Merge "Initial OVO for Barbican"

This commit is contained in:
Zuul 2018-06-04 15:51:58 +00:00 committed by Gerrit Code Review
commit 27d8ba5299
7 changed files with 443 additions and 0 deletions

View File

@ -52,6 +52,7 @@ sa_logger = None
# Singleton repository references, instantiated via get_xxxx_repository()
# functions below. Please keep this list in alphabetical order.
_CA_REPOSITORY = None
_CONTAINER_ACL_USER_REPOSITORY = None
_CONTAINER_ACL_REPOSITORY = None
_CONTAINER_CONSUMER_REPOSITORY = None
_CONTAINER_REPOSITORY = None
@ -66,6 +67,7 @@ _PREFERRED_CA_REPOSITORY = None
_PROJECT_REPOSITORY = None
_PROJECT_CA_REPOSITORY = None
_PROJECT_QUOTAS_REPOSITORY = None
_SECRET_ACL_USER_REPOSITORY = None
_SECRET_ACL_REPOSITORY = None
_SECRET_META_REPOSITORY = None
_SECRET_USER_META_REPOSITORY = None
@ -1984,6 +1986,26 @@ class SecretACLRepo(BaseRepo):
entity.delete(session=session)
class SecretACLUserRepo(BaseRepo):
"""Repository for the SecretACLUser entity."""
def _do_entity_name(self):
"""Sub-class hook: return entity name, such as for debugging."""
return "SecretACLUser"
def _do_build_get_query(self, entity_id, external_project_id, session):
"""Sub-class hook: build a retrieve query."""
query = session.query(models.SecretACLUser)
query = query.filter_by(id=entity_id)
return query
def _do_validate(self, values):
"""Sub-class hook: validate values."""
pass
class ContainerACLRepo(BaseRepo):
"""Repository for the ContainerACL entity.
@ -2080,6 +2102,25 @@ class ContainerACLRepo(BaseRepo):
entity.delete(session=session)
class ContainerACLUserRepo(BaseRepo):
"""Repository for ContainerACLUser entity."""
def _do_entity_name(self):
"""Sub-class hook: return entity name, such as for debugging."""
return "ContainerACLUser"
def _do_build_get_query(self, entity_id, external_project_id, session):
"""Sub-class hook: build a retrieve query."""
query = session.query(models.ContainerACLUser)
query = query.filter_by(id=entity_id)
return query
def _do_validate(self, values):
"""Sub-class hook: validate values."""
pass
class ProjectQuotasRepo(BaseRepo):
"""Repository for the ProjectQuotas entity."""
def _do_entity_name(self):
@ -2382,6 +2423,13 @@ def get_container_secret_repository():
return _get_repository(_CONTAINER_SECRET_REPOSITORY, ContainerSecretRepo)
def get_container_acl_user_repository():
"""Returns a singleton Container-ACL-User repository instance."""
global _CONTAINER_ACL_USER_REPOSITORY
return _get_repository(_CONTAINER_ACL_USER_REPOSITORY,
ContainerACLUserRepo)
def get_encrypted_datum_repository():
"""Returns a singleton Encrypted Datum repository instance."""
global _ENCRYPTED_DATUM_REPOSITORY
@ -2453,6 +2501,12 @@ def get_secret_acl_repository():
return _get_repository(_SECRET_ACL_REPOSITORY, SecretACLRepo)
def get_secret_acl_user_repository():
"""Returns a singleton Secret-ACL-User repository instance."""
global _SECRET_ACL_USER_REPOSITORY
return _get_repository(_SECRET_ACL_USER_REPOSITORY, SecretACLUserRepo)
def get_secret_meta_repository():
"""Returns a singleton Secret meta repository instance."""
global _SECRET_META_REPOSITORY

