Merge "Remove ProjectSecret table-related code"
This commit is contained in:
Jenkins
Gerrit Code Review
commit
2aaf6c7b40
@ -49,8 +49,7 @@ class SecretACLsController(controllers.ACLMixin):
|
||||
|
||||
def __init__(self, secret):
|
||||
self.secret = secret
|
||||
self.secret_project_id = (self.secret.project_assocs[0].
|
||||
projects.external_id)
|
||||
self.secret_project_id = self.secret.project.external_id
|
||||
self.acl_repo = repo.get_secret_acl_repository()
|
||||
self.validator = validators.ACLValidator()
|
||||
|
||||
|
||||
@ -64,7 +64,7 @@ class SecretController(controllers.ACLMixin):
|
||||
|
||||
def get_acl_tuple(self, req, **kwargs):
|
||||
d = self.get_acl_dict_for_user(req, self.secret.secret_acls)
|
||||
d['project_id'] = self.secret.project_assocs[0].projects.external_id
|
||||
d['project_id'] = self.secret.project.external_id
|
||||
d['creator_id'] = self.secret.creator_id
|
||||
return 'secret', d
|
||||
|
||||
@ -124,7 +124,7 @@ class SecretController(controllers.ACLMixin):
|
||||
# project associated with secret. The lookup project_id needs to be
|
||||
# derived from the secret's data considering authorization is already
|
||||
# done.
|
||||
external_project_id = secret.project_assocs[0].projects.external_id
|
||||
external_project_id = secret.project.external_id
|
||||
project = res.get_or_create_project(external_project_id)
|
||||
|
||||
# default to application/octet-stream if there is no Accept header
|
||||
|
||||
@ -0,0 +1,50 @@
|
||||
"""remove ProjectSecret table
|
||||
|
||||
Revision ID: 1bece815014f
|
||||
Revises: 161f8aceb687
|
||||
Create Date: 2015-06-23 16:17:50.805295
|
||||
|
||||
"""
|
||||
|
||||
# revision identifiers, used by Alembic.
|
||||
revision = '1bece815014f'
|
||||
down_revision = '161f8aceb687'
|
||||
|
||||
from alembic import op
|
||||
import sqlalchemy as sa
|
||||
from sqlalchemy.dialects import postgresql
|
||||
|
||||
|
||||
def upgrade():
|
||||
op.drop_table('project_secret')
|
||||
|
||||
|
||||
def downgrade():
|
||||
op.create_table(
|
||||
'project_secret',
|
||||
sa.Column('id', sa.VARCHAR(length=36), autoincrement=False,
|
||||
nullable=False),
|
||||
sa.Column('created_at', postgresql.TIMESTAMP(), autoincrement=False,
|
||||
nullable=False),
|
||||
sa.Column('updated_at', postgresql.TIMESTAMP(), autoincrement=False,
|
||||
nullable=False),
|
||||
sa.Column('deleted_at', postgresql.TIMESTAMP(), autoincrement=False,
|
||||
nullable=True),
|
||||
sa.Column('deleted', sa.BOOLEAN(), autoincrement=False,
|
||||
nullable=False),
|
||||
sa.Column('status', sa.VARCHAR(length=20), autoincrement=False,
|
||||
nullable=False),
|
||||
sa.Column('role', sa.VARCHAR(length=255), autoincrement=False,
|
||||
nullable=True),
|
||||
sa.Column('project_id', sa.VARCHAR(length=36), autoincrement=False,
|
||||
nullable=False),
|
||||
sa.Column('secret_id', sa.VARCHAR(length=36), autoincrement=False,
|
||||
nullable=False),
|
||||
sa.ForeignKeyConstraint(['project_id'], [u'projects.id'],
|
||||
name=u'project_secret_project_fk'),
|
||||
sa.ForeignKeyConstraint(['secret_id'], [u'secrets.id'],
|
||||
name=u'project_secret_secret_fk'),
|
||||
sa.PrimaryKeyConstraint('id', name=u'project_secret_pkey'),
|
||||
sa.UniqueConstraint('project_id', 'secret_id',
|
||||
name=u'_project_secret_uc')
|
||||
)
|
||||
@ -215,28 +215,6 @@ class SoftDeleteMixIn(object):
|
||||
self._do_delete_children(session)
|
||||
|
||||
|
||||
class ProjectSecret(BASE, SoftDeleteMixIn, ModelBase):
|
||||
"""Represents an association between a Project and a Secret."""
