Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / barbican-tempest-plugin / 6345b34ae2f47346dd72dc196ec89a3793f57eac^! / .
commit6345b34ae2f47346dd72dc196ec89a3793f57eac[log] [tgz]
authorLukas Piwowarski <lpiwowar@redhat.com>Fri Dec 15 16:00:48 2023 +0100
committerLukas Piwowarski <lpiwowar@redhat.com>Mon Dec 18 11:26:38 2023 +0100
treeef12071f1564326d9fc77107b8187fc63f702916
parenta34bd3b785a645b7879c7dd99625b7fa1546903b [diff]
Pause testing of multiple secret stores

There is an issue with multiple secret stores which is being tracked in
this launchpad [1]. This issue is blocking patches in
barbican-tempest-plugin. Let's remove the testing for multiple secret
stores until the bug gets resolved.

There was also an update of the secret:delete and secret:get policies
[2]. This patch updates the corresponding SRBAC tests so that we test
the policies correctly.

[1] https://bugs.launchpad.net/barbican/+bug/2043457
[2] https://review.opendev.org/c/openstack/barbican/+/884181

Related-Bug: #2043457
Change-Id: I86335a1cb54b6aa2f74e148416ef6af7c27fff61

diff --git a/.zuul.yaml b/.zuul.yaml
index 011f03c..2f38e5d 100644
--- a/.zuul.yaml
+++ b/.zuul.yaml

@@ -154,19 +154,21 @@
             oslo_policy:
               enforce_new_defaults: True
               enforce_scope: True
-            secretstore:
-              enable_multiple_secret_stores: True
-              stores_lookup_suffix: simple_crypto
-            secretstore:simple_crypto:
-              secret_store_plugin: store_crypto
-              crypto_plugin: simple_crypto
-              global_default: true
+            # (lpiwowar): Uncomment once this bug is resolved:
+            # https://bugs.launchpad.net/barbican/+bug/2043457
+            # secretstore:
+            #  enable_multiple_secret_stores: True
+            #  stores_lookup_suffix: simple_crypto
+            # secretstore:simple_crypto:
+            #  secret_store_plugin: store_crypto
+            #  crypto_plugin: simple_crypto
+            #  global_default: true
         test-config:
           $TEMPEST_CONFIG:
             barbican_rbac_scope_verification:
               enforce_scope: True
-            barbican_tempest:
-              enable_multiple_secret_stores: True
+            # barbican_tempest:
+            #  enable_multiple_secret_stores: True
 
 - job:
     name: barbican-tempest-plugin-simple-crypto-secure-rbac-yoga

diff --git a/barbican_tempest_plugin/tests/rbac/v1/test_secrets.py b/barbican_tempest_plugin/tests/rbac/v1/test_secrets.py
index bdd56b2..baccb97 100644
--- a/barbican_tempest_plugin/tests/rbac/v1/test_secrets.py
+++ b/barbican_tempest_plugin/tests/rbac/v1/test_secrets.py

@@ -645,6 +645,18 @@
         super().setup_clients()
         cls.client = cls.admin_secret_client
 
+    def test_delete_other_project_secret(self):
+        other_secret_id = self.create_other_project_secret(
+            'get_other_payload',
+            payload='loremipsumloremipsum')
+        self.client.delete_secret(other_secret_id)
+
+    def test_get_other_project_secret(self):
+        other_secret_id = self.create_other_project_secret(
+            'get_other_secret',
+            payload='¡Muy secreto!')
+        self.client.get_secret_metadata(other_secret_id)
+
 
 class ProjectAdminV1_1Tests(ProjectMemberV1_1Tests):