Fill in remaining Secrets API and tests

This change adds all remaining methods of Barbican's
Secrets API resource to the Tempest plugin and
adds API tests for these methods.

Change-Id: Ia653de1221648ff5f028ebc22add423d0b7c2fe5
Depends-On: I930455c6ae1e1127706480f24c0ea46f5cc81e85
Implements: bp tempest-plugin
This commit is contained in:
dane-fichter 2017-01-11 12:38:28 -08:00
parent 7be3f7e13c
commit 28652f5ebf
2 changed files with 85 additions and 0 deletions

View File

@ -38,3 +38,43 @@ class SecretClient(rest_client.RestClient):
resp, body = self.delete("v1/secrets/%s" % secret_id)
self.expected_success(204, resp.status)
return body
def list_secrets(self, **kwargs):
uri = "v1/secrets"
if kwargs is not None:
uri = '{base}?'.format(base=uri)
for key in kwargs.keys():
uri = '{base}&{name}={value}'.format(
base=uri,
name=key,
value=kwargs[key]
)
resp, body = self.get(uri)
self.expected_success(200, resp.status)
return self._parse_resp(body)
def get_secret_metadata(self, secret_id):
resp, body = self.get("v1/secrets/%s" % secret_id)
self.expected_success(200, resp.status)
return self._parse_resp(body)
def get_secret_payload(self, secret_id):
content_headers = {
"Accept": "application/octet-stream"
}
resp, body = self.get("v1/secrets/%s/payload" % secret_id,
headers=content_headers)
self.expected_success(200, resp.status)
return self._parse_resp(body)
def put_secret_payload(self, secret_id, payload):
content_headers = {
"Content-Type": "application/octet-stream",
"Content-Encoding": "base64"
}
resp, body = self.put("v1/secrets/%s" % secret_id,
payload,
headers=content_headers)
self.expected_success(204, resp.status)
return body

View File

@ -49,3 +49,48 @@ class SecretsTest(base.BaseKeyManagerTest):
)
uuid = base._get_uuid(sec['secret_ref'])
self.delete_secret(uuid)
def test_list_secrets(self):
# Create two secrets
self.create_secret(name='secret_1')
self.create_secret(name='secret_2')
# Ask Barbican to list these secrets
resp = self.secret_client.list_secrets(name='secret_1')
secrets = resp['secrets']
self.assertEqual('secret_1', secrets[0]['name'])
resp = self.secret_client.list_secrets(name='secret_2')
secrets = resp['secrets']
self.assertEqual('secret_2', secrets[0]['name'])
def test_get_secret_metadata(self):
secret = self.create_secret()
uuid = base._get_uuid(secret['secret_ref'])
resp = self.secret_client.get_secret_metadata(uuid)
self.assertEqual(uuid, base._get_uuid(resp['secret_ref']))
self.delete_secret(uuid)
def test_get_and_put_payload(self):
# Create secret without payload
secret = self.create_secret()
uuid = base._get_uuid(secret['secret_ref'])
# Create AES key payload
password = b"password"
salt = os.urandom(16)
kdf = PBKDF2HMAC(
algorithm=hashes.SHA256(), length=32, salt=salt,
iterations=1000, backend=default_backend()
)
key = base64.b64encode(kdf.derive(password))
# Associate the payload with the created secret
self.secret_client.put_secret_payload(uuid, key)
# Retrieve the payload
payload = self.secret_client.get_secret_payload(uuid)
self.assertEqual(key, base64.b64encode(payload))
# Clean up
self.delete_secret(uuid)