Merge "Updating behaviors and clients as a result of client lib refactor"
This commit is contained in:
commit
a911c4b5fa
|
@ -30,12 +30,11 @@ class OrdersBehavior(object):
|
|||
self.created_orders = []
|
||||
|
||||
def create_and_check_order(self, name=None, payload_content_type=None,
|
||||
payload_content_encoding=None, algorithm=None,
|
||||
bit_length=None, mode=None):
|
||||
algorithm=None, bit_length=None, mode=None):
|
||||
"""Creates order, gets order, and gets secret made by order."""
|
||||
resp = self.create_order_overriding_cfg(
|
||||
name=name, algorithm=algorithm, bit_length=bit_length,
|
||||
mode=mode)
|
||||
mode=mode, payload_content_type=payload_content_type)
|
||||
get_order_resp = self.orders_client.get_order(order_id=resp.id)
|
||||
behavior_response = CloudkeepResponse(resp=resp.create_resp,
|
||||
get_resp=get_order_resp)
|
||||
|
@ -50,7 +49,6 @@ class OrdersBehavior(object):
|
|||
resp = self.create_order(
|
||||
name=self.config.name,
|
||||
payload_content_type=self.config.payload_content_type,
|
||||
payload_content_encoding=self.config.payload_content_encoding,
|
||||
algorithm=self.config.algorithm,
|
||||
bit_length=self.config.bit_length,
|
||||
mode=self.config.mode,
|
||||
|
@ -59,8 +57,7 @@ class OrdersBehavior(object):
|
|||
|
||||
def create_order_overriding_cfg(self, name=None, payload_content_type=None,
|
||||
expiration=None, algorithm=None,
|
||||
bit_length=None, mode=None,
|
||||
payload_content_encoding=None):
|
||||
bit_length=None, mode=None):
|
||||
"""Creates order using provided parameters or default configurations.
|
||||
Allows for testing individual parameters on creation.
|
||||
"""
|
||||
|
@ -68,8 +65,6 @@ class OrdersBehavior(object):
|
|||
name=name or self.config.name,
|
||||
payload_content_type=
|
||||
payload_content_type or self.config.payload_content_type,
|
||||
payload_content_encoding=
|
||||
payload_content_encoding or self.config.payload_content_encoding,
|
||||
algorithm=algorithm or self.config.algorithm,
|
||||
bit_length=bit_length or self.config.bit_length,
|
||||
mode=mode or self.config.mode,
|
||||
|
@ -79,12 +74,11 @@ class OrdersBehavior(object):
|
|||
|
||||
def create_order(self, name=None, payload_content_type=None,
|
||||
algorithm=None, bit_length=None, mode=None,
|
||||
expiration=None, payload_content_encoding=None):
|
||||
expiration=None):
|
||||
try:
|
||||
resp = self.orders_client.create_order(
|
||||
name=name,
|
||||
payload_content_type=payload_content_type,
|
||||
payload_content_encoding=payload_content_encoding,
|
||||
algorithm=algorithm,
|
||||
bit_length=bit_length,
|
||||
mode=mode,
|
||||
|
@ -104,7 +98,7 @@ class OrdersBehavior(object):
|
|||
def create_order_w_payload(self, name=None, algorithm=None,
|
||||
bit_length=None, mode=None,
|
||||
payload_content_type=None, expiration=None,
|
||||
payload_content_encoding=None, payload=None):
|
||||
payload=None):
|
||||
"""Creates an order with a plain_text value. Separate from
|
||||
standard create order method because it is used for negative
|
||||
testing only and is expected to fail.
