Add a ContainerClient and container API tests
This change adds a ContainerClient for testing the Barbican container API. It adds a container test suite and integrates the ContainerClient with the plugin testing infrastructure. Change-Id: I930455c6ae1e1127706480f24c0ea46f5cc81e85 Depends-On: I27f15375c46faa48cd56c8d52ecfd585fb325239 Implements: bp tempest-plugin
This commit is contained in:
parent
c832c613fa
commit
7be3f7e13c
|
@ -41,6 +41,6 @@ class BarbicanTempestPlugin(plugins.TempestPlugin):
|
||||||
'name': 'secret_v1',
|
'name': 'secret_v1',
|
||||||
'service_version': 'secret.v1',
|
'service_version': 'secret.v1',
|
||||||
'module_path': 'barbican_tempest_plugin.services.key_manager.json',
|
'module_path': 'barbican_tempest_plugin.services.key_manager.json',
|
||||||
'client_names': ['SecretClient'],
|
'client_names': ['SecretClient', 'ContainerClient'],
|
||||||
}
|
}
|
||||||
return [v1_params]
|
return [v1_params]
|
||||||
|
|
|
@ -12,7 +12,9 @@
|
||||||
# License for the specific language governing permissions and limitations under
|
# License for the specific language governing permissions and limitations under
|
||||||
# the License.
|
# the License.
|
||||||
|
|
||||||
|
from barbican_tempest_plugin.services.key_manager.json.container_client \
|
||||||
|
import ContainerClient
|
||||||
from barbican_tempest_plugin.services.key_manager.json.secret_client import \
|
from barbican_tempest_plugin.services.key_manager.json.secret_client import \
|
||||||
SecretClient
|
SecretClient
|
||||||
|
|
||||||
__all__ = ['SecretClient']
|
__all__ = ['SecretClient', 'ContainerClient']
|
||||||
|
|
|
@ -0,0 +1,84 @@
|
||||||
|
# Copyright (c) 2016 Johns Hopkins University Applied Physics Laboratory
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
|
||||||
|
import json
|
||||||
|
|
||||||
|
from six.moves.urllib import parse as urllib
|
||||||
|
|
||||||
|
from tempest import config
|
||||||
|
from tempest.lib.common import rest_client
|
||||||
|
|
||||||
|
CONF = config.CONF
|
||||||
|
|
||||||
|
|
||||||
|
class ContainerClient(rest_client.RestClient):
|
||||||
|
|
||||||
|
def list_containers(self, **kwargs):
|
||||||
|
uri = "v1/containers"
|
||||||
|
if kwargs:
|
||||||
|
uri += "?%s" % urllib.urlencode(kwargs)
|
||||||
|
|
||||||
|
response, body = self.get(uri)
|
||||||
|
self.expected_success(200, response.status)
|
||||||
|
return json.loads(body)
|
||||||
|
|
||||||
|
def get_container(self, container_id):
|
||||||
|
uri = "v1/containers/%s" % container_id
|
||||||
|
|
||||||
|
response, body = self.get(uri)
|
||||||
|
self.expected_success(200, response.status)
|
||||||
|
return json.loads(body)
|
||||||
|
|
||||||
|
def create_container(self, **kwargs):
|
||||||
|
uri = "v1/containers"
|
||||||
|
|
||||||
|
response, body = self.post(uri, json.dumps(kwargs))
|
||||||
|
self.expected_success(201, response.status)
|
||||||
|
return json.loads(body)
|
||||||
|
|
||||||
|
def delete_container(self, container_id):
|
||||||
|
uri = "v1/containers/%s" % container_id
|
||||||
|
|
||||||
|
response, _ = self.delete(uri)
|
||||||
|
self.expected_success(204, response.status)
|
||||||
|
return
|
||||||
|
|
||||||
|
def add_secret_to_container(self, container_id, secret_id, **kwargs):
|
||||||
|
uri = "v1/containers/%s/secrets" % container_id
|
||||||
|
kwargs['secret_ref'] = "%s/v1/secrets/%s" % (
|
||||||
|
self.auth_provider.base_url({"service": "key-manager"}),
|
||||||
|
secret_id
|
||||||
|
)
|
||||||
|
|
||||||
|
response, body = self.post(
|
||||||
|
uri,
|
||||||
|
json.dumps(kwargs)
|
||||||
|
)
|
||||||
|
self.expected_success(201, response.status)
|
||||||
|
return json.loads(body)
|
||||||
|
|
||||||
|
def delete_secret_from_container(self, container_id, secret_id, **kwargs):
|
||||||
|
uri = "v1/containers/%s/secrets" % container_id
|
||||||
|
kwargs['secret_ref'] = "%s/v1/secrets/%s" % (
|
||||||
|
self.auth_provider.base_url({"service": "key-manager"}),
|
||||||
|
secret_id
|
||||||
|
)
|
||||||
|
|
||||||
|
response, _ = self.delete(
|
||||||
|
uri,
|
||||||
|
body=json.dumps(kwargs)
|
||||||
|
)
|
||||||
|
self.expected_success(204, response.status)