View File

@ -0,0 +1,83 @@
# Copyright 2018 Fujitsu.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from barbican.objects import base
from barbican.objects import certificate_authority
from barbican.objects import container
from barbican.objects import container_acl
from barbican.objects import container_consumer_meta
from barbican.objects import container_secret
from barbican.objects import encrypted_datum
from barbican.objects import kekdatum
from barbican.objects import order
from barbican.objects import order_barbican_metadatum
from barbican.objects import order_plugin_metadatum
from barbican.objects import order_retry_task
from barbican.objects import project
from barbican.objects import project_quotas
from barbican.objects import project_secret_store
from barbican.objects import secret
from barbican.objects import secret_acl
from barbican.objects import secret_store_metadatum
from barbican.objects import secret_stores
from barbican.objects import secret_user_metadatum
from barbican.objects import transport_key
States = base.States
BarbicanObject = base.BarbicanObject
CertificateAuthority = certificate_authority.CertificateAuthority
Container = container.Container
ContainerACL = container_acl.ContainerACL
ContainerConsumerMetadatum = container_consumer_meta.ContainerConsumerMetadatum
ContainerSecret = container_secret.ContainerSecret
EncryptedDatum = encrypted_datum.EncryptedDatum
Order = order.Order
OrderBarbicanMetadatum = order_barbican_metadatum.OrderBarbicanMetadatum
OrderPluginMetadatum = order_plugin_metadatum.OrderPluginMetadatum
OrderRetryTask = order_retry_task.OrderRetryTask
Project = project.Project
ProjectQuotas = project_quotas.ProjectQuotas
ProjectSecretStore = project_secret_store.ProjectSecretStore
TransportKey = transport_key.TransportKey
KEKDatum = kekdatum.KEKDatum
Secret = secret.Secret
SecretACL = secret_acl.SecretACL
SecretStores = secret_stores.SecretStores
SecretUserMetadatum = secret_user_metadatum.SecretUserMetadatum
SecretStoreMetadatum = secret_store_metadatum.SecretStoreMetadatum
__all__ = (
States,
BarbicanObject,
CertificateAuthority,
Container,
ContainerACL,
ContainerConsumerMetadatum,
ContainerSecret,
EncryptedDatum,
Order,
OrderBarbicanMetadatum,
OrderPluginMetadatum,
OrderRetryTask,
Project,
ProjectQuotas,
ProjectSecretStore,
KEKDatum,
Secret,
SecretACL,
SecretStores,
SecretUserMetadatum,
SecretStoreMetadatum,
TransportKey,
)

