diff options
author | Simo Sorce <simo@redhat.com> | 2015-04-08 09:51:32 -0400 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2015-04-08 09:51:32 -0400 |
commit | 3ad95956864a8b8727dc3661e208e04b688baf8e (patch) | |
tree | 16f4f9372a99cd80a204e58397b16bcb3d1612c2 | |
parent | 575efc8bd229cfa5ef7d73c4b53c1e27f6f267d5 (diff) | |
download | custodia-3ad95956864a8b8727dc3661e208e04b688baf8e.tar.gz custodia-3ad95956864a8b8727dc3661e208e04b688baf8e.tar.xz custodia-3ad95956864a8b8727dc3661e208e04b688baf8e.zip |
Allow to filter by keytype on key GET
-rw-r--r-- | API.md | 4 | ||||
-rw-r--r-- | custodia/secrets.py | 16 |
2 files changed, 20 insertions, 0 deletions
@@ -53,11 +53,15 @@ Getting keys A GET operation with the name of the key: GET /secrets/name/of/key +A query parameter named 'type' can be provided, in that case the key is +returned only if it matches the requested type. + Returns: - 200 and a JSON formatted key in case of success. - 401 if authentication is necessary - 403 if access to the key is forbidden - 404 if no key was found +- 406 not acceptable, key exists but does not match type requested Storing keys diff --git a/custodia/secrets.py b/custodia/secrets.py index 397754b..a6958e3 100644 --- a/custodia/secrets.py +++ b/custodia/secrets.py @@ -182,11 +182,17 @@ class Secrets(HTTPConsumer): response['code'] = 204 def _get_key(self, trail, request, response): + reqtype = request.get('query', dict()).get('type') key = self._db_key(trail) try: output = self.root.store.get(key) if output is None: raise HTTPError(404) + if reqtype is not None: + key = json.loads(output) + keytype = key.get('type') + if keytype != reqtype: + raise HTTPError(406) response['output'] = output except CSStoreError: raise HTTPError(500) @@ -405,6 +411,16 @@ class SecretsTests(unittest.TestCase): self.assertEqual(err.exception.code, 404) + def test_5_GETkey_errors_406(self): + req = {'remote_user': 'test', + 'query': {'type': 'complex'}, + 'trail': ['test', 'key1']} + rep = {} + with self.assertRaises(HTTPError) as err: + self.GET(req, rep) + + self.assertEqual(err.exception.code, 406) + def test_6_LISTkeys_errors_404_1(self): req = {'remote_user': 'test', 'trail': ['test', 'case', '']} |