|
||||
|
@ -117,7 +111,6 @@ class OrdersBehavior(object):
|
|||
mode=mode or self.config.mode,
|
||||
expiration=expiration,
|
||||
payload_content_type=payload_content_type,
|
||||
payload_content_encoding=payload_content_encoding,
|
||||
payload=payload)
|
||||
except ConnectionError as e:
|
||||
# Gracefully handling when Falcon doesn't properly handle our req
|
||||
|
|
|
@ -41,8 +41,7 @@ class OrdersClient(BarbicanRestClient):
|
|||
order_id=order_id)
|
||||
|
||||
def create_order(self, name, payload_content_type, algorithm,
|
||||
bit_length, mode, expiration,
|
||||
payload_content_encoding):
|
||||
bit_length, mode, expiration):
|
||||
"""
|
||||
POST http://.../v1/{tenant_id}/orders/{order_uuid}
|
||||
Creates an order to generate a secret
|
||||
|
@ -50,7 +49,6 @@ class OrdersClient(BarbicanRestClient):
|
|||
remote_url = self._get_base_url()
|
||||
secret = Secret(name=name,
|
||||
payload_content_type=payload_content_type,
|
||||
payload_content_encoding=payload_content_encoding,
|
||||
expiration=expiration,
|
||||
algorithm=algorithm,
|
||||
bit_length=bit_length,
|
||||
|
@ -62,8 +60,7 @@ class OrdersClient(BarbicanRestClient):
|
|||
return resp
|
||||
|
||||
def create_order_w_payload(self, name, payload_content_type, algorithm,
|
||||
bit_length, mode, expiration,
|
||||
payload_content_encoding, payload):
|
||||
bit_length, mode, expiration, payload):
|
||||
"""
|
||||
POST http://.../v1/{tenant_id}/orders/{order_uuid}
|
||||
Creates an order to generate a secret with plain text. This is
|
||||
|
@ -73,7 +70,6 @@ class OrdersClient(BarbicanRestClient):
|
|||
remote_url = self._get_base_url()
|
||||
secret = Secret(name=name,
|
||||
payload_content_type=payload_content_type,
|
||||
payload_content_encoding=payload_content_encoding,
|
||||
expiration=expiration,
|
||||
algorithm=algorithm,
|
||||
bit_length=bit_length,
|
||||
|
@ -111,15 +107,13 @@ class OrdersClient(BarbicanRestClient):
|
|||
response_entity_type=OrderGroup)
|
||||
return resp
|
||||
|
||||
def update_order(self, order_id, payload_content_type=None,
|
||||
payload_content_encoding=None, data=None):
|
||||
def update_order(self, order_id, payload_content_type=None, data=None):
|
||||
"""
|
||||
PUT http://.../v1/{tenant_id}/orders/{order_uuid}
|
||||
Attempts to update order similar to how secrets are updated.
|
||||
"""
|
||||
remote_url = self._get_order_url(order_id)
|
||||
headers = {'Content-Type': payload_content_type,
|
||||
'Content-Encoding': payload_content_encoding}
|
||||
headers = {'Content-Type': payload_content_type}
|
||||
resp = self.request('PUT', remote_url, headers=headers,
|
||||
data=data)
|
||||
return resp
|
||||
|
|
|
@ -13,6 +13,8 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
"""
|
||||
from os import path
|
||||
|
||||
from cloudcafe.cloudkeep.barbican.orders.behaviors import OrdersBehavior
|
||||
from cloudcafe.cloudkeep.common.responses import CloudkeepResponse
|
||||
|
||||
|
@ -28,28 +30,27 @@ class ClientLibOrdersBehaviors(OrdersBehavior):
|
|||
|
||||
def create_and_check_order(self, name=None, expiration=None,
|
||||
algorithm=None, bit_length=None,
|
||||
mode=None, mime_type=None):
|
||||
mode=None, payload_content_type=None):
|
||||
order = self.create_order_overriding_cfg(
|
||||
name=name, expiration=expiration,
|
||||
algorithm=algorithm, bit_length=bit_length,
|
||||
mode=mode, mime_type=mime_type)
|
||||
resp = self.barb_client.get_order(order.id)
|
||||
mode=mode, payload_content_type=payload_content_type)
|
||||
order_id = path.split(order)[-1]
|
||||
resp = self.barb_client.get_order(order_id)
|
||||
|
||||
behavior_response = CloudkeepResponse(entity=order,
|
||||
get_resp=resp)
|
||||
return behavior_response
|
||||
|
||||
def create_order(self, name=None, expiration=None, algorithm=None,
|
||||
bit_length=None, mode=None, mime_type=None):
|
||||
def create_order(self, name=None, payload_content_type=None,
|
||||
algorithm=None, bit_length=None, mode=None,
|
||||
expiration=None):
|
||||
order = self.cl_client.create_order(
|
||||
