def __init__(self, ca): LOG.debug('=== Creating CertificateAuthorityController ===') self.ca = ca self.ca_repo = repo.get_ca_repository() self.project_ca_repo = repo.get_project_ca_repository() self.preferred_ca_repo = repo.get_preferred_ca_repository() self.project_repo = repo.get_project_repository()
def __init__(self): LOG.debug('Creating CertificateAuthoritiesController') self.ca_repo = repo.get_ca_repository() self.project_ca_repo = repo.get_project_ca_repository() self.preferred_ca_repo = repo.get_preferred_ca_repository() self.project_repo = repo.get_project_repository() self.validator = None
def _create_project(self): session = repositories.get_project_repository().get_session() project = models.Project() project.external_id = "keystone_project_id" + uuid.uuid4().hex project.save(session=session) return project
def retrieve_entity(self, project_id, resource_type=None, operation_type=None): project_repo = rep.get_project_repository() return project_repo.find_by_external_project_id( external_project_id=project_id, suppress_exception=True)
def _store_project_policy(project_id, policy, mk_attribute): project_repo = repositories.get_project_repository() project = project_repo.find_by_external_project_id(project_id, suppress_exception=True) project_policy_repo = repositories.get_project_policy_repository() project_policy_repo.create_or_update_by_project_id(project.id, policy, mk_attribute)
def get_or_create_project(project_id): """Returns project with matching project_id. Creates it if it does not exist. :param project_id: The external-to-Barbican ID for this project. :param project_repo: Project repository. :return: Project model instance """ project_repo = repositories.get_project_repository() project = project_repo.find_by_external_project_id(project_id, suppress_exception=True) if not project: LOG.debug('Creating project for %s', project_id) project = models.Project() project.external_id = project_id project.status = models.States.ACTIVE try: project_repo.create_from(project) except exception.ConstraintCheck: # catch race condition for when another thread just created one project = project_repo.find_by_external_project_id( project_id, suppress_exception=False) return project
def setUp(self): super(WhenUsingKeystoneEventConsumer, self).setUp() self.kek_repo = rep.get_kek_datum_repository() self.project_repo = rep.get_project_repository() self.secret_meta_repo = rep.get_secret_meta_repository() self.secret_repo = rep.get_secret_repository() self.transport_key_repo = rep.get_transport_key_repository()
def __init__(self, container_id): self.container_id = container_id self.consumer_repo = repo.get_container_consumer_repository() self.container_repo = repo.get_container_repository() self.project_repo = repo.get_project_repository() self.validator = validators.ContainerConsumerValidator() self.quota_enforcer = quota.QuotaEnforcer('consumers', self.consumer_repo)
def _create_project(self): session = repos.get_project_repository().get_session() project = models.Project() project.external_id = ("keystone_project_id" + uuidutils.generate_uuid(dashed=False)) project.save(session=session) return project
def test_rollback_with_error_during_project_cleanup( self, mock_delete, mock_handle_error): self._init_memory_db_setup() secret = self._create_secret_for_project(self.project1_data) self.assertIsNotNone(secret) secret_id = secret.id project1_id = self.project1_data.id secret_repo = rep.get_secret_repository() db_secrets = secret_repo.get_project_entities(project1_id) self.assertEqual(1, len(db_secrets)) self.assertEqual(secret.id, db_secrets[0].id) kek_repo = rep.get_kek_datum_repository() db_kek = kek_repo.get_project_entities(project1_id) self.assertEqual(1, len(db_kek)) # Commit changes made so far before creating rollback scenario rep.commit() handle_error_mock = mock.MagicMock() self.task.handler_error = handle_error_mock self.assertRaises(exception.BarbicanException, self.task.process, project_id=self.project_id1, resource_type='project', operation_type='deleted') mock_handle_error.assert_called_once_with( self.project1_data, 