Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / barbican-tempest-plugin / c832c613faa7658d0a463b0fc713f91f7e7838c7^! / . / barbican_tempest_plugin / tests / api
commitc832c613faa7658d0a463b0fc713f91f7e7838c7[log] [tgz]
authorMarc Koderer <marc@koderer.com>Mon Dec 12 11:49:10 2016 +0100
committerdane-fichter <dane.fichter@jhuapl.edu>Sun Dec 11 19:26:27 2016 -0800
tree570fd5925d8bc98bed848a62c9b8d296584619c6
parent3529ea7a431fa081542a6ffe6e74491ef88ec32c [diff]
Register client and add first test

Add first API test and register the client with
the new tempest.lib client interface.

Change-Id: I27f15375c46faa48cd56c8d52ecfd585fb325239
Implements: bp tempest-plugin

diff --git a/barbican_tempest_plugin/tests/api/base.py b/barbican_tempest_plugin/tests/api/base.py
new file mode 100644
index 0000000..b1717ff
--- /dev/null
+++ b/barbican_tempest_plugin/tests/api/base.py

@@ -0,0 +1,84 @@
+# Copyright 2016 SAP SE
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+import functools
+
+from tempest import config
+from tempest import test
+
+from barbican_tempest_plugin import clients
+
+CONF = config.CONF
+
+# NOTE(dane-fichter): We need to track resource types for cleanup.
+RESOURCE_TYPES = ['secret']
+
+
+def _get_uuid(href):
+    return href.split('/')[-1]
+
+
+def creates(resource):
+    """Decorator that adds resource UUIDs to queue for cleanup"""
+
+    def decorator(f):
+        @functools.wraps(f)
+        def wrapper(cls, *args, **kwargs):
+            resp = f(cls, *args, **kwargs)
+            if resource == 'secret':
+                uuid = _get_uuid(resp['secret_ref'])
+            cls.created_objects[resource].add(uuid)
+            return resp
+        return wrapper
+    return decorator
+
+
+class BaseKeyManagerTest(test.BaseTestCase):
+    """Base class for all api tests."""
+
+    # Why do I have to be an admin to create secrets? No idea...
+    credentials = ('admin', )
+    client_manager = clients.Clients
+    created_objects = {}
+
+    @classmethod
+    def setup_clients(cls):
+        super(BaseKeyManagerTest, cls).setup_clients()
+        os = getattr(cls, 'os_%s' % cls.credentials[0])
+        cls.secret_client = os.secret_v1.SecretClient(service='key-manager')
+
+    @classmethod
+    def resource_setup(cls):
+        super(BaseKeyManagerTest, cls).resource_setup()
+        for resource in RESOURCE_TYPES:
+            cls.created_objects[resource] = set()
+
+    @classmethod
+    def resource_cleanup(cls):
+        try:
+            for secret_uuid in cls.created_objects['secret']:
+                cls.delete_secret(secret_uuid)
+        finally:
+            super(BaseKeyManagerTest, cls).resource_cleanup()
+
+    @classmethod
+    @creates('secret')
+    def create_secret(cls, **kwargs):
+        return cls.secret_client.create_secret(**kwargs)
+
+    @classmethod
+    def delete_secret(cls, uuid):
+        cls.created_objects['secret'].remove(uuid)
+        return cls.secret_client.delete_secret(uuid)

diff --git a/barbican_tempest_plugin/tests/api/test_secrets.py b/barbican_tempest_plugin/tests/api/test_secrets.py
new file mode 100644
index 0000000..06a7731
--- /dev/null
+++ b/barbican_tempest_plugin/tests/api/test_secrets.py

@@ -0,0 +1,51 @@
+# Copyright 2016 SAP SE
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+import base64
+from datetime import datetime
+from datetime import timedelta
+import os
+
+from cryptography.hazmat.backends import default_backend
+from cryptography.hazmat.primitives import hashes
+from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
+
+from barbican_tempest_plugin.tests.api import base
+
+
+class SecretsTest(base.BaseKeyManagerTest):
+    """Secrets API tests."""
+    def test_create_delete_empty_secret(self):
+        sec = self.create_secret()
+        uuid = base._get_uuid(sec['secret_ref'])
+        self.delete_secret(uuid)
+
+    def test_create_delete_symmetric_key(self):
+        password = b"password"
+        salt = os.urandom(16)
+        kdf = PBKDF2HMAC(
+            algorithm=hashes.SHA256(), length=32, salt=salt,
+            iterations=1000, backend=default_backend()
+        )
+        key = base64.b64encode(kdf.derive(password))
+        expire_time = (datetime.utcnow() + timedelta(days=5))
+        sec = self.create_secret(
+            expiration=expire_time.isoformat(), algorithm="aes",
+            bit_length=256, mode="cbc", payload=key,
+            payload_content_type="application/octet-stream",
+            payload_content_encoding="base64"
+        )
+        uuid = base._get_uuid(sec['secret_ref'])
+        self.delete_secret(uuid)