name=name,
|
||||
expiration=expiration,
|
||||
algorithm=algorithm,
|
||||
bit_length=bit_length,
|
||||
mode=mode,
|
||||
mime_type=mime_type)
|
||||
name=name, expiration=expiration, algorithm=algorithm,
|
||||
bit_length=bit_length, mode=mode,
|
||||
payload_content_type=payload_content_type)
|
||||
|
||||
self.created_orders.append(order.id)
|
||||
self.created_orders.append(order)
|
||||
return order
|
||||
|
||||
def delete_order(self, order_ref, delete_secret=True):
|
||||
|
@ -60,25 +61,12 @@ class ClientLibOrdersBehaviors(OrdersBehavior):
|
|||
self.secrets_client.delete_secret(secret_id)
|
||||
|
||||
resp = self.cl_client.delete_order(order_ref)
|
||||
order_id = CloudkeepResponse.get_id_from_ref(order_ref)
|
||||
if order_id in self.created_orders:
|
||||
self.created_orders.remove(order_id)
|
||||
return resp
|
||||
|
||||
def delete_order_by_id(self, order_id, delete_secret=True):
|
||||
if delete_secret:
|
||||
order = self.cl_client.get_order_by_id(order_id)
|
||||
secret_href = order.secret_ref
|
||||
secret_id = CloudkeepResponse.get_id_from_ref(secret_href)
|
||||
self.secrets_client.delete_secret(secret_id)
|
||||
|
||||
resp = self.cl_client.delete_order_by_id(order_id)
|
||||
if order_id in self.created_orders:
|
||||
self.created_orders.remove(order_id)
|
||||
if order_ref in self.created_orders:
|
||||
self.created_orders.remove(order_ref)
|
||||
return resp
|
||||
|
||||
def delete_all_created_orders_and_secrets(self):
|
||||
for order_id in self.created_orders:
|
||||
self.delete_order_by_id(order_id, delete_secret=True)
|
||||
for order_ref in self.created_orders:
|
||||
self.delete_order(order_ref, delete_secret=True)
|
||||
|
||||
self.created_orders = []
|
||||
|
|
|
@ -13,50 +13,43 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
"""
|
||||
from barbicanclient.client import Connection
|
||||
from barbicanclient.common.auth import KeystoneAuthV2
|
||||
from barbicanclient.client import Client
|
||||
|
||||
|
||||
class ClientLibOrdersClient():
|
||||
def __init__(self, url, api_version, tenant_id, auth_endpoint=None,
|
||||
user=None, key=None, token=None, authenticate=None,
|
||||
def __init__(self, url, api_version, auth_endpoint=None,
|
||||
user=None, password=None, tenant_name=None, authenticate=None,
|
||||
request=None, **kwargs):
|
||||
self.url = url
|
||||
self.api_version = api_version
|
||||
self.tenant_id = tenant_id
|
||||
self.endpoint = '{base}/{api_version}'.format(
|
||||
base=self.url, api_version=self.api_version)
|
||||
self.conn = Connection(
|
||||
endpoint=self.endpoint, auth_endpoint=auth_endpoint,
|
||||
user=user, key=key, tenant=tenant_id, token=token,
|
||||
authenticate=authenticate, request=request, **kwargs)
|
||||
self.keystone = KeystoneAuthV2(auth_url=auth_endpoint,
|
||||
username=user,
|
||||
password=password,
|
||||
tenant_name=tenant_name)
|
||||
# Fix: We need to create an auth plugin for Keystone and CloudCAFE
|
||||
self.keystone._barbican_url = self.endpoint
|
||||
self.conn = Client(auth_plugin=self.keystone)
|
||||
|
||||
self.tenant_id = self.keystone.tenant_id
|
||||
self.tenant_token = self.keystone.auth_token
|
||||
|
||||
def create_order(self, name=None, expiration=None, algorithm=None,
|
||||
bit_length=None, mode=None, mime_type=None):
|
||||
order = self.conn.create_order(
|
||||
bit_length=None, mode=None, payload_content_type=None):
|
||||
order = self.conn.orders.create(
|
||||
name=name, algorithm=algorithm, bit_length=bit_length,
|
||||
mode=mode, mime_type=mime_type)
|
||||
mode=mode, payload_content_type=payload_content_type,
|
||||
expiration=expiration)
|
||||
|
||||
return order
|
||||
|
||||
def list_orders(self, limit=None, offset=None):
|
||||
return self.conn.list_orders(limit=limit, offset=offset)
|
||||
|
||||
def list_orders_by_href(self, href=None):
|
||||
if href is None:
|
||||
href = '{endpoint}/{tenant_id}/orders'.format(
|
||||
endpoint=self.endpoint,
|
||||
tenant_id=self.tenant_id)
|
||||
|
||||
return self.conn.list_orders_by_href(href=href)
|
||||
|
||||