|
||||
|
||||
__tablename__ = 'project_secret'
|
||||
|
||||
role = sa.Column(sa.String(255))
|
||||
secret = orm.relationship("Secret", backref="project_assocs")
|
||||
project_id = sa.Column(
|
||||
sa.String(36),
|
||||
sa.ForeignKey('projects.id', name='project_secret_project_fk'),
|
||||
index=True,
|
||||
nullable=False)
|
||||
secret_id = sa.Column(
|
||||
sa.String(36),
|
||||
sa.ForeignKey('secrets.id', name='project_secret_secret_fk'),
|
||||
index=True,
|
||||
nullable=False)
|
||||
|
||||
__table_args__ = (sa.UniqueConstraint(
|
||||
'project_id', 'secret_id', name='_project_secret_uc'),)
|
||||
|
||||
|
||||
class ContainerSecret(BASE, SoftDeleteMixIn, ModelBase):
|
||||
"""Represents an association between a Container and a Secret."""
|
||||
|
||||
@ -272,7 +250,6 @@ class Project(BASE, SoftDeleteMixIn, ModelBase):
|
||||
|
||||
orders = orm.relationship("Order", backref="project")
|
||||
secrets = orm.relationship("Secret", backref="project")
|
||||
old_secrets = orm.relationship("ProjectSecret", backref="projects")
|
||||
keks = orm.relationship("KEKDatum", backref="project")
|
||||
containers = orm.relationship("Container", backref="project")
|
||||
cas = orm.relationship("ProjectCertificateAuthority", backref="project")
|
||||
@ -305,7 +282,7 @@ class Secret(BASE, SoftDeleteMixIn, ModelBase):
|
||||
sa.String(36),
|
||||
sa.ForeignKey('projects.id', name='secrets_project_fk'),
|
||||
index=True,
|
||||
nullable=True)
|
||||
nullable=False)
|
||||
|
||||
# TODO(jwood): Performance - Consider avoiding full load of all
|
||||
# datum attributes here. This is only being done to support the
|
||||
@ -337,6 +314,7 @@ class Secret(BASE, SoftDeleteMixIn, ModelBase):
|
||||
self.bit_length = parsed_request.get('bit_length')
|
||||
self.mode = parsed_request.get('mode')
|
||||
self.creator_id = parsed_request.get('creator_id')
|
||||
self.project_id = parsed_request.get('project_id')
|
||||
|
||||
self.status = States.ACTIVE
|
||||
|
||||
|
||||
@ -61,7 +61,6 @@ _ORDER_RETRY_TASK_REPOSITORY = None
|
||||
_PREFERRED_CA_REPOSITORY = None
|
||||
_PROJECT_REPOSITORY = None
|
||||
_PROJECT_CA_REPOSITORY = None
|
||||
_PROJECT_SECRET_REPOSITORY = None
|
||||
_SECRET_ACL_REPOSITORY = None
|
||||
_SECRET_META_REPOSITORY = None
|
||||
_SECRET_REPOSITORY = None
|
||||
@ -313,9 +312,6 @@ def delete_all_project_resources(project_id):
|
||||
kek_repo = get_kek_datum_repository()
|
||||
kek_repo.delete_project_entities(
|
||||
project_id, suppress_exception=False, session=session)
|
||||
project_secret_repo = get_project_secret_repository()
|
||||
project_secret_repo.delete_project_entities(
|
||||
project_id, suppress_exception=False, session=session)
|
||||
project_repo = get_project_repository()
|
||||
project_repo.delete_project_entities(
|
||||
project_id, suppress_exception=False, session=session)
|
||||
@ -610,59 +606,25 @@ class SecretRepo(BaseRepo):
|
||||
if secret_type:
|
||||
query = query.filter(models.Secret.secret_type == secret_type)
|
||||
|
||||
query_projects, query_old_project_assoc = (
|
||||
self._build_filter_secrets_by_project_queries(
|
||||
query, external_project_id))
|
||||
query = query.join(models.Project)
|
||||
query = query.filter(models.Project.external_id == external_project_id)
|
||||
|
||||
total, entities = self._page_old_and_new_secret_project_assocs(
|
||||
query_projects, query_old_project_assoc, offset, limit)
|
||||
total = query.count()
|
||||
end_offset = offset + limit
|
||||
|
||||
LOG.debug('Retrieving from %s to %s', offset, end_offset)
|
||||
|
||||
query = query.limit(limit).offset(offset)
|
||||
entities = query.all()
|
||||
|
||||
LOG.debug('Number entities retrieved: %s out of %s',
|
||||
len(entities), total)
|
||||
|
||||
if total <= 0 and not suppress_exception:
|
||||
_raise_no_entities_found(self._do_entity_name())
|
||||
|
||||
return entities, offset, limit, total
|
||||
|
||||
def _build_filter_secrets_by_project_queries(self, query, project_id):
|
||||
query_projects = query.filter(models.Secret.project_id == project_id)
|
||||
|
||||
query_old_project_assoc = query.join(models.ProjectSecret,
|
||||
