From 910431319e715552622a02e8bc80c1d8ffd714d0 Mon Sep 17 00:00:00 2001 From: Juan Antonio Osorio Robles Date: Mon, 22 Jun 2015 21:15:46 +0300 Subject: [PATCH] Remove ProjectSecret table-related code This CR removes the code that was related to the ProjectSecret table, as well as the transitional code that was added while that was phased out. blueprint data-remove-tenant-secret-assoc Change-Id: I319026abe885f46d98d9039aa4d3ac7eed06d161 --- barbican/api/controllers/acls.py | 3 +- barbican/api/controllers/secrets.py | 4 +- ...1bece815014f_remove_projectsecret_table.py | 50 ++++++++ barbican/model/models.py | 26 +--- barbican/model/repositories.py | 113 +++--------------- barbican/plugin/resources.py | 8 -- barbican/plugin/store_crypto.py | 9 +- barbican/tests/api/test_resources.py | 13 +- barbican/tests/api/test_resources_policy.py | 4 +- .../repositories/test_repositories_acls.py | 13 +- .../repositories/test_repositories_secrets.py | 53 ++++---- barbican/tests/plugin/test_resource.py | 4 - barbican/tests/plugin/test_store_crypto.py | 23 ---- .../tests/tasks/test_certificate_resources.py | 14 +-- .../tests/tasks/test_keystone_consumer.py | 24 ---- barbican/tests/tasks/test_resources.py | 4 - barbican/tests/utils.py | 13 -- 17 files changed, 106 insertions(+), 272 deletions(-) create mode 100644 barbican/model/migration/alembic_migrations/versions/1bece815014f_remove_projectsecret_table.py diff --git a/barbican/api/controllers/acls.py b/barbican/api/controllers/acls.py index 48ba465dd..7dbeff410 100644 --- a/barbican/api/controllers/acls.py +++ b/barbican/api/controllers/acls.py @@ -49,8 +49,7 @@ class SecretACLsController(controllers.ACLMixin): def __init__(self, secret): self.secret = secret - self.secret_project_id = (self.secret.project_assocs[0]. - projects.external_id) + self.secret_project_id = self.secret.project.external_id self.acl_repo = repo.get_secret_acl_repository() self.validator = validators.ACLValidator() diff --git a/barbican/api/controllers/secrets.py b/barbican/api/controllers/secrets.py index 33b865409..edea90887 100644 --- a/barbican/api/controllers/secrets.py +++ b/barbican/api/controllers/secrets.py @@ -64,7 +64,7 @@ class SecretController(controllers.ACLMixin): def get_acl_tuple(self, req, **kwargs): d = self.get_acl_dict_for_user(req, self.secret.secret_acls) - d['project_id'] = self.secret.project_assocs[0].projects.external_id + d['project_id'] = self.secret.project.external_id d['creator_id'] = self.secret.creator_id return 'secret', d @@ -124,7 +124,7 @@ class SecretController(controllers.ACLMixin): # project associated with secret. The lookup project_id needs to be # derived from the secret's data considering authorization is already # done. - external_project_id = secret.project_assocs[0].projects.external_id + external_project_id = secret.project.external_id project = res.get_or_create_project(external_project_id) # default to application/octet-stream if there is no Accept header diff --git a/barbican/model/migration/alembic_migrations/versions/1bece815014f_remove_projectsecret_table.py b/barbican/model/migration/alembic_migrations/versions/1bece815014f_remove_projectsecret_table.py new file mode 100644 index 000000000..8f336052e --- /dev/null +++ b/barbican/model/migration/alembic_migrations/versions/1bece815014f_remove_projectsecret_table.py @@ -0,0 +1,50 @@ +"""remove ProjectSecret table + +Revision ID: 1bece815014f +Revises: 161f8aceb687 +Create Date: 2015-06-23 16:17:50.805295 + +""" + +# revision identifiers, used by Alembic. +revision = '1bece815014f' +down_revision = '161f8aceb687' + +from alembic import op +import sqlalchemy as sa +from sqlalchemy.dialects import postgresql + + +def upgrade(): + op.drop_table('project_secret') + + +def downgrade(): + op.create_table( + 