From fba4607f6e4c837096ad9b138ec5a16252b717d4 Mon Sep 17 00:00:00 2001 From: Kaitlin Farr Date: Mon, 14 Nov 2016 13:05:19 -0500 Subject: [PATCH] Pass secret_type to repository query In the secrets controller, the list functionality had a "secret_type" argument, but wasn't being used in the actual query to the secrets repo. This fixes the issue and adds functional tests to ensure the filter queries are working correctly. Change-Id: Ifa42f5e817908973dd8b927e4744cdc754a4b027 --- barbican/api/controllers/secrets.py | 1 + .../api/v1/behaviors/secret_behaviors.py | 25 +++++++--- .../api/v1/functional/test_secrets.py | 49 ++++++++++++++++++- functionaltests/run_tests.sh | 2 +- 4 files changed, 68 insertions(+), 9 deletions(-) diff --git a/barbican/api/controllers/secrets.py b/barbican/api/controllers/secrets.py index 20016388..849be333 100644 --- a/barbican/api/controllers/secrets.py +++ b/barbican/api/controllers/secrets.py @@ -379,6 +379,7 @@ class SecretsController(controllers.ACLMixin): alg=kw.get('alg'), mode=kw.get('mode'), bits=bits, + secret_type=kw.get('secret_type'), suppress_exception=True, acl_only=kw.get('acl_only'), user_id=user_id, diff --git a/functionaltests/api/v1/behaviors/secret_behaviors.py b/functionaltests/api/v1/behaviors/secret_behaviors.py index 08659c4e..f11f65f3 100644 --- a/functionaltests/api/v1/behaviors/secret_behaviors.py +++ b/functionaltests/api/v1/behaviors/secret_behaviors.py @@ -131,24 +131,35 @@ class SecretBehaviors(base_behaviors.BaseBehaviors): response_model_type=secret_models.SecretModel, use_auth=use_auth, user_name=user_name) - def get_secrets(self, limit=10, offset=0, filter=None, - extra_headers=None, omit_headers=None, use_auth=True, - user_name=None): + def get_secrets(self, limit=10, offset=0, extra_headers=None, + omit_headers=None, use_auth=True, user_name=None, + name=None, alg=None, mode=None, bits=None, + secret_type=None): """Handles getting a list of secrets. :param limit: limits number of returned secrets :param offset: represents how many records to skip before retrieving the list - :param filter: optional filter to limit the returned secrets to - those whose name matches the filter. :param extra_headers: Optional HTTP headers to add to the request :param omit_headers: headers to delete before making the request :param use_auth: Boolean for whether to send authentication headers :param user_name: The user name used to list the secrets + :param alg: Optional algorithm for filtering secrets + :param mode: Optional mode for filtering secrets + :param bits: Optional bit length for filtering secrets + :param secret_type: Optional secret type for filtering secrets """ params = {'limit': limit, 'offset': offset} - if filter: - params['name'] = filter + if name: + params['name'] = name + if alg: + params['alg'] = alg + if mode: + params['mode'] = mode + if bits: + params['bits'] = bits + if secret_type: + params['secret_type'] = secret_type resp = self.client.get('secrets', params=params, extra_headers=extra_headers, omit_headers=omit_headers, diff --git a/functionaltests/api/v1/functional/test_secrets.py b/functionaltests/api/v1/functional/test_secrets.py index 238f58ca..8122161e 100644 --- a/functionaltests/api/v1/functional/test_secrets.py +++ b/functionaltests/api/v1/functional/test_secrets.py @@ -22,6 +22,7 @@ import time from testtools import testcase +from barbican.plugin.interface import secret_store as ss from barbican.plugin.util import translations from barbican.tests import keys from barbican.tests import utils @@ -1088,6 +1089,52 @@ class SecretsTestCase(base.TestCase): self.assertEqual(400, resp.status_code) +@utils.parameterized_test_case +class ListingSecretsTestCase(SecretsTestCase): + + @utils.parameterized_dataset({ + 'query_by_name': { + 'secret_1_dict': dict(name="name1"), + 'secret_2_dict': dict(name="name2"), + 'query_dict': dict(name="name1") + }, + 'query_by_algorithm': { + 'secret_1_dict': dict(algorithm="algorithm1"), + 'secret_2_dict': dict(algorithm="algorithm2"), + 'query_dict': dict(alg="algorithm1") + }, + 'query_by_mode': { + 'secret_1_dict': dict(mode="mode1"), + 'secret_2_dict': dict(mode="mode2"), + 'query_dict': dict(mode="mode1") + }, + 'query_by_bit_length': { + 'secret_1_dict': dict(bit_length=1024), + 'secret_2_dict': dict(bit_length=2048), + 'query_dict': dict(bits=1024) + }, + 'query_by_secret_type': { + 'secret_1_dict': dict(secret_type=ss.SecretType.SYMMETRIC), + 'secret_2_dict': dict(secret_type=ss.SecretType.OPAQUE), + 'query_dict': dict(secret_type=ss.SecretType.SYMMETRIC) + }, + }) + @testcase.attr('positive') + def test_secret_list_with_filter(self, secret_1_dict, secret_2_dict, + query_dict): + secret_1 = secret_models.SecretModel(**secret_1_dict) + secret_2 = secret_models.SecretModel(**secret_2_dict) + + self.behaviors.create_secret(secret_1) + self.behaviors.create_secret(secret_2) + + resp, secrets_list, next_ref, prev_ref = self.behaviors.get_secrets( + **query_dict) + + self.assertEqual(200, resp.status_code) + self.assertEqual(1, len(secrets_list)) + + class SecretsPagingTestCase(base.PagingTestCase): def setUp(self): @@ -1111,7 +1158,7 @@ class SecretsPagingTestCase(base.PagingTestCase): def get_resources(self, limit=10, offset=0, filter=None): return self.behaviors.get_secrets(limit=limit, offset=offset, - filter=filter) + name=filter) def set_filter_field(self, unique_str, model): '''Set the name field which we use in the get_resources ''' diff --git a/functionaltests/run_tests.sh b/functionaltests/run_tests.sh index 35cc11e3..ee589670 100755 --- a/functionaltests/run_tests.sh +++ b/functionaltests/run_tests.sh @@ -32,7 +32,7 @@ coverage combine coverage report -m # run the tests in parallel -SKIP=^\(\?\!\.\*\(ProjectQuotasPagingTestCase\|QuotaEnforcementTestCase\|ListingCAsTestCase\|ProjectCATestCase\|GlobalPreferredCATestCase\|CertificateAuthoritiesTestCase\)\) +SKIP=^\(\?\!\.\*\(ProjectQuotasPagingTestCase\|QuotaEnforcementTestCase\|ListingCAsTestCase\|ProjectCATestCase\|GlobalPreferredCATestCase\|CertificateAuthoritiesTestCase\|ListingSecretsTestCase\)\) testr init testr run $SKIP --parallel --subunit | subunit-trace --no-failure-debug -f retval=$(($retval || $?))