Merge tag '0.19.0' into debian/rocky
castellan 0.19.0 release
meta:version: 0.19.0
meta:diff-start: -
meta:series: rocky
meta:release-type: release
meta:pypi: no
meta:first: no
meta:release:Author: Ben Nemec <bnemec@redhat.com>
meta:release:Commit: Ben Nemec <bnemec@redhat.com>
meta:release:Change-Id: Ida50e4359bfee903c25cef8ae4ba672c0a0e5d7d
meta:release:Code-Review+1: Ade Lee <alee@redhat.com>
meta:release:Code-Review+1: ChangBo Guo(gcb) <glongwave@gmail.com>
meta:release:Code-Review+1: Dave McCowan <dmccowan@cisco.com>
meta:release:Code-Review+2: Doug Hellmann <doug@doughellmann.com>
meta:release:Code-Review+1: Matthew Thode <mthode@mthode.org>
meta:release:Code-Review+2: Sean McGinnis <sean.mcginnis@gmail.com>
meta:release:Workflow+1: Sean McGinnis <sean.mcginnis@gmail.com>
Thomas Goirand
4 years ago
| 1 | 1 | host=review.openstack.org |
| 2 | 2 | port=29418 |
| 3 | 3 | project=openstack/castellan.git |
| 4 | defaultbranch=stable/rocky |
| 58 | 58 | - castellan-functional-devstack |
| 59 | 59 | - openstack-tox-lower-constraints |
| 60 | 60 | - barbican-simple-crypto-devstack-tempest-castellan-from-git |
| 61 | templates: | |
| 62 | - openstack-python-jobs | |
| 63 | - openstack-python35-jobs | |
| 64 | - release-notes-jobs-python3 | |
| 65 | - publish-openstack-docs-pti | |
| 66 | - check-requirements | |
| 67 | - periodic-stable-jobs |
| 14 | 14 | """ |
| 15 | 15 | |
| 16 | 16 | import binascii |
| 17 | from cryptography.hazmat.backends import default_backend | |
| 18 | from cryptography.hazmat.primitives.asymmetric import rsa | |
| 19 | from cryptography.hazmat.primitives.serialization import Encoding | |
| 20 | from cryptography.hazmat.primitives.serialization import NoEncryption | |
| 21 | from cryptography.hazmat.primitives.serialization import PrivateFormat | |
| 22 | from cryptography.hazmat.primitives.serialization import PublicFormat | |
| 23 | ||
| 17 | 24 | import os |
| 18 | 25 | import time |
| 19 | 26 | import uuid |
| 94 | 101 | def create_key_pair(self, context, algorithm, length, |
| 95 | 102 | expiration=None, name=None): |
| 96 | 103 | """Creates an asymmetric key pair.""" |
| 97 | raise NotImplementedError( | |
| 98 | "VaultKeyManager does not support asymmetric keys") | |
| 104 | ||
| 105 | # Confirm context is provided, if not raise forbidden | |
| 106 | if not context: | |
| 107 | msg = _("User is not authorized to use key manager.") | |
| 108 | raise exception.Forbidden(msg) | |
| 109 | ||
| 110 | if algorithm.lower() != 'rsa': | |
| 111 | raise NotImplementedError( | |
| 112 | "VaultKeyManager only implements rsa keys" | |
| 113 | ) | |
| 114 | ||
| 115 | priv_key = rsa.generate_private_key( | |
| 116 | public_exponent=65537, | |
| 117 | key_size=length, | |
| 118 | backend=default_backend() | |
| 119 | ) | |
| 120 | ||
| 121 | private_key = pri_key.PrivateKey( | |
| 122 | 'RSA', | |
| 123 | length, | |
| 124 | priv_key.private_bytes( | |
| 125 | Encoding.PEM, PrivateFormat.PKCS8, NoEncryption() | |
| 126 | ) | |
| 127 | ) | |
| 128 | ||
| 129 | private_key_id = uuid.uuid4().hex | |
| 130 | private_id = self._store_key_value( | |
| 131 | private_key_id, | |
| 132 | private_key | |
| 133 | ) | |
| 134 | ||
| 135 | # pub_key = priv_key.public_key() | |
| 136 | public_key = pub_key.PublicKey( | |
| 137 | 'RSA', | |
| 138 | length, | |
| 139 | priv_key.public_key().public_bytes( | |
| 140 | Encoding.PEM, PublicFormat.SubjectPublicKeyInfo | |
| 141 | ) | |
| 142 | ) | |
| 143 | ||
| 144 | public_key_id = uuid.uuid4().hex | |
| 145 | public_id = self._store_key_value( | |
| 146 | public_key_id, | |
| 147 | public_key | |
| 148 | ) | |
| 149 | ||
| 150 | return private_id, public_id | |
| 99 | 151 | |
| 100 | 152 | def _store_key_value(self, key_id, value): |
| 101 | 153 | |
| 55 | 55 | def tearDown(self): |
| 56 | 56 | super(VaultKeyManagerTestCase, self).tearDown() |
| 57 | 57 | |
| 58 | def test_create_key_pair(self): | |
| 59 | self.assertRaises(NotImplementedError, | |
| 60 | self.key_mgr.create_key_pair, None, None, None) | |
| 61 | ||
| 62 | 58 | def test_create_null_context(self): |
| 63 | 59 | self.assertRaises(exception.Forbidden, |
| 64 | 60 | self.key_mgr.create_key, None, 'AES', 256) |
| 65 | 61 | |
| 66 | 62 | def test_create_key_pair_null_context(self): |
| 67 | self.assertRaises(NotImplementedError, | |
| 63 | self.assertRaises(exception.Forbidden, | |
| 68 | 64 | self.key_mgr.create_key_pair, None, 'RSA', 2048) |
| 65 | ||
| 66 | def test_create_key_pair_bad_algorithm(self): | |
| 67 | self.assertRaises( | |
| 68 | NotImplementedError, | |
| 69 | self.key_mgr.create_key_pair, | |
| 70 | self.ctxt, 'DSA', 2048 | |
| 71 | ) | |
| 69 | 72 | |
| 70 | 73 | def test_delete_null_context(self): |
| 71 | 74 | key_uuid = self._get_valid_object_uuid( |
| 10 | 10 | VIRTUAL_ENV={envdir} |
| 11 | 11 | OS_TEST_PATH=./castellan/tests/unit |
| 12 | 12 | deps = |
| 13 | -c{env:UPPER_CONSTRAINTS_FILE:https://git.openstack.org/cgit/openstack/requirements/plain/upper-constraints.txt} | |
| 13 | -c{env:UPPER_CONSTRAINTS_FILE:https://git.openstack.org/cgit/openstack/requirements/plain/upper-constraints.txt?h=stable/rocky} | |
| 14 | 14 | -r{toxinidir}/requirements.txt |
| 15 | 15 | -r{toxinidir}/test-requirements.txt |
| 16 | 16 | commands = python setup.py testr --slowest --testr-args='{posargs}' |