Add support for the Sensitive attribute

This change adds support for the Sensitive attribute, adding it to
the attribute factory, the SQLAlchemy object hierarchy, and to the
server attribute handling methods. The intent is to use this new
attribute to test the new SetAttribute and ModifyAttribute
operations coming in future commits. Unit tests have been added
and modified to support the new additions.

kmip/core/enums.py

@@ -126,6 +126,7 @@ class AttributeType(enum.Enum):
     KEY_VALUE_PRESENT                = 'Key Value Present'
     KEY_VALUE_LOCATION               = 'Key Value Location'
     ORIGINAL_CREATION_DATE           = 'Original Creation Date'
+    SENSITIVE                        = "Sensitive"
 
 
 class AuthenticationSuite(enum.Enum):

kmip/core/factories/attribute_values.py

@@ -104,6 +104,8 @@ def create_attribute_value(self, name, value):
             return self._create_contact_information(value)
         elif name is enums.AttributeType.LAST_CHANGE_DATE:
             return primitives.DateTime(value, enums.Tags.LAST_CHANGE_DATE)
+        elif name is enums.AttributeType.SENSITIVE:
+            return primitives.Boolean(value, enums.Tags.SENSITIVE)
         elif name is enums.AttributeType.CUSTOM_ATTRIBUTE:
             return attributes.CustomAttribute(value)
         else:
@@ -194,6 +196,8 @@ def create_attribute_value_by_enum(self, enum, value):
             return self._create_contact_information(value)
         elif enum is enums.Tags.LAST_CHANGE_DATE:
             return primitives.DateTime(value, enums.Tags.LAST_CHANGE_DATE)
+        elif enum is enums.Tags.SENSITIVE:
+            return primitives.Boolean(value, enums.Tags.SENSITIVE)
         elif enum is enums.Tags.CUSTOM_ATTRIBUTE:
             return attributes.CustomAttribute(value)
         else:

kmip/pie/objects.py

@@ -106,6 +106,7 @@ class ManagedObject(sql.Base):
         String(50),
         default='default'
     )
+    sensitive = Column("sensitive", Boolean, default=False)
     initial_date = Column(Integer, default=0)
     _owner = Column('owner', String(50), default=None)
 
@@ -144,6 +145,7 @@ def __init__(self):
         self.names = list()
         self.operation_policy_name = None
         self.initial_date = 0
+        self.sensitive = False
         self._object_type = None
         self._owner = None
 

kmip/services/server/engine.py

@@ -744,6 +744,8 @@ def _get_attribute_from_managed_object(self, managed_object, attr_name):
             return None
         elif attr_name == 'Last Change Date':
             return None
+        elif attr_name == "Sensitive":
+            return managed_object.sensitive
         else:
             # Since custom attribute names are possible, just return None
             # for unrecognized attributes. This satisfies the spec.
@@ -825,6 +827,8 @@ def _set_attribute_on_managed_object(self, managed_object, attribute):
                         value.append(e)
             elif attribute_name == 'Operation Policy Name':
                 field = 'operation_policy_name'
+            elif attribute_name == "Sensitive":
+                field = "sensitive"
 
             if field:
                 existing_value = getattr(managed_object, field)

kmip/services/server/policy.py

@@ -1078,6 +1078,30 @@ def __init__(self, version):
                 ),
                 contents.ProtocolVersion(1, 0)
             ),
+            "Sensitive": AttributeRuleSet(
+                True,
+                ("server", "client"),
+                True,
+                True,
+                False,
+                False,
+                (
+                    enums.Operation.CREATE,
+                    enums.Operation.CREATE_KEY_PAIR,
+                    enums.Operation.REGISTER
+                ),
+                (
+                    enums.ObjectType.CERTIFICATE,
+                    enums.ObjectType.SYMMETRIC_KEY,
+                    enums.ObjectType.PUBLIC_KEY,
+                    enums.ObjectType.PRIVATE_KEY,
+                    enums.ObjectType.SPLIT_KEY,
+                    enums.ObjectType.TEMPLATE,
+                    enums.ObjectType.SECRET_DATA,
+                    enums.ObjectType.OPAQUE_DATA
+                ),
+                contents.ProtocolVersion(1, 4)
+            )
         }
 
     def is_attribute_supported(self, attribute):

kmip/tests/unit/core/factories/test_attribute_values.py

@@ -505,3 +505,23 @@ def test_create_custom_attribute(self):
         custom = self.factory.create_attribute_value(
             enums.AttributeType.CUSTOM_ATTRIBUTE, None)
         self.assertIsInstance(custom, attributes.CustomAttribute)
+
+    def test_create_sensitive(self):
+        """
+        Test that a Sensitive attribute can be created.
+        """
+        sensitive = self.factory.create_attribute_value(
+            enums.AttributeType.SENSITIVE,
+            True
+        )
+        self.assertIsInstance(sensitive, primitives.Boolean)
+        self.assertTrue(sensitive.value)
+        self.assertEqual(enums.Tags.SENSITIVE, sensitive.tag)
+
+        sensitive = self.factory.create_attribute_value_by_enum(
+            enums.Tags.SENSITIVE,
+            False
+        )
+        self.assertIsInstance(sensitive, primitives.Boolean)
+        self.assertFalse(sensitive.value)
+        self.assertEqual(enums.Tags.SENSITIVE, sensitive.tag)

kmip/tests/unit/services/server/test_engine.py

@@ -1757,6 +1757,10 @@ def test_set_attribute_on_managed_object(self):
                 enums.CryptographicUsageMask.DECRYPT
             ]
         )
+        sensitive = attribute_factory.create_attribute(
+            enums.AttributeType.SENSITIVE,
+            True
+        )
         managed_object = pie_objects.SymmetricKey(
             enums.CryptographicAlgorithm.AES,
             0,
@@ -1771,6 +1775,7 @@ def test_set_attribute_on_managed_object(self):
         )
         self.assertEqual(0, managed_object.cryptographic_length)
         self.assertEqual([], managed_object.cryptographic_usage_masks)
+        self.assertFalse(managed_object.sensitive)
 
         e._set_attribute_on_managed_object(
             managed_object,
@@ -1809,6 +1814,13 @@ def test_set_attribute_on_managed_object(self):
             managed_object.cryptographic_usage_masks
         )
 
+        e._set_attribute_on_managed_object(
+            managed_object,
+            ("Sensitive", sensitive.attribute_value)
+        )
+
+        self.assertTrue(managed_object.sensitive)
+
     def test_set_attribute_on_managed_object_unsupported_features(self):
         """
         Test that the right errors are generated when unsupported features

kmip/tests/unit/services/server/test_policy.py

@@ -172,7 +172,8 @@ def test_get_all_attribute_names(self):
             'Application Specific Information',
             'Contact Information',
             'Last Change Date',
-            'Custom Attribute'
+            'Custom Attribute',
+            "Sensitive"
         ]
 
         result = rules.get_all_attribute_names()