diff options
| author | Adam Harwell <flux.adam@gmail.com> | 2018-08-02 08:53:32 +0900 |
|---|---|---|
| committer | Adam Harwell <flux.adam@gmail.com> | 2018-09-11 17:08:36 -0600 |
| commit | 6651c8ffce48ce7ff08f5563a8e6212677ea0468 (patch) | |
| tree | 3e2917d7133a79cf206c918d031f53159addef12 /barbicanclient/v1 | |
| parent | 1a8cc8c1ebac5fa0359cb3ed433bc60afba30972 (diff) | |
| download | python-barbicanclient-6651c8ffce48ce7ff08f5563a8e6212677ea0468.tar.gz | |
Allow fetching by UUID, and respect interface
When passing a UUID to the client, use the Barbican endpoint from
the service catalog to fetch the entity. When passing an href, strip
everything before the UUID and use it the same as a passed UUID.
This allows for service usage when secrets are created with a public
endpoint but must be retrieved from an internal or admin endpoint,
and is probably how all usage should have worked to begin with.
Change-Id: I90778a2eeefc4cfe42b0e2a48ba09036e3e6d83d
Story: 2003197
Task: 23353
Diffstat (limited to 'barbicanclient/v1')
| -rw-r--r-- | barbicanclient/v1/acls.py | 35 | ||||
| -rw-r--r-- | barbicanclient/v1/cas.py | 5 | ||||
| -rw-r--r-- | barbicanclient/v1/containers.py | 34 | ||||
| -rw-r--r-- | barbicanclient/v1/orders.py | 14 | ||||
| -rw-r--r-- | barbicanclient/v1/secrets.py | 29 |
5 files changed, 79 insertions, 38 deletions
diff --git a/barbicanclient/v1/acls.py b/barbicanclient/v1/acls.py index 3968ce0..7724048 100644 --- a/barbicanclient/v1/acls.py +++ b/barbicanclient/v1/acls.py @@ -86,10 +86,18 @@ class _PerOperationACL(ACLFormatter): return ACL.get_acl_ref_from_entity_ref(self.entity_ref) @property + def acl_ref_relative(self): + return self._parent_acl.acl_ref_relative + + @property def entity_ref(self): return self._entity_ref @property + def entity_uuid(self): + return self._parent_acl.entity_uuid + + @property def project_access(self): """Flag indicating project access behavior is enabled or not""" return self._project_access @@ -204,6 +212,12 @@ class ACL(object): return self._entity_ref @property + def entity_uuid(self): + """Entity UUID""" + return str(base.validate_ref_and_return_uuid( + self._entity_ref, self._acl_type)) + + @property def operation_acls(self): """List of operation specific ACL settings.""" return self._operation_acls @@ -212,6 +226,11 @@ class ACL(object): def acl_ref(self): return ACL.get_acl_ref_from_entity_ref(self.entity_ref) + @property + def acl_ref_relative(self): + return ACL.get_acl_ref_from_entity_ref_relative( + self.entity_uuid, self._parent_entity_path) + def add_operation_acl(self, users=None, project_access=None, operation_type=None, created=None, updated=None,): @@ -301,7 +320,7 @@ class ACL(object): acl_data['users'] = per_op_acl.users acl_dict[op_type] = acl_data - response = self._api.put(self.acl_ref, json=acl_dict) + response = self._api.put(self.acl_ref_relative, json=acl_dict) return response.json().get('acl_ref') @@ -314,7 +333,7 @@ class ACL(object): self.validate_input_ref() LOG.debug('Removing ACL for {0} for href: {1}' .format(self.acl_type, self.entity_ref)) - self._api.delete(self.acl_ref) + self._api.delete(self.acl_ref_relative) def load_acls_data(self): """Loads ACL entity from Barbican server using its acl_ref @@ -328,7 +347,7 @@ class ACL(object): :raises barbicanclient.exceptions.HTTPServerError: 5xx Responses """ - response = self._api.get(self.acl_ref) + response = self._api.get(self.acl_ref_relative) del self.operation_acls[:] # clearing list for all of its references for op_type in response: @@ -354,7 +373,7 @@ class ACL(object): else: raise ValueError('{0} URI is not specified.'