Removes context "validation".
The Vault backend doesn't really care about context. Even an empty string would suffice these checks. Change-Id: I1c0d00675a479cf05d92cec7b69fd720a88023d3 Signed-off-by: Moisés Guimarães de Medeiros <moguimar@redhat.com>
This commit is contained in:
Moisés Guimarães de Medeiros
parent
fd01ccc0f5
commit
8e88919f02
@ -205,11 +205,6 @@ class VaultKeyManager(key_manager.KeyManager):
|
||||
expiration=None, name=None):
|
||||
"""Creates an asymmetric key pair."""
|
||||
|
||||
# Confirm context is provided, if not raise forbidden
|
||||
if not context:
|
||||
msg = _("User is not authorized to use key manager.")
|
||||
raise exception.Forbidden(msg)
|
||||
|
||||
if algorithm.lower() != 'rsa':
|
||||
raise NotImplementedError(
|
||||
"VaultKeyManager only implements rsa keys"
|
||||
@ -281,11 +276,6 @@ class VaultKeyManager(key_manager.KeyManager):
|
||||
def create_key(self, context, algorithm, length, name=None, **kwargs):
|
||||
"""Creates a symmetric key."""
|
||||
|
||||
# Confirm context is provided, if not raise forbidden
|
||||
if not context:
|
||||
msg = _("User is not authorized to use key manager.")
|
||||
raise exception.Forbidden(msg)
|
||||
|
||||
if length % 8:
|
||||
msg = _("Length must be multiple of 8.")
|
||||
raise ValueError(msg)
|
||||
@ -303,22 +293,12 @@ class VaultKeyManager(key_manager.KeyManager):
|
||||
def store(self, context, key_value, **kwargs):
|
||||
"""Stores (i.e., registers) a key with the key manager."""
|
||||
|
||||
# Confirm context is provided, if not raise forbidden
|
||||
if not context:
|
||||
msg = _("User is not authorized to use key manager.")
|
||||
raise exception.Forbidden(msg)
|
||||
|
||||
key_id = uuid.uuid4().hex
|
||||
return self._store_key_value(key_id, key_value)
|
||||
|
||||
def get(self, context, key_id, metadata_only=False):
|
||||
"""Retrieves the key identified by the specified id."""
|
||||
|
||||
# Confirm context is provided, if not raise forbidden
|
||||
if not context:
|
||||
msg = _("User is not authorized to use key manager.")
|
||||
raise exception.Forbidden(msg)
|
||||
|
||||
if not key_id:
|
||||
raise exception.KeyManagerError('key identifier not provided')
|
||||
|
||||
@ -359,11 +339,6 @@ class VaultKeyManager(key_manager.KeyManager):
|
||||
def delete(self, context, key_id):
|
||||
"""Represents deleting the key."""
|
||||
|
||||
# Confirm context is provided, if not raise forbidden
|
||||
if not context:
|
||||
msg = _("User is not authorized to use key manager.")
|
||||
raise exception.Forbidden(msg)
|
||||
|
||||
if not key_id:
|
||||
raise exception.KeyManagerError('key identifier not provided')
|
||||
|
||||
@ -376,11 +351,6 @@ class VaultKeyManager(key_manager.KeyManager):
|
||||
def list(self, context, object_type=None, metadata_only=False):
|
||||
"""Lists the managed objects given the criteria."""
|
||||
|
||||
# Confirm context is provided, if not raise forbidden
|
||||
if not context:
|
||||
msg = _("User is not authorized to use key manager.")
|
||||
raise exception.Forbidden(msg)
|
||||
|
||||
if object_type and object_type not in self._secret_type_dict:
|
||||
msg = _("Invalid secret type: %s") % object_type
|
||||
raise exception.KeyManagerError(reason=msg)
|
||||
|
||||
@ -77,6 +77,7 @@ class KeyManagerTestCase(object):
|
||||
def setUp(self):
|
||||
super(KeyManagerTestCase, self).setUp()
|
||||
self.key_mgr = self._create_key_manager()
|
||||
self.ctxt = None
|
||||
|
||||
def _get_valid_object_uuid(self, managed_object):
|
||||
object_uuid = self.key_mgr.store(self.ctxt, managed_object)
|
||||
|
||||
@ -15,12 +15,10 @@ Functional test cases for the Vault key manager.
|
||||
|
||||
Note: This requires local running instance of Vault.
