Add validation to barbican order

Algorithm and bit_length properties are required by barbican for non-certificate types of order. Change-Id: I61117ed9e00ebbd42374df6eb5b533b13c98360d Closes-Bug: #1535791
2016-01-19 18:15:01 +02:00 · 2016-01-19 18:15:01 +02:00 · 7601c6cb42
parent bf20657824
commit 7601c6cb42
2 changed files with 33 additions and 5 deletions
--- a/heat/engine/resources/openstack/barbican/order.py
+++ b/heat/engine/resources/openstack/barbican/order.py
@ -55,6 +55,12 @@ class Order(resource.Resource):
        'certificate', 'intermediates', 'container_ref'
    )

+    ORDER_TYPES = (
+        KEY, ASYMMETRIC, CERTIFICATE
+    ) = (
+        'key', 'asymmetric', 'certificate'
+    )
+
    properties_schema = {
        NAME: properties.Schema(
            properties.Schema.STRING,
@ -73,11 +79,13 @@ class Order(resource.Resource):
        ),
        ALGORITHM: properties.Schema(
            properties.Schema.STRING,
-            _('The algorithm type used to generate the secret.'),
+            _('The algorithm type used to generate the secret. '
+              'Required for key and asymmetric types of order.'),
        ),
        BIT_LENGTH: properties.Schema(
            properties.Schema.INTEGER,
-            _('The bit-length of the secret.'),
+            _('The bit-length of the secret. Required for key and '
+              'asymmetric types of order.'),
        ),
        MODE: properties.Schema(
            properties.Schema.STRING,
@ -88,9 +96,7 @@ class Order(resource.Resource):
            properties.Schema.STRING,
            _('The type of the order.'),
            constraints=[
-                constraints.AllowedValues([
-                    'key', 'asymmetric', 'certificate'
-                ]),
+                constraints.AllowedValues(ORDER_TYPES),
            ],
            required=True,
            support_status=support.SupportStatus(version='5.0.0'),
@ -182,6 +188,17 @@ class Order(resource.Resource):
        # need not to be fixed re LP bug #1393268
        return order_ref

+    def validate(self):
+        if self.properties[self.TYPE] != self.CERTIFICATE:
+            if (self.properties[self.ALGORITHM] is None
+                    or self.properties[self.BIT_LENGTH] is None):
+                msg = _("Properties %(algorithm)s and %(bit_length)s are "
+                        "required for %(type)s type of order.") % {
+                            'algorithm': self.ALGORITHM,
+                            'bit_length': self.BIT_LENGTH,
+                            'type': self.properties[self.TYPE]}
+                raise exception.StackValidationFailed(message=msg)
+
    def check_create_complete(self, order_href):
        order = self.client().orders.get(order_href)

--- a/heat/tests/openstack/barbican/test_order.py
+++ b/heat/tests/openstack/barbican/test_order.py
@ -95,6 +95,17 @@ class TestOrder(common.HeatTestCase):
                                'foo',
                                snippet, self.stack)

+    def test_validate_non_certificate_order(self):
+        snippet = copy.deepcopy(self.res_template)
+        del snippet['Properties']['bit_length']
+        del snippet['Properties']['algorithm']
+        res = self._create_resource('test', snippet, self.stack)
+        msg = ("Properties algorithm and bit_length are required for "
+               "key type of order.")
+        self.assertRaisesRegexp(exception.StackValidationFailed,
+                                msg,
+                                res.validate)
+
    def test_attributes(self):
        mock_order = mock.Mock()
        mock_order.status = 'test-status'