utils.parameterized_dataset(
        {'malformed_timezone': {
            'timezone': '-5:00',
            'days': 0
        }})
    @testcase.attr('negative')
    def test_secret_create_defaults_invalid_expiration(self, **kwargs):
        """Create secrets with various invalid expiration data."""
        timestamp = utils.create_timestamp_w_tz_and_offset(**kwargs)
        secret = self.barbicanclient.secrets.create(
            **secret_create_defaults_data)
        secret.expiration = timestamp

        e = self.assertRaises(exceptions.HTTPClientError, secret.store)

        self.assertEqual(400, e.status_code)

    @utils.parameterized_dataset({
        'text/plain': ['meowwwwwwwmeowwwwwww', 'text/plain'],
        'application/octet-stream': [
            base64.b64encode(b'F\x130\x89f\x8e\xd9\xa1\x0e\x1f\r\xf67uu\x8b'),
            'application/octet-stream'
        ]
    })
    @testcase.attr('positive')
    def test_secret_update_nones(self, payload, payload_content_type):
        """Cover case of updating with all nones in the Secret object."""
        secret = self.barbicanclient.secrets.create(**secret_create_nones_data)
        secret.payload = None
        secret.payload_content_type = None

        secret_ref = self.cleanup.add_entity(secret)
        self.assertIsNotNone(secret_ref)

        secret.payload = payload
        secret.update()

        resp = self.barbicanclient.secrets.get(secret_ref)
        self.assertEqual(payload, resp.payload)
        self.assertEqual(payload_content_type, resp.payload_content_type)

    @utils.parameterized_dataset({
        'alphanumeric': ['1f34ds'],
        'punctuation': ['~!@#$%^&*()_+`-={}[]|:;<>,.?'],
        'uuid': ['54262d9d-4bc7-4821-8df0-dc2ca8e112bb'],
        'len_255': ['a' * 255],
        'empty': [''],
        'null': [None]
    })
    @testcase.attr('positive')
    def test_secret_get_defaults_metadata_w_valid_name(self, name):
        """Covers getting and checking a secret's metadata."""
        secret = self.barbicanclient.secrets.create(
            **secret_create_defaults_data)
        secret.name = name

        secret_ref = self.cleanup.add_entity(secret)
        self.assertIsNotNone(secret_ref)

        resp = self.barbicanclient.secrets.get(secret_ref)
        self.assertEqual("ACTIVE", resp.status)
        self.assertEqual(name, resp.name)
        self.assertEqual(secret.mode, resp.mode)
        self.assertEqual(secret.algorithm, resp.algorithm)
        self.assertEqual(secret.bit_length, resp.bit_length)

    @utils.parameterized_dataset({
        'symmetric': [
            'symmetric', 'aes', 128,
            ('\x00\x01\x02\x03\x04\x05\x06\x07'
             '\x00\x01\x02\x03\x04\x05\x06\x07')
        ],
        'private': ['private', 'rsa', 2048,
                    keys.get_private_key_pem()],
        'public': ['public', 'rsa', 2048,
                   keys.get_public_key_pem()],
        'certificate':
        ['certificate', 'rsa', 2048,
         keys.get_certificate_pem()],
        'opaque':
        ['opaque', None, None, (b'\x00\x01\x02\x03\x04\x05\x06\x07')],
        'passphrase': ['passphrase', None, None,
                       keys.get_passphrase_txt()],
    })
    @testcase.attr('positive')
    def test_secret_get_defaults_secret_type(self, secret_type, algorithm,
                                             bit_length, payload):
        """Covers getting and checking a secret's metadata."""
        secret = self.barbicanclient.secrets.create(
            **secret_create_defaults_data)
        secret.secret_type = secret_type
        secret.algorithm = algorithm
        secret.bit_length = bit_length
        # payload should not be encoded.
        secret.payload = payload

        secret_ref = self.cleanup.add_entity(secret)
        self.assertIsNotNone(secret_ref)

        resp = self.barbicanclient.secrets.get(secret_ref)
        self.assertEqual("ACTIVE", resp.status)
        self.assertEqual(secret_type, resp.secret_type)

