Fill in remaining Secrets API and tests
This change adds all remaining methods of Barbican's Secrets API resource to the Tempest plugin and adds API tests for these methods. Change-Id: Ia653de1221648ff5f028ebc22add423d0b7c2fe5 Depends-On: I930455c6ae1e1127706480f24c0ea46f5cc81e85 Implements: bp tempest-plugin
This commit is contained in:
parent
7be3f7e13c
commit
28652f5ebf
|
@ -38,3 +38,43 @@ class SecretClient(rest_client.RestClient):
|
|||
resp, body = self.delete("v1/secrets/%s" % secret_id)
|
||||
self.expected_success(204, resp.status)
|
||||
return body
|
||||
|
||||
def list_secrets(self, **kwargs):
|
||||
uri = "v1/secrets"
|
||||
if kwargs is not None:
|
||||
uri = '{base}?'.format(base=uri)
|
||||
|
||||
for key in kwargs.keys():
|
||||
uri = '{base}&{name}={value}'.format(
|
||||
base=uri,
|
||||
name=key,
|
||||
value=kwargs[key]
|
||||
)
|
||||
resp, body = self.get(uri)
|
||||
self.expected_success(200, resp.status)
|
||||
return self._parse_resp(body)
|
||||
|
||||
def get_secret_metadata(self, secret_id):
|
||||
resp, body = self.get("v1/secrets/%s" % secret_id)
|
||||
self.expected_success(200, resp.status)
|
||||
return self._parse_resp(body)
|
||||
|
||||
def get_secret_payload(self, secret_id):
|
||||
content_headers = {
|
||||
"Accept": "application/octet-stream"
|
||||
}
|
||||
resp, body = self.get("v1/secrets/%s/payload" % secret_id,
|
||||
headers=content_headers)
|
||||
self.expected_success(200, resp.status)
|
||||
return self._parse_resp(body)
|
||||
|
||||
def put_secret_payload(self, secret_id, payload):
|
||||
content_headers = {
|
||||
"Content-Type": "application/octet-stream",
|
||||
"Content-Encoding": "base64"
|
||||
}
|
||||
resp, body = self.put("v1/secrets/%s" % secret_id,
|
||||
payload,
|
||||
headers=content_headers)
|
||||
self.expected_success(204, resp.status)
|
||||
return body
|
||||
|
|
|
@ -49,3 +49,48 @@ class SecretsTest(base.BaseKeyManagerTest):
|
|||
)
|
||||
uuid = base._get_uuid(sec['secret_ref'])
|
||||
self.delete_secret(uuid)
|
||||
|
||||
def test_list_secrets(self):
|
||||
# Create two secrets
|
||||
self.create_secret(name='secret_1')
|
||||
self.create_secret(name='secret_2')
|
||||
|
||||
# Ask Barbican to list these secrets
|
||||
resp = self.secret_client.list_secrets(name='secret_1')
|
||||
secrets = resp['secrets']
|
||||
self.assertEqual('secret_1', secrets[0]['name'])
|
||||
|
||||
resp = self.secret_client.list_secrets(name='secret_2')
|
||||
secrets = resp['secrets']
|
||||
self.assertEqual('secret_2', secrets[0]['name'])
|
||||
|
||||
def test_get_secret_metadata(self):
|
||||
secret = self.create_secret()
|
||||
uuid = base._get_uuid(secret['secret_ref'])
|
||||
resp = self.secret_client.get_secret_metadata(uuid)
|
||||
self.assertEqual(uuid, base._get_uuid(resp['secret_ref']))
|
||||
self.delete_secret(uuid)
|
||||
|
||||
def test_get_and_put_payload(self):
|
||||
# Create secret without payload
|
||||
secret = self.create_secret()
|
||||
uuid = base._get_uuid(secret['secret_ref'])
|
||||
|
||||
# Create AES key payload
|
||||
password = b"password"
|
||||
salt = os.urandom(16)
|
||||
kdf = PBKDF2HMAC(
|
||||
algorithm=hashes.SHA256(), length=32, salt=salt,
|
||||
iterations=1000, backend=default_backend()
|
||||
)
|
||||
key = base64.b64encode(kdf.derive(password))
|
||||
|
||||
# Associate the payload with the created secret
|
||||
self.secret_client.put_secret_payload(uuid, key)
|
||||
|
||||
# Retrieve the payload
|
||||
payload = self.secret_client.get_secret_payload(uuid)
|
||||
self.assertEqual(key, base64.b64encode(payload))
|
||||
|
||||
# Clean up
|
||||
self.delete_secret(uuid)
|
||||
|
|
Loading…
Reference in New Issue