500, mock.ANY, mock.ANY, operation_type='deleted', project_id=mock.ANY, resource_type='project', ) args, kwargs = mock_handle_error.call_args self.assertEqual(500, args[1]) self.assertEqual(self.project_id1, kwargs['project_id']) self.assertEqual('project', kwargs['resource_type']) self.assertEqual('deleted', kwargs['operation_type']) # Make sure entities are still present after rollback db_secrets = secret_repo.get_project_entities(project1_id) self.assertEqual(1, len(db_secrets)) self.assertEqual(secret_id, db_secrets[0].id) db_kek = kek_repo.get_project_entities(project1_id) self.assertEqual(1, len(db_kek)) project_repo = rep.get_project_repository() db_project = project_repo.get_project_entities(project1_id) self.assertEqual(1, len(db_project))
def __init__(self): LOG.debug('Creating CertificateAuthoritiesController') self.ca_repo = repo.get_ca_repository() self.project_ca_repo = repo.get_project_ca_repository() self.preferred_ca_repo = repo.get_preferred_ca_repository() self.project_repo = repo.get_project_repository() self.validator = validators.NewCAValidator() self.quota_enforcer = quota.QuotaEnforcer('cas', self.ca_repo) # Populate the CA table at start up cert_resources.refresh_certificate_resources()
def __init__(self, secret): super().__init__() self.secret = secret self.secret_id = secret.id self.consumer_repo = repo.get_secret_consumer_repository() self.secret_repo = repo.get_secret_repository() self.project_repo = repo.get_project_repository() self.validator = validators.SecretConsumerValidator() self.quota_enforcer = quota.QuotaEnforcer('consumers', self.consumer_repo)
def test_rollback_with_error_during_project_cleanup(self, mock_delete, mock_handle_error): self._init_memory_db_setup() secret = self._create_secret_for_project(self.project1_data) self.assertIsNotNone(secret) secret_id = secret.id project1_id = self.project1_data.id secret_repo = rep.get_secret_repository() db_secrets = secret_repo.get_project_entities(project1_id) self.assertEqual(1, len(db_secrets)) self.assertEqual(secret.id, db_secrets[0].id) kek_repo = rep.get_kek_datum_repository() db_kek = kek_repo.get_project_entities(project1_id) self.assertEqual(1, len(db_kek)) # Commit changes made so far before creating rollback scenario rep.commit() handle_error_mock = mock.MagicMock() self.task.handler_error = handle_error_mock self.assertRaises(exception.BarbicanException, self.task.process, project_id=self.project_id1, resource_type='project', operation_type='deleted') mock_handle_error.assert_called_once_with( self.project1_data, 500, mock.ANY, mock.ANY, operation_type='deleted', project_id=mock.ANY, resource_type='project', ) args, kwargs = mock_handle_error.call_args self.assertEqual(500, args[1]) self.assertEqual(self.project_id1, kwargs['project_id']) self.assertEqual('project', kwargs['resource_type']) self.assertEqual('deleted', kwargs['operation_type']) # Make sure entities are still present after rollback db_secrets = secret_repo.get_project_entities(project1_id) self.assertEqual(1, len(db_secrets)) self.assertEqual(secret_id, db_secrets[0].id) db_kek = kek_repo.get_project_entities(project1_id) self.assertEqual(1, len(db_kek)) project_repo = rep.get_project_repository() db_project = project_repo.get_project_entities(project1_id) self.assertEqual(1, len(db_project))
class Project(base.BarbicanObject, base.BarbicanPersistentObject, object_base.VersionedObjectDictCompat): fields = { 'external_id': fields.StringField(nullable=True, default=None), } db_model = models.Project db_repo = repo.get_project_repository() @classmethod def find_by_external_project_id(cls, external_project_id, suppress_exception=False, session=None): project_db = cls.db_repo.find_by_external_project_id( external_project_id, suppress_exception, session) return cls()._from_db_object(project_db)