    @utils.parameterized_dataset({
        'query_by_name': {
            'secret_1_dict': dict(name="name1"),
            'secret_2_dict': dict(name="name2"),
            'query_dict': dict(name="name1")
        },
        'query_by_algorithm': {
            'secret_1_dict': dict(algorithm="algorithm1"),
            'secret_2_dict': dict(algorithm="algorithm2"),
            'query_dict': dict(algorithm="algorithm1")
        },
        'query_by_mode': {
            'secret_1_dict': dict(mode="mode1"),
            'secret_2_dict': dict(mode="mode2"),
            'query_dict': dict(mode="mode1")
        },
        'query_by_bit_length': {
            'secret_1_dict': dict(bit_length=1024),
            'secret_2_dict': dict(bit_length=2048),
            'query_dict': dict(bits=1024)
        },
        'query_by_secret_type': {
            'secret_1_dict': dict(secret_type='opaque'),
            'secret_2_dict': dict(secret_type='symmetric'),
            'query_dict': dict(secret_type='opaque')
        },
    })
    @testcase.attr('positive')
    def test_secret_list_with_filter(self, secret_1_dict, secret_2_dict,
                                     query_dict):
        secret_1 = self.barbicanclient.secrets.create(**secret_1_dict)
        secret_1_ref = self.cleanup.add_entity(secret_1)
        self.assertIsNotNone(secret_1_ref)
        secret_2 = self.barbicanclient.secrets.create(**secret_2_dict)
        secret_2_ref = self.cleanup.add_entity(secret_2)
        self.assertIsNotNone(secret_2_ref)

        secret_list = self.barbicanclient.secrets.list(**query_dict)

        self.assertEqual(1, len(secret_list))

    @utils.parameterized_dataset({
        'query_by_name': {
            'secret_1_dict': dict(name="name1"),
            'secret_2_dict': dict(name="name2"),
            'sort': 'name'
        },
        'query_by_algorithm': {
            'secret_1_dict': dict(algorithm="algorithm1"),
            'secret_2_dict': dict(algorithm="algorithm2"),
            'sort': 'algorithm'
        },
        'query_by_mode': {
            'secret_1_dict': dict(mode="mode1"),
            'secret_2_dict': dict(mode="mode2"),
            'sort': 'mode'
        },
        'query_by_bit_length': {
            'secret_1_dict': dict(bit_length=1024),
            'secret_2_dict': dict(bit_length=2048),
            'sort': 'bit_length'
        },
        'query_by_secret_type': {
            'secret_1_dict': dict(secret_type='opaque'),
            'secret_2_dict': dict(secret_type='symmetric'),
            'sort': 'secret_type'
        },
    })
    @testcase.attr('positive')
    def test_secret_list_with_sort(self, secret_1_dict, secret_2_dict, sort):
        secret_1 = self.barbicanclient.secrets.create(**secret_1_dict)
        secret_1_ref = self.cleanup.add_entity(secret_1)
        self.assertIsNotNone(secret_1_ref)
        secret_2 = self.barbicanclient.secrets.create(**secret_2_dict)
        secret_2_ref = self.cleanup.add_entity(secret_2)
        self.assertIsNotNone(secret_2_ref)

        query_dict = {'sort': sort + ":asc"}
        secret_list = self.barbicanclient.secrets.list(**query_dict)

        self.assertEqual(2, len(secret_list))
        self.assertEqual(secret_1_ref, secret_list[0].secret_ref)

        query_dict = {'sort': sort + ":desc"}
        secret_list = self.barbicanclient.secrets.list(**query_dict)

        self.assertEqual(2, len(secret_list))
        self.assertEqual(secret_2_ref, secret_list[0].secret_ref)

    @utils.parameterized_dataset({
        'created': {
            'date_type': 'created',
        },
        'updated': {
            'date_type': 'updated',
        },
        'expiration': {
            'date_type': 'expiration',
        },
    })
    @testcase.attr('positive')
    def test_secret_list_with_date_filter(self, date_type):
        now = datetime.datetime.utcnow()
        expiration_1 = (now + datetime.timedelta(days=3)).isoformat()
        expiration_2 = (now + datetime.timedelta(days=5)).isoformat()
        secret_1 = self.barbicanclient.secrets.create(expiration=expiration_1)
        secret_1_ref = self.cleanup.add_entity(secret_1)
        self.assertIsNotNone(secret_1_ref)
        payload = "gF6+lLoF3ohA9aPRpt+6bQ=="
        self.barbicanclient.secrets.update(secret_1_ref, payload)

        time.sleep(1)

        secret_2 = self.barbicanclient.secrets.create(expiration=expiration_2)
        secret_2_ref = self.cleanup.add_entity(secret_2)
        self.assertIsNotNone(secret_2_ref)

        time_to_search_1 = getattr(secret_1, date_type).isoformat()
        time_to_search_2 = getattr(secret_2, date_type).isoformat()