.format(res_title)) - base.validate_ref(self.entity_ref, ref_type) + base.validate_ref_and_return_uuid(self.entity_ref, ref_type) return ref_type @staticmethod @@ -365,6 +384,14 @@ class ACL(object): return '{0}/{1}'.format(entity_ref, ACL._resource_name) @staticmethod + def get_acl_ref_from_entity_ref_relative(entity_ref, entity_type): + # Utility for converting entity ref to acl ref + if entity_ref: + entity_ref = entity_ref.rstrip('/') + return '{0}/{1}/{2}'.format(entity_type, entity_ref, + ACL._resource_name) + + @staticmethod def identify_ref_type(entity_ref): # Utility for identifying ACL type from given entity URI. if not entity_ref: diff --git a/barbicanclient/v1/cas.py b/barbicanclient/v1/cas.py index d076e4b..6a8f541 100644 --- a/barbicanclient/v1/cas.py +++ b/barbicanclient/v1/cas.py @@ -171,7 +171,8 @@ class CA(CAFormatter): def _fill_lazy_properties(self): if self._ca_ref and not self._plugin_name: - result = self._api.get(self._ca_ref) + uuid_ref = base.calculate_uuid_ref(self._ca_ref, self._entity) + result = self._api.get(uuid_ref) self._fill_from_data( meta=result.get('meta'), expiration=result.get('expiration'), @@ -205,7 +206,7 @@ class CAManager(base.BaseEntityManager): :raises barbicanclient.exceptions.HTTPServerError: 5xx Responses """ LOG.debug("Getting ca - CA href: {0}".format(ca_ref)) - base.validate_ref(ca_ref, 'CA') + base.validate_ref_and_return_uuid(ca_ref, 'CA') return CA( api=self._api, ca_ref=ca_ref diff --git a/barbicanclient/v1/containers.py b/barbicanclient/v1/containers.py index 45cdf48..4c362ab 100644 --- a/barbicanclient/v1/containers.py +++ b/barbicanclient/v1/containers.py @@ -211,7 +211,9 @@ class Container(ContainerFormatter): def delete(self): """Delete container from Barbican""" if self._container_ref: - self._api.delete(self._container_ref) + uuid_ref = base.calculate_uuid_ref(self._container_ref, + self._entity) + self._api.delete(uuid_ref) self._container_ref = None self._status = None self._created = None @@ -235,9 +237,10 @@ class Container(ContainerFormatter): raise AttributeError("container_ref not set, cannot reload data.") LOG.debug('Getting container - Container href: {0}' .format(self._container_ref)) - base.validate_ref(self._container_ref, 'Container') + uuid_ref = base.calculate_uuid_ref(self._container_ref, + self._entity) try: - response = self._api.get(self._container_ref) + response = self._api.get(uuid_ref) except AttributeError: raise LookupError('Container {0} could not be found.' .format(self._container_ref)) @@ -530,14 +533,14 @@ class ContainerManager(base.BaseEntityManager): def get(self, container_ref): """Retrieve an existing Container from Barbican - :param str container_ref: Full HATEOAS reference to a Container + :param container_ref: Full HATEOAS reference to a Container, or a UUID :returns: Container object or a subclass of the appropriate type """ LOG.debug('Getting container - Container href: {0}' .format(container_ref)) - base.validate_ref(container_ref, 'Container') + uuid_ref = base.calculate_uuid_ref(container_ref, self._entity) try: - response = self._api.get(container_ref) + response = self._api.get(uuid_ref) except AttributeError: raise LookupError('Container {0} could not be found.' .format(container_ref)) @@ -688,14 +691,15 @@ class ContainerManager(base.BaseEntityManager): def delete(self, container_ref): """Delete a Container from Barbican - :param container_ref: Full HATEOAS reference to a Container + :param container_ref: Full HATEOAS reference to a Container, or a UUID :raises barbicanclient.exceptions.HTTPAuthError: 401 Responses :raises barbicanclient.exceptions.HTTPClientError: 4xx Responses :raises barbicanclient.exceptions.HTTPServerError: 5xx Responses """ if not container_ref: raise ValueError('container_ref is required.') - self._api.delete(container_ref) + uuid_ref = base.calculate_uuid_ref(container_ref, self._entity) + self._api.delete(uuid_ref) def