diff --git a/pegleg/cli.py b/pegleg/cli.py index 84864cce..611e5aab 100644 --- a/pegleg/cli.py +++ b/pegleg/cli.py @@ -25,7 +25,6 @@ from pegleg.engine import bundle from pegleg.engine import catalog from pegleg.engine.secrets import wrap_secret from pegleg.engine.util import files -from pegleg.engine.util.pegleg_secret_management import PeglegSecretManagement from pegleg.engine.util.shipyard_helper import ShipyardHelper LOG = logging.getLogger(__name__) @@ -542,17 +541,7 @@ def wrap_secret_cli(*, site_name, author, filename, output_path, schema, 'to genesis.sh script.') @SITE_REPOSITORY_ARGUMENT def genesis_bundle(*, build_dir, validators, site_name): - passphrase = os.environ.get("PEGLEG_PASSPHRASE") - salt = os.environ.get("PEGLEG_SALT") encryption_key = os.environ.get("PROMENADE_ENCRYPTION_KEY") - if passphrase: - passphrase = passphrase.encode() - if salt: - salt = salt.encode() - config.set_passphrase(passphrase) - config.set_salt(salt) - - PeglegSecretManagement.check_environment() bundle.build_genesis(build_dir, encryption_key, validators, diff --git a/pegleg/config.py b/pegleg/config.py index 84f09814..0f0f7b8f 100644 --- a/pegleg/config.py +++ b/pegleg/config.py @@ -16,6 +16,8 @@ # context passing but will require a somewhat heavy code refactor. See: # http://click.pocoo.org/5/commands/#nested-handling-and-contexts +import os + from pegleg.engine import exceptions try: @@ -155,15 +157,16 @@ def set_rel_type_path(p): GLOBAL_CONTEXT['type_path'] = p -def set_passphrase(passphrase): +def set_passphrase(): """Set the passphrase for encryption and decryption.""" + passphrase = os.environ.get('PEGLEG_PASSPHRASE') if not passphrase: raise exceptions.PassphraseNotFoundException() elif len(passphrase) < GLOBAL_CONTEXT['passphrase_min_length']: raise exceptions.PassphraseInsufficientLengthException() - GLOBAL_CONTEXT['passphrase'] = passphrase + GLOBAL_CONTEXT['passphrase'] = passphrase.encode() def get_passphrase(): @@ -171,15 +174,16 @@ def get_passphrase(): return GLOBAL_CONTEXT['passphrase'] -def set_salt(salt): +def set_salt(): """Set the salt for encryption and decryption.""" + salt = os.environ.get('PEGLEG_SALT') if not salt: raise exceptions.SaltNotFoundException() elif len(salt) < GLOBAL_CONTEXT['salt_min_length']: raise exceptions.SaltInsufficientLengthException() - GLOBAL_CONTEXT['salt'] = salt + GLOBAL_CONTEXT['salt'] = salt.encode() def get_salt(): diff --git a/pegleg/engine/util/pegleg_secret_management.py b/pegleg/engine/util/pegleg_secret_management.py index 9feeef97..1727ac0a 100644 --- a/pegleg/engine/util/pegleg_secret_management.py +++ b/pegleg/engine/util/pegleg_secret_management.py @@ -13,8 +13,6 @@ # limitations under the License. import logging -import os -import re import click import yaml @@ -27,16 +25,17 @@ from pegleg.engine.util.pegleg_managed_document import \ PeglegManagedSecretsDocument as PeglegManagedSecret LOG = logging.getLogger(__name__) -PASSPHRASE_PATTERN = '^.