        # Search for secrets with secret 1's time
        query_dict = {date_type: time_to_search_1}
        secret_list = self.barbicanclient.secrets.list(**query_dict)

        self.assertEqual(1, len(secret_list))
        self.assertEqual(secret_1_ref, secret_list[0].secret_ref)

        # Search for secrets with time < secret 2, i.e. secret 1
        query_dict = {date_type: 'lt:' + time_to_search_2}
        secret_list = self.barbicanclient.secrets.list(**query_dict)

        self.assertEqual(1, len(secret_list))
        self.assertEqual(secret_1_ref, secret_list[0].secret_ref)

        # Search for secrets with time < secret 1, i.e. none
        query_dict = {date_type: 'lt:' + time_to_search_1}
        secret_list = self.barbicanclient.secrets.list(**query_dict)

        self.assertEqual(0, len(secret_list))

        # Search for secrets with time <= secret 2, i.e. both secrets
        query_dict = {date_type: 'lte:' + time_to_search_2}
        secret_list = self.barbicanclient.secrets.list(**query_dict)

        self.assertEqual(2, len(secret_list))

        # Search for secrets with time > secret 1, i.e. secret 2
        query_dict = {date_type: 'gt:' + time_to_search_1}
        secret_list = self.barbicanclient.secrets.list(**query_dict)

        self.assertEqual(1, len(secret_list))
        self.assertEqual(secret_2_ref, secret_list[0].secret_ref)

        # Search for secrets with time > secret 2, i.e. none
        query_dict = {date_type: 'gt:' + time_to_search_2}
        secret_list = self.barbicanclient.secrets.list(**query_dict)

        self.assertEqual(0, len(secret_list))

        # Search for secrets with time >= secret 1, i.e. both secrets
        query_dict = {date_type: 'gte:' + time_to_search_1}
        secret_list = self.barbicanclient.secrets.list(**query_dict)

        self.assertEqual(2, len(secret_list))

        # Sort secrets by date
        query_dict = {'sort': date_type + ":asc"}
        secret_list = self.barbicanclient.secrets.list(**query_dict)

        self.assertEqual(2, len(secret_list))
        self.assertEqual(secret_1_ref, secret_list[0].secret_ref)

        # Sort secrets by date
        query_dict = {'sort': date_type + ":desc"}
        secret_list = self.barbicanclient.secrets.list(**query_dict)

        self.assertEqual(2, len(secret_list))
        self.assertEqual(secret_2_ref, secret_list[0].secret_ref)
class SecretsTestCase(base.TestCase):
    def setUp(self):
        super(SecretsTestCase, self).setUp()
        self.behaviors = secret_behaviors.SecretBehaviors(self.barbicanclient)

    def tearDown(self):
        self.behaviors.delete_all_created_secrets()
        super(SecretsTestCase, self).tearDown()

    @testcase.attr('positive')
    def test_secret_create_defaults_check_content_types(self):
        """Check that set content-type attribute is retained in metadata."""
        test_model = self.behaviors.create_secret(secret_create_defaults_data)

        secret_ref = self.behaviors.store_secret(test_model)
        self.assertIsNotNone(secret_ref)

        resp = self.behaviors.get_secret(secret_ref)
        content_types = resp.content_types
        self.assertIsNotNone(content_types)
        self.assertIn('default', content_types)
        self.assertEqual('application/octet-stream', content_types['default'])

    @testcase.attr('positive')
    def test_secret_create_defaults_non_standard_algorithm(self):
        """Create a secret with a non standard algorithm.

