Add a ContainerClient and container API tests
This change adds a ContainerClient for testing the
Barbican container API. It adds a container test suite
and integrates the ContainerClient with the plugin
testing infrastructure.
Change-Id: I930455c6ae1e1127706480f24c0ea46f5cc81e85
Depends-On: I27f15375c46faa48cd56c8d52ecfd585fb325239
Implements: bp tempest-plugin
diff --git a/barbican_tempest_plugin/plugin.py b/barbican_tempest_plugin/plugin.py
index 6c01ced..293a17d 100644
--- a/barbican_tempest_plugin/plugin.py
+++ b/barbican_tempest_plugin/plugin.py
@@ -41,6 +41,6 @@
'name': 'secret_v1',
'service_version': 'secret.v1',
'module_path': 'barbican_tempest_plugin.services.key_manager.json',
- 'client_names': ['SecretClient'],
+ 'client_names': ['SecretClient', 'ContainerClient'],
}
return [v1_params]
diff --git a/barbican_tempest_plugin/services/key_manager/json/__init__.py b/barbican_tempest_plugin/services/key_manager/json/__init__.py
index 4ddf207..81fa776 100644
--- a/barbican_tempest_plugin/services/key_manager/json/__init__.py
+++ b/barbican_tempest_plugin/services/key_manager/json/__init__.py
@@ -12,7 +12,9 @@
# License for the specific language governing permissions and limitations under
# the License.
+from barbican_tempest_plugin.services.key_manager.json.container_client \
+ import ContainerClient
from barbican_tempest_plugin.services.key_manager.json.secret_client import \
SecretClient
-__all__ = ['SecretClient']
+__all__ = ['SecretClient', 'ContainerClient']
diff --git a/barbican_tempest_plugin/services/key_manager/json/container_client.py b/barbican_tempest_plugin/services/key_manager/json/container_client.py
new file mode 100644
index 0000000..ebae08e
--- /dev/null
+++ b/barbican_tempest_plugin/services/key_manager/json/container_client.py
@@ -0,0 +1,84 @@
+# Copyright (c) 2016 Johns Hopkins University Applied Physics Laboratory
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+import json
+
+from six.moves.urllib import parse as urllib
+
+from tempest import config
+from tempest.lib.common import rest_client
+
+CONF = config.CONF
+
+
+class ContainerClient(rest_client.RestClient):
+
+ def list_containers(self, **kwargs):
+ uri = "v1/containers"
+ if kwargs:
+ uri += "?%s" % urllib.urlencode(kwargs)
+
+ response, body = self.get(uri)
+ self.expected_success(200, response.status)
+ return json.loads(body)
+
+ def get_container(self, container_id):
+ uri = "v1/containers/%s" % container_id
+
+ response, body = self.get(uri)
+ self.expected_success(200, response.status)
+ return json.loads(body)
+
+ def create_container(self, **kwargs):
+ uri = "v1/containers"
+
+ response, body = self.post(uri, json.dumps(kwargs))
+ self.expected_success(201, response.status)
+ return json.loads(body)
+
+ def delete_container(self, container_id):
+ uri = "v1/containers/%s" % container_id
+
+ response, _ = self.delete(uri)
+ self.expected_success(204, response.status)
+ return
+
+ def add_secret_to_container(self, container_id, secret_id, **kwargs):
+ uri = "v1/containers/%s/secrets" % container_id
+ kwargs['secret_ref'] = "%s/v1/secrets/%s" % (
+ self.auth_provider.base_url({"service": "key-manager"}),
+ secret_id
+ )
+
+ response, body = self.post(
+ uri,
+ json.dumps(kwargs)
+ )
+ self.expected_success(201, response.status)
+ return json.loads(body)
+
+ def delete_secret_from_container(self, container_id, secret_id, **kwargs):
+ uri = "v1/containers/%s/secrets" % container_id
+ kwargs['secret_ref'] = "%s/v1/secrets/%s" % (
+ self.auth_provider.base_url({"service": "key-manager"}),
+ secret_id
+ )
+
+ response, _ = self.delete(
+ uri,
+ body=json.dumps(kwargs)
+ )
+ self.expected_success(204, response.status)
+ return
diff --git a/barbican_tempest_plugin/tests/api/base.py b/barbican_tempest_plugin/tests/api/base.py