{24,}$' # nosec (alexanderhughes) -ENV_PASSPHRASE = 'PEGLEG_PASSPHRASE' # nosec (alexanderhughes) -ENV_SALT = 'PEGLEG_SALT' class PeglegSecretManagement(object): """An object to handle operations on of a pegleg managed file.""" - def __init__(self, file_path=None, docs=None, generated=False, - catalog=None, author=None): + def __init__(self, + file_path=None, + docs=None, + generated=False, + catalog=None, + author=None): """ Read the source file and the environment data needed to wrap and process the file documents as pegleg managed document. @@ -44,6 +43,12 @@ class PeglegSecretManagement(object): provided. """ + config.set_passphrase() + self.passphrase = config.get_passphrase() + + config.set_salt() + self.salt = config.get_salt() + if all([file_path, docs]) or not any([file_path, docs]): raise ValueError('Either `file_path` or `docs` must be ' 'specified.') @@ -52,17 +57,17 @@ class PeglegSecretManagement(object): raise ValueError("If the document is generated, author and " "catalog must be specified.") - self.check_environment() self.file_path = file_path self.documents = list() self._generated = generated if docs: for doc in docs: - self.documents.append(PeglegManagedSecret(doc, - generated=generated, - catalog=catalog, - author=author)) + self.documents.append( + PeglegManagedSecret(doc, + generated=generated, + catalog=catalog, + author=author)) else: self.file_path = file_path for doc in files.read(file_path): @@ -70,18 +75,6 @@ class PeglegSecretManagement(object): self._author = author - if config.get_passphrase() and config.get_salt(): - self.passphrase = config.get_passphrase() - self.salt = config.get_salt() - elif config.get_passphrase() or config.get_salt(): - raise ValueError("ERROR: Pegleg configuration must either have " - "both a passphrase and a salt or neither.") - else: - self.passphrase = os.environ.get(ENV_PASSPHRASE).encode() - self.salt = os.environ.get(ENV_SALT).encode() - config.set_passphrase(self.passphrase) - config.set_salt(self.salt) - def __iter__(self): """ Make the secret management object iterable @@ -89,28 +82,6 @@ class PeglegSecretManagement(object): """ return (doc.pegleg_document for doc in self.documents) - @staticmethod - def check_environment(): - """ - Validate required environment variables for encryption or decryption. - - :return None - :raises click.ClickException: If environment validation should fail. - """ - - # Verify that passphrase environment variable is defined and is longer - # than 24 characters. - if not os.environ.get(ENV_PASSPHRASE) or not re.match( - PASSPHRASE_PATTERN, os.environ.get(ENV_PASSPHRASE)): - raise click.ClickException( - 'Environment variable {} is not defined or ' - 'is not at least 24-character long.'.format(ENV_PASSPHRASE)) - - if not os.environ.get(ENV_SALT): - raise click.ClickException( - 'Environment variable {} is not defined or ' - 'is an empty string.'.format(ENV_SALT)) - def encrypt_secrets(self, save_path): """ Wrap and encrypt the secrets documents included in the input file, @@ -166,8 +137,7 @@ class PeglegSecretManagement(object): secret_doc = doc.get_secret() if type(secret_doc) != bytes: secret_doc = secret_doc.encode() - doc.set_secret( - encrypt(secret_doc, self.passphrase, self.salt)) + doc.set_secret(encrypt(secret_doc, self.passphrase, self.salt)) doc.set_encrypted(self._author) encrypted_docs = True doc_list.append(doc.pegleg_document) @@ -180,11 +150,10 @@ class PeglegSecretManagement(object): secrets = self.get_decrypted_secrets() - return yaml.safe_dump_all( - secrets, - explicit_start=True, - explicit_end=True, - default_flow_style=False) + return yaml.safe_dump_all(secrets, + explicit_start=True, + explicit_end=True, + default_flow_style=False) def get_decrypted_secrets(self): """ diff --git a/tests/unit/engine/test_build_genesis_bundle.py b/tests/unit/engine/test_build_genesis_bundle.py index 35b96f05..8fee2216 100644 --- a/tests/unit/engine/test_build_genesis_bundle.py +++ b/tests/unit/engine/test_build_genesis_bundle.py @@ -24,8 +24,6 @@ from pegleg.engine import bundle from pegleg.engine.exceptions import GenesisBundleEncryptionException from pegleg.engine.exceptions import GenesisBundleGenerateException from pegleg.engine.util import files -from pegleg.engine.util.pegleg_secret_management import ENV_PASSPHRASE -from pegleg.engine.util.pegleg_secret_management import ENV_SALT from tests.unit.fixtures import temp_path @@ -90,8 +88,8 @@ data: ABAgagajajkb839215387 @mock.patch.dict(os.environ, { - ENV_PASSPHRASE: 'ytrr89erARAiPE34692iwUMvWqqBvC', - ENV_SALT: 'MySecretSalt1234567890][' + 'PEGLEG_PASSPHRASE': 'ytrr89erARAiPE34692iwUMvWqqBvC', + 'PEGLEG_SALT': 'MySecretSalt1234567890][' }) def test_no_encryption_key(temp_path): # Write the test data to temp file @@ -118,8 +116,8 @@ def test_no_encryption_key(temp_path): @mock.patch.dict(os.environ, { - ENV_PASSPHRASE: 'ytrr89erARAiPE34692iwUMvWqqBvC', - ENV_SALT: 'MySecretSalt1234567890][' + 'PEGLEG_PASSPHRASE': 'ytrr89erARAiPE34692iwUMvWqqBvC', + 'PEGLEG_SALT': 'MySecretSalt1234567890][' }) def test_failed_deckhand_validation(temp_path): # Write the test data to temp file diff --git a/tests/unit/engine/test_generate_passphrases.py b/tests/unit/engine/test_generate_passphrases.py index 44853bfb..b5b675f5 100644 --- a/tests/unit/engine/test_generate_passphrases.py +++ b/tests/unit/engine/test_generate_passphrases.py @@ -28,8 +28,6 @@ from pegleg.engine.util.cryptostring import CryptoString from pegleg.engine.util import encryption from pegleg.engine import util import pegleg -from pegleg.engine.util.pegleg_secret_management import ENV_PASSPHRASE -from pegleg.engine.util.pegleg_secret_management import ENV_SALT TEST_PASSPHRASES_CATALOG = yaml.safe_load(""" --- @@ -166,8 +164,8 @@ TEST_BASE64_SITE_DOCUMENTS = [TEST_SITE_DEFINITION, TEST_BASE64_PASSPHRASES_CATA return_value=[ 'cicd_site_repo/site/cicd/passphrases/passphrase-catalog.yaml', ]) @mock.patch.dict(os.environ, { - ENV_PASSPHRASE: 'ytrr89erARAiPE34692iwUMvWqqBvC', - ENV_SALT: 'MySecretSalt1234567890]['}) + 'PEGLEG_PASSPHRASE': 'ytrr89erARAiPE34692iwUMvWqqBvC', + 'PEGLEG_SALT': 'MySecretSalt1234567890]['}) def test_generate_passphrases(*_): _dir = tempfile.mkdtemp() os.makedirs(os.path.join(_dir, 'cicd_site_repo'), exist_ok=True) @@ -239,8 +237,8 @@ def test_generate_passphrases_exception(capture): return_value=[ 'cicd_global_repo/site/cicd/passphrases/passphrase-catalog.yaml', ]) @mock.patch.dict(os.environ, { - ENV_PASSPHRASE: 'ytrr89erARAiPE34692iwUMvWqqBvC', - ENV_SALT: 'MySecretSalt1234567890]['}) + 'PEGLEG_PASSPHRASE': 'ytrr89erARAiPE34692iwUMvWqqBvC', + 'PEGLEG_SALT': 'MySecretSalt1234567890]['}) def