summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorZuul <zuul@review.openstack.org>2019-02-28 21:53:33 +0000
committerGerrit Code Review <review@openstack.org>2019-02-28 21:53:33 +0000
commit566c79265844a95b8cdd069a37f2c731a231a4ed (patch)
treef11c4fe56d3d2a4f33182a8e9fdb2bf264249dec
parent2596e7c840d65b15a054131ebecadba8104cf351 (diff)
parentaa241081c9eb846c8ab2efe0afbf1ef9ec05f8c0 (diff)
Merge "Fix exception handling and add tests"
-rw-r--r--pegleg/engine/util/encryption.py15
-rw-r--r--test-requirements.txt1
-rw-r--r--tests/unit/engine/test_generate_cryptostring.py24
-rw-r--r--tests/unit/test_exceptions.py26
-rw-r--r--tox.ini2
5 files changed, 59 insertions, 9 deletions
diff --git a/pegleg/engine/util/encryption.py b/pegleg/engine/util/encryption.py
index c822cbc..bd575f5 100644
--- a/pegleg/engine/util/encryption.py
+++ b/pegleg/engine/util/encryption.py
@@ -15,8 +15,7 @@
15import base64 15import base64
16import logging 16import logging
17 17
18from cryptography.exceptions import InvalidSignature 18from cryptography import fernet
19from cryptography.fernet import Fernet
20from cryptography.hazmat.backends import default_backend 19from cryptography.hazmat.backends import default_backend
21from cryptography.hazmat.primitives import hashes 20from cryptography.hazmat.primitives import hashes
22from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC 21from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
@@ -57,8 +56,8 @@ def encrypt(unencrypted_data,
57 :rtype: bytes 56 :rtype: bytes
58 """ 57 """
59 58
60 return Fernet(_generate_key(passphrase, salt, key_length, 59 return fernet.Fernet(_generate_key(
61 iterations)).encrypt(unencrypted_data) 60 passphrase, salt, key_length, iterations)).encrypt(unencrypted_data)
62 61
63 62
64def decrypt(encrypted_data, 63def decrypt(encrypted_data,
@@ -88,14 +87,14 @@ def decrypt(encrypted_data,
88 :type iterations: positive integer. 87 :type iterations: positive integer.
89 :return: Decrypted secret data 88 :return: Decrypted secret data
90 :rtype: bytes 89 :rtype: bytes
91 :raises InvalidSignature: If the provided passphrase, and/or 90 :raises InvalidToken: If the provided passphrase, and/or
92 salt does not match the values used to encrypt the data. 91 salt does not match the values used to encrypt the data.
93 """ 92 """
94 93
95 try: 94 try:
96 return Fernet(_generate_key(passphrase, salt, key_length, 95 return fernet.Fernet(_generate_key(
97 iterations)).decrypt(encrypted_data) 96 passphrase, salt, key_length, iterations)).decrypt(encrypted_data)
98 except InvalidSignature: 97 except fernet.InvalidToken:
99 LOG.error('Signature verification to decrypt secrets failed. Please ' 98 LOG.error('Signature verification to decrypt secrets failed. Please '
100 'check your provided passphrase and salt and try again.') 99 'check your provided passphrase and salt and try again.')
101 raise 100 raise
diff --git a/test-requirements.txt b/test-requirements.txt
index 1f28230..5a16574 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -1,6 +1,7 @@
1# Testing 1# Testing
2pytest==3.2.1 2pytest==3.2.1
3pytest-cov==2.5.1 3pytest-cov==2.5.1
4testfixtures
4mock==2.0.0 5mock==2.0.0
5 6
6# Formatting 7# Formatting
diff --git a/tests/unit/engine/test_generate_cryptostring.py b/tests/unit/engine/test_generate_cryptostring.py
index 2797e8f..c05bb8b 100644
--- a/tests/unit/engine/test_generate_cryptostring.py
+++ b/tests/unit/engine/test_generate_cryptostring.py
@@ -14,9 +14,13 @@
14 14
15import os 15import os
16import tempfile 16import tempfile
17import uuid
17 18
19from cryptography import fernet
18import mock 20import mock
21import pytest
19import string 22import string
23from testfixtures import log_capture
20import yaml 24import yaml
21 25
22from pegleg.engine.util.cryptostring import CryptoString 26from pegleg.engine.util.cryptostring import CryptoString
@@ -176,3 +180,23 @@ def test_generate_passphrases(*_):
176 assert len(decrypted_passphrase) == 25 180 assert len(decrypted_passphrase) == 25
177 else: 181 else:
178 assert len(decrypted_passphrase) == 24 182 assert len(decrypted_passphrase) == 24
183
184
185@log_capture()
186def test_generate_passphrases_exception(capture):
187 unenc_data = uuid.uuid4().bytes
188 passphrase1 = uuid.uuid4().bytes
189 passphrase2 = uuid.uuid4().bytes
190 salt1 = uuid.uuid4().bytes
191 salt2 = uuid.uuid4().bytes
192
193 # Generate random data and encrypt it
194 enc_data = encryption.encrypt(unenc_data, passphrase1, salt1)
195
196 # Decrypt using the wrong key to see to see the InvalidToken error
197 with pytest.raises(fernet.InvalidToken):
198 encryption.decrypt(enc_data, passphrase2, salt2)
199 capture.check(('pegleg.engine.util.encryption', 'ERROR',
200 ('Signature verification to decrypt secrets failed. '
201 'Please check your provided passphrase and salt and '
202 'try again.')))
diff --git a/tests/unit/test_exceptions.py b/tests/unit/test_exceptions.py
new file mode 100644
index 0000000..2d5774f
--- /dev/null
+++ b/tests/unit/test_exceptions.py
@@ -0,0 +1,26 @@
1# Licensed under the Apache License, Version 2.0 (the "License");
2# you may not use this file except in compliance with the License.
3# You may obtain a copy of the License at
4#
5# http://www.apache.org/licenses/LICENSE-2.0
6#
7# Unless required by applicable law or agreed to in writing, software
8# distributed under the License is distributed on an "AS IS" BASIS,
9# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
10# See the License for the specific language governing permissions and
11# limitations under the License.
12
13import logging
14
15import pytest
16from testfixtures import log_capture
17
18from pegleg.engine import exceptions as exc
19
20
21@log_capture()
22def test_exception_with_missing_kwargs(capture):
23 message = 'Testing missing kwargs exception with {text}'
24 with pytest.raises(exc.PeglegBaseException):
25 raise exc.PeglegBaseException(message=message, key="value")
26 capture.check(('pegleg.engine.exceptions', 'WARNING', 'Missing kwargs'))
diff --git a/tox.ini b/tox.ini
index 50e498c..46dcedd 100644
--- a/tox.ini
+++ b/tox.ini
@@ -60,7 +60,7 @@ commands =
60 {toxinidir}/tools/install-cfssl.sh 60 {toxinidir}/tools/install-cfssl.sh
61 bash -c 'PATH=$PATH:~/.local/bin; pytest --cov=pegleg --cov-report \ 61 bash -c 'PATH=$PATH:~/.local/bin; pytest --cov=pegleg --cov-report \
62 html:cover --cov-report xml:cover/coverage.xml --cov-report term \ 62 html:cover --cov-report xml:cover/coverage.xml --cov-report term \
63 --cov-fail-under 84 tests/' 63 --cov-fail-under 86 tests/'
64whitelist_externals = 64whitelist_externals =
65 bash 65 bash
66 66