Add a ContainerClient and container API tests

This change adds a ContainerClient for testing the Barbican container API. It adds a container test suite and integrates the ContainerClient with the plugin testing infrastructure. Change-Id: I930455c6ae1e1127706480f24c0ea46f5cc81e85 Depends-On: I27f15375c46faa48cd56c8d52ecfd585fb325239 Implements: bp tempest-plugin
2017-01-11 15:12:21 -05:00 · 2017-01-11 15:12:21 -05:00 · 7be3f7e13c
parent c832c613fa
commit 7be3f7e13c
5 changed files with 233 additions and 4 deletions
--- a/barbican_tempest_plugin/plugin.py
+++ b/barbican_tempest_plugin/plugin.py
@ -41,6 +41,6 @@ class BarbicanTempestPlugin(plugins.TempestPlugin):
            'name': 'secret_v1',
            'service_version': 'secret.v1',
            'module_path': 'barbican_tempest_plugin.services.key_manager.json',
-            'client_names': ['SecretClient'],
+            'client_names': ['SecretClient', 'ContainerClient'],
        }
        return [v1_params]
--- a/barbican_tempest_plugin/services/key_manager/json/init.py
+++ b/barbican_tempest_plugin/services/key_manager/json/init.py
@ -12,7 +12,9 @@
 # License for the specific language governing permissions and limitations under
 # the License.

+from barbican_tempest_plugin.services.key_manager.json.container_client \
+    import ContainerClient
 from barbican_tempest_plugin.services.key_manager.json.secret_client import \
    SecretClient

-__all__ = ['SecretClient']
+__all__ = ['SecretClient', 'ContainerClient']
--- a/barbican_tempest_plugin/services/key_manager/json/container_client.py
+++ b/barbican_tempest_plugin/services/key_manager/json/container_client.py
@ -0,0 +1,84 @@
+# Copyright (c) 2016 Johns Hopkins University Applied Physics Laboratory
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+import json
+
+from six.moves.urllib import parse as urllib
+
+from tempest import config
+from tempest.lib.common import rest_client
+
+CONF = config.CONF
+
+
+class ContainerClient(rest_client.RestClient):
+
+    def list_containers(self, **kwargs):
+        uri = "v1/containers"
+        if kwargs:
+            uri += "?%s" % urllib.urlencode(kwargs)
+
+        response, body = self.get(uri)
+        self.expected_success(200, response.status)
+        return json.loads(body)
+
+    def get_container(self, container_id):
+        uri = "v1/containers/%s" % container_id
+
+        response, body = self.get(uri)
+        self.expected_success(200, response.status)
+        return json.loads(body)
+
+    def create_container(self, **kwargs):
+        uri = "v1/containers"
+
+        response, body = self.post(uri, json.dumps(kwargs))
+        self.expected_success(201, response.status)
+        return json.loads(body)
+
+    def delete_container(self, container_id):
+        uri = "v1/containers/%s" % container_id
+
+        response, _ = self.delete(uri)
+        self.expected_success(204, response.status)
+        return
+
+    def add_secret_to_container(self, container_id, secret_id, **kwargs):
+        uri = "v1/containers/%s/secrets" % container_id
+        kwargs['secret_ref'] = "%s/v1/secrets/%s" % (
+            self.auth_provider.base_url({"service": "key-manager"}),
+            secret_id
+        )
+
+        response, body = self.post(
+            uri,
+            json.dumps(kwargs)
+        )
+        self.expected_success(201, response.status)
+        return json.loads(body)
+
+    def delete_secret_from_container(self, container_id, secret_id, **kwargs):
+        uri = "v1/containers/%s/secrets" % container_id
+        kwargs['secret_ref'] = "%s/v1/secrets/%s" % (
+            self.auth_provider.base_url({"service": "key-manager"}),
+            secret_id
+        )
+
+        response, _ = self.delete(
+            uri,
+            body=json.dumps(kwargs)
+        )
+        self.expected_success(204, response.status)
+        return
--- a/barbican_tempest_plugin/tests/api/base.py
+++ b/barbican_tempest_plugin/tests/api/base.py
@ -23,7 +23,7 @@ from barbican_tempest_plugin import clients
 CONF = config.CONF

 # NOTE(dane-fichter): We need to track resource types for cleanup.
-RESOURCE_TYPES = ['secret']
+RESOURCE_TYPES = ['secret', 'container']


 def _get_uuid(href):
@ -39,6 +39,8 @@ def creates(resource):
            resp = f(cls, *args, **kwargs)
            if resource == 'secret':
                uuid = _get_uuid(resp['secret_ref'])
+            if resource == 'container':
+                uuid = _get_uuid(resp['container_ref'])
            cls.created_objects[resource].add(uuid)
            return resp
        return wrapper
@ -58,6 +60,9 @@ class BaseKeyManagerTest(test.BaseTestCase):
        super(BaseKeyManagerTest, cls).setup_clients()
        os = getattr(cls, 'os_%s' % cls.credentials[0])
        cls.secret_client = os.secret_v1.SecretClient(service='key-manager')
+        cls.container_client = os.secret_v1.ContainerClient(
+            service='key-manager'
+        )