def delete_order_by_id(self, order_id):
|
||||
return self.conn.delete_order_by_id(order_id=order_id)
|
||||
return self.conn.orders.list(limit=limit, offset=offset)
|
||||
|
||||
def delete_order(self, href):
|
||||
return self.conn.delete_order(href=href)
|
||||
|
||||
def get_order_by_id(self, order_id):
|
||||
return self.conn.get_order_by_id(order_id=order_id)
|
||||
return self.conn.orders.delete(order_ref=href)
|
||||
|
||||
def get_order(self, href):
|
||||
return self.conn.get_order(href=href)
|
||||
return self.conn.orders.get(order_ref=href)
|
||||
|
|
|
@ -13,6 +13,8 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
"""
|
||||
from os import path
|
||||
|
||||
from cloudcafe.cloudkeep.barbican.secrets.behaviors import SecretsBehaviors
|
||||
from cloudcafe.cloudkeep.common.responses import CloudkeepResponse
|
||||
|
||||
|
@ -28,45 +30,42 @@ class ClientLibSecretsBehaviors(SecretsBehaviors):
|
|||
|
||||
def create_and_check_secret(self, name=None, expiration=None,
|
||||
algorithm=None, bit_length=None,
|
||||
mode=None, plain_text=None,
|
||||
mime_type=None):
|
||||
mode=None, payload=None,
|
||||
payload_content_type=None):
|
||||
secret = self.create_secret_overriding_cfg(
|
||||
name=name, expiration=expiration, algorithm=algorithm,
|
||||
bit_length=bit_length, mode=mode,
|
||||
plain_text=plain_text, mime_type=mime_type)
|
||||
resp = self.barb_client.get_secret(secret.id)
|
||||
payload=payload, payload_content_type=payload_content_type)
|
||||
secret_id = path.split(secret)[-1]
|
||||
resp = self.barb_client.get_secret(secret_id)
|
||||
|
||||
behavior_response = CloudkeepResponse(entity=secret,
|
||||
get_resp=resp)
|
||||
return behavior_response
|
||||
|
||||
def create_secret(self, name=None, expiration=None, algorithm=None,
|
||||
bit_length=None, mode=None, plain_text=None,
|
||||
mime_type=None):
|
||||
bit_length=None, mode=None, payload=None,
|
||||
payload_content_type=None,
|
||||
payload_content_encoding=None):
|
||||
secret = self.cl_client.create_secret(
|
||||
name=name,
|
||||
expiration=expiration,
|
||||
algorithm=algorithm,
|
||||
bit_length=bit_length,
|
||||
mode=mode,
|
||||
plain_text=plain_text,
|
||||
mime_type=mime_type)
|
||||
payload=payload,
|
||||
payload_content_type=payload_content_type,
|
||||
payload_content_encoding=payload_content_encoding)
|
||||
|
||||
self.created_secrets.append(secret.id)
|
||||
self.created_secrets.append(secret)
|
||||
return secret
|
||||
|
||||
def delete_secret(self, secret_ref):
|
||||
secret_id = CloudkeepResponse.get_id_from_ref(secret_ref)
|
||||
self.remove_from_created_secrets(secret_id=secret_id)
|
||||
self.remove_from_created_secrets(secret_id=secret_ref)
|
||||
resp = self.cl_client.delete_secret(href=secret_ref)
|
||||
return resp
|
||||
|
||||
def delete_secret_by_id(self, secret_id):
|
||||
self.remove_from_created_secrets(secret_id=secret_id)
|
||||
resp = self.cl_client.delete_secret_by_id(secret_id=secret_id)
|
||||
return resp
|
||||
|
||||
def delete_all_created_secrets(self):
|
||||
for secret_id in self.created_secrets:
|
||||
self.delete_secret_by_id(secret_id=secret_id)
|
||||
self.delete_secret(secret_ref=secret_id)
|
||||
self.created_secrets = []
|
||||
|
|
|
@ -13,62 +13,53 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
"""
|
||||
from barbicanclient.client import Connection
|
||||
from barbicanclient.common.auth import KeystoneAuthV2
|
||||
from barbicanclient.client import Client
|
||||
|
||||
|
||||
class ClientLibSecretsClient():
|
||||
def __init__(self, url, api_version, tenant_id, auth_endpoint=None,
|
||||
user=None, key=None, token=None, authenticate=None,
|
||||
def __init__(self, url, api_version, auth_endpoint=None,
|
||||
user=None, password=None, tenant_name=None, authenticate=None,
|
||||
request=None, **kwargs):
|
||||
self.url = url
|
||||
self.api_version = api_version
|
||||
self.tenant_id = tenant_id
|
||||
self.endpoint = '{base}/{api_version}'.format(
|
||||
base=self.url, api_version=self.api_version)
|
||||
self.conn = Connection(