models.Secret.project_assocs)
|
||||
query_old_project_assoc = query_old_project_assoc.join(
|
||||
models.Project, models.ProjectSecret.projects)
|
||||
query_old_project_assoc = query_old_project_assoc.filter(
|
||||
models.Project.external_id == project_id)
|
||||
|
||||
return query_projects, query_old_project_assoc
|
||||
|
||||
def _page_old_and_new_secret_project_assocs(
|
||||
self, query_projects, query_old_project_assoc, offset, limit):
|
||||
project_count = query_projects.count()
|
||||
old_project_count = query_old_project_assoc.count()
|
||||
|
||||
total = project_count + old_project_count
|
||||
end_offset = offset + limit
|
||||
LOG.debug('Retrieving from %s to %s', offset, end_offset)
|
||||
# Page over new-association secrets first, then old-association secrets
|
||||
if end_offset < project_count:
|
||||
query_project = query_projects.limit(limit).offset(offset)
|
||||
entities = query_project.all()
|
||||
elif offset >= project_count:
|
||||
query_old_project_assoc = (
|
||||
query_old_project_assoc.limit(limit).offset(
|
||||
offset - project_count))
|
||||
entities = query_old_project_assoc.all()
|
||||
else:
|
||||
query_project = query_projects.limit(limit).offset(offset)
|
||||
entities = query_project.all()
|
||||
query_old_project_assoc = query_old_project_assoc.limit(
|
||||
end_offset - project_count + 1).offset(0)
|
||||
entities.extend(query_old_project_assoc.all())
|
||||
|
||||
LOG.debug('Number entities retrieved: %s out of %s',
|
||||
len(entities), total)
|
||||
|
||||
return total, entities
|
||||
|
||||
def _do_entity_name(self):
|
||||
"""Sub-class hook: return entity name, such as for debugging."""
|
||||
return "Secret"
|
||||
@ -679,14 +641,9 @@ class SecretRepo(BaseRepo):
|
||||
query = session.query(models.Secret)
|
||||
query = query.filter_by(id=entity_id, deleted=False)
|
||||
query = query.filter(expiration_filter)
|
||||
query_projects, query_old_project_assoc = (
|
||||
self._build_filter_secrets_by_project_queries(
|
||||
query, external_project_id))
|
||||
|
||||
if query_projects.count() > 0:
|
||||
return query_projects
|
||||
else:
|
||||
return query_old_project_assoc
|
||||
query = query.join(models.Project)
|
||||
query = query.filter(models.Project.external_id == external_project_id)
|
||||
return query
|
||||
|
||||
def _do_validate(self, values):
|
||||
"""Sub-class hook: validate values."""
|
||||
@ -695,18 +652,11 @@ class SecretRepo(BaseRepo):
|
||||
def _build_get_project_entities_query(self, project_id, session):
|
||||
"""Builds query for retrieving Secrets associated with a given project
|
||||
|
||||
Discovery is done via a ProjectSecret association.
|
||||
|
||||
:param project_id: id of barbican project entity
|
||||
:param session: existing db session reference.
|
||||
"""
|
||||
query = session.query(models.Secret).filter_by(deleted=False)
|
||||
|
||||
query_projects, query_old_project_assoc = (
|
||||
self._build_filter_secrets_by_project_queries(
|
||||
query, project_id))
|
||||
|
||||
query = query_projects.union(query_old_project_assoc)
|
||||
query = query.filter(models.Secret.project_id == project_id)
|
||||
|
||||
return query
|
||||
|
||||
@ -877,31 +827,6 @@ class KEKDatumRepo(BaseRepo):
|
||||
project_id=project_id).filter_by(deleted=False)
|
||||
|
||||
|
||||
class ProjectSecretRepo(BaseRepo):
|
||||
"""Repository for the ProjectSecret entity."""
|
||||
|
||||
def _do_entity_name(self):
|
||||
"""Sub-class hook: return entity name, such as for debugging."""
|
||||
return "ProjectSecret"
|
||||
|
||||
def _do_build_get_query(self, entity_id, external_project_id, session):
|
||||
"""Sub-class hook: build a retrieve query."""
|
||||
return session.query(models.ProjectSecret).filter_by(id=entity_id)
|
||||
|
||||
def _do_validate(self, values):
|
||||
"""Sub-class hook: validate values."""
|
||||
pass
|
||||
|
||||
def _build_get_project_entities_query(self, project_id, session):
|
||||
"""Builds query for retrieving ProjectSecret related to given project.
|
||||
|
||||
:param project_id: id of barbican project entity
|
||||
:param session: existing db session reference.
