Add tools for parse credential from Secret payload

Provide tools to grep credential from payload context in Barbican secret. Change-Id: Ib638cfe25c35ef002088d52c729238f2aba737e6 Story: #2002126 Task: #26906
2018-07-06 13:17:29 +08:00 · 2018-07-06 13:17:29 +08:00 · 6c35f28365
commit 6c35f28365
parent 2e3091e5b6
2 changed files with 25 additions and 0 deletions
--- a/heat/engine/clients/os/barbican.py
+++ b/heat/engine/clients/os/barbican.py
@ -14,11 +14,13 @@
 from barbicanclient import exceptions
 from barbicanclient.v1 import client as barbican_client
 from barbicanclient.v1 import containers
+from oslo_log import log as logging

 from heat.common import exception
 from heat.engine.clients import client_plugin
 from heat.engine import constraints

+LOG = logging.getLogger(__name__)

 CLIENT_NAME = 'barbican'

@ -63,8 +65,13 @@ class BarbicanClientPlugin(client_plugin.ClientPlugin):
                raise exception.EntityNotFound(
                    entity="Secret",
                    name=secret_ref)
+            LOG.info('Failed to get Barbican secret from reference %s' % (
+                secret_ref))
            raise

+    def get_secret_payload_by_ref(self, secret_ref):
+        return self.get_secret_by_ref(secret_ref).payload
+
    def get_container_by_ref(self, container_ref):
        try:
            # TODO(therve): replace with to_dict()
--- a/heat/tests/clients/test_barbican_client.py
+++ b/heat/tests/clients/test_barbican_client.py
@ -44,6 +44,24 @@ class BarbicanClientPluginTest(common.HeatTestCase):
        self.assertEqual(secret,
                         self.barbican_plugin.get_secret_by_ref("secret"))

+    def test_get_secret_payload_by_ref(self):
+        payload_content = 'payload content'
+        secret = collections.namedtuple(
+            'Secret', ['name', 'payload'])('foo', payload_content)
+        self.barbican_client.secrets.get.return_value = secret
+        expect = payload_content
+        self.assertEqual(expect,
+                         self.barbican_plugin.get_secret_payload_by_ref(
+                             "secret"))
+
+    def test_get_secret_payload_by_ref_not_found(self):
+        exc = exceptions.HTTPClientError(message="Not Found", status_code=404)
+        self.barbican_client.secrets.get.side_effect = exc
+        self.assertRaises(
+            exception.EntityNotFound,
+            self.barbican_plugin.get_secret_payload_by_ref,
+            "secret")
+
    def test_get_secret_by_ref_not_found(self):
        exc = exceptions.HTTPClientError(message="Not Found", status_code=404)
        self.barbican_client.secrets.get.side_effect = exc