test_global_passphrase_catalog(*_): _dir = tempfile.mkdtemp() os.makedirs(os.path.join(_dir, 'cicd_site_repo'), exist_ok=True) @@ -288,8 +286,8 @@ def test_global_passphrase_catalog(*_): return_value=[ 'cicd_global_repo/site/cicd/passphrases/passphrase-catalog.yaml', ]) @mock.patch.dict(os.environ, { - ENV_PASSPHRASE: 'ytrr89erARAiPE34692iwUMvWqqBvC', - ENV_SALT: 'MySecretSalt1234567890]['}) + 'PEGLEG_PASSPHRASE': 'ytrr89erARAiPE34692iwUMvWqqBvC', + 'PEGLEG_SALT': 'MySecretSalt1234567890]['}) def test_base64_passphrase_catalog(*_): _dir = tempfile.mkdtemp() os.makedirs(os.path.join(_dir, 'cicd_site_repo'), exist_ok=True) @@ -313,8 +311,8 @@ def test_base64_passphrase_catalog(*_): @mock.patch.dict(os.environ, { - ENV_PASSPHRASE: 'ytrr89erARAiPE34692iwUMvWqqBvC', - ENV_SALT: 'MySecretSalt1234567890]['}) + 'PEGLEG_PASSPHRASE': 'ytrr89erARAiPE34692iwUMvWqqBvC', + 'PEGLEG_SALT': 'MySecretSalt1234567890]['}) def test_crypt_coding_flow(): cs_util = CryptoString() orig_passphrase = cs_util.get_crypto_string() diff --git a/tests/unit/engine/test_secrets.py b/tests/unit/engine/test_secrets.py index 2d0c651d..f0e0afc2 100644 --- a/tests/unit/engine/test_secrets.py +++ b/tests/unit/engine/test_secrets.py @@ -24,13 +24,12 @@ import yaml from pegleg import config from pegleg.engine.catalog.pki_generator import PKIGenerator from pegleg.engine.catalog import pki_utility +from pegleg.engine import exceptions from pegleg.engine import secrets from pegleg.engine.util import encryption as crypt, catalog, git from pegleg.engine.util import files from pegleg.engine.util.pegleg_managed_document import \ PeglegManagedSecretsDocument -from pegleg.engine.util.pegleg_secret_management import ENV_PASSPHRASE -from pegleg.engine.util.pegleg_secret_management import ENV_SALT from pegleg.engine.util.pegleg_secret_management import PeglegSecretManagement from tests.unit import test_utils from tests.unit.fixtures import temp_path, create_tmp_deployment_files, \ @@ -72,19 +71,31 @@ def test_encrypt_and_decrypt(): assert data != enc3 -@mock.patch.dict(os.environ, { - ENV_PASSPHRASE: 'aShortPassphrase', - ENV_SALT: 'MySecretSalt1234567890][' -}) +@mock.patch.dict( + os.environ, { + 'PEGLEG_PASSPHRASE': 'aShortPassphrase', + 'PEGLEG_SALT': 'MySecretSalt1234567890][' + }) def test_short_passphrase(): - with pytest.raises(click.ClickException, - match=r'.*is not at least 24-character long.*'): + with pytest.raises(exceptions.PassphraseInsufficientLengthException): PeglegSecretManagement(file_path='file_path', author='test_author') -@mock.patch.dict(os.environ, { - ENV_PASSPHRASE: 'ytrr89erARAiPE34692iwUMvWqqBvC', - ENV_SALT: 'MySecretSalt1234567890]['}) +@mock.patch.dict( + os.environ, { + 'PEGLEG_PASSPHRASE': 'ytrr89erARAiPE34692iwUMvWqqBvC', + 'PEGLEG_SALT': 'aShortSalt' + }) +def test_short_salt(): + with pytest.raises(exceptions.SaltInsufficientLengthException): + PeglegSecretManagement(file_path='file_path', author='test_author') + + +@mock.patch.dict( + os.environ, { + 'PEGLEG_PASSPHRASE': 'ytrr89erARAiPE34692iwUMvWqqBvC', + 'PEGLEG_SALT': 'MySecretSalt1234567890][' + }) def test_secret_encrypt_and_decrypt(create_tmp_deployment_files, tmpdir): site_dir = tmpdir.join("deployment_files", "site", "cicd") passphrase_doc = """--- @@ -98,8 +109,7 @@ metadata: layer: {2} data: {0}-password ... -""".format("cicd-passphrase-encrypted", "encrypted", - "site") +""".format("cicd-passphrase-encrypted", "encrypted", "site") with open(os.path.join(str(site_dir), 'secrets', 'passphrases', 'cicd-passphrase-encrypted.yaml'), "w") \ @@ -113,12 +123,19 @@ data: {0}-password encrypted_files = listdir(save_location_str) assert len(encrypted_files) > 0 - encrypted_path = str(save_location.join("site/cicd/secrets/passphrases/" - "cicd-passphrase-encrypted.yaml")) + encrypted_path = str( + save_location.join("site/cicd/secrets/passphrases/" + "cicd-passphrase-encrypted.yaml")) decrypted = secrets.decrypt(encrypted_path) - assert yaml.safe_load(decrypted[encrypted_path]) == yaml.safe_load(passphrase_doc) + assert yaml.safe_load( + decrypted[encrypted_path]) == yaml.safe_load(passphrase_doc) +@mock.patch.dict( + os.environ, { + 'PEGLEG_PASSPHRASE': 'ytrr89erARAiPE34692iwUMvWqqBvC', + 'PEGLEG_SALT': 'MySecretSalt1234567890][' + }) def test_pegleg_secret_management_constructor(): test_data = yaml.safe_load(TEST_DATA) doc = PeglegManagedSecretsDocument(test_data) @@ -126,6 +143,11 @@ def test_pegleg_secret_management_constructor(): assert not doc.is_encrypted() +@mock.patch.dict( + os.environ, { + 'PEGLEG_PASSPHRASE': 'ytrr89erARAiPE34692iwUMvWqqBvC', + 'PEGLEG_SALT': 'MySecretSalt1234567890][' + }) def test_pegleg_secret_management_constructor_with_invalid_arguments(): with pytest.raises(ValueError) as err_info: PeglegSecretManagement(file_path=None, docs=None) @@ -136,31 +158,32 @@ def test_pegleg_secret_management_constructor_with_invalid_arguments(): assert 'Either `file_path` or `docs` must be specified.' in str( err_info.value) with pytest.raises(ValueError) as err_info: - PeglegSecretManagement( - file_path='file_path', generated=True, author='test_author') + PeglegSecretManagement(file_path='file_path', + generated=True, + author='test_author') assert 'If the document is generated, author and catalog must be ' \ 'specified.' in str(err_info.value) with pytest.raises(ValueError) as err_info: - PeglegSecretManagement( - docs=['doc'], generated=True) + PeglegSecretManagement(docs=['doc'], generated=True) assert 'If the document is generated, author and catalog must be ' \ 'specified.' in str(err_info.value) with pytest.raises(ValueError) as err_info: - PeglegSecretManagement( - docs=['doc'], generated=True, author='test_author') + PeglegSecretManagement(docs=['doc'], + generated=True, + author='test_author') assert 'If the document is generated, author and catalog must be ' \ 'specified.' in str(err_info.value) with pytest.raises(ValueError) as err_info: - PeglegSecretManagement( - docs=['doc'], generated=True, catalog='catalog') + PeglegSecretManagement(docs=['doc'], generated=True, catalog='catalog') assert 'If the document is generated, author and catalog must be ' \ 'specified.' in str(err_info.value) -@mock.patch.dict(os.environ, { - ENV_PASSPHRASE: 'ytrr89erARAiPE34692iwUMvWqqBvC', - ENV_SALT: 'MySecretSalt1234567890][' -}) +@mock.patch.dict( + os.environ, { + 'PEGLEG_PASSPHRASE': 'ytrr89erARAiPE34692iwUMvWqqBvC', + 'PEGLEG_SALT': 