|
||||
"""
|
||||
return session.query(models.ProjectSecret).filter_by(
|
||||
project_id=project_id).filter_by(deleted=False)
|
||||
|
||||
|
||||
class OrderRepo(BaseRepo):
|
||||
"""Repository for the Order entity."""
|
||||
|
||||
@ -1991,12 +1916,6 @@ def get_project_ca_repository():
|
||||
ProjectCertificateAuthorityRepo)
|
||||
|
||||
|
||||
def get_project_secret_repository():
|
||||
"""Returns a singleton ProjectSecret repository instance."""
|
||||
global _PROJECT_SECRET_REPOSITORY
|
||||
return _get_repository(_PROJECT_SECRET_REPOSITORY, ProjectSecretRepo)
|
||||
|
||||
|
||||
def get_secret_acl_repository():
|
||||
"""Returns a singleton Secret ACL repository instance."""
|
||||
global _SECRET_ACL_REPOSITORY
|
||||
|
||||
@ -345,14 +345,6 @@ def _save_secret_in_repo(secret_model, project_model):
|
||||
if not secret_model.id:
|
||||
secret_model.project_id = project_model.id
|
||||
secret_repo.create_from(secret_model)
|
||||
new_assoc = models.ProjectSecret()
|
||||
new_assoc.project_id = project_model.id
|
||||
new_assoc.secret_id = secret_model.id
|
||||
new_assoc.role = "admin"
|
||||
new_assoc.status = models.States.ACTIVE
|
||||
|
||||
project_secret_repo = repos.get_project_secret_repository()
|
||||
project_secret_repo.create_from(new_assoc)
|
||||
else:
|
||||
secret_repo.save(secret_model)
|
||||
|
||||
|
||||
@ -304,18 +304,11 @@ def _store_secret_and_datum(
|
||||
if not secret_model.id:
|
||||
secret_model.project_id = context.project_model.id
|
||||
repositories.get_secret_repository().create_from(secret_model)
|
||||
new_assoc = models.ProjectSecret()
|
||||
new_assoc.project_id = context.project_model.id
|
||||
new_assoc.secret_id = secret_model.id
|
||||
new_assoc.role = "admin"
|
||||
new_assoc.status = models.States.ACTIVE
|
||||
repositories.get_project_secret_repository().create_from(new_assoc)
|
||||
|
||||
# setup and store encrypted datum
|
||||
datum_model = models.EncryptedDatum(secret_model, kek_datum_model)
|
||||
datum_model.content_type = context.content_type
|
||||
datum_model.cypher_text = (
|
||||
base64.b64encode(generated_dto.cypher_text))
|
||||
datum_model.cypher_text = base64.b64encode(generated_dto.cypher_text)
|
||||
datum_model.kek_meta_extended = generated_dto.kek_meta_extended
|
||||
datum_model.secret_id = secret_model.id
|
||||
repositories.get_encrypted_datum_repository().create_from(
|
||||
|
||||
@ -236,11 +236,6 @@ class BaseSecretsResource(FunctionalTest):
|
||||
self.secret_repo.create_from.return_value = self.secret
|
||||
self.setup_secret_repository_mock(self.secret_repo)
|
||||
|
||||
# Set up mocked project-secret repo
|
||||
self.project_secret_repo = mock.MagicMock()
|
||||
self.project_secret_repo.create_from.return_value = None
|
||||
self.setup_project_secret_repository_mock(self.project_secret_repo)
|
||||
|
||||
# Set up mocked encrypted datum repo
|
||||
self.datum_repo = mock.MagicMock()
|
||||
self.datum_repo.create_from.return_value = None
|
||||
@ -327,9 +322,8 @@ class WhenGettingPuttingOrDeletingSecretUsingSecretResource(FunctionalTest):
|
||||
content_type=self.datum.content_type)
|
||||
|
||||
self.secret.secret_acls = []
|
||||
self.secret.project_assocs = [mock.MagicMock()]
|
||||
secret_project = self.secret.project_assocs[0].projects
|
||||
secret_project.external_id = self.external_project_id
|
||||
self.secret.project = mock.MagicMock()
|
||||
self.secret.project.external_id = self.external_project_id
|
||||
|
||||
# Set up mocked project
|
||||
self.project = models.Project()
|
||||
@ -350,9 +344,6 @@ class WhenGettingPuttingOrDeletingSecretUsingSecretResource(FunctionalTest):
|
||||
self.secret_repo.delete_entity_by_id = mock.Mock(return_value=None)
|
||||
self.setup_secret_repository_mock(self.secret_repo)
|
||||
|
||||
# Set up mocked project-secret repo
|
||||
self.setup_project_secret_repository_mock()
|
||||
|
||||
# Set up mocked encrypted datum repo
|
||||
self.datum_repo = mock.MagicMock()
|
||||
self.datum_repo.create_from.return_value = None
|
||||
|
||||
@ -256,7 +256,6 @@ class WhenTestingSecretsResource(BaseTestCase):
|
||||
self.setup_encrypted_datum_repository_mock()
|
||||
self.setup_kek_datum_repository_mock()
|
||||
self.setup_project_repository_mock()
|
||||
self.setup_project_secret_repository_mock()
|
||||
self.setup_secret_meta_repository_mock()
|
||||
self.setup_transport_key_repository_mock()
|
||||
|
||||
@ -323,8 +322,7 @@ class WhenTestingSecretResource(BaseTestCase):
|
||||
self.acl_list = [acl_read]
|
||||
secret = mock.MagicMock()
|
||||
secret.secret_acls.__iter__.return_value = self.acl_list
|
||||
secret.project_assocs[0].projects.external_id = (self.