|
||||||
|
return
|
|
@ -23,7 +23,7 @@ from barbican_tempest_plugin import clients
|
||||||
CONF = config.CONF
|
CONF = config.CONF
|
||||||
|
|
||||||
# NOTE(dane-fichter): We need to track resource types for cleanup.
|
# NOTE(dane-fichter): We need to track resource types for cleanup.
|
||||||
RESOURCE_TYPES = ['secret']
|
RESOURCE_TYPES = ['secret', 'container']
|
||||||
|
|
||||||
|
|
||||||
def _get_uuid(href):
|
def _get_uuid(href):
|
||||||
|
@ -39,6 +39,8 @@ def creates(resource):
|
||||||
resp = f(cls, *args, **kwargs)
|
resp = f(cls, *args, **kwargs)
|
||||||
if resource == 'secret':
|
if resource == 'secret':
|
||||||
uuid = _get_uuid(resp['secret_ref'])
|
uuid = _get_uuid(resp['secret_ref'])
|
||||||
|
if resource == 'container':
|
||||||
|
uuid = _get_uuid(resp['container_ref'])
|
||||||
cls.created_objects[resource].add(uuid)
|
cls.created_objects[resource].add(uuid)
|
||||||
return resp
|
return resp
|
||||||
return wrapper
|
return wrapper
|
||||||
|
@ -58,6 +60,9 @@ class BaseKeyManagerTest(test.BaseTestCase):
|
||||||
super(BaseKeyManagerTest, cls).setup_clients()
|
super(BaseKeyManagerTest, cls).setup_clients()
|
||||||
os = getattr(cls, 'os_%s' % cls.credentials[0])
|
os = getattr(cls, 'os_%s' % cls.credentials[0])
|
||||||
cls.secret_client = os.secret_v1.SecretClient(service='key-manager')
|
cls.secret_client = os.secret_v1.SecretClient(service='key-manager')
|
||||||
|
cls.container_client = os.secret_v1.ContainerClient(
|
||||||
|
service='key-manager'
|
||||||
|
)
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def resource_setup(cls):
|
def resource_setup(cls):
|
||||||
|
@ -68,8 +73,10 @@ class BaseKeyManagerTest(test.BaseTestCase):
|
||||||
@classmethod
|
@classmethod
|
||||||
def resource_cleanup(cls):
|
def resource_cleanup(cls):
|
||||||
try:
|
try:
|
||||||
for secret_uuid in cls.created_objects['secret']:
|
for secret_uuid in list(cls.created_objects['secret']):
|
||||||
cls.delete_secret(secret_uuid)
|
cls.delete_secret(secret_uuid)
|
||||||
|
for container_uuid in list(cls.created_objects['container']):
|
||||||
|
cls.delete_container(container_uuid)
|
||||||
finally:
|
finally:
|
||||||
super(BaseKeyManagerTest, cls).resource_cleanup()
|
super(BaseKeyManagerTest, cls).resource_cleanup()
|
||||||
|
|
||||||
|
@ -82,3 +89,13 @@ class BaseKeyManagerTest(test.BaseTestCase):
|
||||||
def delete_secret(cls, uuid):
|
def delete_secret(cls, uuid):
|
||||||
cls.created_objects['secret'].remove(uuid)
|
cls.created_objects['secret'].remove(uuid)
|
||||||
return cls.secret_client.delete_secret(uuid)
|
return cls.secret_client.delete_secret(uuid)
|
||||||
|
|
||||||
|
@classmethod
|
||||||
|
@creates('container')
|
||||||
|
def create_container(cls, **kwargs):
|
||||||
|
return cls.container_client.create_container(**kwargs)
|
||||||
|
|
||||||
|
@classmethod
|
||||||
|
def delete_container(cls, uuid):
|
||||||
|
cls.created_objects['container'].remove(uuid)
|
||||||
|
return cls.container_client.delete_container(uuid)
|
||||||
|
|
|
@ -0,0 +1,126 @@
|
||||||
|
# Copyright (c) 2016 Johns Hopkins University Applied Physics Laboratory
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
from barbican_tempest_plugin.tests.api import base
|
||||||
|
|
||||||
|
|
||||||
|
class ContainersTest(base.BaseKeyManagerTest):
|
||||||
|
"""Containers API tests."""