|
||||
"""
|
||||
import abc
|
||||
import os
|
||||
import uuid
|
||||
|
||||
from oslo_config import cfg
|
||||
from oslo_context import context
|
||||
from oslo_utils import uuidutils
|
||||
from oslotest import base
|
||||
import requests
|
||||
@ -34,7 +32,8 @@ from castellan.tests.functional.key_manager import test_key_manager
|
||||
CONF = config.get_config()
|
||||
|
||||
|
||||
class VaultKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
|
||||
class VaultKeyManagerTestCase(test_key_manager.KeyManagerTestCase,
|
||||
base.BaseTestCase):
|
||||
def _create_key_manager(self):
|
||||
key_mgr = vault_key_manager.VaultKeyManager(cfg.CONF)
|
||||
|
||||
@ -46,26 +45,6 @@ class VaultKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
|
||||
key_mgr._vault_url = os.environ['VAULT_TEST_URL']
|
||||
return key_mgr
|
||||
|
||||
@abc.abstractmethod
|
||||
def get_context(self):
|
||||
"""Retrieves Context for Authentication"""
|
||||
return
|
||||
|
||||
def setUp(self):
|
||||
super(VaultKeyManagerTestCase, self).setUp()
|
||||
self.ctxt = self.get_context()
|
||||
|
||||
def tearDown(self):
|
||||
super(VaultKeyManagerTestCase, self).tearDown()
|
||||
|
||||
def test_create_null_context(self):
|
||||
self.assertRaises(exception.Forbidden,
|
||||
self.key_mgr.create_key, None, 'AES', 256)
|
||||
|
||||
def test_create_key_pair_null_context(self):
|
||||
self.assertRaises(exception.Forbidden,
|
||||
self.key_mgr.create_key_pair, None, 'RSA', 2048)
|
||||
|
||||
def test_create_key_pair_bad_algorithm(self):
|
||||
self.assertRaises(
|
||||
NotImplementedError,
|
||||
@ -73,24 +52,10 @@ class VaultKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
|
||||
self.ctxt, 'DSA', 2048
|
||||
)
|
||||
|
||||
def test_delete_null_context(self):
|
||||
key_uuid = self._get_valid_object_uuid(
|
||||
test_key_manager._get_test_symmetric_key())
|
||||
self.addCleanup(self.key_mgr.delete, self.ctxt, key_uuid)
|
||||
self.assertRaises(exception.Forbidden,
|
||||
self.key_mgr.delete, None, key_uuid)
|
||||
|
||||
def test_delete_null_object(self):
|
||||
self.assertRaises(exception.KeyManagerError,
|
||||
self.key_mgr.delete, self.ctxt, None)
|
||||
|
||||
def test_get_null_context(self):
|
||||
key_uuid = self._get_valid_object_uuid(
|
||||
test_key_manager._get_test_symmetric_key())
|
||||
self.addCleanup(self.key_mgr.delete, self.ctxt, key_uuid)
|
||||
self.assertRaises(exception.Forbidden,
|
||||
self.key_mgr.get, None, key_uuid)
|
||||
|
||||
def test_get_null_object(self):
|
||||
self.assertRaises(exception.KeyManagerError,
|
||||
self.key_mgr.get, self.ctxt, None)
|
||||
@ -100,18 +65,6 @@ class VaultKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
|
||||
self.assertRaises(exception.ManagedObjectNotFoundError,
|
||||
self.key_mgr.get, self.ctxt, bad_key_uuid)
|
||||
|
||||
def test_store_null_context(self):
|
||||
key = test_key_manager._get_test_symmetric_key()
|
||||
|
||||
self.assertRaises(exception.Forbidden,
|
||||
self.key_mgr.store, None, key)
|
||||
|
||||
|
||||
class VaultKeyManagerOSLOContextTestCase(VaultKeyManagerTestCase,
|
||||
base.BaseTestCase):
|
||||
def get_context(self):
|
||||
return context.get_admin_context()
|
||||
|
||||
|
||||
TEST_POLICY = '''
|
||||
path "{backend}/*" {{
|
||||
@ -128,7 +81,7 @@ POLICY_ENDPOINT = 'v1/sys/policy/{policy_name}'
|
||||
APPROLE_ENDPOINT = 'v1/auth/approle/role/{role_name}'
|
||||
|
||||
|
||||
class VaultKeyManagerAppRoleTestCase(VaultKeyManagerOSLOContextTestCase):
|
||||
class VaultKeyManagerAppRoleTestCase(VaultKeyManagerTestCase):
|
||||
|
||||
mountpoint = 'secret'
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user