'MySecretSalt1234567890][' + }) def test_pegleg_secret_management_double_encrypt(): encrypted_doc = PeglegSecretManagement( docs=[yaml.safe_load(TEST_DATA)]).get_encrypted_secrets()[0][0] @@ -169,10 +192,11 @@ def test_pegleg_secret_management_double_encrypt(): assert encrypted_doc == encrypted_doc_2 -@mock.patch.dict(os.environ, { - ENV_PASSPHRASE: 'ytrr89erARAiPE34692iwUMvWqqBvC', - ENV_SALT: 'MySecretSalt1234567890][' -}) +@mock.patch.dict( + os.environ, { + 'PEGLEG_PASSPHRASE': 'ytrr89erARAiPE34692iwUMvWqqBvC', + 'PEGLEG_SALT': 'MySecretSalt1234567890][' + }) def test_encrypt_decrypt_using_file_path(temp_path): # write the test data to temp file test_data = list(yaml.safe_load_all(TEST_DATA)) @@ -188,29 +212,27 @@ def test_encrypt_decrypt_using_file_path(temp_path): assert doc.data['encrypted']['by'] == 'test_author' # decrypt documents and validate that they were decrypted - doc_mgr = PeglegSecretManagement( - file_path=file_path, author='test_author') + doc_mgr = PeglegSecretManagement(file_path=file_path, author='test_author') doc_mgr.encrypt_secrets(save_path) # read back the encrypted file - doc_mgr = PeglegSecretManagement( - file_path=save_path, author='test_author') + doc_mgr = PeglegSecretManagement(file_path=save_path, author='test_author') decrypted_data = doc_mgr.get_decrypted_secrets() assert test_data[0]['data'] == decrypted_data[0]['data'] assert test_data[0]['schema'] == decrypted_data[0]['schema'] -@mock.patch.dict(os.environ, { - ENV_PASSPHRASE: 'ytrr89erARAiPE34692iwUMvWqqBvC', - ENV_SALT: 'MySecretSalt1234567890][' -}) +@mock.patch.dict( + os.environ, { + 'PEGLEG_PASSPHRASE': 'ytrr89erARAiPE34692iwUMvWqqBvC', + 'PEGLEG_SALT': 'MySecretSalt1234567890][' + }) def test_encrypt_decrypt_using_docs(temp_path): # write the test data to temp file test_data = list(yaml.safe_load_all(TEST_DATA)) save_path = os.path.join(temp_path, 'encrypted_secrets_file.yaml') # encrypt documents and validate that they were encrypted - doc_mgr = PeglegSecretManagement( - docs=test_data, author='test_author') + doc_mgr = PeglegSecretManagement(docs=test_data, author='test_author') doc_mgr.encrypt_secrets(save_path) doc = doc_mgr.documents[0] assert doc.is_encrypted() @@ -221,8 +243,7 @@ def test_encrypt_decrypt_using_docs(temp_path): encrypted_data = list(yaml.safe_load_all(stream)) # decrypt documents and validate that they were decrypted - doc_mgr = PeglegSecretManagement( - docs=encrypted_data, author='test_author') + doc_mgr = PeglegSecretManagement(docs=encrypted_data, author='test_author') decrypted_data = doc_mgr.get_decrypted_secrets() assert test_data[0]['data'] == decrypted_data[0]['data'] assert test_data[0]['schema'] == decrypted_data[0]['schema'] @@ -232,21 +253,21 @@ def test_encrypt_decrypt_using_docs(temp_path): 'metadata']['storagePolicy'] -@pytest.mark.skipif( - not pki_utility.PKIUtility.cfssl_exists(), - reason='cfssl must be installed to execute these tests') -@mock.patch.dict(os.environ, { - ENV_PASSPHRASE: 'ytrr89erARAiPE34692iwUMvWqqBvC', - ENV_SALT: 'MySecretSalt1234567890][' -}) +@pytest.mark.skipif(not pki_utility.PKIUtility.cfssl_exists(), + reason='cfssl must be installed to execute these tests') +@mock.patch.dict( + os.environ, { + 