|
||||||
|
|
||||||
|
def test_create_list_delete_empty_container(self):
|
||||||
|
# Create a container to test against.
|
||||||
|
body = self.create_container(type="generic", name="empty-container")
|
||||||
|
container_id = base._get_uuid(body.get('container_ref'))
|
||||||
|
|
||||||
|
# Verify that the container can be found via specific listing.
|
||||||
|
body = self.container_client.get_container(container_id)
|
||||||
|
self.assertEqual(
|
||||||
|
container_id,
|
||||||
|
base._get_uuid(body.get('container_ref')),
|
||||||
|
body
|
||||||
|
)
|
||||||
|
self.assertEqual("generic", body.get('type'), body)
|
||||||
|
self.assertEqual("empty-container", body.get('name'), body)
|
||||||
|
self.assertEqual("ACTIVE", body.get('status'), body)
|
||||||
|
self.assertEmpty(body.get('secret_refs'), body)
|
||||||
|
self.assertEmpty(body.get('consumers'), body)
|
||||||
|
self.assertIn('created', body, body)
|
||||||
|
self.assertIn('updated', body, body)
|
||||||
|
self.assertIn('creator_id', body, body)
|
||||||
|
|
||||||
|
# Verify that the container can be found via generic listing.
|
||||||
|
body = self.container_client.list_containers()
|
||||||
|
self.assertEqual(1, body.get('total'), body)
|
||||||
|
self.assertEqual(1, len(body.get('containers')), body)
|
||||||
|
|
||||||
|
container = body.get('containers')[0]
|
||||||
|
self.assertEqual(
|
||||||
|
container_id,
|
||||||
|
base._get_uuid(container.get('container_ref')),
|
||||||
|
container
|
||||||
|
)
|
||||||
|
self.assertEqual("generic", container.get('type'), container)
|
||||||
|
self.assertEqual("empty-container", container.get('name'), container)
|
||||||
|
self.assertEqual("ACTIVE", container.get('status'), container)
|
||||||
|
self.assertEmpty(container.get('secret_refs'), container)
|
||||||
|
self.assertEmpty(container.get('consumers'), container)
|
||||||
|
self.assertIn('created', container, container)
|
||||||
|
self.assertIn('updated', container, container)
|
||||||
|
self.assertIn('creator_id', container, container)
|
||||||
|
|
||||||
|
# Leave the container behind to get cleaned up by infra.
|
||||||
|
|
||||||
|
def test_add_to_delete_from_container(self):
|
||||||
|
# Create a container to test against.
|
||||||
|
body = self.create_container(type="generic", name="test-container")
|
||||||
|
container_id = base._get_uuid(body.get('container_ref'))
|
||||||
|
|
||||||
|
# Create some secrets to store in the container
|
||||||
|
body = self.create_secret()
|
||||||
|
secret1_id = base._get_uuid(body.get('secret_ref'))
|
||||||
|
body = self.create_secret()
|
||||||
|
secret2_id = base._get_uuid(body.get('secret_ref'))
|
||||||
|
|
||||||
|
# Confirm that the container is empty
|
||||||
|
body = self.container_client.get_container(container_id)
|
||||||
|
self.assertEqual(
|
||||||
|
container_id,
|
||||||
|
base._get_uuid(body.get('container_ref')),
|
||||||
|
body
|
||||||
|
)
|
||||||
|
self.assertEmpty(body.get('secret_refs'), body)
|
||||||
|
|
||||||
|
# Add the secrets to the container
|
||||||
|
self.container_client.add_secret_to_container(
|
||||||
|
container_id,
|
||||||
|
secret1_id
|
||||||
|
)
|
||||||
|
self.container_client.add_secret_to_container(
|
||||||
|
container_id,
|
||||||
|
secret2_id
|
||||||
|
)
|
||||||
|
|
||||||
|
# Confirm that the secrets are in the container
|
||||||
|
body = self.container_client.get_container(container_id)
|
||||||
|
self.assertEqual(
|
||||||
|
container_id,
|
||||||
|
base._get_uuid(body.get('container_ref')),
|
||||||
|
body
|
||||||
|
)
|
||||||
|
self.assertEqual(2, len(body.get('secret_refs')), body)
|
||||||
|
for secret_ref in body.get('secret_refs'):
|
||||||
|
secret_id = base._get_uuid(secret_ref.get('secret_ref'))
|
||||||
|
self.assertIn(secret_id, (secret1_id, secret2_id))
|
||||||
|
|
||||||
|
# Remove the secrets from the container
|
||||||
|
self.container_client.delete_secret_from_container(
|
||||||
|
container_id,
|
||||||
|
secret1_id
|
||||||
|
)
|
||||||
|
self.container_client.delete_secret_from_container(
|
||||||
|
container_id,
|
||||||
|
secret2_id
|
||||||
|
)
|
||||||
|
|
||||||
|
# Confirm that the container is empty
|
||||||
|
body = self.container_client.get_container(container_id)
|
||||||
|
self.assertEqual(
|
||||||
|
container_id,
|
||||||
|
base._get_uuid(body.get('container_ref')),
|
||||||
|
body
|
||||||
|
)
|
||||||
|
self.assertEmpty(body.get('secret_refs'), body)
|
||||||
|
|
||||||
|
# Clean up the containe
|
||||||
|
self.delete_container(container_id)
|
Loading…
Reference in New Issue