|
||||
endpoint=self.endpoint, auth_endpoint=auth_endpoint,
|
||||
user=user, key=key, tenant=tenant_id, token=token,
|
||||
authenticate=authenticate, request=request, **kwargs)
|
||||
self.keystone = KeystoneAuthV2(auth_url=auth_endpoint,
|
||||
username=user,
|
||||
password=password,
|
||||
tenant_name=tenant_name)
|
||||
# Fix: We need to create an auth plugin for Keystone and CloudCAFE
|
||||
self.keystone._barbican_url = self.endpoint
|
||||
self.conn = Client(auth_plugin=self.keystone)
|
||||
|
||||
self.tenant_id = self.keystone.tenant_id
|
||||
self.tenant_token = self.keystone.auth_token
|
||||
|
||||
def create_secret(self, name=None, expiration=None, algorithm=None,
|
||||
bit_length=None, mode=None, plain_text=None,
|
||||
mime_type=None):
|
||||
secret = self.conn.create_secret(
|
||||
bit_length=None, mode=None, payload=None,
|
||||
payload_content_type=None,
|
||||
payload_content_encoding=None):
|
||||
secret = self.conn.secrets.store(
|
||||
name=name, expiration=expiration, algorithm=algorithm,
|
||||
bit_length=bit_length, mode=mode,
|
||||
plain_text=plain_text, mime_type=mime_type)
|
||||
bit_length=bit_length, mode=mode, payload=payload,
|
||||
payload_content_encoding=payload_content_encoding,
|
||||
payload_content_type=payload_content_type)
|
||||
|
||||
return secret
|
||||
|
||||
def list_secrets(self, limit=None, offset=None):
|
||||
if limit is not None and offset is not None:
|
||||
return self.conn.list_secrets(limit=limit, offset=offset)
|
||||
return self.conn.secrets.list(limit=limit, offset=offset)
|
||||
else:
|
||||
return self.conn.list_secrets()
|
||||
|
||||
def list_secrets_by_href(self, href=None):
|
||||
if href is None:
|
||||
href = '{endpoint}/{tenant_id}/secrets'.format(
|
||||
endpoint=self.endpoint,
|
||||
tenant_id=self.tenant_id)
|
||||
|
||||
return self.conn.list_secrets_by_href(href=href)
|
||||
|
||||
def delete_secret_by_id(self, secret_id):
|
||||
return self.conn.delete_secret_by_id(secret_id=secret_id)
|
||||
return self.conn.secrets.list()
|
||||
|
||||
def delete_secret(self, href):
|
||||
return self.conn.delete_secret(href=href)
|
||||
|
||||
def get_secret_by_id(self, secret_id):
|
||||
return self.conn.get_secret_by_id(secret_id=secret_id)
|
||||
return self.conn.secrets.delete(secret_ref=href)
|
||||
|
||||
def get_secret(self, href):
|
||||
return self.conn.get_secret(href=href)
|
||||
return self.conn.secrets.get(secret_ref=href)
|
||||
|
||||
def get_raw_secret_by_id(self, secret_id, mime_type):
|
||||
return self.conn.get_raw_secret_by_id(
|
||||
secret_id=secret_id, mime_type=mime_type)
|
||||
|
||||
def get_raw_secret(self, href, mime_type):
|
||||
return self.conn.get_raw_secret(href=href, mime_type=mime_type)
|
||||
def get_raw_secret(self, href, content_type):
|
||||
return self.conn.secrets.decrypt(secret_ref=href,
|
||||
content_type=content_type)
|
||||
|
|
|
@ -105,26 +105,6 @@ class CloudKeepOrdersConfig(ConfigSectionInterface):
|
|||
return self.get("payload_content_encoding")
|
||||
|
||||
|
||||
class CloudKeepClientLibConfig(ConfigSectionInterface):
|
||||
SECTION_NAME = 'cloudkeep-client-lib'
|
||||
|
||||
@property
|
||||
def authentication_endpoint(self):
|
||||
return self.get("authentication_endpoint")
|
||||
|
||||
@property
|
||||
def username(self):
|
||||
return self.get("username")
|
||||
|
||||
@property
|
||||
def key(self):
|
||||
return self.get("key")
|
||||
|
||||
@property
|
||||
def token(self):
|
||||
return self.get("token")
|
||||
|
||||
|
||||
class CloudKeepRBACRoleConfig(ConfigSectionInterface):
|
||||
SECTION_NAME = 'cloudkeep-rbac-role-users'
|
||||
|
||||
|
|
|
@ -42,12 +42,6 @@ mode=cbc
|
|||
payload_content_type=application/octet-stream
|
||||
payload_content_encoding=base64
|
||||
|
||||
[cloudkeep-client-lib]
|
||||
authentication_endpoint=<auth_endpoint>
|
||||
username=user
|
||||
key=key
|
||||
token=bypass
|
||||
|
||||
[tokens_api]
|
||||
authentication_endpoint=<auth_endpoint>
|
||||
username=<keystone_user>
|
||||
|
|
Loading…
Reference in New Issue