|
0 |
# Copyright 2017 Red Hat, Inc.
|
|
1 |
# All Rights Reserved.
|
|
2 |
#
|
|
3 |
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
4 |
# not use this file except in compliance with the License. You may obtain
|
|
5 |
# a copy of the License at
|
|
6 |
#
|
|
7 |
# http://www.apache.org/licenses/LICENSE-2.0
|
|
8 |
#
|
|
9 |
# Unless required by applicable law or agreed to in writing, software
|
|
10 |
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
11 |
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
12 |
# License for the specific language governing permissions and limitations
|
|
13 |
# under the License.
|
|
14 |
|
|
15 |
"""
|
|
16 |
Test cases for the migration key manager.
|
|
17 |
"""
|
|
18 |
|
|
19 |
import binascii
|
|
20 |
import mock
|
|
21 |
|
|
22 |
from oslo_config import cfg
|
|
23 |
|
|
24 |
from castellan.common import exception
|
|
25 |
from castellan.common.objects import symmetric_key as key
|
|
26 |
from castellan import key_manager
|
|
27 |
from castellan.key_manager import not_implemented_key_manager
|
|
28 |
from castellan.tests.unit.key_manager import test_key_manager
|
|
29 |
|
|
30 |
CONF = cfg.CONF
|
|
31 |
|
|
32 |
|
|
33 |
class ConfKeyManager(not_implemented_key_manager.NotImplementedKeyManager):
|
|
34 |
pass
|
|
35 |
|
|
36 |
|
|
37 |
class MigrationKeyManagerTestCase(test_key_manager.KeyManagerTestCase):
|
|
38 |
|
|
39 |
def _create_key_manager(self):
|
|
40 |
self.fixed_key = '1' * 64
|
|
41 |
try:
|
|
42 |
self.conf.register_opt(cfg.StrOpt('fixed_key'),
|
|
43 |
group='key_manager')
|
|
44 |
except cfg.DuplicateOptError:
|
|
45 |
pass
|
|
46 |
self.conf.set_override('fixed_key',
|
|
47 |
self.fixed_key,
|
|
48 |
group='key_manager')
|
|
49 |
return key_manager.API(self.conf)
|
|
50 |
|
|
51 |
def setUp(self):
|
|
52 |
super(MigrationKeyManagerTestCase, self).setUp()
|
|
53 |
|
|
54 |
# Create fake context (actual contents doesn't matter).
|
|
55 |
self.ctxt = mock.Mock()
|
|
56 |
|
|
57 |
fixed_key_bytes = bytes(binascii.unhexlify(self.fixed_key))
|
|
58 |
fixed_key_length = len(fixed_key_bytes) * 8
|
|
59 |
self.fixed_key_secret = key.SymmetricKey('AES',
|
|
60 |
fixed_key_length,
|
|
61 |
fixed_key_bytes)
|
|
62 |
self.fixed_key_id = '00000000-0000-0000-0000-000000000000'
|
|
63 |
self.other_key_id = "d152fa13-2b41-42ca-a934-6c21566c0f40"
|
|
64 |
|
|
65 |
def test_get_fixed_key(self):
|
|
66 |
self.assertEqual('MigrationKeyManager', type(self.key_mgr).__name__)
|
|
67 |
secret = self.key_mgr.get(self.ctxt, self.fixed_key_id)
|
|
68 |
self.assertEqual(self.fixed_key_secret, secret)
|
|
69 |
|
|
70 |
def test_get_fixed_key_fail_bad_context(self):
|
|
71 |
self.assertRaises(exception.Forbidden,
|
|
72 |
self.key_mgr.get,
|
|
73 |
context=None,
|
|
74 |
managed_object_id=self.fixed_key_id)
|
|
75 |
|
|
76 |
def test_delete_fixed_key(self):
|
|
77 |
self.key_mgr.delete(self.ctxt, self.fixed_key_id)
|
|
78 |
# Delete looks like it succeeded, but nothing actually happened.
|
|
79 |
secret = self.key_mgr.get(self.ctxt, self.fixed_key_id)
|
|
80 |
self.assertEqual(self.fixed_key_secret, secret)
|
|
81 |
|
|
82 |
def test_delete_fixed_key_fail_bad_context(self):
|
|
83 |
self.assertRaises(exception.Forbidden,
|
|
84 |
self.key_mgr.delete,
|
|
85 |
context=None,
|
|
86 |
managed_object_id=self.fixed_key_id)
|
|
87 |
|
|
88 |
def test_get_other_key(self):
|
|
89 |
# Request to get other_key_id should be passed on to the backend,
|
|
90 |
# who will throw an error because we don't have a valid context.
|
|
91 |
self.assertRaises(exception.KeyManagerError,
|
|
92 |
self.key_mgr.get,
|
|
93 |
context=self.ctxt,
|
|
94 |
managed_object_id=self.other_key_id)
|
|
95 |
|
|
96 |
def test_delete_other_key(self):
|
|
97 |
# Request to delete other_key_id should be passed on to the backend,
|
|
98 |
# who will throw an error because we don't have a valid context.
|
|
99 |
self.assertRaises(exception.KeyManagerError,
|
|
100 |
self.key_mgr.delete,
|
|
101 |
context=self.ctxt,
|
|
102 |
managed_object_id=self.other_key_id)
|
|
103 |
|
|
104 |
def test_no_fixed_key(self):
|
|
105 |
conf = self.conf
|
|
106 |
conf.set_override('fixed_key', None, group='key_manager')
|
|
107 |
key_mgr = key_manager.API(conf)
|
|
108 |
self.assertNotEqual('MigrationKeyManager', type(key_mgr).__name__)
|
|
109 |
self.assertRaises(exception.KeyManagerError,
|
|
110 |
key_mgr.get,
|
|
111 |
context=self.ctxt,
|
|
112 |
managed_object_id=self.fixed_key_id)
|
|
113 |
|
|
114 |
def test_using_conf_key_manager(self):
|
|
115 |
conf = self.conf
|
|
116 |
ckm_backend = 'castellan.tests.unit.key_manager.' \
|
|
117 |
'test_migration_key_manager.ConfKeyManager'
|
|
118 |
conf.set_override('backend', ckm_backend, group='key_manager')
|
|
119 |
key_mgr = key_manager.API(conf)
|
|
120 |
self.assertNotEqual('MigrationKeyManager', type(key_mgr).__name__)
|
|
121 |
self.assertRaises(NotImplementedError,
|
|
122 |
key_mgr.get,
|
|
123 |
context=self.ctxt,
|
|
124 |
managed_object_id=self.fixed_key_id)
|