205
barbican/objects/base.py Normal file
View File

@ -0,0 +1,205 @@
# Copyright 2018 Fujitsu.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
"""Barbican common internal objects model"""
from oslo_versionedobjects import base as object_base
from barbican.model import repositories as repos
from barbican.objects import fields
class States(object):
PENDING = 'PENDING'
ACTIVE = 'ACTIVE'
ERROR = 'ERROR'
@classmethod
def is_valid(cls, state_to_test):
"""Tests if a state is a valid one."""
return state_to_test in cls.__dict__
class BarbicanPersistentObject(object):
fields = {
'id': fields.StringField(nullable=True, default=None),
'created_at': fields.DateTimeField(nullable=True, tzinfo_aware=False),
'updated_at': fields.DateTimeField(nullable=True, tzinfo_aware=False),
'deleted_at': fields.DateTimeField(nullable=True, tzinfo_aware=False),
'deleted': fields.BooleanField(nullable=True),
'status': fields.StringField(nullable=True, default=States.PENDING)
}
class BarbicanObject(object_base.VersionedObject):
# Version 1.0: Initial version
VERSION = '1.0'
OBJ_PROJECT_NAMESPACE = 'barbican'
synthetic_fields = []
# NOTE(namnh): The db_model, db_repo class variable should be inherited
# by sub-classes.
# For example, in the Secret object has to have "db_model = models.Secret"
# and "db_repo = repo.get_secret_repository()".
db_model = None
db_repo = repos.BaseRepo()
def __init__(self, context=None, **kwargs):
super(BarbicanObject, self).__init__(context=context, **kwargs)
self.dict_fields = None
self.obj_set_defaults()
def set_attribute(self, name_attr, value_attr=None):
setattr(self, name_attr, value_attr)
def _get_db_entity(self):
return self.db_model()
def _get_changed_persistent_fields(self):
change_fields = self.obj_get_changes()
for field in self.synthetic_fields:
if field in change_fields:
del change_fields[field]
return change_fields
def _validate_fields(self, change_fields):
"""Validate fields before creating model
In order to verify fields before saving a model to database. It should
be inherited by sub-class in case the class need to verify.
"""
pass
def _from_db_object(self, db_entity):
if db_entity is None:
return None
for field in self.fields:
if field not in self.synthetic_fields:
self.set_attribute(field, db_entity[field])
self.load_synthetic_db_fields(db_entity=db_entity)
self.dict_fields = db_entity.to_dict_fields()
self.obj_reset_changes()
return self
def to_dict_fields(self):
return self.dict_fields
def register_value(self, data=None, **kwargs):
data = data or dict()
data.update(kwargs)
for key, value in data.items():
setattr(self, key, value)
@classmethod
def is_synthetic(cls, field):
return field in cls.synthetic_fields
@classmethod
def load_object(cls, db_entity):
obj = cls()
obj._from_db_object(db_entity=db_entity)
return obj
def load_synthetic_db_fields(self, db_entity):
"""Load synthetic database field.
:param db_entity: Database model
:return: None
"""
for field in self.synthetic_fields:
objclasses = object_base.VersionedObjectRegistry.obj_classes(
).get(self.fields[field].objname)
objclass = objclasses[0]
synth_db_objs = db_entity.get(field, None)
# NOTE(namnh): synth_db_objs can be list, dict, empty list
if isinstance(self.fields[field], fields.DictOfObjectsField):
dict_entity_object = {key: objclass.load_object(value)
for key, value in synth_db_objs.items()}
setattr(self, field, dict_entity_object)
elif isinstance(self.fields[field], fields.ListOfObjectsField):
entities_object = [objclass.load_object(entity)
for entity in synth_db_objs]
setattr(self, field, entities_object)
else:
# At this moment, this field is an ObjectField.
entity_object = objclass.load_object(synth_db_objs)
setattr(self, field, entity_object)
self.obj_reset_changes([fields])
def create(self, session=None):
change_fields = self._get_changed_persistent_fields()
self._validate_fields(change_fields)
db_entity = self._get_db_entity()
db_entity.update(change_fields)
db_entity = self.db_repo.create_from(db_entity, session=session)
self._from_db_object(db_entity)
def save(self, session=None):
"""To update new values to a row in database."""
change_fields = self._get_changed_persistent_fields()
self.db_repo.update_from(self.db_model, self.id,
change_fields, session=session)
self.obj_reset_changes()
def delete(self, session):
raise NotImplementedError()
@classmethod
def get(cls, entity_id, external_project_id=None,
force_show_deleted=False,
suppress_exception=False, session=None):
"""Get an entity or raise if it does not exist"""
db_entity = cls.db_repo.get(
entity_id, external_project_id=external_project_id,
force_show_deleted=force_show_deleted,
suppress_exception=suppress_exception, session=session)
if db_entity:
return cls()._from_db_object(db_entity)
else:
return None
@classmethod
def get_session(cls, session=None):
return cls.db_repo.get_session(session)
@classmethod
def delete_entity_by_id(cls, entity_id, external_project_id,
session=None):
cls.db_repo.delete_entity_by_id(
entity_id, external_project_id, session=session)
@classmethod
def get_project_entities(cls, project_id, session=None):
"""Gets entities associated with a given project."""
entities_db = cls.db_repo.get_project_entities(project_id,
session=session)
entities_object = [cls()._from_db_object(entity_db)
for entity_db in entities_db] if entities_db else []
return entities_object
@classmethod
def get_count(cls, project_id, session=None):
"""Gets count of entities associated with a given project"""
return cls.db_repo.get_count(project_id, session=session)
@classmethod
def delete_project_entities(cls, project_id,
suppress_exception=False,
session=None):
"""Deletes entities for a given project."""
cls.db_repo.delete_project_entities(
project_id, suppress_exception=suppress_exception, session=session)