|
||||
external_project_id)
|
||||
secret.project.external_id = self.external_project_id
|
||||
secret.creator_id = self.creator_user_id
|
||||
|
||||
self.resource = SecretResource(secret)
|
||||
|
||||
@ -49,7 +49,6 @@ class WhenTestingSecretACLRepository(database_utils.RepositoryTestCase,
|
||||
# Setup the secret and needed base relationship
|
||||
secret_repo = repositories.get_secret_repository()
|
||||
session = secret_repo.get_session()
|
||||
secret = secret_repo.create_from(models.Secret(), session=session)
|
||||
|
||||
if project_id is None: # don't re-create project if it created earlier
|
||||
project = models.Project()
|
||||
@ -57,10 +56,11 @@ class WhenTestingSecretACLRepository(database_utils.RepositoryTestCase,
|
||||
project.save(session=session)
|
||||
project_id = project.id
|
||||
|
||||
project_secret = models.ProjectSecret()
|
||||
project_secret.secret_id = secret.id
|
||||
project_secret.project_id = project_id
|
||||
project_secret.save(session=session)
|
||||
secret_model = models.Secret()
|
||||
secret_model.project_id = project_id
|
||||
secret = secret_repo.create_from(secret_model, session=session)
|
||||
|
||||
secret.save(session=session)
|
||||
|
||||
session.commit()
|
||||
return secret
|
||||
@ -226,8 +226,7 @@ class WhenTestingSecretACLRepository(database_utils.RepositoryTestCase,
|
||||
session)
|
||||
self.acl_repo.create_or_replace_from(secret1, acl1)
|
||||
|
||||
secret2 = self._create_base_secret(
|
||||
secret1.project_assocs[0].project_id)
|
||||
secret2 = self._create_base_secret(secret1.project.id)
|
||||
acl21 = self.acl_repo.create_from(models.SecretACL(secret2.id, 'read',
|
||||
None, ['u3', 'u4']),
|
||||
session)
|
||||
|
||||
@ -56,15 +56,13 @@ class WhenTestingSecretRepository(database_utils.RepositoryTestCase):
|
||||
def test_get_by_create_date(self):
|
||||
session = self.repo.get_session()
|
||||
|
||||
secret = self.repo.create_from(models.Secret(), session=session)
|
||||
project = models.Project()
|
||||
project.external_id = "my keystone id"
|
||||
project.save(session=session)
|
||||
|
||||
project_secret = models.ProjectSecret()
|
||||
project_secret.secret_id = secret.id
|
||||
project_secret.project_id = project.id
|
||||
project_secret.save(session=session)
|
||||
secret_model = models.Secret()
|
||||
secret_model.project_id = project.id
|
||||
secret = self.repo.create_from(secret_model, session=session)
|
||||
|
||||
session.commit()
|
||||
|
||||
@ -81,15 +79,14 @@ class WhenTestingSecretRepository(database_utils.RepositoryTestCase):
|
||||
def test_get_secret_by_id(self):
|
||||
session = self.repo.get_session()
|
||||
|
||||
secret = self.repo.create_from(models.Secret(), session=session)
|
||||
project = models.Project()
|
||||
project.external_id = "my keystone id"
|
||||
project.save(session=session)
|
||||
|
||||
project_secret = models.ProjectSecret()
|
||||
project_secret.secret_id = secret.id
|
||||
project_secret.project_id = project.id
|
||||
project_secret.save(session=session)
|
||||
secret_model = models.Secret()
|
||||
secret_model.project_id = project.id
|
||||
secret = self.repo.create_from(secret_model, session=session)
|
||||
|
||||
session.commit()
|
||||
|
||||
db_secret = self.repo.get_secret_by_id(secret.id)
|
||||
@ -104,31 +101,24 @@ class WhenTestingSecretRepository(database_utils.RepositoryTestCase):
|
||||
suppress_exception=True))
|
||||
|
||||