         Currently the client will accept any string for the algorithm.
         """
        test_model = self.behaviors.create_secret(secret_create_defaults_data)
        test_model.algorithm = "not-an-algorithm"

        secret_ref = self.behaviors.store_secret(test_model)
        self.assertIsNotNone(secret_ref)

        get_resp = self.behaviors.get_secret(secret_ref)
        self.assertEqual(get_resp.algorithm, test_model.algorithm)

    @testcase.attr('positive')
    def test_secret_create_defaults_non_standard_mode(self):
        """Create a secret with a non standard mode.

        Currently the client will accept any string for the mode.
        """
        test_model = self.behaviors.create_secret(secret_create_defaults_data)
        test_model.mode = 'not-a-mode'

        secret_ref = self.behaviors.store_secret(test_model)
        self.assertIsNotNone(secret_ref)

        get_resp = self.behaviors.get_secret(secret_ref)
        self.assertEqual(get_resp.mode, test_model.mode)

    @testcase.attr('negative')
    def test_secret_delete_doesnt_exist(self):
        """Deletes a non-existent secret.

        This delete uses a reference with an invalid UUID format
        """
        url = self.behaviors.base_url + '/secrets/notauuid'

        e = self.assertRaises(ValueError, self.behaviors.delete_secret, url)

        self.assertEqual(e.message, 'Secret incorrectly specified.')

    @testcase.attr('negative')
    def test_secret_delete_doesnt_exist_valid_uuid_format(self):
        """Deletes a non-existent secret.

        This delete has a valid UUID format but there is no secret
        associated with this UUID
        """
        uuid = 'de20ad54-85b4-421b-adb2-eb7b9e546013'
        url = self.behaviors.base_url + '/secrets/' + uuid

        e = self.assertRaises(exceptions.HTTPClientError,
                              self.behaviors.delete_secret, url)

        self.assertEqual(e.status_code, 404)

    @testcase.attr('negative')
    def test_secret_create_nones_content_type(self):
        """Create secret with valid content type but no payload.

        Secret will not create due to None in the payload even if content
        type is valid.
        """
        test_model = self.behaviors.create_secret(secret_create_defaults_data)
        test_model.payload = None

        self.assertRaises(exceptions.PayloadException,
                          self.behaviors.store_secret, test_model)

    @testcase.attr('negative')
    def test_secret_create_nones(self):
        """Cover case of posting with all nones in the Secret object."""
        test_model = self.behaviors.create_secret(secret_create_nones_data)
        test_model.payload = None
        test_model.payload_content_encoding = None
        test_model.payload_content_type = None

        self.assertRaises(exceptions.PayloadException,
                          self.behaviors.store_secret, test_model)

    @testcase.attr('negative')
    def test_secret_get_secret_doesnt_exist(self):
        """GET an invalid secret ref.

        Will get value error secret incorrectly specified since "notauuid"
        is not a properly formatted uuid.
        """
        url = self.behaviors.base_url + '/secrets/notauuid'

        e = self.assertRaises(ValueError, self.behaviors.get_secret, url)

        self.assertIn("Secret incorrectly specified", e.message)

    @testcase.attr('negative')
    def test_secret_create_defaults_expiration_passed(self):
        """Create a secret with an expiration that has already passed.

        Returns a 400.
        """
        test_model = self.behaviors.create_secret(secret_create_defaults_data)
        test_model.expiration = '2000-01-10T14:58:52.546795'

        e = self.assertRaises(exceptions.HTTPClientError,
                              self.behaviors.store_secret, test_model)
        self.assertEqual(e.status_code, 400)

    @testcase.attr('negative')
    def test_secret_create_emptystrings(self):
        """Secret create with empty Strings for all attributes.

        Fails with a value error, Payload incorrectly specified.
        """
        test_model = self.behaviors.create_secret(
            secret_create_emptystrings_data)

        self.assertRaises(exceptions.PayloadException,
                          self.behaviors.store_secret, test_model)

    @testcase.attr('negative')
    def test_secret_create_defaults_oversized_payload(self):
        """Create a secret with a payload that is larger than the allowed size.