index b1717ff..6b37bc5 100644
--- a/barbican_tempest_plugin/tests/api/base.py
+++ b/barbican_tempest_plugin/tests/api/base.py
@@ -23,7 +23,7 @@
CONF = config.CONF
# NOTE(dane-fichter): We need to track resource types for cleanup.
-RESOURCE_TYPES = ['secret']
+RESOURCE_TYPES = ['secret', 'container']
def _get_uuid(href):
@@ -39,6 +39,8 @@
resp = f(cls, *args, **kwargs)
if resource == 'secret':
uuid = _get_uuid(resp['secret_ref'])
+ if resource == 'container':
+ uuid = _get_uuid(resp['container_ref'])
cls.created_objects[resource].add(uuid)
return resp
return wrapper
@@ -58,6 +60,9 @@
super(BaseKeyManagerTest, cls).setup_clients()
os = getattr(cls, 'os_%s' % cls.credentials[0])
cls.secret_client = os.secret_v1.SecretClient(service='key-manager')
+ cls.container_client = os.secret_v1.ContainerClient(
+ service='key-manager'
+ )
@classmethod
def resource_setup(cls):
@@ -68,8 +73,10 @@
@classmethod
def resource_cleanup(cls):
try:
- for secret_uuid in cls.created_objects['secret']:
+ for secret_uuid in list(cls.created_objects['secret']):
cls.delete_secret(secret_uuid)
+ for container_uuid in list(cls.created_objects['container']):
+ cls.delete_container(container_uuid)
finally:
super(BaseKeyManagerTest, cls).resource_cleanup()
@@ -82,3 +89,13 @@
def delete_secret(cls, uuid):
cls.created_objects['secret'].remove(uuid)
return cls.secret_client.delete_secret(uuid)
+
+ @classmethod
+ @creates('container')
+ def create_container(cls, **kwargs):
+ return cls.container_client.create_container(**kwargs)
+
+ @classmethod
+ def delete_container(cls, uuid):
+ cls.created_objects['container'].remove(uuid)
+ return cls.container_client.delete_container(uuid)
diff --git a/barbican_tempest_plugin/tests/api/test_containers.py b/barbican_tempest_plugin/tests/api/test_containers.py
new file mode 100644
index 0000000..7f19a57
--- /dev/null
+++ b/barbican_tempest_plugin/tests/api/test_containers.py
@@ -0,0 +1,126 @@
+# Copyright (c) 2016 Johns Hopkins University Applied Physics Laboratory
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from barbican_tempest_plugin.tests.api import base
+
+
+class ContainersTest(base.BaseKeyManagerTest):
+ """Containers API tests."""
+
+ def test_create_list_delete_empty_container(self):
+ # Create a container to test against.
+ body = self.create_container(type="generic", name="empty-container")
+ container_id = base._get_uuid(body.get('container_ref'))
+
+ # Verify that the container can be found via specific listing.
+ body = self.container_client.get_container(container_id)
+ self.assertEqual(
+ container_id,
+ base._get_uuid(body.get('container_ref')),
+ body
+ )
+ self.assertEqual("generic", body.get('type'), body)
+ self.assertEqual("empty-container", body.get('name'), body)
+ self.assertEqual("ACTIVE", body.get('status'), body)
+ self.assertEmpty(body.get('secret_refs'), body)
+ self.assertEmpty(body.get('consumers'), body)
+ self.assertIn('created', body, body)
+ self.assertIn('updated', body, body)
+ self.assertIn('creator_id', body, body)
+
+ # Verify that the container can be found via generic listing.
+ body = self.container_client.list_containers()
+ self.assertEqual(1, body.get('total'), body)
+ self.assertEqual(1, len(body.get('containers')), body)
+
+ container = body.get('containers')[0]
+ self.assertEqual(
+ container_id,
+ base._get_uuid(container.get('container_ref')),
+ container
+ )
+ self.assertEqual("generic", container.get('type'), container)
+ self.assertEqual("empty-container", container.get('name'), container)
+ self.assertEqual("ACTIVE", container.get('status'), container)
+ self.assertEmpty(container.get('secret_refs'), container)
+ self.assertEmpty(container.get('consumers'), container)
+ self.assertIn('created', container, container)
+ self.assertIn('updated', container, container)
+ self.assertIn('creator_id', container, container)
+
+ # Leave the container behind to get cleaned up by infra.
+
+ def test_add_to_delete_from_container(self):
+ # Create a container to test against.
+ body = self.create_container(type="generic", name="test-container")
+ container_id = base._get_uuid(body.get('container_ref'))
+
+ # Create some secrets to store in the container
+ body = self.create_secret()
+ secret1_id = base._get_uuid(body.get('secret_ref'))
+ body = self.create_secret()
+ secret2_id = base._get_uuid(body.get('secret_ref'))
+
+ # Confirm that the container is empty
+ body = self.container_client.get_container(container_id)
+ self.assertEqual(
+ container_id,
+ base._get_uuid(body.get('container_ref')),
+ body
+ )
+ self.assertEmpty(body.get('secret_refs'), body)
+
+ # Add the secrets to the container
+ self.container_client.add_secret_to_container(
+ container_id,
+ secret1_id
+ )
+ self.container_client.add_secret_to_container(
+ container_id,
+ secret2_id
+ )
+
+ # Confirm that the secrets are in the container
+ body = self.container_client.get_container(container_id)
+ self.assertEqual(
+ container_id,
+ base._get_uuid(body.get('container_ref')),
+ body
+ )
+ self.assertEqual(2, len(body.get('secret_refs')), body)
+ for secret_ref in body.get('secret_refs'):
+ secret_id = base._get_uuid(secret_ref.get('secret_ref'))
+ self.assertIn(secret_id, (secret1_id, secret2_id))
+
+ # Remove the secrets from the container
+ self.container_client.delete_secret_from_container(
+ container_id,
+ secret1_id
+ )
+ self.container_client.delete_secret_from_container(
+ container_id,
+ secret2_id
+ )
+
+ # Confirm that the container is empty
+ body = self.container_client.get_container(container_id)
+ self.assertEqual(
+ container_id,
+ base._get_uuid(body.get('container_ref')),
+ body
+ )
+ self.assertEmpty(body.get('secret_refs'), body)
+
+ # Clean up the containe
+ self.delete_container(container_id)