@utils.parameterized_dataset(dataset_for_filter_tests)
|
||||
def test_get_by_create_date_with_filter(
|
||||
self, secret_1_dict, secret_2_dict, query_dict):
|
||||
def test_get_by_create_date_with_filter(self, secret_1_dict, secret_2_dict,
|
||||
query_dict):
|
||||
session = self.repo.get_session()
|
||||
|
||||
secret1 = self.repo.create_from(
|
||||
models.Secret(secret_1_dict),
|
||||
session=session,
|
||||
)
|
||||
secret2 = self.repo.create_from(
|
||||
models.Secret(secret_2_dict),
|
||||
session=session,
|
||||
)
|
||||
project = models.Project()
|
||||
project.external_id = "my keystone id"
|
||||
project.save(session=session)
|
||||
|
||||
project_secret1 = models.ProjectSecret()
|
||||
project_secret1.secret_id = secret1.id
|
||||
project_secret1.project_id = project.id
|
||||
project_secret1.save(session=session)
|
||||
|
||||
project_secret2 = models.ProjectSecret()
|
||||
project_secret2.secret_id = secret2.id
|
||||
project_secret2.project_id = project.id
|
||||
project_secret2.save(session=session)
|
||||
secret_1_dict['project_id'] = project.id
|
||||
secret1 = self.repo.create_from(
|
||||
models.Secret(secret_1_dict),
|
||||
session=session,
|
||||
)
|
||||
secret_2_dict['project_id'] = project.id
|
||||
secret2 = self.repo.create_from(
|
||||
models.Secret(secret_2_dict),
|
||||
session=session,
|
||||
)
|
||||
|
||||
session.commit()
|
||||
|
||||
@ -137,8 +127,9 @@ class WhenTestingSecretRepository(database_utils.RepositoryTestCase):
|
||||
session=session,
|
||||
**query_dict
|
||||
)
|
||||
|
||||
self.assertEqual([s.id for s in secrets], [secret1.id])
|
||||
resulting_secret_ids = [s.id for s in secrets]
|
||||
self.assertIn(secret1.id, resulting_secret_ids)
|
||||
self.assertNotIn(secret2.id, resulting_secret_ids)
|
||||
self.assertEqual(offset, 0)
|
||||
self.assertEqual(limit, 10)
|
||||
self.assertEqual(total, 1)
|
||||
|
||||
@ -75,10 +75,6 @@ class WhenTestingPluginResource(testtools.TestCase,
|
||||
self.setup_container_secret_repository_mock(
|
||||
self.container_secret_repo)
|
||||
|
||||
self.project_secret_repo = mock.MagicMock()
|
||||
self.project_secret_repo.create_from.return_value = None
|
||||
self.setup_project_secret_repository_mock(self.project_secret_repo)
|
||||
|
||||
self.secret_meta_repo = mock.MagicMock()
|
||||
self.secret_meta_repo.create_from.return_value = None
|
||||
self.setup_secret_meta_repository_mock(self.secret_meta_repo)
|
||||
|
||||
@ -125,7 +125,6 @@ class TestSecretStoreBase(testtools.TestCase,
|
||||
|
||||
def init_patchers(self):
|
||||
self._config_get_secret_repository()
|
||||
self._config_get_project_secret_repository()
|
||||
self._config_get_encrypted_datum_repository()
|
||||
self._config_get_kek_datum_repository()
|
||||
|
||||
@ -140,12 +139,6 @@ class TestSecretStoreBase(testtools.TestCase,
|
||||
self.secret_repo.create_from.return_value = self.secret_model
|
||||
self.setup_secret_repository_mock(self.secret_repo)
|
||||
|
||||
def _config_get_project_secret_repository(self):
|
||||
"""Mock the get_project_secret_repository() factory function."""
|
||||
self.project_secret_repo = mock.MagicMock()
|
||||
self.project_secret_repo.create_from.return_value = None
|
||||
self.setup_project_secret_repository_mock(self.project_secret_repo)
|
||||
|
||||
def _config_get_encrypted_datum_repository(self):
|
||||
"""Mock the get_encrypted_datum_repository() factory function."""