        Should return a 413 if the secret size is greater than the
        maximum allowed size.
        """
        test_model = self.behaviors.create_secret(secret_create_defaults_data)
        test_model.payload = str(self.oversized_payload)

        e = self.assertRaises(exceptions.HTTPClientError,
                              self.behaviors.store_secret, test_model)
        self.assertEqual(e.status_code, 413)

    @utils.parameterized_dataset({
        'alphanumeric': ['1f34ds'],
        'punctuation': ['~!@#$%^&*()_+`-={}[]|:;<>,.?'],
        'uuid': ['54262d9d-4bc7-4821-8df0-dc2ca8e112bb'],
        'len_255': [base.TestCase.max_sized_field],
        'empty': [''],
        'null': [None]
    })
    @testcase.attr('positive')
    def test_secret_create_defaults_valid_name(self, name):
        """Covers cases of creating secrets with valid names."""
        test_model = self.behaviors.create_secret(secret_create_defaults_data)
        test_model.name = name

        secret_ref = self.behaviors.store_secret(test_model)
        self.assertIsNotNone(secret_ref)

        get_resp = self.behaviors.get_secret(secret_ref)
        self.assertEqual(get_resp.name, test_model.name)

    @utils.parameterized_dataset({'int': [400]})
    @testcase.attr('negative')
    def test_secret_create_defaults_invalid_name(self, name):
        """Create secrets with various invalid names.

        Should return 400.
        """
        test_model = self.behaviors.create_secret(secret_create_defaults_data)
        test_model.name = name

        e = self.assertRaises(exceptions.HTTPClientError,
                              self.behaviors.store_secret, test_model)

        self.assertEqual(e.status_code, 400)

    @utils.parameterized_dataset({'aes': ['aes']})
    @testcase.attr('positive')
    def test_secret_create_defaults_valid_algorithms(self, algorithm):
        """Creates secrets with various valid algorithms."""
        test_model = self.behaviors.create_secret(secret_create_defaults_data)
        test_model.algorithm = algorithm

        secret_ref = self.behaviors.store_secret(test_model)
        self.assertIsNotNone(secret_ref)

        get_resp = self.behaviors.get_secret(secret_ref)
        self.assertEqual(get_resp.algorithm, test_model.algorithm)

    @utils.parameterized_dataset({'int': [400]})
    @testcase.attr('negative')
    def test_secret_create_defaults_invalid_algorithms(self, algorithm):
        """Creates secrets with various invalid algorithms."""

        test_model = self.behaviors.create_secret(secret_create_defaults_data)
        test_model.algorithm = algorithm

        # We are currently testing for exception with http_code
        # launchpad bug 1431514 will address the change to this functionality
        e = self.assertRaises(exceptions.HTTPClientError,
                              self.behaviors.store_secret, test_model)

        self.assertEqual(e.status_code, 400)

    @utils.parameterized_dataset({
        'symmetric': [
            'symmetric', 'aes', 128,
            ('\x00\x01\x02\x03\x04\x05\x06\x07'
             '\x00\x01\x02\x03\x04\x05\x06\x07')
        ],
        'private': ['private', 'rsa', 2048,
                    keys.get_private_key_pem()],
        'public': ['public', 'rsa', 2048,
                   keys.get_public_key_pem()],
        'certificate':
        ['certificate', 'rsa', 2048,
         keys.get_certificate_pem()],
        'opaque':
        ['opaque', None, None, (b'\x00\x01\x02\x03\x04\x05\x06\x07')],
        'passphrase': ['passphrase', None, None,
                       keys.get_passphrase_txt()],
    })
    @testcase.attr('positive')
    def test_secret_create_defaults_valid_secret_type(self, secret_type,
                                                      algorithm, bit_length,
                                                      secret):
        """Covers cases of creating secrets with valid secret types."""
        test_model = self.behaviors.create_secret(secret_create_defaults_data)
        test_model.secret_type = secret_type
        test_model.algorithm = algorithm
        test_model.bit_length = bit_length
        test_model.payload = base64.b64encode(secret)

        secret_ref = self.behaviors.store_secret(test_model)
        self.assertIsNotNone(secret_ref)

        get_resp = self.behaviors.get_secret(secret_ref)
        self.assertEqual(get_resp.secret_type, secret_type)

    @testcase.attr('negative')
    def test_secret_create_defaults_invalid_secret_type(self):
        """Covers cases of creating secrets with invalid secret types."""
        test_model = self.behaviors.create_secret(secret_create_defaults_data)
        test_model.secret_type = 'not a valid secret type'

        e = self.assertRaises(exceptions.HTTPClientError,
                              self.behaviors.store_secret, test_model)

        self.assertEqual(e.status_code, 400)