'PEGLEG_PASSPHRASE': 'ytrr89erARAiPE34692iwUMvWqqBvC', + 'PEGLEG_SALT': 'MySecretSalt1234567890][' + }) def test_generate_pki_using_local_repo_path(create_tmp_deployment_files): """Validates ``generate-pki`` action using local repo path.""" # Scenario: # # 1) Generate PKI using local repo path - repo_path = str(git.git_handler(TEST_PARAMS["repo_url"], - ref=TEST_PARAMS["repo_rev"])) + repo_path = str( + git.git_handler(TEST_PARAMS["repo_url"], ref=TEST_PARAMS["repo_rev"])) with mock.patch.dict(config.GLOBAL_CONTEXT, {"site_repo": repo_path}): pki_generator = PKIGenerator(duration=365, sitename=TEST_PARAMS["site_name"]) @@ -259,17 +280,17 @@ def test_generate_pki_using_local_repo_path(create_tmp_deployment_files): assert list(result), "%s file is empty" % generated_file.name -@pytest.mark.skipif( - not pki_utility.PKIUtility.cfssl_exists(), - reason='cfssl must be installed to execute these tests') -@mock.patch.dict(os.environ, { - ENV_PASSPHRASE: 'ytrr89erARAiPE34692iwUMvWqqBvC', - ENV_SALT: 'MySecretSalt1234567890][' -}) +@pytest.mark.skipif(not pki_utility.PKIUtility.cfssl_exists(), + reason='cfssl must be installed to execute these tests') +@mock.patch.dict( + os.environ, { + 'PEGLEG_PASSPHRASE': 'ytrr89erARAiPE34692iwUMvWqqBvC', + 'PEGLEG_SALT': 'MySecretSalt1234567890][' + }) def test_check_expiry(create_tmp_deployment_files): """ Validates check_expiry """ - repo_path = str(git.git_handler(TEST_PARAMS["repo_url"], - ref=TEST_PARAMS["repo_rev"])) + repo_path = str( + git.git_handler(TEST_PARAMS["repo_url"], ref=TEST_PARAMS["repo_rev"])) with mock.patch.dict(config.GLOBAL_CONTEXT, {"site_repo": repo_path}): pki_generator = PKIGenerator(duration=365, sitename=TEST_PARAMS["site_name"]) diff --git a/tests/unit/engine/util/test_shipyard_helper.py b/tests/unit/engine/util/test_shipyard_helper.py index 28f79507..e89f53fa 100644 --- a/tests/unit/engine/util/test_shipyard_helper.py +++ b/tests/unit/engine/util/test_shipyard_helper.py @@ -19,8 +19,6 @@ import pytest import yaml from pegleg.engine import util -from pegleg.engine.util.pegleg_secret_management import ENV_PASSPHRASE -from pegleg.engine.util.pegleg_secret_management import ENV_SALT from pegleg.engine.util.shipyard_helper import ShipyardHelper from pegleg.engine.util.shipyard_helper import ShipyardClient @@ -138,8 +136,8 @@ def test_shipyard_helper_init_(): @mock.patch.object(ShipyardHelper, 'formatted_response_handler', autospec=True, return_value=None) @mock.patch.dict(os.environ, { - ENV_PASSPHRASE: 'ytrr89erARAiPE34692iwUMvWqqBvC', - ENV_SALT: 'MySecretSalt1234567890][' + 'PEGLEG_PASSPHRASE': 'ytrr89erARAiPE34692iwUMvWqqBvC', + 'PEGLEG_SALT': 'MySecretSalt1234567890][' }) def test_upload_documents(*args): """ Tests upload document """ @@ -171,8 +169,8 @@ def test_upload_documents(*args): @mock.patch.object(ShipyardHelper, 'formatted_response_handler', autospec=True, return_value=None) @mock.patch.dict(os.environ, { - ENV_PASSPHRASE: 'ytrr89erARAiPE34692iwUMvWqqBvC', - ENV_SALT: 'MySecretSalt1234567890][' + 'PEGLEG_PASSPHRASE': 'ytrr89erARAiPE34692iwUMvWqqBvC', + 'PEGLEG_SALT': 'MySecretSalt1234567890][' }) def test_upload_documents_fail(*args): """ Tests Document upload error """