def get_or_create_project(project_id): """Returns project with matching project_id. Creates it if it does not exist. :param project_id: The external-to-Barbican ID for this project. :param project_repo: Project repository. :return: Project model instance """ project_repo = repositories.get_project_repository() project = project_repo.find_by_external_project_id(project_id, suppress_exception=True) if not project: LOG.debug('Creating project for %s', project_id) project = models.Project() project.external_id = project_id project.status = models.States.ACTIVE project_repo.create_from(project) return project
def __init__(self): LOG.debug('Creating CheckCertificateStatusOrder task processor') self.project_repo = rep.get_project_repository() self.helper = _OrderTaskHelper()
def __init__(self): super(BeginTypeOrder, self).__init__() LOG.debug('Creating BeginTypeOrder task processor') self.project_repo = rep.get_project_repository() self.helper = _OrderTaskHelper()
# See the License for the specific language governing permissions and # limitations under the License. import os import uuid import mock from barbican.common import resources from barbican.model import models from barbican.model import repositories from barbican.tests.api.controllers import test_acls from barbican.tests.api import test_resources_policy as test_policy from barbican.tests import utils order_repo = repositories.get_order_repository() project_repo = repositories.get_project_repository() ca_repo = repositories.get_ca_repository() project_ca_repo = repositories.get_project_ca_repository() container_repo = repositories.get_container_repository() generic_key_meta = { 'name': 'secretname', 'algorithm': 'AES', 'bit_length': 256, 'mode': 'cbc', 'payload_content_type': 'application/octet-stream' } class WhenCreatingOrdersUsingOrdersResource(utils.BarbicanAPIBaseTestCase): def test_can_create_a_new_order(self):
def create_project(external_id="my keystone id", session=None): project = models.Project() project.external_id = external_id project_repo = repositories.get_project_repository() project_repo.create_from(project, session=session) return project
# distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or # implied. # See the License for the specific language governing permissions and # limitations under the License. import mock from six import moves from barbican.common import exception from barbican.common import hrefs from barbican.common import resources as res from barbican.model import models from barbican.model import repositories from barbican.tests import utils project_repo = repositories.get_project_repository() ca_repo = repositories.get_ca_repository() project_ca_repo = repositories.get_project_repository() preferred_ca_repo = repositories.get_preferred_ca_repository() def create_ca(parsed_ca, id_ref="id"): """Generate a CA entity instance.""" ca = models.CertificateAuthority(parsed_ca) ca.id = id_ref return ca class WhenTestingCAsResource(utils.BarbicanAPIBaseTestCase): def test_should_get_list_certificate_authorities(self):
def _store_enc_keys(project_id, session_key, master_key): project_repo = repositories.get_project_repository() project = project_repo.find_by_external_project_id(project_id, suppress_exception=True) sk_repo = repositories.get_encryption_key_repository() sk_repo.create_or_update_by_project_id(project.id, session_key, master_key)
def _delete_enc_keys(project_id): project_repo = repositories.get_project_repository() project = project_repo.find_by_external_project_id(project_id, suppress_exception=True) sk_repo = repositories.get_encryption_key_repository() sk_repo.delete_by_project_id(project.id)
def __init__(self): super(BeginTypeOrder, self).__init__() LOG.debug(u._('Creating BeginTypeOrder task processor')) self.project_repo = rep.get_project_repository() self.helper = _OrderTaskHelper()
def __init__(self): LOG.debug(u._('Creating CheckCertificateStatusOrder task processor')) self.project_repo = rep.get_project_repository() self.helper = _OrderTaskHelper()
