The field returned by barbican is secret_ref, not secret_href
Also, this accounts for the the resp.to_dict() call not absorbing the secret_ref key. This commit also adds type mapping for missing secret types to their barbican equivalents. Change-Id: Idd4895fd441443a3dc41a3358edf6bd3648be5c1
This commit is contained in:
parent
879dfb6129
commit
0fae4bec58
|
@ -32,7 +32,7 @@ class BarbicanDriver(object):
|
||||||
secret = self.barbicanclient.call("secrets.create", **kwargs)
|
secret = self.barbicanclient.call("secrets.create", **kwargs)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
secret.store()
|
secret_ref = secret.store()
|
||||||
except (barbicanclient.exceptions.HTTPAuthError,
|
except (barbicanclient.exceptions.HTTPAuthError,
|
||||||
barbicanclient.exceptions.HTTPClientError,
|
barbicanclient.exceptions.HTTPClientError,
|
||||||
barbicanclient.exceptions.HTTPServerError) as e:
|
barbicanclient.exceptions.HTTPServerError) as e:
|
||||||
|
@ -43,6 +43,7 @@ class BarbicanDriver(object):
|
||||||
# NOTE(fmontei): The dictionary representation of the Secret object by
|
# NOTE(fmontei): The dictionary representation of the Secret object by
|
||||||
# default has keys that are not snake case -- so make them snake case.
|
# default has keys that are not snake case -- so make them snake case.
|
||||||
resp = secret.to_dict()
|
resp = secret.to_dict()
|
||||||
for key in resp.keys():
|
for key in resp:
|
||||||
resp[utils.to_snake_case(key)] = resp.pop(key)
|
resp[utils.to_snake_case(key)] = resp.pop(key)
|
||||||
|
resp['secret_ref'] = secret_ref
|
||||||
return resp
|
return resp
|
||||||
|
|
|
@ -73,7 +73,7 @@ class SecretsManager(object):
|
||||||
}
|
}
|
||||||
resp = self.barbican_driver.create_secret(**kwargs)
|
resp = self.barbican_driver.create_secret(**kwargs)
|
||||||
|
|
||||||
secret_ref = resp['secret_href']
|
secret_ref = resp['secret_ref']
|
||||||
created_secret = secret_ref
|
created_secret = secret_ref
|
||||||
elif encryption_type == CLEARTEXT:
|
elif encryption_type == CLEARTEXT:
|
||||||
created_secret = secret_doc['data']
|
created_secret = secret_doc['data']
|
||||||
|
@ -93,6 +93,12 @@ class SecretsManager(object):
|
||||||
_schema = schema.split('/')[1].lower().strip()
|
_schema = schema.split('/')[1].lower().strip()
|
||||||
if _schema == 'certificatekey':
|
if _schema == 'certificatekey':
|
||||||
return 'private'
|
return 'private'
|
||||||
|
elif _schema == 'certificateauthority':
|
||||||
|
return 'certificate'
|
||||||
|
elif _schema == 'certificateauthoritykey':
|
||||||
|
return 'private'
|
||||||
|
elif _schema == 'publickey':
|
||||||
|
return 'public'
|
||||||
return _schema
|
return _schema
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -30,7 +30,7 @@ class TestSecretsManager(test_base.TestDbBase):
|
||||||
secrets_manager.SecretsManager, 'barbican_driver')
|
secrets_manager.SecretsManager, 'barbican_driver')
|
||||||
self.secret_ref = 'https://path/to/fake_secret'
|
self.secret_ref = 'https://path/to/fake_secret'
|
||||||
self.mock_barbican_driver.create_secret.return_value = (
|
self.mock_barbican_driver.create_secret.return_value = (
|
||||||
{'secret_href': self.secret_ref})
|
{'secret_ref': self.secret_ref})
|
||||||
|
|
||||||
self.secrets_manager = secrets_manager.SecretsManager()
|
self.secrets_manager = secrets_manager.SecretsManager()
|
||||||
self.factory = factories.DocumentSecretFactory()
|
self.factory = factories.DocumentSecretFactory()
|
||||||
|
|
|
@ -35,4 +35,8 @@ oslo.policy>=1.23.0 # Apache-2.0
|
||||||
oslo.serialization!=2.19.1,>=1.10.0 # Apache-2.0
|
oslo.serialization!=2.19.1,>=1.10.0 # Apache-2.0
|
||||||
oslo.utils>=3.20.0 # Apache-2.0
|
oslo.utils>=3.20.0 # Apache-2.0
|
||||||
|
|
||||||
|
# TODO(alanmeadows)
|
||||||
|
# this must match the container service
|
||||||
|
# likely this should be imported from a
|
||||||
|
# container sidecar long-term
|
||||||
python-barbicanclient>=4.0.0 # Apache-2.0
|
python-barbicanclient>=4.0.0 # Apache-2.0
|
||||||
|
|
Loading…
Reference in New Issue