    @utils.parameterized_dataset({
        '512': [512],
        'sixteen': [16],
        'fifteen': [15],
        'eight': [8],
        'seven': [7],
        'one': [1],
        'none': [None]
    })
    @testcase.attr('positive')
    def test_secret_create_defaults_valid_bit_length(self, bit_length):
        """Covers cases of creating secrets with valid bit lengths."""
        test_model = self.behaviors.create_secret(secret_create_defaults_data)
        test_model.bit_length = bit_length

        secret_ref = self.behaviors.store_secret(test_model)
        self.assertIsNotNone(secret_ref)

        get_resp = self.behaviors.get_secret(secret_ref)
        self.assertEqual(get_resp.bit_length, test_model.bit_length)

    @utils.parameterized_dataset({
        'str_type': ['not-an-int'],
        'empty': [''],
        'blank': [' '],
        'negative_maxint': [-sys.maxint],
        'negative_one': [-1],
        'zero': [0]
    })
    @testcase.attr('negative')
    def test_secret_create_defaults_invalid_bit_length(self, bit_length):
        """Covers cases of creating secrets with invalid bit lengths."""
        test_model = self.behaviors.create_secret(secret_create_defaults_data)
        test_model.bit_length = bit_length

        e = self.assertRaises(exceptions.HTTPClientError,
                              self.behaviors.store_secret, test_model)

        self.assertEqual(e.status_code, 400)

    @utils.parameterized_dataset({'cbc': ['cbc']})
    @testcase.attr('positive')
    def test_secret_create_defaults_valid_mode(self, mode):
        """Covers cases of creating secrets with valid modes."""
        test_model = self.behaviors.create_secret(secret_create_defaults_data)
        test_model.mode = mode

        secret_ref = self.behaviors.store_secret(test_model)
        self.assertIsNotNone(secret_ref)

        get_resp = self.behaviors.get_secret(secret_ref)
        self.assertEqual(get_resp.mode, test_model.mode)

    @utils.parameterized_dataset({
        'zero': [0],
        'oversized_string': [base.TestCase.oversized_field],
        'int': [400]
    })
    @testcase.attr('negative')
    def test_secret_create_defaults_invalid_mode(self, mode):
        """Covers cases of creating secrets with invalid modes."""
        test_model = self.behaviors.create_secret(secret_create_defaults_data)
        test_model.mode = mode

        e = self.assertRaises(exceptions.HTTPClientError,
                              self.behaviors.store_secret, test_model)

        self.assertEqual(e.status_code, 400)

    @utils.parameterized_dataset({
        'text_content_type_none_encoding': {
            'payload_content_type': 'text/plain',
            'payload_content_encoding': None
        },
        'utf8_text_content_type_none_encoding': {
            'payload_content_type': 'text/plain; charset=utf-8',
            'payload_content_encoding': None
        },
        'no_space_utf8_text_content_type_none_encoding': {
            'payload_content_type': 'text/plain;charset=utf-8',
            'payload_content_encoding': None
        },
        'octet_content_type_base64_encoding': {
            'payload_content_type': 'application/octet-stream',
            'payload_content_encoding': 'base64'
        }
    })
    @testcase.attr('positive')
    def test_secret_create_deprecated_types_and_encoding(
            self, payload_content_type, payload_content_encoding):
        """Creates secrets with various content types and encodings."""
        test_model = self.behaviors.create_secret(secret_create_defaults_data)
        test_model.payload_content_encoding = payload_content_encoding
        test_model.payload_content_type = payload_content_type

        secret_ref = self.behaviors.store_secret(test_model)
        self.assertIsNotNone(secret_ref)

        get_resp = self.behaviors.get_secret(
            secret_ref, payload_content_type=test_model.payload_content_type)
        if test_model.payload_content_encoding == 'base64':
            self.assertEqual(base64.b64decode(test_model.payload),
                             get_resp.payload)
        else:
            self.assertEqual(test_model.payload, str(get_resp.payload))

