Use barbican client from barbican-templest-plugin

Previously we had copy-pasted barbican client code into our own in order to access secrets. If we install the barbican-tempest-plugin, we can use their client directly, as explained in [1]. [1] https://docs.openstack.org/tempest/latest/plugins/plugin.html#service-clients Change-Id: Iccbeef049af5e3a913d7ce56cd29f7dc66517532
2023-03-27 14:45:56 -04:00 · 2023-03-27 14:45:56 -04:00 · d3a8b0ef14
commit d3a8b0ef14
parent 8df1d7fffd
6 changed files with 14 additions and 117 deletions
--- a/.zuul.yaml
+++ b/.zuul.yaml
@ -37,6 +37,7 @@
    required-projects:
      - openstack/whitebox-tempest-plugin
      - openstack/barbican
+      - openstack/barbican-tempest-plugin
    pre-run: playbooks/whitebox/pre.yaml
    irrelevant-files:
      - ^test-requirements.txt$
@ -51,7 +52,7 @@
      devstack_localrc:
        MAX_COMPUTE_NODES: 2
        LIBVIRT_TYPE: kvm
-        TEMPEST_PLUGINS: /opt/stack/whitebox-tempest-plugin
+        TEMPEST_PLUGINS: /opt/stack/whitebox-tempest-plugin /opt/stack/barbican-tempest-plugin
        WHITEBOX_PRIVKEY_PATH: /home/tempest/.ssh/id_rsa
        WHITEBOX_CPU_MODEL: Nehalem
        WHITEBOX_CPU_MODEL_EXTRA_FLAGS: vme,+ssse3,-mmx
--- a/whitebox_tempest_plugin/api/compute/test_vtpm.py
+++ b/whitebox_tempest_plugin/api/compute/test_vtpm.py
@ -15,6 +15,8 @@

 from tempest import config
 from tempest.exceptions import BuildErrorException
+from tempest.lib.services import clients
+
 from whitebox_tempest_plugin.api.compute import base

 CONF = config.CONF
@ -39,10 +41,14 @@ class VTPMTest(base.BaseWhiteboxComputeTest):
    @classmethod
    def setup_clients(cls):
        super(VTPMTest, cls).setup_clients()
-        os = getattr(cls, 'os_primary')
-        cls.secret_client = os.secret_v1.SecretClient(
-            service='key-manager'
-        )
+        if CONF.identity.auth_version == 'v3':
+            auth_uri = CONF.identity.uri_v3
+        else:
+            auth_uri = CONF.identity.uri
+        service_clients = clients.ServiceClients(cls.os_primary.credentials,
+                                                 auth_uri)
+        cls.os_primary.secrets_client = service_clients.secret_v1.SecretClient(
+            service='key-manager')

    def _vptm_server_creation_check(self, vtpm_model, vtpm_version):
        """Test to verify creating server with vTPM device
@ -82,7 +88,8 @@ class VTPMTest(base.BaseWhiteboxComputeTest):

        # Get the secret uuid and get secret details from barbican
        secret_uuid = secret_uuid = vtpm_secret_element.get('secret')
-        secret_info = self.secret_client.get_secret(secret_uuid)
+        secret_info = self.os_primary.secrets_client.get_secret_metadata(
+            secret_uuid)

        # Confirm the secret is ACTIVE and its description mentions the
        # respective server uuid and it is used for vTPM
--- a/whitebox_tempest_plugin/plugin.py
+++ b/whitebox_tempest_plugin/plugin.py
@ -56,14 +56,3 @@ class WhiteboxTempestPlugin(plugins.TempestPlugin):
                 whitebox_config.database_opts),
                (whitebox_config.hardware_group.name,
                 whitebox_config.hardware_opts)]
-
-    def get_service_clients(self):
-        v1_params = {
-            'name': 'secret_v1',
-            'service_version': 'secret.v1',
-            'module_path': 'whitebox_tempest_plugin.services.key_manager.json',
-            'client_names': [
-                'SecretClient'
-            ]
-        }
-        return [v1_params]
--- a/whitebox_tempest_plugin/services/key_manager/json/init.py
+++ b/whitebox_tempest_plugin/services/key_manager/json/init.py
@ -1,22 +0,0 @@
-# Copyright 2021 Red Hat Inc.
-# All Rights Reserved.
-#
-#    Licensed under the Apache License, Version 2.0 (the "License"); you may
-#    not use this file except in compliance with the License. You may obtain
-#    a copy of the License at
-#
-#         http://www.apache.org/licenses/LICENSE-2.0
-#
-#    Unless required by applicable law or agreed to in writing, software
-#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#    License for the specific language governing permissions and limitations
-#    under the License.
-
-
-from whitebox_tempest_plugin.services.key_manager.json.secret_client \
-    import SecretClient
-
-__all__ = [
-    'SecretClient',
-]
--- a/whitebox_tempest_plugin/services/key_manager/json/base.py
+++ b/whitebox_tempest_plugin/services/key_manager/json/base.py
@ -1,30 +0,0 @@
-# Copyright 2021 Red Hat Inc.
-# All Rights Reserved.
-#
-#    Licensed under the Apache License, Version 2.0 (the "License"); you may
-#    not use this file except in compliance with the License. You may obtain
-#    a copy of the License at
-#
-#         http://www.apache.org/licenses/LICENSE-2.0
-#
-#    Unless required by applicable law or agreed to in writing, software
-#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#    License for the specific language governing permissions and limitations
-#    under the License.
-
-from tempest.lib.common import rest_client
-
-
-_DEFAULT_SERVICE_TYPE = 'key-manager'
-
-
-class BarbicanTempestClient(rest_client.RestClient):
-
-    def __init__(self, *args, **kwargs):
-        kwargs['service'] = _DEFAULT_SERVICE_TYPE
-        super().__init__(*args, **kwargs)
-
-    @classmethod
-    def ref_to_uuid(cls, href):
-        return href.split('/')[-1]
--- a/whitebox_tempest_plugin/services/key_manager/json/secret_client.py
+++ b/whitebox_tempest_plugin/services/key_manager/json/secret_client.py
@ -1,48 +0,0 @@
-# Copyright 2021 Red Hat Inc.
-# All Rights Reserved.
-#
-#    Licensed under the Apache License, Version 2.0 (the "License"); you may
-#    not use this file except in compliance with the License. You may obtain
-#    a copy of the License at
-#
-#         http://www.apache.org/licenses/LICENSE-2.0
-#
-#    Unless required by applicable law or agreed to in writing, software
-#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#    License for the specific language governing permissions and limitations
-#    under the License.
-
-from tempest import config
-
-from whitebox_tempest_plugin.services.key_manager.json import base
-
-
-CONF = config.CONF
-
-
-class SecretClient(base.BarbicanTempestClient):
-
-    def __init__(self, *args, **kwargs):
-        super().__init__(*args, **kwargs)
-        self._secret_ids = set()
-
-    def get_secret(self, secret_id):
-        resp, body = self.get("v1/secrets/%s" % secret_id)
-        self.expected_success(200, resp.status)
-        return self._parse_resp(body)
-
-    def list_secrets(self, **kwargs):
-        uri = "v1/secrets"
-        if kwargs is not None:
-            uri = '{base}?'.format(base=uri)
-
-            for key in kwargs.keys():
-                uri = '{base}&{name}={value}'.format(
-                    base=uri,
-                    name=key,
-                    value=kwargs[key]
-                )
-        resp, body = self.get(uri)
-        self.expected_success(200, resp.status)
-        return self._parse_resp(body)