Merge "Added secret_type to Secret model"

barbican/model/migration/alembic_migrations/versions/443d6f4a69ac_added_secret_type_column_to_secrets_.py

@@ -0,0 +1,23 @@
+"""added secret type column to secrets table
+
+Revision ID: 443d6f4a69ac
+Revises: aa2cf96a1d5
+Create Date: 2015-02-16 12:35:12.876413
+
+"""
+
+# revision identifiers, used by Alembic.
+revision = '443d6f4a69ac'
+down_revision = 'aa2cf96a1d5'
+
+from alembic import op
+import sqlalchemy as sa
+
+
+def upgrade():
+    op.add_column('secrets', sa.Column('secret_type', sa.String(length=255),
+                  nullable=False, server_default="opaque"))
+
+
+def downgrade():
+    op.drop_column('secrets', 'secret_type')

barbican/model/models.py

@@ -31,6 +31,7 @@ from barbican.common import utils
 from barbican import i18n as u
 from barbican.openstack.common import jsonutils as json
 from barbican.openstack.common import timeutils
+from barbican.plugin.interface import secret_store
 
 LOG = utils.getLogger(__name__)
 BASE = declarative.declarative_base()
@@ -282,6 +283,8 @@ class Secret(BASE, SoftDeleteMixIn, ModelBase):
     __tablename__ = 'secrets'
 
     name = sa.Column(sa.String(255))
+    secret_type = sa.Column(sa.String(255),
+                            server_default=secret_store.SecretType.OPAQUE)
     expiration = sa.Column(sa.DateTime, default=None)
     algorithm = sa.Column(sa.String(255))
     bit_length = sa.Column(sa.Integer)
@@ -307,6 +310,9 @@ class Secret(BASE, SoftDeleteMixIn, ModelBase):
 
         if parsed_request:
             self.name = parsed_request.get('name')
+            self.secret_type = parsed_request.get(
+                'secret_type',
+                secret_store.SecretType.OPAQUE)
             expiration = self._iso_to_datetime(parsed_request.get
                                                ('expiration'))
             self.expiration = expiration
@@ -337,6 +343,7 @@ class Secret(BASE, SoftDeleteMixIn, ModelBase):
         return {
             'secret_id': self.id,
             'name': self.name,
+            'secret_type': self.secret_type,
             'expiration': expiration,
             'algorithm': self.algorithm,
             'bit_length': self.bit_length,

barbican/model/repositories.py

@@ -625,7 +625,8 @@ class SecretRepo(BaseRepo):
 
     def get_by_create_date(self, external_project_id, offset_arg=None,
                            limit_arg=None, name=None, alg=None, mode=None,
-                           bits=0, suppress_exception=False, session=None):
+                           bits=0, secret_type=None, suppress_exception=False,
+                           session=None):
         """Returns a list of secrets
 
         The returned secrets are ordered by the date they were created at
@@ -655,6 +656,8 @@ class SecretRepo(BaseRepo):
             query = query.filter(models.Secret.mode.like(mode))
         if bits > 0:
             query = query.filter(models.Secret.bit_length == bits)
+        if secret_type:
+            query = query.filter(models.Secret.secret_type == secret_type)
 
         query = query.join(models.ProjectSecret,
                            models.Secret.project_assocs)

barbican/plugin/interface/secret_store.py

@@ -206,6 +206,17 @@ class SecretType(object):
     private key.
     """
     PRIVATE = "private"
+    """Constant to define the passphrase type. Used by getSecret to retrieve a
+    passphrase."""
+    PASSPHRASE = "passphrase"
+    """Constant to define the certificate type. Used by getSecret to retrieve a
+    certificate."""
+    CERTIFICATE = "certificate"
+    """Constant to define the opaque date type. Used by getSecret to retrieve
+    opaque data. Opaque data can be any kind of data. This data type signals to
+    Barbican to just store the information and do not worry about the format or
+    encoding. This is the default type if no type is specified by the user."""
+    OPAQUE = "opaque"
 
 
 class KeyAlgorithm(object):

barbican/tests/model/repositories/test_repositories_secrets.py

@@ -13,6 +13,7 @@
 from barbican.common import exception
 from barbican.model import models
 from barbican.model import repositories
+from barbican.plugin.interface import secret_store as ss
 from barbican.tests import database_utils
 from barbican.tests import utils
 
@@ -41,6 +42,11 @@ class WhenTestingSecretRepository(database_utils.RepositoryTestCase):
             'secret_2_dict': dict(bit_length=2048),
             'query_dict': dict(bits=1024)
         },
+        'query_by_secret_type': {
+            'secret_1_dict': dict(secret_type=ss.SecretType.SYMMETRIC),
+            'secret_2_dict': dict(secret_type=ss.SecretType.OPAQUE),
+            'query_dict': dict(secret_type=ss.SecretType.SYMMETRIC)
+        },
     }
 
     def setUp(self):

barbican/tests/model/test_models.py

@@ -17,6 +17,7 @@ import datetime
 
 from barbican.model import models
 from barbican.openstack.common import jsonutils as json
+from barbican.plugin.interface import secret_store
 from barbican.tests import utils
 
 
@@ -24,6 +25,7 @@ class WhenCreatingNewSecret(utils.BaseTestCase):
     def setUp(self):
         super(WhenCreatingNewSecret, self).setUp()
         self.parsed_secret = {'name': 'name',
+                              'secret_type': secret_store.SecretType.OPAQUE,
                               'algorithm': 'algorithm',
                               'bit_length': 512,
                               'mode': 'mode',
@@ -36,12 +38,21 @@ class WhenCreatingNewSecret(utils.BaseTestCase):
         self.parsed_secret['expiration'] = date_time
         secret = models.Secret(self.parsed_secret)
         self.assertEqual(secret.name, self.parsed_secret['name'])
+        self.assertEqual(secret.secret_type, self.parsed_secret['secret_type'])
         self.assertEqual(secret.algorithm, self.parsed_secret['algorithm'])
         self.assertEqual(secret.bit_length, self.parsed_secret['bit_length'])
         self.assertEqual(secret.mode, self.parsed_secret['mode'])
         self.assertIsInstance(secret.expiration, datetime.datetime)
         self.assertEqual(secret.created_at, secret.updated_at)
 
+    def test_new_secret_is_created_with_default_secret_type(self):
+        secret_spec = dict(self.parsed_secret)
+        date_time = datetime.datetime.now().isoformat()
+        secret_spec['expiration'] = date_time
+        del secret_spec['secret_type']
+        secret = models.Secret(secret_spec)
+        self.assertEqual(secret.secret_type, self.parsed_secret['secret_type'])
+
 
 class WhenCreatingNewOrder(utils.BaseTestCase):
     def setUp(self):

functionaltests/api/v1/models/secret_models.py

@@ -20,7 +20,7 @@ from functionaltests.api.v1.models.base_models import BaseModel
 class SecretModel(BaseModel):
 
     def __init__(self, name=None, expiration=None, algorithm=None,
-                 secret_ref=None, bit_length=None, mode=None,
+                 secret_ref=None, bit_length=None, mode=None, secret_type=None,
                  payload_content_type=None, payload=None, content_types=None,
                  payload_content_encoding=None, status=None, updated=None,
                  created=None):
@@ -31,6 +31,7 @@ class SecretModel(BaseModel):
         self.algorithm = algorithm
         self.bit_length = bit_length
         self.mode = mode
+        self.secret_type = secret_type
         self.payload_content_type = payload_content_type
         self.payload = payload
         self.content_types = content_types