def test_new_secret_stores_required_input_only(self):
store_plugin = 'store_crypto'
name = "db backend"
ss = models.SecretStores(name, store_plugin)
self.assertEqual(store_plugin, ss.store_plugin)
self.assertEqual(name, ss.name)
self.assertIsNone(ss.crypto_plugin)
self.assertIsNone(ss.global_default) # False default is not used
self.assertEqual(models.States.ACTIVE, ss.status)
def test_secret_stores_check_to_dict_fields(self):
name = "pkcs11 backend"
store_plugin = 'store_crypto'
crypto_plugin = 'p11_crypto'
ss = models.SecretStores(name,
store_plugin,
crypto_plugin,
global_default=True)
self.assertEqual(store_plugin, ss.to_dict_fields()['store_plugin'])
self.assertEqual(crypto_plugin, ss.to_dict_fields()['crypto_plugin'])
self.assertTrue(ss.to_dict_fields()['global_default'])
self.assertEqual(models.States.ACTIVE, ss.to_dict_fields()['status'])
self.assertEqual(name, ss.to_dict_fields()['name'])
# check with required input only
ss = models.SecretStores(name, store_plugin)
self.assertEqual(store_plugin, ss.to_dict_fields()['store_plugin'])
self.assertIsNone(ss.to_dict_fields()['crypto_plugin'])
self.assertIsNone(ss.to_dict_fields()['global_default'])
self.assertEqual(models.States.ACTIVE, ss.to_dict_fields()['status'])
self.assertEqual(name, ss.to_dict_fields()['name'])
def test_new_secret_stores_for_all_input(self):
name = "db backend"
store_plugin = 'store_crypto'
crypto_plugin = 'simple_crypto'
ss = models.SecretStores(name,
store_plugin,
crypto_plugin,
global_default=True)
self.assertEqual(store_plugin, ss.store_plugin)
self.assertEqual(crypto_plugin, ss.crypto_plugin)
self.assertEqual(name, ss.name)
self.assertTrue(ss.global_default)
self.assertEqual(models.States.ACTIVE, ss.status)
def _create_secret_store(self, name, store_plugin, crypto_plugin=None,
global_default=None):
session = self.s_stores_repo.get_session()
s_stores_model = models.SecretStores(name=name,
store_plugin=store_plugin,
crypto_plugin=crypto_plugin,
global_default=global_default)
s_stores = self.s_stores_repo.create_from(s_stores_model,
session=session)
s_stores.save(session=session)
session.commit()
return s_stores
def test_new_project_secret_store(self):
project_id = 'proj_123456'
name = "db backend"
store_plugin = 'store_crypto'
crypto_plugin = 'simple_crypto'
ss = models.SecretStores(name,
store_plugin,
crypto_plugin,
global_default=True)
ss.id = "ss_123456"
project_ss = models.ProjectSecretStore(project_id, ss.id)
self.assertEqual(project_id, project_ss.project_id)
self.assertEqual(ss.id, project_ss.secret_store_id)
self.assertEqual(models.States.ACTIVE, project_ss.status)
def sync_secret_stores(secretstore_manager, crypto_manager=None):
"""Synchronize secret store plugin names between service conf and database
This method reads secret and crypto store plugin name from service
configuration and then synchronizes corresponding data maintained in
database SecretStores table.
Any new plugin name(s) added in service configuration is added as a new
entry in SecretStores table. If global_default value is changed for
existing plugins, then global_default flag is updated to reflect that
change in database. If plugin name is removed from service configuration,
then removal is possible as long as respective plugin names are NOT set as
preferred secret store for a project. If it is used and plugin name is
removed, then error is raised. This logic is intended to be invoked at
server startup so any error raised here will result in critical failure.
"""
if not utils.is_multiple_backends_enabled():
return
# doing local import to avoid circular dependency between manager and
# current utils module
from barbican.plugin.crypto import manager as cm
secret_stores_repo = db_repos.get_secret_stores_repository()
proj_store_repo = db_repos.get_project_secret_store_repository()
if crypto_manager is None:
crypto_manager = cm.get_manager()
def get_friendly_name_dict(ext_manager):
"""Returns dict of plugin internal name and friendly name entries."""
names_dict = {}
for ext in ext_manager.extensions:
if ext.obj and hasattr(ext.obj, 'get_plugin_name'):
names_dict[ext.name] = ext.obj.get_plugin_name()
return names_dict
ss_friendly_names = get_friendly_name_dict(secretstore_manager)
crypto_friendly_names = get_friendly_name_dict(crypto_manager)
# get existing secret stores data from database
db_stores = secret_stores_repo.get_all()
# read secret store data from service configuration
conf_stores = []
for parsed_store in secretstore_manager.parsed_stores:
crypto_plugin = parsed_store.crypto_plugin
if not crypto_plugin:
crypto_plugin = None
if crypto_plugin:
friendly_name = crypto_friendly_names.get(crypto_plugin)
else:
friendly_name = ss_friendly_names.get(parsed_store.store_plugin)
conf_stores.append(
db_models.SecretStores(name=friendly_name,
store_plugin=parsed_store.store_plugin,
crypto_plugin=crypto_plugin,
global_default=parsed_store.global_default))
if db_stores:
def fn_match(lh_store, rh_store):
return (lh_store.store_plugin == rh_store.store_plugin
and lh_store.crypto_plugin == rh_store.crypto_plugin)
for conf_store in conf_stores:
# find existing db entry for plugin using conf based plugin names
db_store_match = next(
(db_store
for db_store in db_stores if fn_match(conf_store, db_store)),
None)
if db_store_match:
# update existing db entry if global default is changed now
if db_store_match.global_default != conf_store.global_default:
db_store_match.global_default = conf_store.global_default
# persist flag change.
db_store_match.save()
# remove matches store from local list after processing
db_stores.remove(db_store_match)
else: # new conf entry as no match found in existing entries
secret_stores_repo.create_from(conf_store)
# entries still present in db list are no longer configured in service
# configuration, so try to remove them provided there is no project
# is using it as preferred secret store.
for db_store in db_stores:
if proj_store_repo.get_count_by_secret_store(db_store.id) == 0:
secret_stores_repo.delete_entity_by_id(db_store.id, None)
else:
raise exception.MultipleStorePluginStillInUse(db_store.name)
else: # initial setup case when there is no secret stores data in db
for conf_store in conf_stores:
secret_stores_repo.create_from(conf_store)