'project_secret', + sa.Column('id', sa.VARCHAR(length=36), autoincrement=False, + nullable=False), + sa.Column('created_at', postgresql.TIMESTAMP(), autoincrement=False, + nullable=False), + sa.Column('updated_at', postgresql.TIMESTAMP(), autoincrement=False, + nullable=False), + sa.Column('deleted_at', postgresql.TIMESTAMP(), autoincrement=False, + nullable=True), + sa.Column('deleted', sa.BOOLEAN(), autoincrement=False, + nullable=False), + sa.Column('status', sa.VARCHAR(length=20), autoincrement=False, + nullable=False), + sa.Column('role', sa.VARCHAR(length=255), autoincrement=False, + nullable=True), + sa.Column('project_id', sa.VARCHAR(length=36), autoincrement=False, + nullable=False), + sa.Column('secret_id', sa.VARCHAR(length=36), autoincrement=False, + nullable=False), + sa.ForeignKeyConstraint(['project_id'], [u'projects.id'], + name=u'project_secret_project_fk'), + sa.ForeignKeyConstraint(['secret_id'], [u'secrets.id'], + name=u'project_secret_secret_fk'), + sa.PrimaryKeyConstraint('id', name=u'project_secret_pkey'), + sa.UniqueConstraint('project_id', 'secret_id', + name=u'_project_secret_uc') + ) diff --git a/barbican/model/models.py b/barbican/model/models.py index b0077083b..691aae97e 100644 --- a/barbican/model/models.py +++ b/barbican/model/models.py @@ -215,28 +215,6 @@ class SoftDeleteMixIn(object): self._do_delete_children(session) -class ProjectSecret(BASE, SoftDeleteMixIn, ModelBase): - """Represents an association between a Project and a Secret.""" - - __tablename__ = 'project_secret' - - role = sa.Column(sa.String(255)) - secret = orm.relationship("Secret", backref="project_assocs") - project_id = sa.Column( - sa.String(36), - sa.ForeignKey('projects.id', name='project_secret_project_fk'), - index=True, - nullable=False) - secret_id = sa.Column( - sa.String(36), - sa.ForeignKey('secrets.id', name='project_secret_secret_fk'), - index=True, - nullable=False) - - __table_args__ = (sa.UniqueConstraint( - 'project_id', 'secret_id', name='_project_secret_uc'),) - - class ContainerSecret(BASE, SoftDeleteMixIn, ModelBase): """Represents an association between a Container and a Secret.""" @@ -272,7 +250,6 @@ class Project(BASE, SoftDeleteMixIn, ModelBase): orders = orm.relationship("Order", backref="project") secrets = orm.relationship("Secret", backref="project") - old_secrets = orm.relationship("ProjectSecret", backref="projects") keks = orm.relationship("KEKDatum", backref="project") containers = orm.relationship("Container", backref="project") cas = orm.relationship("ProjectCertificateAuthority", backref="project") @@ -305,7 +282,7 @@ class Secret(BASE, SoftDeleteMixIn, ModelBase): sa.String(36), sa.ForeignKey('projects.id', name='secrets_project_fk'), index=True, - nullable=True) + nullable=False) # TODO(jwood): Performance - Consider avoiding full load of all # datum attributes here. This is only being done to support the @@ -337,6 +314,7 @@ class Secret(BASE, SoftDeleteMixIn, ModelBase): self.bit_length = parsed_request.get('bit_length') self.mode = parsed_request.get('mode') self.creator_id = parsed_request.get('creator_id') + self.project_id = parsed_request.get('project_id') self.status = States.ACTIVE diff --git a/barbican/model/repositories.py b/barbican/model/repositories.py index fcd0db392..e0d69a47b 100755 --- a/barbican/model/repositories.py +++ b/barbican/model/repositories.py @@ -61,7 +61,6 @@ _ORDER_RETRY_TASK_REPOSITORY = None _PREFERRED_CA_REPOSITORY = None _PROJECT_REPOSITORY = None _PROJECT_CA_REPOSITORY = None -_PROJECT_SECRET_REPOSITORY = None _SECRET_ACL_REPOSITORY = None _SECRET_META_REPOSITORY = None _SECRET_REPOSITORY = None @@ -313,9 +312,6 @@ def delete_all_project_resources(project_id): kek_repo = get_kek_datum_repository() kek_repo.delete_project_entities( project_id, suppress_exception=False, session=session) - project_secret_repo = get_project_secret_repository() - project_secret_repo.delete_project_entities( - project_id, suppress_exception=False, session=session) project_repo = get_project_repository() project_repo.delete_project_entities( project_id, suppress_exception=False, session=session) @@ -610,59 +606,25 @@ class SecretRepo(BaseRepo): if secret_type: query = query.filter(models.Secret.secret_type == secret_type) - query_projects, query_old_project_assoc = ( - self._build_filter_secrets_by_project_queries( - query, external_project_id)) + query = query.join(models.Project) + query = query.filter(models.Project.external_id == external_project_id) - total, entities = self._page_old_and_new_secret_project_assocs( - query_projects, query_old_project_assoc, offset, limit) + total = query.count() + end_offset = offset + limit + + LOG.debug('Retrieving from %s to %s', offset, end_offset) + + query = query.limit(limit).offset(offset) + entities = query.all() + + LOG.debug('Number entities retrieved: %s out of %s', + len(entities), total) if total <= 0 and not suppress_exception: _raise_no_entities_found(self._do_entity_name()) return entities, offset, limit, total - def _build_filter_secrets_by_project_queries(self, query, project_id): - query_projects = query.filter(models.Secret.project_id == project_id) - - query_old_project_assoc = query.join(models.ProjectSecret, - models.Secret.project_assocs) - query_old_project_assoc = query_old_project_assoc.join( - models.Project, models.ProjectSecret.projects) - query_old_project_assoc = query_old_project_assoc.filter( - models.Project.external_id == project_id) - - return query_projects, query_old_project_assoc - - def _page_old_and_new_secret_project_assocs( - self, query_projects, query_old_project_assoc, offset, limit): - project_count = query_projects.count() - old_project_count = query_old_project_assoc.count() - - total = project_count + old_project_count - end_offset = offset + limit - LOG.debug('Retrieving from %s to %s', offset, end_offset) - # Page over new-association secrets first, then old-association secrets - if end_offset < project_count: - query_project = query_projects.limit(limit).offset(offset) - entities = query_project.all() - elif offset >= project_count: - query_old_project_assoc = ( - query_old_project_assoc.limit(limit).offset( - offset - project_count)) - entities = query_old_project_assoc.all() - else: - query_project = query_projects.limit(limit).offset(offset) - entities = query_project.all() - query_old_project_assoc = query_old_project_assoc.limit( - end_offset - project_count + 1).offset(0) - entities.extend(query_old_project_assoc.all()) - - LOG.debug('Number entities retrieved: %s out of %s', - len(entities), total) - - return total, entities - def _do_entity_name(self): """Sub-class hook: return entity name, such as for debugging.""" return "Secret" @@ -679,14 +641,9 @@ class SecretRepo(BaseRepo): query = session.query(models.Secret) query = query.filter_by(id=entity_id, deleted=False) query = query.filter(expiration_filter) - query_projects, query_old_project_assoc = ( - self._build_filter_secrets_by_project_queries( - query, external_project_id)) - - if query_projects.count() > 0: - return query_projects - else: - return query_old_project_assoc + query = query.join(models.Project) + query = query.filter(models.Project.external_id == external_project_id) + return query def _do_validate(self, values): """Sub-class hook: validate values.""" @@ -695,18 +652,11 @@ class SecretRepo(BaseRepo): def _build_get_project_entities_query(self, project_id, session): """Builds query for retrieving Secrets associated with a given project - Discovery is done via a ProjectSecret association. - :param project_id: id of barbican project entity :param session: existing db session reference. """ query = session.query(models.Secret).filter_by(deleted=False) - - query_projects, query_old_project_assoc = ( - self._build_filter_secrets_by_project_queries( - query, project_id)) - - query = query_projects.union(query_old_project_assoc) + query = query.filter(models.Secret.project_id == project_id) return query @@ -877,31 +827,6 @@ class KEKDatumRepo(BaseRepo): project_id=project_id).filter_by(deleted=False) -class ProjectSecretRepo(BaseRepo): - """Repository for the ProjectSecret entity.""" - - def _do_entity_name(self): - """Sub-class hook: return