def test_existing_project_entities_cleanup_for_plain_secret( self, mock_handle_success): self._init_memory_db_setup() secret = self._create_secret_for_project(self.project1_data) self.assertIsNotNone(secret) secret_id = secret.id project1_id = self.project1_data.id secret_repo = rep.get_secret_repository() db_secrets = secret_repo.get_project_entities(project1_id) self.assertEqual(1, len(db_secrets)) self.assertEqual(secret.id, db_secrets[0].id) # Get secret_store_metadata for related secret self.assertGreater(len(db_secrets[0].secret_store_metadata), 0) secret_metadata_id = list( db_secrets[0].secret_store_metadata.values())[0].id self.assertIsNotNone(secret_metadata_id) # Get db entry for secret_store_metadata by id to make sure its # presence before removing via delete project task secret_meta_repo = rep.get_secret_meta_repository() db_secret_store_meta = secret_meta_repo.get( entity_id=secret_metadata_id) self.assertIsNotNone(db_secret_store_meta) kek_repo = rep.get_kek_datum_repository() db_kek = kek_repo.get_project_entities(project1_id) self.assertEqual(1, len(db_kek)) # task = consumer.KeystoneEventConsumer() result = self.task.process(project_id=self.project_id1, resource_type='project', operation_type='deleted') self.assertIsNone(result, 'No return is expected as result') mock_handle_success.assert_has_calls([]) _, kwargs = mock_handle_success.call_args self.assertEqual(self.project_id1, kwargs['project_id']) self.assertEqual('project', kwargs['resource_type']) self.assertEqual('deleted', kwargs['operation_type']) # After project entities delete, make sure secret is not found ex = self.assertRaises(exception.NotFound, secret_repo.get, entity_id=secret_id, external_project_id=self.project_id1) self.assertIn(secret_id, str(ex)) # After project entities delete, make sure kek data is not found entities = kek_repo.get_project_entities(project1_id) self.assertEqual(0, len(entities)) project_repo = rep.get_project_repository() db_project = project_repo.get_project_entities(project1_id) self.assertEqual(0, len(db_project)) # Should have deleted SecretStoreMetadatum via children delete self.assertRaises(exception.NotFound, secret_meta_repo.get, entity_id=secret_metadata_id)
def test_existing_project_entities_cleanup_for_plain_secret( self, mock_handle_success): self._init_memory_db_setup() secret = self._create_secret_for_project(self.project1_data) self.assertIsNotNone(secret) secret_id = secret.id project1_id = self.project1_data.id secret_repo = rep.get_secret_repository() db_secrets = secret_repo.get_project_entities(project1_id) self.assertEqual(1, len(db_secrets)) self.assertEqual(secret.id, db_secrets[0].id) # Get secret_store_metadata for related secret self.assertGreater(len(db_secrets[0].secret_store_metadata), 0) secret_metadata_id = list(db_secrets[0]. secret_store_metadata.values())[0].id self.assertIsNotNone(secret_metadata_id) # Get db entry for secret_store_metadata by id to make sure its # presence before removing via delete project task secret_meta_repo = rep.get_secret_meta_repository() db_secret_store_meta = secret_meta_repo.get( entity_id=secret_metadata_id) self.assertIsNotNone(db_secret_store_meta) kek_repo = rep.get_kek_datum_repository() db_kek = kek_repo.get_project_entities(project1_id) self.assertEqual(1, len(db_kek)) # task = consumer.KeystoneEventConsumer() result = self.task.process(project_id=self.project_id1, resource_type='project', operation_type='deleted') self.assertIsNone(result, 'No return is expected as result') mock_handle_success.assert_has_calls([]) _, kwargs = mock_handle_success.call_args self.assertEqual(self.project_id1, kwargs['project_id']) self.assertEqual('project', kwargs['resource_type']) self.assertEqual('deleted', kwargs['operation_type']) # After project entities delete, make sure secret is not found ex = self.assertRaises(exception.NotFound, secret_repo.get, entity_id=secret_id, external_project_id=self.project_id1) self.assertIn(secret_id, str(ex)) # After project entities delete, make sure kek data is not found entities = kek_repo.get_project_entities(project1_id) self.assertEqual(0, len(entities)) project_repo = rep.get_project_repository() db_project = project_repo.get_project_entities(project1_id) self.assertEqual(0, len(db_project)) # Should have deleted SecretStoreMetadatum via children delete self.assertRaises(exception.NotFound, secret_meta_repo.get, entity_id=secret_metadata_id)