commit 28652f5ebf109f54e255a5081288d4a8a10182b0
author dane-fichter <dane.fichter@jhuapl.edu> Wed Jan 11 12:38:28 2017 -0800
committer dane-fichter <dane.fichter@jhuapl.edu> Wed Jan 11 13:10:07 2017 -0800
tree 9343002118cd03ef661b93202fa6e71b99444a55
parent 7be3f7e13c83abd5fcd53eb4d19a09f76881b61f

Fill in remaining Secrets API and tests

This change adds all remaining methods of Barbican's
Secrets API resource to the Tempest plugin and
adds API tests for these methods.

Change-Id: Ia653de1221648ff5f028ebc22add423d0b7c2fe5
Depends-On: I930455c6ae1e1127706480f24c0ea46f5cc81e85
Implements: bp tempest-plugin

barbican_tempest_plugin/services/key_manager/json/secret_client.py

diff --git a/barbican_tempest_plugin/services/key_manager/json/secret_client.py b/barbican_tempest_plugin/services/key_manager/json/secret_client.py
index 36a2c08..0402eef 100644
--- a/barbican_tempest_plugin/services/key_manager/json/secret_client.py
+++ b/barbican_tempest_plugin/services/key_manager/json/secret_client.py
@@ -38,3 +38,43 @@
         resp, body = self.delete("v1/secrets/%s" % secret_id)
         self.expected_success(204, resp.status)
         return body
+
+    def list_secrets(self, **kwargs):
+        uri = "v1/secrets"
+        if kwargs is not None:
+            uri = '{base}?'.format(base=uri)
+
+            for key in kwargs.keys():
+                uri = '{base}&{name}={value}'.format(
+                    base=uri,
+                    name=key,
+                    value=kwargs[key]
+                )
+        resp, body = self.get(uri)
+        self.expected_success(200, resp.status)
+        return self._parse_resp(body)
+
+    def get_secret_metadata(self, secret_id):
+        resp, body = self.get("v1/secrets/%s" % secret_id)
+        self.expected_success(200, resp.status)
+        return self._parse_resp(body)
+
+    def get_secret_payload(self, secret_id):
+        content_headers = {
+            "Accept": "application/octet-stream"
+        }
+        resp, body = self.get("v1/secrets/%s/payload" % secret_id,
+                              headers=content_headers)
+        self.expected_success(200, resp.status)
+        return self._parse_resp(body)
+
+    def put_secret_payload(self, secret_id, payload):
+        content_headers = {
+            "Content-Type": "application/octet-stream",
+            "Content-Encoding": "base64"
+        }
+        resp, body = self.put("v1/secrets/%s" % secret_id,
+                              payload,
+                              headers=content_headers)
+        self.expected_success(204, resp.status)
+        return body

barbican_tempest_plugin/tests/api/test_secrets.py

diff --git a/barbican_tempest_plugin/tests/api/test_secrets.py b/barbican_tempest_plugin/tests/api/test_secrets.py
index 06a7731..39dae9d 100644
--- a/barbican_tempest_plugin/tests/api/test_secrets.py
+++ b/barbican_tempest_plugin/tests/api/test_secrets.py
@@ -49,3 +49,48 @@
         )
         uuid = base._get_uuid(sec['secret_ref'])
         self.delete_secret(uuid)
+
+    def test_list_secrets(self):
+        # Create two secrets
+        self.create_secret(name='secret_1')
+        self.create_secret(name='secret_2')
+
+        # Ask Barbican to list these secrets
+        resp = self.secret_client.list_secrets(name='secret_1')
+        secrets = resp['secrets']
+        self.assertEqual('secret_1', secrets[0]['name'])
+
+        resp = self.secret_client.list_secrets(name='secret_2')
+        secrets = resp['secrets']
+        self.assertEqual('secret_2', secrets[0]['name'])
+
+    def test_get_secret_metadata(self):
+        secret = self.create_secret()
+        uuid = base._get_uuid(secret['secret_ref'])
+        resp = self.secret_client.get_secret_metadata(uuid)
+        self.assertEqual(uuid, base._get_uuid(resp['secret_ref']))
+        self.delete_secret(uuid)
+
+    def test_get_and_put_payload(self):
+        # Create secret without payload
+        secret = self.create_secret()
+        uuid = base._get_uuid(secret['secret_ref'])
+
+        # Create AES key payload
+        password = b"password"
+        salt = os.urandom(16)
+        kdf = PBKDF2HMAC(
+            algorithm=hashes.SHA256(), length=32, salt=salt,
+            iterations=1000, backend=default_backend()
+        )
+        key = base64.b64encode(kdf.derive(password))
+
+        # Associate the payload with the created secret
+        self.secret_client.put_secret_payload(uuid, key)
+
+        # Retrieve the payload
+        payload = self.secret_client.get_secret_payload(uuid)
+        self.assertEqual(key, base64.b64encode(payload))
+
+        # Clean up
+        self.delete_secret(uuid)