    @classmethod
    def resource_setup(cls):
@ -68,8 +73,10 @@ class BaseKeyManagerTest(test.BaseTestCase):
    @classmethod
    def resource_cleanup(cls):
        try:
-            for secret_uuid in cls.created_objects['secret']:
+            for secret_uuid in list(cls.created_objects['secret']):
                cls.delete_secret(secret_uuid)
+            for container_uuid in list(cls.created_objects['container']):
+                cls.delete_container(container_uuid)
        finally:
            super(BaseKeyManagerTest, cls).resource_cleanup()

@ -82,3 +89,13 @@ class BaseKeyManagerTest(test.BaseTestCase):
    def delete_secret(cls, uuid):
        cls.created_objects['secret'].remove(uuid)
        return cls.secret_client.delete_secret(uuid)
+
+    @classmethod
+    @creates('container')
+    def create_container(cls, **kwargs):
+        return cls.container_client.create_container(**kwargs)
+
+    @classmethod
+    def delete_container(cls, uuid):
+        cls.created_objects['container'].remove(uuid)
+        return cls.container_client.delete_container(uuid)
--- a/barbican_tempest_plugin/tests/api/test_containers.py
+++ b/barbican_tempest_plugin/tests/api/test_containers.py
@ -0,0 +1,126 @@
+# Copyright (c) 2016 Johns Hopkins University Applied Physics Laboratory
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from barbican_tempest_plugin.tests.api import base
+
+
+class ContainersTest(base.BaseKeyManagerTest):
+    """Containers API tests."""
+
+    def test_create_list_delete_empty_container(self):
+        # Create a container to test against.
+        body = self.create_container(type="generic", name="empty-container")
+        container_id = base._get_uuid(body.get('container_ref'))
+
+        # Verify that the container can be found via specific listing.
+        body = self.container_client.get_container(container_id)
+        self.assertEqual(
+            container_id,
+            base._get_uuid(body.get('container_ref')),
+            body
+        )
+        self.assertEqual("generic", body.get('type'), body)
+        self.assertEqual("empty-container", body.get('name'), body)
+        self.assertEqual("ACTIVE", body.get('status'), body)
+        self.assertEmpty(body.get('secret_refs'), body)
+        self.assertEmpty(body.get('consumers'), body)
+        self.assertIn('created', body, body)
+        self.assertIn('updated', body, body)
+        self.assertIn('creator_id', body, body)
+
+        # Verify that the container can be found via generic listing.
+        body = self.container_client.list_containers()
+        self.assertEqual(1, body.get('total'), body)
+        self.assertEqual(1, len(body.get('containers')), body)
+
+        container = body.get('containers')[0]
+        self.assertEqual(
+            container_id,
+            base._get_uuid(container.get('container_ref')),
+            container
+        )
+        self.assertEqual("generic", container.get('type'), container)
+        self.assertEqual("empty-container", container.get('name'), container)
+        self.assertEqual("ACTIVE", container.get('status'), container)
+        self.assertEmpty(container.get('secret_refs'), container)
+        self.assertEmpty(container.get('consumers'), container)
+        self.assertIn('created', container, container)
+        self.assertIn('updated', container, container)
+        self.assertIn('creator_id', container, container)
+
+        # Leave the container behind to get cleaned up by infra.
+
+    def test_add_to_delete_from_container(self):
+        # Create a container to test against.
+        body = self.create_container(type="generic", name="test-container")
+        container_id = base._get_uuid(body.get('container_ref'))
+
+        # Create some secrets to store in the container
+        body = self.create_secret()
+        secret1_id = base._get_uuid(body.get('secret_ref'))
+        body = self.create_secret()
+        secret2_id = base._get_uuid(body.get('secret_ref'))
+
+        # Confirm that the container is empty
+        body = self.container_client.get_container(container_id)
+        self.assertEqual(
+            container_id,
+            base._get_uuid(body.get('container_ref')),
+            body
+        )
+        self.assertEmpty(body.get('secret_refs'), body)
+
+        # Add the secrets to the container
+        self.container_client.add_secret_to_container(
+            container_id,
+            secret1_id
+        )
+        self.container_client.add_secret_to_container(
+            container_id,
+            secret2_id
+        )
+
+        # Confirm that the secrets are in the container
+        body = self.container_client.get_container(container_id)
+        self.assertEqual(
+            container_id,
+            base._get_uuid(body.get('container_ref')),
+            body
+        )
+        self.assertEqual(2, len(body.get('secret_refs')), body)
+        for secret_ref in body.get('secret_refs'):
+            secret_id = base._get_uuid(secret_ref.get('secret_ref'))
+            self.assertIn(secret_id, (secret1_id, secret2_id))
+
+        # Remove the secrets from the container
+        self.container_client.delete_secret_from_container(
+            container_id,
+            secret1_id
+        )
+        self.container_client.delete_secret_from_container(
+            container_id,
+            secret2_id
+        )
+
+        # Confirm that the container is empty
+        body = self.container_client.get_container(container_id)
+        self.assertEqual(
+            container_id,
+            base._get_uuid(body.get('container_ref')),
+            body
+        )
+        self.assertEmpty(body.get('secret_refs'), body)
+
+        # Clean up the containe
+        self.delete_container(container_id)