    @utils.parameterized_dataset({
        'large_string_content_type_and_encoding': {
            'payload_content_type': base.TestCase.oversized_field,
            'payload_content_encoding': base.TestCase.oversized_field
        },
        'int_content_type_and_encoding': {
            'payload_content_type': 123,
            'payload_content_encoding': 123
        },
        'text_content_type_none_content_encoding': {
            'payload_content_type': 'text/plain',
            'payload_content_encoding': ''
        },
        'text_no_subtype_content_type_none_content_encoding': {
            'payload_content_type': 'text',
            'payload_content_encoding': None
        },
        'text_slash_no_subtype_content_type_none_content_encoding': {
            'payload_content_type': 'text/',
            'payload_content_encoding': None
        },
        'text_content_type_empty_content_encoding': {
            'payload_content_type': 'text/plain',
            'payload_content_encoding': ' '
        },
        'text_content_type_spaces_content_encoding': {
            'payload_content_type': 'text/plain',
            'payload_content_encoding': ' '
        },
        'text_content_type_base64_content_encoding': {
            'payload_content_type': 'text/plain',
            'payload_content_encoding': 'base64'
        },
        'text_and_utf88_content_type_none_content_encoding': {
            'payload_content_type': 'text/plain; charset=utf-88',
            'payload_content_encoding': None
        },
        'invalid_content_type_base64_content_encoding': {
            'payload_content_type': 'invalid',
            'payload_content_encoding': 'base64'
        },
        'invalid_content_type_none_content_encoding': {
            'payload_content_type': 'invalid',
            'payload_content_encoding': None
        },
        'octet_content_type_invalid_content_encoding': {
            'payload_content_type': 'application/octet-stream',
            'payload_content_encoding': 'invalid'
        },
        'text_content_type_invalid_content_encoding': {
            'payload_content_type': 'text/plain',
            'payload_content_encoding': 'invalid'
        },
        'none_content_type_invalid_content_encoding': {
            'payload_content_type': None,
            'payload_content_encoding': 'invalid'
        },
        'none_content_type_base64_content_encoding': {
            'payload_content_type': None,
            'payload_content_encoding': 'base64'
        }
    })
    @testcase.attr('negative')
    def test_secret_create_defaults_invalid_types_and_encoding(self, **kwargs):
        """Creating secrets with invalid payload types and encodings."""
        test_model = self.behaviors.create_secret(secret_create_defaults_data)
        test_model.payload_content_encoding = kwargs[
            'payload_content_encoding']
        test_model.payload_content_type = kwargs['payload_content_type']

        e = self.assertRaises(exceptions.HTTPClientError,
                              self.behaviors.store_secret, test_model)

        self.assertEqual(e.status_code, 400)

    @utils.parameterized_dataset(
        {'max_payload_string': [base.TestCase.max_sized_payload]})
    @testcase.attr('positive')
    def test_secret_create_defaults_valid_payload(self, payload):
        """Create secrets with a various valid payloads."""

        test_model = self.behaviors.create_secret(secret_create_defaults_data)
        test_model.payload = payload

        secret_ref = self.behaviors.store_secret(test_model)
        self.assertIsNotNone(secret_ref)

        get_resp = self.behaviors.get_secret(secret_ref)
        self.assertEqual(test_model.payload, get_resp.payload)

    @utils.parameterized_dataset({'list': [['boom']], 'int': [123]})
    @testcase.attr('negative')
    def test_secret_create_with_invalid_payload_(self, payload):
        """Covers attempting to create secret with invalid payload types

        Tests the negative cases of invalid types (list and int).
        """
        test_model = self.behaviors.create_secret(secret_create_defaults_data)
        test_model.payload = payload

        self.assertRaises(exceptions.PayloadException,
                          self.behaviors.store_secret, test_model)

    @utils.parameterized_dataset({'empty': [''], 'none': [None], 'zero': [0]})
    @testcase.attr('negative')
    def test_secret_with_no_payload_exception(self, payload):
        """Covers creating secrets with various invalid payloads.