entity name, such as for debugging.""" - return "ProjectSecret" - - def _do_build_get_query(self, entity_id, external_project_id, session): - """Sub-class hook: build a retrieve query.""" - return session.query(models.ProjectSecret).filter_by(id=entity_id) - - def _do_validate(self, values): - """Sub-class hook: validate values.""" - pass - - def _build_get_project_entities_query(self, project_id, session): - """Builds query for retrieving ProjectSecret related to given project. - - :param project_id: id of barbican project entity - :param session: existing db session reference. - """ - return session.query(models.ProjectSecret).filter_by( - project_id=project_id).filter_by(deleted=False) - - class OrderRepo(BaseRepo): """Repository for the Order entity.""" @@ -1991,12 +1916,6 @@ def get_project_ca_repository(): ProjectCertificateAuthorityRepo) -def get_project_secret_repository(): - """Returns a singleton ProjectSecret repository instance.""" - global _PROJECT_SECRET_REPOSITORY - return _get_repository(_PROJECT_SECRET_REPOSITORY, ProjectSecretRepo) - - def get_secret_acl_repository(): """Returns a singleton Secret ACL repository instance.""" global _SECRET_ACL_REPOSITORY diff --git a/barbican/plugin/resources.py b/barbican/plugin/resources.py index 8923133dc..195145ce2 100644 --- a/barbican/plugin/resources.py +++ b/barbican/plugin/resources.py @@ -345,14 +345,6 @@ def _save_secret_in_repo(secret_model, project_model): if not secret_model.id: secret_model.project_id = project_model.id secret_repo.create_from(secret_model) - new_assoc = models.ProjectSecret() - new_assoc.project_id = project_model.id - new_assoc.secret_id = secret_model.id - new_assoc.role = "admin" - new_assoc.status = models.States.ACTIVE - - project_secret_repo = repos.get_project_secret_repository() - project_secret_repo.create_from(new_assoc) else: secret_repo.save(secret_model) diff --git a/barbican/plugin/store_crypto.py b/barbican/plugin/store_crypto.py index 186b8c7b0..6528f6253 100644 --- a/barbican/plugin/store_crypto.py +++ b/barbican/plugin/store_crypto.py @@ -304,18 +304,11 @@ def _store_secret_and_datum( if not secret_model.id: secret_model.project_id = context.project_model.id repositories.get_secret_repository().create_from(secret_model) - new_assoc = models.ProjectSecret() - new_assoc.project_id = context.project_model.id - new_assoc.secret_id = secret_model.id - new_assoc.role = "admin" - new_assoc.status = models.States.ACTIVE - repositories.get_project_secret_repository().create_from(new_assoc) # setup and store encrypted datum datum_model = models.EncryptedDatum(secret_model, kek_datum_model) datum_model.content_type = context.content_type - datum_model.cypher_text = ( - base64.b64encode(generated_dto.cypher_text)) + datum_model.cypher_text = base64.b64encode(generated_dto.cypher_text) datum_model.kek_meta_extended = generated_dto.kek_meta_extended datum_model.secret_id = secret_model.id repositories.get_encrypted_datum_repository().create_from( diff --git a/barbican/tests/api/test_resources.py b/barbican/tests/api/test_resources.py index 7986c8c17..b318f8cc9 100644 --- a/barbican/tests/api/test_resources.py +++ b/barbican/tests/api/test_resources.py @@ -236,11 +236,6 @@ class BaseSecretsResource(FunctionalTest): self.secret_repo.create_from.return_value = self.secret self.setup_secret_repository_mock(self.secret_repo) - # Set up mocked project-secret repo - self.project_secret_repo = mock.MagicMock() - self.project_secret_repo.create_from.return_value = None - self.setup_project_secret_repository_mock(self.project_secret_repo) - # Set up mocked encrypted datum repo self.datum_repo = mock.MagicMock() self.datum_repo.create_from.return_value = None @@ -327,9 +322,8 @@ class WhenGettingPuttingOrDeletingSecretUsingSecretResource(FunctionalTest): content_type=self.datum.content_type) self.secret.secret_acls = [] - self.secret.project_assocs = [mock.MagicMock()] - secret_project = self.secret.project_assocs[0].projects - secret_project.external_id = self.external_project_id + self.secret.project = mock.MagicMock() + self.secret.project.external_id = self.external_project_id # Set up mocked project self.project = models.Project() @@ -350,9 +344,6 @@ class WhenGettingPuttingOrDeletingSecretUsingSecretResource(FunctionalTest): self.secret_repo.delete_entity_by_id = mock.Mock(return_value=None) self.setup_secret_repository_mock(self.secret_repo) - # Set up mocked project-secret repo - self.setup_project_secret_repository_mock() - # Set up mocked encrypted datum repo self.datum_repo = mock.MagicMock() self.datum_repo.create_from.return_value = None diff --git a/barbican/tests/api/test_resources_policy.py b/barbican/tests/api/test_resources_policy.py index 053e7db2e..4391392a0 100644 --- a/barbican/tests/api/test_resources_policy.py +++ b/barbican/tests/api/test_resources_policy.py @@ -256,7 +256,6 @@ class WhenTestingSecretsResource(BaseTestCase): self.setup_encrypted_datum_repository_mock() self.setup_kek_datum_repository_mock() self.setup_project_repository_mock() - self.setup_project_secret_repository_mock() self.setup_secret_meta_repository_mock() self.setup_transport_key_repository_mock() @@ -323,8 +322,7 @@ class WhenTestingSecretResource(BaseTestCase): self.acl_list = [acl_read] secret = mock.MagicMock() secret.secret_acls.__iter__.return_value = self.acl_list - secret.project_assocs[0].projects.external_id = (self. - external_project_id) + secret.project.external_id = self.external_project_id secret.creator_id = self.creator_user_id self.resource = SecretResource(secret) diff --git a/barbican/tests/model/repositories/test_repositories_acls.py b/barbican/tests/model/repositories/test_repositories_acls.py index 535f8e245..002e75af2 100644 --- a/barbican/tests/model/repositories/test_repositories_acls.py +++ b/barbican/tests/model/repositories/test_repositories_acls.py @@ -49,7 +49,6 @@ class WhenTestingSecretACLRepository(database_utils.RepositoryTestCase, # Setup the secret and needed base relationship secret_repo = repositories.get_secret_repository() session = secret_repo.get_session() - secret = secret_repo.create_from(models.Secret(), session=session) if project_id is None: # don't re-create project if it created earlier project = models.Project() @@ -57,10 +56,11 @@ class WhenTestingSecretACLRepository(database_utils.RepositoryTestCase, project.save(session=session) project_id = project.id - project_secret = models.ProjectSecret() - project_secret.secret_id = secret.id - project_secret.project_id = project_id - project_secret.save(session=session) + secret_model = models.Secret() + secret_model.project_id = project_id + secret = secret_repo.create_from(secret_model, session=session) + + secret.save(session=session) session.commit() return secret @@ -226,8 +226,7 @@ class WhenTestingSecretACLRepository(database_utils.RepositoryTestCase, session) self.acl_repo.create_or_replace_from(secret1, acl1) - secret2 = self._create_base_secret( - secret1.project_assocs[0].project_id) + secret2 = self._create_base_secret(secret1.project.id) acl21 = self.acl_repo.create_from(models.SecretACL(secret2.id, 'read', None, ['u3', 'u4']), session) diff --git a/barbican/tests/model/repositories/test_repositories_secrets.py b/barbican/tests/model/repositories/test_repositories_secrets.py index b30b15fc1..bb9af23ff 100644 --- a/barbican/tests/model/repositories/test_repositories_secrets.py +++ b/barbican/tests/model/repositories/test_repositories_secrets.py @@ -56,15 +56,13 @@ class WhenTestingSecretRepository(database_utils.RepositoryTestCase): def test_get_by_create_date(self): session = self.repo.get_session() - secret = self.repo.create_from(models.Secret(), session=session) project = models.Project() project.external_id = "my keystone id" project.save(session=session) - project_secret = models.ProjectSecret() - project_secret.secret_id = secret.id - project_secret.project_id = project.id - project_secret.save(session=session) + secret_model = models.Secret() + secret_model.project_id = project.id + secret = self.repo.create_from(secret_model, session=session) session.commit() @@ -81,15 +79,14 @@ class WhenTestingSecretRepository(database_utils.RepositoryTestCase): def test_get_secret_by_id(self): session = self.repo.get_session() - secret = self.repo.create_from(models.Secret(), session=session) project = models.Project() project.external_id = "my keystone id" project.save(session=session) - project_secret = models.ProjectSecret() - project_secret.secret_id = secret.id - project_secret.project_id = project.id - project_secret.save(session=session) + secret_model = models.Secret() + secret_model.project_id = project.id + secret = self.repo.create_from(secret_model, session=session) + session.commit() db_secret = self.repo.get_secret_by_id(secret.id) @@ -104,31 +101,24 @@ class WhenTestingSecretRepository(database_utils.RepositoryTestCase): suppress_exception=True)) @utils.parameterized_dataset(dataset_for_filter_tests) - def test_get_by_create_date_with_filter( - self, secret_1_dict, secret_2_dict, query_dict): + def test_get_by_create_date_with_filter(self, secret_1_dict, secret_2_dict, + query_dict): session = self.repo.get_session() - secret1 = self.repo.create_from( - models.Secret(secret_1_dict), - session=session, - ) - secret2 = self.repo.create_from( - models.Secret(secret_2_dict), - session=session, - ) project = models.Project() project.external_id = "my keystone id" project.save(session=session) - project_secret1 = models.ProjectSecret() - project_secret1.secret_id = secret1.id - project_secret1.project_id = project.id - project_secret1.save(session=session) - - project_secret2 = models.ProjectSecret() - project_secret2.secret_id = secret2.id - project_secret2.project_id = project.id - project_secret2.save(session=session) + secret_1_dict['project_id'] = project.id + secret1 = self.repo.create_from( + models.Secret(secret_1_dict), + session=session, + ) + secret_2_dict['project_id'] = project.id + secret2 = self.repo.create_from( + models.Secret(secret_2_dict), + session=session, + ) session.commit() @@ -137,8 +127,9 @@ class WhenTestingSecretRepository(database_utils.RepositoryTestCase): session=session, **query_dict ) - - self.assertEqual([s.id for s in secrets], [secret1.id]) + resulting_secret_ids = [s.id for s in secrets] + self.assertIn(secret1.id, resulting_secret_ids) + self.assertNotIn(secret2.id, resulting_secret_ids) self.assertEqual(offset, 0) self.assertEqual(limit, 10) self.assertEqual(total, 1) diff --git a/barbican/tests/plugin/test_resource.py b/barbican/tests/plugin/test_resource.py index f8cd4cadf..2a7fdf80c 100644 --- a/barbican/tests/plugin/test_resource.py +++ b/barbican/tests/plugin/test_resource.py @@ -75,10 +75,6 @@ class WhenTestingPluginResource(testtools.TestCase, self.setup_container_secret_repository_mock( self.container_secret_repo) - self.project_secret_repo = mock.MagicMock() - self.project_secret_repo.create_from.return_value = None - self.setup_project_secret_repository_mock(self.project_secret_repo) - self.secret_meta_repo = mock.MagicMock() self.secret_meta_repo.create_from.return_value = None self.setup_secret_meta_repository_mock(self.secret_meta_repo) diff --git a/barbican/tests/plugin/test_store_crypto.py b/barbican/tests/plugin/test_store_crypto.py index a5ba26118..dd4a2f453 100644 --- a/barbican/tests/plugin/test_store_crypto.py +++ b/barbican/tests/plugin/test_store_crypto.py @@ -125,7 +125,6 @@ class TestSecretStoreBase(testtools.TestCase, def init_patchers(self): self._config_get_secret_repository() - self._config_get_project_secret_repository() self._config_get_encrypted_datum_repository() self._config_get_kek_datum_repository() @@ -140,12 +139,6 @@ class TestSecretStoreBase(testtools.TestCase, self.secret_repo.create_from.return_value = self.secret_model self.setup_secret_repository_mock(self.secret_repo) - def _config_get_project_secret_repository(self): - """Mock the get_project_secret_repository() factory function.""" - self.project_secret_repo = mock.MagicMock() - self.project_secret_repo.create_from.return_value = None - self.setup_project_secret_repository_mock(self.project_secret_repo) - def _config_get_encrypted_datum_repository(self): """Mock the get_encrypted_datum_repository() factory function.""" self.datum_repo = mock.MagicMock() @@ -676,7 +669,6 @@ class WhenTestingStoreCryptoStoreSecretAndDatum(TestSecretStoreBase): # Verify the repository interactions. self._verify_secret_repository_interactions() - self._verify_project_secret_repository_interactions() self._verify_encrypted_datum_repository_interactions() def test_with_existing_secret(self): @@ -692,8 +684,6 @@ class WhenTestingStoreCryptoStoreSecretAndDatum(TestSecretStoreBase): # Verify **not** these repository interactions. self.assertEqual( self.secret_repo.create_from.call_count, 0) - self.assertEqual( - self.project_secret_repo.create_from.call_count, 0) def _verify_secret_repository_interactions(self): """Verify the secret repository interactions.""" @@ -703,19 +693,6 @@ class WhenTestingStoreCryptoStoreSecretAndDatum(TestSecretStoreBase): test_secret_model = args[0] self.assertEqual(self.secret_model, test_secret_model) - def _verify_project_secret_repository_interactions(self): - """Verify the project-secret repository interactions.""" - self.assertEqual( - self.project_secret_repo.create_from.call_count, 1) - args, kwargs = self.project_secret_repo.create_from.call_args - test_project_secret_model = args[0] - self.assertIsInstance(test_project_secret_model, models.ProjectSecret) - self.assertEqual( - self.context.project_model.id, - test_project_secret_model.project_id) - self.assertEqual( - models.States.ACTIVE, test_project_secret_model.status) - def _verify_encrypted_datum_repository_interactions(self): """Verify the encrypted datum repository interactions.""" self.assertEqual( diff --git a/barbican/tests/tasks/test_certificate_resources.py b/barbican/tests/tasks/test_certificate_resources.py index 68c3c4b33..3a626edbb 100644 --- a/barbican/tests/tasks/test_certificate_resources.py +++ b/barbican/tests/tasks/test_certificate_resources.py @@ -37,7 +37,6 @@ ca_repo = repositories.get_ca_repository() preferred_ca_repo = repositories.get_preferred_ca_repository() project_repo = repositories.get_project_repository() order_repo = repositories.get_order_repository() -project_secret_repo = repositories.get_project_secret_repository() class WhenPerformingPrivateOperations(utils.BaseTestCase, @@ -167,30 +166,23 @@ class BaseCertificateRequestsTestCase(utils.BaseTestCase): # data for stored key cases self.private_key = models.Secret() self.private_key.secret_type = 'PRIVATE' + self.private_key.project_id = self.project.id secret_repo.create_from(self.private_key) - ps = models.ProjectSecret() - ps.project_id = self.project.id - ps.secret_id = self.private_key.id - project_secret_repo.save(ps) - self.public_key = models.Secret() self.public_key.secret_type = 'PUBLIC' + self.public_key.project_id = self.project.id secret_repo.create_from(self.public_key) self.passphrase = models.Secret() self.passphrase.secret_type = 'PASSPHRASE' + self.passphrase.project_id = self.project.id secret_repo.create_from(self.passphrase) self.private_key_value = None self.public_key_value = "public_key" self.passphrase_value = None - ps = models.ProjectSecret() - ps.project_id = self.project.id - ps.secret_id = self.passphrase.id - project_secret_repo.save(ps) - self.parsed_container_with_passphrase = { 'name': 'container name', 'type': 'rsa', diff --git a/barbican/tests/tasks/test_keystone_consumer.py b/barbican/tests/tasks/test_keystone_consumer.py index 90f4a2bed..f39234248 100644 --- a/barbican/tests/tasks/test_keystone_consumer.py +++ b/barbican/tests/tasks/test_keystone_consumer.py @@ -72,7 +72,6 @@ class WhenUsingKeystoneEventConsumer( super(WhenUsingKeystoneEventConsumer, self).setUp() self.kek_repo = rep.get_kek_datum_repository() self.project_repo = rep.get_project_repository() - self.project_secret_repo = rep.get_project_secret_repository() self.secret_meta_repo = rep.get_secret_meta_repository() self.secret_repo = rep.get_secret_repository() self.transport_key_repo = rep.get_transport_key_repository() @@ -89,10 +88,6 @@ class WhenUsingKeystoneEventConsumer( self.assertEqual(1, len(db_secrets)) self.assertEqual(secret.id, db_secrets[0].id) - db_project_secret = ( - self.project_secret_repo.get_project_entities(project2_id)) - self.assertEqual(1, len(db_project_secret)) - db_kek = self.kek_repo.get_project_entities(project2_id) self.assertEqual(1, len(db_kek)) @@ -245,11 +240,6 @@ class WhenUsingKeystoneEventConsumerProcessMethod( entity_id=secret_metadata_id) self.assertIsNotNone(db_secret_store_meta) - project_secret_repo = rep.get_project_secret_repository() - db_project_secret = project_secret_repo.get_project_entities( - project1_id) - self.assertEqual(1, len(db_project_secret)) - kek_repo = rep.get_kek_datum_repository() db_kek = kek_repo.get_project_entities(project1_id) self.assertEqual(1, len(db_kek)) @@ -272,11 +262,6 @@ class WhenUsingKeystoneEventConsumerProcessMethod( external_project_id=self.project_id1) self.assertIn(secret_id, str(ex)) - # After project entities delete, make sure project_secret is not found - entities = project_secret_repo.get_project_entities( - project1_id) - self.assertEqual(0, len(entities)) - # After project entities delete, make sure kek data is not found entities = kek_repo.get_project_entities(project1_id) self.assertEqual(0, len(entities)) @@ -308,11 +293,6 @@ class WhenUsingKeystoneEventConsumerProcessMethod( self.assertEqual(1, len(db_secrets)) self.assertEqual(secret.id, db_secrets[0].id) - project_secret_repo = rep.get_project_secret_repository() - db_project_secret = project_secret_repo.get_project_entities( - project1_id) - self.assertEqual(1, len(db_project_secret)) - kek_repo = rep.get_kek_datum_repository() db_kek = kek_repo.get_project_entities(project1_id) self.assertEqual(1, len(db_kek)) @@ -346,10 +326,6 @@ class WhenUsingKeystoneEventConsumerProcessMethod( self.assertEqual(1, len(db_secrets)) self.assertEqual(secret_id, db_secrets[0].id) - db_project_secret = project_secret_repo.get_project_entities( - project1_id) - self.assertEqual(1, len(db_project_secret)) - db_kek = kek_repo.get_project_entities(project1_id) self.assertEqual(1, len(db_kek)) diff --git a/barbican/tests/tasks/test_resources.py b/barbican/tests/tasks/test_resources.py index 61c8f1a3b..df42339b5 100644 --- a/barbican/tests/tasks/test_resources.py +++ b/barbican/tests/tasks/test_resources.py @@ -67,10 +67,6 @@ class BaseOrderTestCase(utils.BaseTestCase, utils.MockModelRepositoryMixin): self.secret_repo.create_from.return_value = None self.setup_secret_repository_mock(self.secret_repo) - self.project_secret_repo = mock.MagicMock() - self.project_secret_repo.create_from.return_value = None - self.setup_project_secret_repository_mock(self.project_secret_repo) - self.datum_repo = mock.MagicMock() self.datum_repo.create_from.return_value = None self.setup_encrypted_datum_repository_mock(self.datum_repo) diff --git a/barbican/tests/utils.py b/barbican/tests/utils.py index d6766832d..c9bbac0d0 100644 --- a/barbican/tests/utils.py +++ b/barbican/tests/utils.py @@ -213,19 +213,6 @@ class MockModelRepositoryMixin(object): mock_repo_obj=mock_project_repo, patcher_obj=self.mock_project_repo_patcher) - def setup_project_secret_repository_mock( - self, mock_project_secret_repo=mock.MagicMock()): - """Mocks the project-secret repository factory function - - :param mock_project_secret_repo: The pre-configured mock project-secret - repo to be returned. - """ - self.mock_project_secret_repo_patcher = None - self._setup_repository_mock( - repo_factory='get_project_secret_repository', - mock_repo_obj=mock_project_secret_repo, - patcher_obj=self.mock_project_secret_repo_patcher) - def setup_secret_meta_repository_mock( self, mock_secret_meta_repo=mock.MagicMock()): """Mocks the secret-meta repository factory function