list(self, limit=10, offset=0, name=None, type=None): """List containers for the project. @@ -728,7 +732,7 @@ class ContainerManager(base.BaseEntityManager): def register_consumer(self, container_ref, name, url): """Add a consumer to the container - :param container_ref: Full HATEOAS reference to a Container + :param container_ref: Full HATEOAS reference to a Container, or a UUID :param name: Name of the consuming service :param url: URL of the consuming resource :returns: A container object per the get() method @@ -738,8 +742,9 @@ class ContainerManager(base.BaseEntityManager): """ LOG.debug('Creating consumer registration for container ' '{0} as {1}: {2}'.format(container_ref, name, url)) - href = '{0}/{1}/consumers'.format(self._entity, - container_ref.split('/')[-1]) + container_uuid = base.validate_ref_and_return_uuid( + container_ref, 'Container') + href = '{0}/{1}/consumers'.format(self._entity, container_uuid) consumer_dict = dict() consumer_dict['name'] = name consumer_dict['URL'] = url @@ -750,7 +755,7 @@ class ContainerManager(base.BaseEntityManager): def remove_consumer(self, container_ref, name, url): """Remove a consumer from the container - :param container_ref: Full HATEOAS reference to a Container + :param container_ref: Full HATEOAS reference to a Container, or a UUID :param name: Name of the previously consuming service :param url: URL of the previously consuming resource :raises barbicanclient.exceptions.HTTPAuthError: 401 Responses @@ -759,8 +764,9 @@ class ContainerManager(base.BaseEntityManager): """ LOG.debug('Deleting consumer registration for container ' '{0} as {1}: {2}'.format(container_ref, name, url)) - href = '{0}/{1}/consumers'.format(self._entity, - container_ref.split('/')[-1]) + container_uuid = base.validate_ref_and_return_uuid( + container_ref, 'Container') + href = '{0}/{1}/consumers'.format(self._entity, container_uuid) consumer_dict = { 'name': name, 'URL': url diff --git a/barbicanclient/v1/orders.py b/barbicanclient/v1/orders.py index 3b62f97..15eca81 100644 --- a/barbicanclient/v1/orders.py +++ b/barbicanclient/v1/orders.py @@ -241,7 +241,8 @@ class Order(object): def delete(self): """Deletes the Order from Barbican""" if self._order_ref: - self._api.delete(self._order_ref) + uuid_ref = base.calculate_uuid_ref(self._order_ref, self._entity) + self._api.delete(uuid_ref) self._order_ref = None else: raise LookupError("Order is not yet stored.") @@ -388,16 +389,16 @@ class OrderManager(base.BaseEntityManager): def get(self, order_ref): """Retrieve an existing Order from Barbican - :param order_ref: Full HATEOAS reference to an Order + :param order_ref: Full HATEOAS reference to an Order, or a UUID :returns: An instance of the appropriate subtype of Order :raises barbicanclient.exceptions.HTTPAuthError: 401 Responses :raises barbicanclient.exceptions.HTTPClientError: 4xx Responses :raises barbicanclient.exceptions.HTTPServerError: 5xx Responses """ LOG.debug("Getting order - Order href: {0}".format(order_ref)) - base.validate_ref(order_ref, 'Order') + uuid_ref = base.calculate_uuid_ref(order_ref, self._entity) try: - response = self._api.get(order_ref) + response = self._api.get(uuid_ref) except AttributeError: raise LookupError( 'Order {0} could not be found.'