        These requests will fail with a value error before the request to the
        server is made"""
        test_model = self.behaviors.create_secret(secret_create_defaults_data)
        test_model.payload = payload

        self.assertRaises(exceptions.PayloadException,
                          self.behaviors.store_secret, test_model)

    @utils.parameterized_dataset({
        'negative_five_long_expire': {
            'timezone': '-05:00',
            'days': 5
        },
        'positive_five_long_expire': {
            'timezone': '+05:00',
            'days': 5
        },
        'negative_one_short_expire': {
            'timezone': '-01',
            'days': 1
        },
        'positive_one_short_expire': {
            'timezone': '+01',
            'days': 1
        }
    })
    @testcase.attr('positive')
    def test_secret_create_defaults_valid_expiration(self, **kwargs):
        """Create secrets with a various valid expiration data."""

        timestamp = utils.create_timestamp_w_tz_and_offset(**kwargs)
        test_model = self.behaviors.create_secret(secret_create_defaults_data)
        test_model.expiration = timestamp

        secret_ref = self.behaviors.store_secret(test_model)
        self.assertIsNotNone(secret_ref)

        get_resp = self.behaviors.get_secret(secret_ref)
        self.assertIsNotNone(get_resp)
        self.assertEqual(get_resp.name, test_model.name)

    @utils.parameterized_dataset(
        {'malformed_timezone': {
            'timezone': '-5:00',
            'days': 0
        }})
    @testcase.attr('negative')
    def test_secret_create_defaults_invalid_expiration(self, **kwargs):
        """Create secrets with various invalid expiration data."""
        timestamp = utils.create_timestamp_w_tz_and_offset(**kwargs)
        test_model = self.behaviors.create_secret(secret_create_defaults_data)
        test_model.expiration = timestamp

        e = self.assertRaises(exceptions.HTTPClientError,
                              self.behaviors.store_secret, test_model)

        self.assertEqual(e.status_code, 400)

    @utils.parameterized_dataset({
        'alphanumeric': ['1f34ds'],
        'punctuation': ['~!@#$%^&*()_+`-={}[]|:;<>,.?'],
        'uuid': ['54262d9d-4bc7-4821-8df0-dc2ca8e112bb'],
        'len_255': [str(bytearray().zfill(255))],
        'empty': [''],
        'null': [None]
    })
    @testcase.attr('positive')
    def test_secret_get_defaults_metadata_w_valid_name(self, name):
        """Covers getting and checking a secret's metadata."""
        test_model = self.behaviors.create_secret(secret_create_defaults_data)
        test_model.name = name

        secret_ref = self.behaviors.store_secret(test_model)
        self.assertIsNotNone(secret_ref)

        get_resp = self.behaviors.get_secret(secret_ref)
        self.assertEqual(get_resp.status, "ACTIVE")
        self.assertEqual(get_resp.name, name)
        self.assertEqual(get_resp.mode, test_model.mode)
        self.assertEqual(get_resp.algorithm, test_model.algorithm)
        self.assertEqual(get_resp.bit_length, test_model.bit_length)

    @utils.parameterized_dataset({
        'symmetric': [
            'symmetric', 'aes', 128,
            ('\x00\x01\x02\x03\x04\x05\x06\x07'
             '\x00\x01\x02\x03\x04\x05\x06\x07')
        ],
        'private': ['private', 'rsa', 2048,
                    keys.get_private_key_pem()],
        'public': ['public', 'rsa', 2048,
                   keys.get_public_key_pem()],
        'certificate':
        ['certificate', 'rsa', 2048,
         keys.get_certificate_pem()],
        'opaque':
        ['opaque', None, None, (b'\x00\x01\x02\x03\x04\x05\x06\x07')],
        'passphrase': ['passphrase', None, None,
                       keys.get_passphrase_txt()],
    })
    @testcase.attr('positive')
    def test_secret_get_defaults_secret_type(self, secret_type, algorithm,
                                             bit_length, secret):
        """Covers getting and checking a secret's metadata."""
        test_model = self.behaviors.create_secret(secret_create_defaults_data)
        test_model.secret_type = secret_type
        test_model.algorithm = algorithm
        test_model.bit_length = bit_length
        test_model.payload = base64.b64encode(secret)

        secret_ref = self.behaviors.store_secret(test_model)
        self.assertIsNotNone(secret_ref)

        get_resp = self.behaviors.get_secret(secret_ref)
        self.assertEqual(get_resp.status, "ACTIVE")
        self.assertEqual(get_resp.secret_type, secret_type)