/usr/lib/python3/dist-packages/castellan/tests/functional/key_manager/test_barbican_key_manager.py is in python3-castellan 0.17.0-0ubuntu1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 | # Copyright (c) 2015 The Johns Hopkins University/Applied Physics Laboratory
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
"""
Functional test cases for the Barbican key manager.
Note: This requires local running instances of Barbican and Keystone.
"""
import abc
from keystoneauth1 import identity
from keystoneauth1 import session
from oslo_config import cfg
from oslo_context import context
from oslo_utils import uuidutils
from oslotest import base
from testtools import testcase
from castellan.common.credentials import keystone_password
from castellan.common.credentials import keystone_token
from castellan.common import exception
from castellan.key_manager import barbican_key_manager
from castellan.tests.functional import config
from castellan.tests.functional.key_manager import test_key_manager
CONF = config.get_config()
class BarbicanKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
def _create_key_manager(self):
return barbican_key_manager.BarbicanKeyManager(cfg.CONF)
@abc.abstractmethod
def get_context(self):
"""Retrieves Context for Authentication"""
return
def setUp(self):
super(BarbicanKeyManagerTestCase, self).setUp()
try:
self.ctxt = self.get_context()
self.key_mgr._get_barbican_client(self.ctxt)
except Exception as e:
# When we run functional-vault target, This test class needs
# to be skipped as barbican is not running
raise testcase.TestSkipped(str(e))
def tearDown(self):
super(BarbicanKeyManagerTestCase, self).tearDown()
def test_create_null_context(self):
self.assertRaises(exception.Forbidden,
self.key_mgr.create_key, None, 'AES', 256)
def test_create_key_pair_null_context(self):
self.assertRaises(exception.Forbidden,
self.key_mgr.create_key_pair, None, 'RSA', 2048)
def test_delete_null_context(self):
key_uuid = self._get_valid_object_uuid(
test_key_manager._get_test_symmetric_key())
self.addCleanup(self.key_mgr.delete, self.ctxt, key_uuid)
self.assertRaises(exception.Forbidden,
self.key_mgr.delete, None, key_uuid)
def test_delete_null_object(self):
self.assertRaises(exception.KeyManagerError,
self.key_mgr.delete, self.ctxt, None)
def test_delete_unknown_object(self):
unknown_uuid = uuidutils.generate_uuid()
self.assertRaises(exception.ManagedObjectNotFoundError,
self.key_mgr.delete, self.ctxt, unknown_uuid)
def test_get_null_context(self):
key_uuid = self._get_valid_object_uuid(
test_key_manager._get_test_symmetric_key())
self.addCleanup(self.key_mgr.delete, self.ctxt, key_uuid)
self.assertRaises(exception.Forbidden,
self.key_mgr.get, None, key_uuid)
def test_get_null_object(self):
self.assertRaises(exception.KeyManagerError,
self.key_mgr.get, self.ctxt, None)
def test_get_unknown_key(self):
bad_key_uuid = uuidutils.generate_uuid()
self.assertRaises(exception.ManagedObjectNotFoundError,
self.key_mgr.get, self.ctxt, bad_key_uuid)
def test_store_null_context(self):
key = test_key_manager._get_test_symmetric_key()
self.assertRaises(exception.Forbidden,
self.key_mgr.store, None, key)
class BarbicanKeyManagerOSLOContextTestCase(BarbicanKeyManagerTestCase,
base.BaseTestCase):
def get_context(self):
username = CONF.identity.username
password = CONF.identity.password
project_name = CONF.identity.project_name
auth_url = CONF.identity.auth_url
user_domain_name = CONF.identity.user_domain_name
project_domain_name = CONF.identity.project_domain_name
auth = identity.V3Password(auth_url=auth_url,
username=username,
password=password,
project_name=project_name,
user_domain_name=user_domain_name,
project_domain_name=project_domain_name)
sess = session.Session(auth=auth)
return context.RequestContext(auth_token=auth.get_token(sess),
tenant=auth.get_project_id(sess))
class BarbicanKeyManagerKSPasswordTestCase(BarbicanKeyManagerTestCase,
base.BaseTestCase):
def get_context(self):
auth_url = CONF.identity.auth_url
username = CONF.identity.username
password = CONF.identity.password
project_name = CONF.identity.project_name
user_domain_name = CONF.identity.user_domain_name
project_domain_name = CONF.identity.project_domain_name
ctxt = keystone_password.KeystonePassword(
auth_url=auth_url, username=username, password=password,
project_name=project_name,
user_domain_name=user_domain_name,
project_domain_name=project_domain_name)
return ctxt
class BarbicanKeyManagerKSTokenTestCase(BarbicanKeyManagerTestCase,
base.BaseTestCase):
def get_context(self):
username = CONF.identity.username
password = CONF.identity.password
project_name = CONF.identity.project_name
auth_url = CONF.identity.auth_url
user_domain_name = CONF.identity.user_domain_name
project_domain_name = CONF.identity.project_domain_name
auth = identity.V3Password(auth_url=auth_url,
username=username,
password=password,
project_name=project_name,
user_domain_name=user_domain_name,
project_domain_name=project_domain_name)
sess = session.Session()
return keystone_token.KeystoneToken(
token=auth.get_token(sess),
auth_url=auth_url,
project_id=auth.get_project_id(sess))
|