.format(order_ref) @@ -518,11 +519,12 @@ class OrderManager(base.BaseEntityManager): def delete(self, order_ref): """Delete an Order from Barbican - :param order_ref: The href for the order + :param order_ref: Full HATEOAS reference to an Order, or a UUID """ if not order_ref: raise ValueError('order_ref is required.') - self._api.delete(order_ref) + uuid_ref = base.calculate_uuid_ref(order_ref, self._entity) + self._api.delete(uuid_ref) def list(self, limit=10, offset=0): """List Orders for the project diff --git a/barbicanclient/v1/secrets.py b/barbicanclient/v1/secrets.py index c2577d0..5b0c4a1 100644 --- a/barbicanclient/v1/secrets.py +++ b/barbicanclient/v1/secrets.py @@ -357,14 +357,16 @@ class Secret(SecretFormatter): else: raise exceptions.PayloadException("Invalid Payload Type") - self._api.put(self._secret_ref, + uuid_ref = base.calculate_uuid_ref(self._secret_ref, self._entity) + self._api.put(uuid_ref, headers=headers, data=self.payload) def delete(self): """Deletes the Secret from Barbican""" if self._secret_ref: - self._api.delete(self._secret_ref) + uuid_ref = base.calculate_uuid_ref(self._secret_ref, self._entity) + self._api.delete(uuid_ref) self._secret_ref = None else: raise LookupError("Secret is not yet stored.") @@ -411,7 +413,8 @@ class Secret(SecretFormatter): def _fill_lazy_properties(self): if self._secret_ref and not self._name: - result = self._api.get(self._secret_ref) + uuid_ref = base.calculate_uuid_ref(self._secret_ref, self._entity) + result = self._api.get(uuid_ref) self._fill_from_data( name=result.get('name'), expiration=result.get('expiration'), @@ -444,7 +447,7 @@ class SecretManager(base.BaseEntityManager): def get(self, secret_ref, payload_content_type=None): """Retrieve an existing Secret from Barbican - :param str secret_ref: Full HATEOAS reference to a Secret + :param str secret_ref: Full HATEOAS reference to a Secret, or a UUID :param str payload_content_type: DEPRECATED: Content type to use for payload decryption. Setting this can lead to unexpected results. See Launchpad Bug #1419166. @@ -455,7 +458,7 @@ class SecretManager(base.BaseEntityManager): :raises barbicanclient.exceptions.HTTPServerError: 5xx Responses """ LOG.debug("Getting secret - Secret href: {0}".format(secret_ref)) - base.validate_ref(secret_ref, 'Secret') + base.validate_ref_and_return_uuid(secret_ref, 'Secret') return Secret( api=self._api, payload_content_type=payload_content_type, @@ -463,16 +466,16 @@ class SecretManager(base.BaseEntityManager): ) def update(self, secret_ref, payload=None): - """Update an existing Secret from Barbican + """Update an existing Secret in Barbican - :param str secret_ref: Full HATEOAS reference to a Secret + :param str secret_ref: Full HATEOAS reference to a Secret, or a UUID :param str payload: New payload to add to secret :raises barbicanclient.exceptions.HTTPAuthError: 401 Responses :raises barbicanclient.exceptions.HTTPClientError: 4xx Responses :raises barbicanclient.exceptions.HTTPServerError: 5xx Responses """ - base.validate_ref(secret_ref, 'Secret') + base.validate_ref_and_return_uuid(secret_ref, 'Secret') if not secret_ref: raise ValueError('secret_ref is required.') @@ -483,7 +486,8 @@ class SecretManager(base.BaseEntityManager): else: raise exceptions.PayloadException("Invalid Payload Type") - self._api.put(secret_ref, + uuid_ref = base.calculate_uuid_ref(secret_ref, self._entity) + self._api.put(uuid_ref, headers=headers, data=payload) @@ -524,15 +528,16 @@ class SecretManager(base.BaseEntityManager): def delete(self, secret_ref): """Delete a Secret from Barbican - :param secret_ref: The href for the secret to be deleted + :param secret_ref: Full HATEOAS reference to a Secret, or a UUID :raises barbicanclient.exceptions.HTTPAuthError: 401 Responses :raises barbicanclient.exceptions.HTTPClientError: 4xx Responses :raises barbicanclient.exceptions.HTTPServerError: 5xx Responses """ - base.validate_ref(secret_ref, 'Secret') + base.validate_ref_and_return_uuid(secret_ref, 'Secret') if not secret_ref: raise ValueError('secret_ref is required.') - self._api.delete(secret_ref) + uuid_ref = base.calculate_uuid_ref(secret_ref, self._entity) + self._api.delete(uuid_ref) def list(self, limit=10, offset=0, name=None, algorithm=None, mode=None, bits=0, secret_type=None, created=None, updated=None, |