84ab5c5096
This PS adds an integration test scenario for validating that encrypting a generic document type and using it as a substitution source during document rendering works. Deckhand will now submit all generic documents to be encrypted to Barbican with a 'secret_type' of 'passphrase'. No encoding is provided Deckhand-side (i.e. base64) because encoding is deprecated in Barbican since it lead to strange behavior; Barbican will figure out what to encode the payload as automatically. For more information, see [0] and [1]. In addition, this PS handles 2 edge cases around secret payloads that are rejected by Barbican if not handled correctly by Deckhand: empty payloads and non-string type payloads [2]. For the first case Deckhand forcibly changes the document to cleartext because there is no point in encrypting a document with an empty payload. For the second case Deckhand sets overrides any previously set secret_type to 'opaque' and encodes the payload to base64 -- when it goes to render the secret it decodes the payload also using base64. Integration tests have been added to handle both edge cases described above. [0] https://bugs.launchpad.net/python-barbicanclient/+bug/1419166 [1]49505b9aec/barbicanclient/v1/secrets.py (L252)[2]49505b9aec/barbicanclient/v1/secrets.py (L297)Change-Id: I1964aa84ad07b6f310b39974f078b84a1dc84983
62 lines
1.5 KiB
Python
62 lines
1.5 KiB
Python
# Copyright 2017 AT&T Intellectual Property. All other rights reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
DOCUMENT_SECRET_TYPES = (
|
|
CERTIFICATE_AUTHORITY_SCHEMA,
|
|
CERTIFICATE_KEY_AUTHORITY_SCHEMA,
|
|
CERTIFICATE_KEY_SCHEMA,
|
|
CERTIFICATE_SCHEMA,
|
|
PRIVATE_KEY_SCHEMA,
|
|
PUBLIC_KEY_SCHEMA,
|
|
PASSPHRASE_SCHEMA
|
|
) = (
|
|
'deckhand/CertificateAuthority',
|
|
'deckhand/CertificateAuthorityKey',
|
|
'deckhand/Certificate',
|
|
'deckhand/CertificateKey',
|
|
'deckhand/Passphrase',
|
|
'deckhand/PrivateKey',
|
|
'deckhand/PublicKey',
|
|
)
|
|
|
|
|
|
DOCUMENT_SCHEMA_TYPES = (
|
|
DATA_SCHEMA_SCHEMA,
|
|
LAYERING_POLICY_SCHEMA,
|
|
VALIDATION_POLICY_SCHEMA,
|
|
) = (
|
|
'deckhand/DataSchema',
|
|
'deckhand/LayeringPolicy',
|
|
'deckhand/ValidationPolicy',
|
|
)
|
|
|
|
|
|
DOCUMENT_SCHEMA_TYPES += DOCUMENT_SECRET_TYPES
|
|
|
|
|
|
DECKHAND_VALIDATION_TYPES = (
|
|
DECKHAND_SCHEMA_VALIDATION,
|
|
) = (
|
|
'deckhand-schema-validation',
|
|
)
|
|
|
|
|
|
ENCRYPTION_TYPES = (
|
|
CLEARTEXT,
|
|
ENCRYPTED
|
|
) = (
|
|
'cleartext',
|
|
'encrypted',
|
|
)
|