From 4eec7121b39de3849b469c56d85b95520aab7bad Mon Sep 17 00:00:00 2001
From: Adam Harwell <flux.adam@gmail.com>
Date: Thu, 20 Dec 2018 14:54:25 -0800
Subject: [PATCH] Secret payload should also be fetched by UUID

We changed the client to fetch containers and secrets via their UUID
from the API, rather than by HREF, so that the endpoint URLs set in the
keystone client would be respected. Unfortunately, we (I) missed
updating the payload fetch function to do the same. This brings it into
line with the other fetches.

Change-Id: Ic71cf6771563d669a2fa37a56d4b40c637db1511
Story: 2004653
Task: 28608
---
 barbicanclient/tests/v1/test_secrets.py | 12 +++++++++---
 barbicanclient/v1/secrets.py            |  6 ++----
 2 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/barbicanclient/tests/v1/test_secrets.py b/barbicanclient/tests/v1/test_secrets.py
index a0300a5b..748ec614 100644
--- a/barbicanclient/tests/v1/test_secrets.py
+++ b/barbicanclient/tests/v1/test_secrets.py
@@ -371,9 +371,11 @@ class WhenTestingSecrets(test_client.BaseEntityResource):
         # Verify the correct URL was used to make the call.
         self.assertEqual(self.entity_payload_href, m.last_request.url)
 
-    def test_should_decrypt(self):
+    def test_should_decrypt(self, secret_ref=None):
+        secret_ref = secret_ref or self.entity_href
+
         content_types_dict = {'default': 'application/octet-stream'}
-        json = self.secret.get_dict(self.entity_href, content_types_dict)
+        json = self.secret.get_dict(secret_ref, content_types_dict)
         metadata_response = self.responses.get(
             self.entity_href,
             request_headers={'Accept': 'application/json'},
@@ -386,7 +388,7 @@ class WhenTestingSecrets(test_client.BaseEntityResource):
             request_headers=request_headers,
             content=decrypted)
 
-        secret = self.manager.get(secret_ref=self.entity_href)
+        secret = self.manager.get(secret_ref=secret_ref)
         secret_payload = secret.payload
         self.assertEqual(decrypted, secret_payload)
 
@@ -397,6 +399,10 @@ class WhenTestingSecrets(test_client.BaseEntityResource):
         self.assertEqual(self.entity_payload_href,
                          decryption_response.last_request.url)
 
+    def test_should_decrypt_using_stripped_uuid(self):
+        bad_href = "http://badsite.com/" + self.entity_id
+        self.test_should_decrypt(bad_href)
+
     def test_should_delete_from_manager(self, secret_ref=None):
         secret_ref = secret_ref or self.entity_href
 
diff --git a/barbicanclient/v1/secrets.py b/barbicanclient/v1/secrets.py
index 5b0c4a19..a6041603 100644
--- a/barbicanclient/v1/secrets.py
+++ b/barbicanclient/v1/secrets.py
@@ -266,10 +266,8 @@ class Secret(SecretFormatter):
                              "content-type.")
         headers = {'Accept': self.payload_content_type}
 
-        if self._secret_ref[-1] != "/":
-            payload_url = self._secret_ref + '/payload'
-        else:
-            payload_url = self._secret_ref + 'payload'
+        uuid_ref = base.calculate_uuid_ref(self._secret_ref, self._entity)
+        payload_url = uuid_ref + '/payload'
         payload = self._api._get_raw(payload_url, headers=headers)
         if self.payload_content_type == u'text/plain':
             self._payload = payload.decode('UTF-8')