|
||||
self.datum_repo = mock.MagicMock()
|
||||
@ -676,7 +669,6 @@ class WhenTestingStoreCryptoStoreSecretAndDatum(TestSecretStoreBase):
|
||||
|
||||
# Verify the repository interactions.
|
||||
self._verify_secret_repository_interactions()
|
||||
self._verify_project_secret_repository_interactions()
|
||||
self._verify_encrypted_datum_repository_interactions()
|
||||
|
||||
def test_with_existing_secret(self):
|
||||
@ -692,8 +684,6 @@ class WhenTestingStoreCryptoStoreSecretAndDatum(TestSecretStoreBase):
|
||||
# Verify **not** these repository interactions.
|
||||
self.assertEqual(
|
||||
self.secret_repo.create_from.call_count, 0)
|
||||
self.assertEqual(
|
||||
self.project_secret_repo.create_from.call_count, 0)
|
||||
|
||||
def _verify_secret_repository_interactions(self):
|
||||
"""Verify the secret repository interactions."""
|
||||
@ -703,19 +693,6 @@ class WhenTestingStoreCryptoStoreSecretAndDatum(TestSecretStoreBase):
|
||||
test_secret_model = args[0]
|
||||
self.assertEqual(self.secret_model, test_secret_model)
|
||||
|
||||
def _verify_project_secret_repository_interactions(self):
|
||||
"""Verify the project-secret repository interactions."""
|
||||
self.assertEqual(
|
||||
self.project_secret_repo.create_from.call_count, 1)
|
||||
args, kwargs = self.project_secret_repo.create_from.call_args
|
||||
test_project_secret_model = args[0]
|
||||
self.assertIsInstance(test_project_secret_model, models.ProjectSecret)
|
||||
self.assertEqual(
|
||||
self.context.project_model.id,
|
||||
test_project_secret_model.project_id)
|
||||
self.assertEqual(
|
||||
models.States.ACTIVE, test_project_secret_model.status)
|
||||
|
||||
def _verify_encrypted_datum_repository_interactions(self):
|
||||
"""Verify the encrypted datum repository interactions."""
|
||||
self.assertEqual(
|
||||
|
||||
@ -37,7 +37,6 @@ ca_repo = repositories.get_ca_repository()
|
||||
preferred_ca_repo = repositories.get_preferred_ca_repository()
|
||||
project_repo = repositories.get_project_repository()
|
||||
order_repo = repositories.get_order_repository()
|
||||
project_secret_repo = repositories.get_project_secret_repository()
|
||||
|
||||
|
||||
class WhenPerformingPrivateOperations(utils.BaseTestCase,
|
||||
@ -167,30 +166,23 @@ class BaseCertificateRequestsTestCase(utils.BaseTestCase):
|
||||
# data for stored key cases
|
||||
self.private_key = models.Secret()
|
||||
self.private_key.secret_type = 'PRIVATE'
|
||||
self.private_key.project_id = self.project.id
|
||||
secret_repo.create_from(self.private_key)
|
||||
|
||||
ps = models.ProjectSecret()
|
||||
ps.project_id = self.project.id
|
||||
ps.secret_id = self.private_key.id
|
||||
project_secret_repo.save(ps)
|
||||
|
||||
self.public_key = models.Secret()
|
||||
self.public_key.secret_type = 'PUBLIC'
|
||||
self.public_key.project_id = self.project.id
|
||||
secret_repo.create_from(self.public_key)
|
||||
|
||||
self.passphrase = models.Secret()
|
||||
self.passphrase.secret_type = 'PASSPHRASE'
|
||||
self.passphrase.project_id = self.project.id
|
||||
secret_repo.create_from(self.passphrase)
|
||||
|
||||
self.private_key_value = None
|
||||
self.public_key_value = "public_key"
|
||||
self.passphrase_value = None
|
||||
|
||||
ps = models.ProjectSecret()
|
||||
ps.project_id = self.project.id
|
||||
ps.secret_id = self.passphrase.id
|
||||
project_secret_repo.save(ps)
|
||||
|
||||
self.parsed_container_with_passphrase = {
|
||||
'name': 'container name',
|
||||
'type': 'rsa',
|
||||
|
||||
@ -72,7 +72,6 @@ class WhenUsingKeystoneEventConsumer(
|
||||
super(WhenUsingKeystoneEventConsumer, self).setUp()
|
||||
self.kek_repo = rep.get_kek_datum_repository()
|
||||
self.project_repo = rep.get_project_repository()
|
||||
self.project_secret_repo = rep.get_project_secret_repository()
|
||||
self.secret_meta_repo = rep.get_secret_meta_repository()
|
||||
self.secret_repo = rep.get_secret_repository()
|
||||
self.transport_key_repo = rep.get_transport_key_repository()
|
||||