View File

@ -0,0 +1,98 @@
# Copyright 2018 Fujitsu.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import json
from oslo_versionedobjects import fields
import six
# Import field errors from oslo.versionedobjects
KeyTypeError = fields.KeyTypeError
ElementTypeError = fields.ElementTypeError
# Import fields from oslo.versionedobjects
BooleanField = fields.BooleanField
UnspecifiedDefault = fields.UnspecifiedDefault
IntegerField = fields.IntegerField
NonNegativeIntegerField = fields.NonNegativeIntegerField
UUIDField = fields.UUIDField
FloatField = fields.FloatField
NonNegativeFloatField = fields.NonNegativeFloatField
StringField = fields.StringField
SensitiveStringField = fields.SensitiveStringField
EnumField = fields.EnumField
DateTimeField = fields.DateTimeField
DictOfStringsField = fields.DictOfStringsField
DictOfNullableStringsField = fields.DictOfNullableStringsField
DictOfIntegersField = fields.DictOfIntegersField
ListOfStringsField = fields.ListOfStringsField
SetOfIntegersField = fields.SetOfIntegersField
ListOfSetsOfIntegersField = fields.ListOfSetsOfIntegersField
ListOfDictOfNullableStringsField = fields.ListOfDictOfNullableStringsField
DictProxyField = fields.DictProxyField
ObjectField = fields.ObjectField
ListOfObjectsField = fields.ListOfObjectsField
VersionPredicateField = fields.VersionPredicateField
FlexibleBooleanField = fields.FlexibleBooleanField
DictOfListOfStringsField = fields.DictOfListOfStringsField
IPAddressField = fields.IPAddressField
IPV4AddressField = fields.IPV4AddressField
IPV6AddressField = fields.IPV6AddressField
IPV4AndV6AddressField = fields.IPV4AndV6AddressField
IPNetworkField = fields.IPNetworkField
IPV4NetworkField = fields.IPV4NetworkField
IPV6NetworkField = fields.IPV6NetworkField
AutoTypedField = fields.AutoTypedField
BaseEnumField = fields.BaseEnumField
MACAddressField = fields.MACAddressField
ListOfIntegersField = fields.ListOfIntegersField
PCIAddressField = fields.PCIAddressField
Enum = fields.Enum
Field = fields.Field
FieldType = fields.FieldType
Set = fields.Set
Dict = fields.Dict
List = fields.List
Object = fields.Object
IPAddress = fields.IPAddress
IPV4Address = fields.IPV4Address
IPV6Address = fields.IPV6Address
IPNetwork = fields.IPNetwork
IPV4Network = fields.IPV4Network
IPV6Network = fields.IPV6Network
class Json(FieldType):
def coerce(self, obj, attr, value):
if isinstance(value, six.string_types):
loaded = json.loads(value)
return loaded
return value
def from_primitive(self, obj, attr, value):
return self.coerce(obj, attr, value)
def to_primitive(self, obj, attr, value):
return json.dumps(value)
class DictOfObjectsField(AutoTypedField):
def __init__(self, objtype, subclasses=False, **kwargs):
self.AUTO_TYPE = Dict(Object(objtype, subclasses))
self.objname = objtype
super(DictOfObjectsField, self).__init__(**kwargs)
class JsonField(AutoTypedField):
AUTO_TYPE = Json()

View File

@ -74,6 +74,7 @@ oslo.policy==1.30.0
oslo.serialization==2.18.0
oslo.service==1.24.0
oslo.utils==3.33.0
oslo.versionedobjects==1.31.2
oslotest==3.2.0
paramiko==2.4.1
Paste==2.0.2

View File

@ -18,6 +18,7 @@ oslo.policy>=1.30.0 # Apache-2.0
oslo.serialization!=2.19.1,>=2.18.0 # Apache-2.0
oslo.service!=1.28.1,>=1.24.0 # Apache-2.0
oslo.utils>=3.33.0 # Apache-2.0
oslo.versionedobjects>=1.31.2 # Apache-2.0
Paste>=2.0.2 # MIT
PasteDeploy>=1.5.0 # MIT
pbr!=2.1.0,>=2.0.0 # Apache-2.0

View File

@ -141,3 +141,4 @@ deps =
-c{toxinidir}/lower-constraints.txt
-r{toxinidir}/test-requirements.txt
-r{toxinidir}/requirements.txt