Add --file flag for secrets

This patch adds a --file (-F) flag to both 'secret store' and 'secret
get' commands to work around a cliff formatter limitation when dealing
with binary data. This flag can be used to store a payload directly
from a file so that a user doesn't have to do any base64 juggling of
their data.

The flag can also be used to save a payload directly to a file so we can
avoid UTF-8 and ASCII encoding errors thrown by the cliff formatters
that expect text data.

Original Review: https://review.openstack.org/#/c/388981
Co-Authored-By: douglas.mendizabal@rackspace.com

Change-Id: Iee7e2bbb95238a9bbb9e8e6124fe1663da377939

2 files changed, 83 insertions, 0 deletions

diff --git a/functionaltests/cli/v1/behaviors/secret_behaviors.py b/functionaltests/cli/v1/behaviors/secret_behaviors.py
index 5ea5e9a..9522871 100644
--- a/functionaltests/cli/v1/behaviors/secret_behaviors.py
+++ b/functionaltests/cli/v1/behaviors/secret_behaviors.py
@@ -79,6 +79,31 @@ class SecretBehaviors(base_behaviors.BaseBehaviors):
         self.secret_hrefs_to_delete.append(secret_href)
         return secret_href
 
+    def store_secret_file(self, filename="/tmp/storesecret", store_argv=[]):
+        """Store (aka create) a secret from file
+
+        The store_argv parameter allows additional command line parameters for
+        the store operation to be specified. This can be used to specify -a for
+        algorithm as an example.
+
+        :param payload The payload to use when storing the secret
+        :param store_argv The store command line parameters
+
+        :return: the href to the newly created secret
+        """
+        argv = ['secret', 'store']
+        self.add_auth_and_endpoint(argv)
+        argv.extend(['--file', filename])
+        argv.extend(store_argv)
+
+        stdout, stderr = self.issue_barbican_command(argv)
+
+        secret_data = self._prettytable_to_dict(stdout)
+
+        secret_href = secret_data['Secret href']
+        self.secret_hrefs_to_delete.append(secret_href)
+        return secret_href
+
     def get_secret(self, secret_href):
         """Get a secret
 
@@ -126,6 +151,25 @@ class SecretBehaviors(base_behaviors.BaseBehaviors):
 
         return secret
 
+    def get_secret_file(self, secret_href, filename='/tmp/getsecret'):
+        """Get a secret and store in a file
+
+        :param: the href to a secret
+        :param filename: name of file to store secret in
+        :return string representing the file name.
+        """
+        argv = ['secret', 'get']
+        self.add_auth_and_endpoint(argv)
+        argv.extend([secret_href])
+        argv.extend(['--file', filename])
+
+        stdout, stderr = self.issue_barbican_command(argv)
+
+        if '4xx Client error: Not Found' in stderr:
+            return {}
+
+        return filename
+
     def list_secrets(self):
         """List secrets
 
@@ -146,3 +190,26 @@ class SecretBehaviors(base_behaviors.BaseBehaviors):
         secrets_to_delete = list(self.secret_hrefs_to_delete)
         for href in secrets_to_delete:
             self.delete_secret(href)
+
+    def read_secret_test_file(self, filename='/tmp/getsecret'):
+        """Read payload from file used in testing
+
+        :param filename: name of file to write
+        :return contents of the file
+        """
+        with open(filename, "r") as myfile:
+            data = myfile.read()
+        return data
+
+    def write_secret_test_file(self, filename='/tmp/storesecret',
+                               payload="Payload for testing"):
+        """Write payload to file for use in testing
+
+        :param filename: name of file to write
+        :param payload: data to store
+        :return
+        """
+        myfile = open(filename, "wb")
+        myfile.write(payload)
+        myfile.close()
+        return
diff --git a/functionaltests/cli/v1/smoke/test_secret.py b/functionaltests/cli/v1/smoke/test_secret.py
index ed0882b..b030b0f 100644
--- a/functionaltests/cli/v1/smoke/test_secret.py
+++ b/functionaltests/cli/v1/smoke/test_secret.py
@@ -132,3 +132,19 @@ class SecretTestCase(CmdLineTestCase):
         payload = self.secret_behaviors.get_secret_payload(secret_href,
                                                            raw=True)
         self.assertEqual(payload, self.expected_payload)
+
+    @testcase.attr('positive')
+    def test_secret_file_parameter_read(self):
+        secret_href = self.secret_behaviors.store_secret(
+            payload=self.expected_payload)
+        self.secret_behaviors.get_secret_file(secret_href=secret_href)
+        payload = self.secret_behaviors.read_secret_test_file()
+        self.assertEqual(payload, self.expected_payload)
+
+    @testcase.attr('positive')
+    def test_secret_file_parameter_write(self):
+        self.secret_behaviors.write_secret_test_file(
+            payload=self.expected_payload)
+        secret_href = self.secret_behaviors.store_secret_file()
+        payload = self.secret_behaviors.get_secret_payload(secret_href)
+        self.assertEqual(payload, self.expected_payload)