@ -89,10 +88,6 @@ class WhenUsingKeystoneEventConsumer(
|
||||
self.assertEqual(1, len(db_secrets))
|
||||
self.assertEqual(secret.id, db_secrets[0].id)
|
||||
|
||||
db_project_secret = (
|
||||
self.project_secret_repo.get_project_entities(project2_id))
|
||||
self.assertEqual(1, len(db_project_secret))
|
||||
|
||||
db_kek = self.kek_repo.get_project_entities(project2_id)
|
||||
self.assertEqual(1, len(db_kek))
|
||||
|
||||
@ -245,11 +240,6 @@ class WhenUsingKeystoneEventConsumerProcessMethod(
|
||||
entity_id=secret_metadata_id)
|
||||
self.assertIsNotNone(db_secret_store_meta)
|
||||
|
||||
project_secret_repo = rep.get_project_secret_repository()
|
||||
db_project_secret = project_secret_repo.get_project_entities(
|
||||
project1_id)
|
||||
self.assertEqual(1, len(db_project_secret))
|
||||
|
||||
kek_repo = rep.get_kek_datum_repository()
|
||||
db_kek = kek_repo.get_project_entities(project1_id)
|
||||
self.assertEqual(1, len(db_kek))
|
||||
@ -272,11 +262,6 @@ class WhenUsingKeystoneEventConsumerProcessMethod(
|
||||
external_project_id=self.project_id1)
|
||||
self.assertIn(secret_id, str(ex))
|
||||
|
||||
# After project entities delete, make sure project_secret is not found
|
||||
entities = project_secret_repo.get_project_entities(
|
||||
project1_id)
|
||||
self.assertEqual(0, len(entities))
|
||||
|
||||
# After project entities delete, make sure kek data is not found
|
||||
entities = kek_repo.get_project_entities(project1_id)
|
||||
self.assertEqual(0, len(entities))
|
||||
@ -308,11 +293,6 @@ class WhenUsingKeystoneEventConsumerProcessMethod(
|
||||
self.assertEqual(1, len(db_secrets))
|
||||
self.assertEqual(secret.id, db_secrets[0].id)
|
||||
|
||||
project_secret_repo = rep.get_project_secret_repository()
|
||||
db_project_secret = project_secret_repo.get_project_entities(
|
||||
project1_id)
|
||||
self.assertEqual(1, len(db_project_secret))
|
||||
|
||||
kek_repo = rep.get_kek_datum_repository()
|
||||
db_kek = kek_repo.get_project_entities(project1_id)
|
||||
self.assertEqual(1, len(db_kek))
|
||||
@ -346,10 +326,6 @@ class WhenUsingKeystoneEventConsumerProcessMethod(
|
||||
self.assertEqual(1, len(db_secrets))
|
||||
self.assertEqual(secret_id, db_secrets[0].id)
|
||||
|
||||
db_project_secret = project_secret_repo.get_project_entities(
|
||||
project1_id)
|
||||
self.assertEqual(1, len(db_project_secret))
|
||||
|
||||
db_kek = kek_repo.get_project_entities(project1_id)
|
||||
self.assertEqual(1, len(db_kek))
|
||||
|
||||
|
||||
@ -67,10 +67,6 @@ class BaseOrderTestCase(utils.BaseTestCase, utils.MockModelRepositoryMixin):
|
||||
self.secret_repo.create_from.return_value = None
|
||||
self.setup_secret_repository_mock(self.secret_repo)
|
||||
|
||||
self.project_secret_repo = mock.MagicMock()
|
||||
self.project_secret_repo.create_from.return_value = None
|
||||
self.setup_project_secret_repository_mock(self.project_secret_repo)
|
||||
|
||||
self.datum_repo = mock.MagicMock()
|
||||
self.datum_repo.create_from.return_value = None
|
||||
self.setup_encrypted_datum_repository_mock(self.datum_repo)
|
||||
|
||||
@ -213,19 +213,6 @@ class MockModelRepositoryMixin(object):
|
||||
mock_repo_obj=mock_project_repo,
|
||||
patcher_obj=self.mock_project_repo_patcher)
|
||||
|
||||
def setup_project_secret_repository_mock(
|
||||
self, mock_project_secret_repo=mock.MagicMock()):
|
||||
"""Mocks the project-secret repository factory function
|
||||
|
||||
:param mock_project_secret_repo: The pre-configured mock project-secret
|
||||
repo to be returned.
|
||||
"""
|
||||
self.mock_project_secret_repo_patcher = None
|
||||
self._setup_repository_mock(
|
||||
repo_factory='get_project_secret_repository',
|
||||
mock_repo_obj=mock_project_secret_repo,
|
||||
patcher_obj=self.mock_project_secret_repo_patcher)
|
||||
|
||||
def setup_secret_meta_repository_mock(
|
||||
self, mock_secret_meta_repo=mock.MagicMock()):
|
||||
"""Mocks the secret-meta repository factory function
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user