def test_encode_as_bytes(self):
self.assertEqual(b'dGV4dA==',
base64.encode_as_bytes(b'text'))
self.assertEqual(b'dGV4dA==',
base64.encode_as_bytes(u'text'))
self.assertEqual(b'ZTrDqQ==',
base64.encode_as_bytes(u'e:\xe9'))
self.assertEqual(b'ZTrp',
base64.encode_as_bytes(u'e:\xe9', encoding='latin1'))
def test_can_normalize_base64_bytes(self):
unencrypted, content_type = self.normalize(
unencrypted=base64.encode_as_bytes('stuff'),
content_type='application/octet-stream',
content_encoding='base64',
secret_type=s.SecretType.OPAQUE)
self.assertEqual(base64.encode_as_bytes('stuff'), unencrypted)
self.assertEqual('application/octet-stream', content_type)
def inject_file(self, path, contents):
LOG.debug('Injecting file path: %r', path, instance=self.instance)
# Files/paths must be base64-encoded for transmission to agent
b64_path = base64.encode_as_bytes(path)
b64_contents = base64.encode_as_bytes(contents)
args = {'b64_path': b64_path, 'b64_contents': b64_contents}
return self._call_agent(host_agent.inject_file, args)
def inject_file(self, path, contents):
LOG.debug('Injecting file path: %r', path, instance=self.instance)
# Files/paths must be base64-encoded for transmission to agent
b64_path = base64.encode_as_bytes(path)
b64_contents = base64.encode_as_bytes(contents)
args = {'b64_path': b64_path, 'b64_contents': b64_contents}
return self._call_agent(host_agent.inject_file, args)
def test_encode_as_bytes(self):
self.assertEqual(b'dGV4dA==',
base64.encode_as_bytes(b'text'))
self.assertEqual(b'dGV4dA==',
base64.encode_as_bytes(u'text'))
self.assertEqual(b'ZTrDqQ==',
base64.encode_as_bytes(u'e:\xe9'))
self.assertEqual(b'ZTrp',
base64.encode_as_bytes(u'e:\xe9', encoding='latin1'))
def test_can_normalize_base64_bytes(self):
unencrypted, content_type = self.normalize(
unencrypted=base64.encode_as_bytes('stuff'),
content_type='application/octet-stream',
content_encoding='base64',
secret_type=s.SecretType.OPAQUE
)
self.assertEqual(base64.encode_as_bytes('stuff'), unencrypted)
self.assertEqual('application/octet-stream', content_type)
def normalize_before_encryption(unencrypted,
content_type,
content_encoding,
secret_type,
enforce_text_only=False):
"""Normalize unencrypted prior to plugin encryption processing.
This normalizes the secrets before they are handed off to the SecretStore
for storage. This converts all data to Base64 data. If the data is plain
text then it encoded using utf-8 first and then Base64 encoded. Binary
data is simply converted to Base64.
:param str unencrypted: Raw payload
:param str content_type: The media type for the payload
:param str content_encoding: Transfer encoding
:param str secret_type: The type of secret
:param bool enforce_text_only: Require text content_type or base64
content_encoding
:returns: Tuple containing the normalized (base64 encoded) payload and
the normalized media type.
"""
if not unencrypted:
raise s.SecretNoPayloadProvidedException()
# Validate and normalize content-type.
normalized_media_type = normalize_content_type(content_type)
# Process plain-text type.
if normalized_media_type in mime_types.PLAIN_TEXT:
# normalize text to binary and then base64 encode it
if six.PY3:
b64payload = base64.encode_as_bytes(unencrypted)
else:
unencrypted_bytes = unencrypted.encode('utf-8')
b64payload = base64.encode_as_bytes(unencrypted_bytes)
# Process binary type.
else:
if not content_encoding:
b64payload = base64.encode_as_bytes(unencrypted)
elif content_encoding.lower() == 'base64':
if not isinstance(unencrypted, six.binary_type):
b64payload = unencrypted.encode('utf-8')
else:
b64payload = unencrypted
elif enforce_text_only:
# For text-based protocols (such as the one-step secret POST),
# only 'base64' encoding is possible/supported.
raise s.SecretContentEncodingMustBeBase64()
else:
# Unsupported content-encoding request.
raise s.SecretContentEncodingNotSupportedException(
content_encoding)
return b64payload, normalized_media_type
class WhenDenormalizingAfterDecryption(utils.BaseTestCase):
dataset_for_pem_denormalize = {
'private_key': {
'encoded_pem': base64.encode_as_bytes(keys.get_private_key_pem()),
'content_type': 'application/octet-stream'
},
'public_key': {
'encoded_pem': base64.encode_as_bytes(keys.get_public_key_pem()),
'content_type': 'application/octet-stream'
},
'certificate': {
'encoded_pem': base64.encode_as_bytes(keys.get_certificate_pem()),
'content_type': 'application/octet-stream'
}
}
def setUp(self):
super(WhenDenormalizingAfterDecryption, self).setUp()
# Aliasing to reduce the number of line continuations
self.denormalize = translations.denormalize_after_decryption
def test_ascii_characters_to_utf8_with_plain_text(self):
secret = 'bam'
normalized_secret = base64.encode_as_bytes(secret)
unencrypted = self.denormalize(normalized_secret, 'text/plain')
self.assertEqual('bam', unencrypted)
def test_ascii_characters_to_utf8_with_app_octet_stream(self):
unencrypted = self.denormalize(base64.encode_as_bytes('bam'),
'application/octet-stream')
self.assertEqual(b'bam', unencrypted)
def test_non_ascii_character_with_plain_text_raises_exception(self):
exception = s.SecretAcceptNotSupportedException
kwargs = {
'unencrypted': base64.encode_as_bytes(b'\xff'),
'content_type': 'text/plain'
}
self.assertRaises(exception, self.denormalize, **kwargs)
def test_content_type_not_text_or_binary_raises_exception(self):
exception = s.SecretContentTypeNotSupportedException
kwargs = {'unencrypted': 'bam', 'content_type': 'other_content_type'}
self.assertRaises(exception, self.denormalize, **kwargs)
@utils.parameterized_dataset(dataset_for_pem_denormalize)
def test_denormalize_pem(self, encoded_pem, content_type):
denorm_secret = self.denormalize(encoded_pem, content_type)
self.assertEqual(base64.decode_as_bytes(encoded_pem), denorm_secret)
def normalize_before_encryption(unencrypted, content_type, content_encoding,
secret_type, enforce_text_only=False):
"""Normalize unencrypted prior to plugin encryption processing.
This normalizes the secrets before they are handed off to the SecretStore
for storage. This converts all data to Base64 data. If the data is plain
text then it encoded using utf-8 first and then Base64 encoded. Binary
data is simply converted to Base64.
:param str unencrypted: Raw payload
:param str content_type: The media type for the payload
:param str content_encoding: Transfer encoding
:param str secret_type: The type of secret
:param bool enforce_text_only: Require text content_type or base64
content_encoding
:returns: Tuple containing the normalized (base64 encoded) payload and
the normalized media type.
"""
if not unencrypted:
raise s.SecretNoPayloadProvidedException()
# Validate and normalize content-type.
normalized_media_type = normalize_content_type(content_type)
# Process plain-text type.
if normalized_media_type in mime_types.PLAIN_TEXT:
# normalize text to binary and then base64 encode it
if six.PY3:
b64payload = base64.encode_as_bytes(unencrypted)
else:
unencrypted_bytes = unencrypted.encode('utf-8')
b64payload = base64.encode_as_bytes(unencrypted_bytes)
# Process binary type.
else:
if not content_encoding:
b64payload = base64.encode_as_bytes(unencrypted)
elif content_encoding.lower() == 'base64':
b64payload = unencrypted
elif enforce_text_only:
# For text-based protocols (such as the one-step secret POST),
# only 'base64' encoding is possible/supported.
raise s.SecretContentEncodingMustBeBase64()
else:
# Unsupported content-encoding request.
raise s.SecretContentEncodingNotSupportedException(
content_encoding
)
return b64payload, normalized_media_type
def test_secret_update_two_phase(self):
"""Covers updating a secret's payload data."""
# Create
test_model = secret_models.SecretModel(**self.create_two_phase_data)
resp, secret_ref = self.behaviors.create_secret(test_model)
self.assertEqual(201, resp.status_code)
# Update
payload = b"gF6+lLoF3ohA9aPRpt+6bQ=="
payload_content_type = "application/octet-stream"
payload_content_encoding = "base64"
update_resp = self.behaviors.update_secret_payload(
secret_ref,
payload=payload,
payload_content_type=payload_content_type,
payload_content_encoding=payload_content_encoding)
self.assertEqual(204, update_resp.status_code)
# Get/Check Updated
sec_resp = self.behaviors.get_secret(
secret_ref=secret_ref, payload_content_type=payload_content_type)
self.assertEqual(200, sec_resp.status_code)
self.assertEqual(b'gF6+lLoF3ohA9aPRpt+6bQ==',
oslo_base64.encode_as_bytes(sec_resp.content))
def gzip_and_b64encode(io_dict=None, file_list=None):
"""Gzip and base64 encode files and BytesIO buffers.
:param io_dict: A dictionary containing whose the keys are the file
names and the value a BytesIO object.
:param file_list: A list of file path.
:returns: A gzipped and base64 encoded string.
"""
io_dict = io_dict or {}
file_list = file_list or []
with io.BytesIO() as fp:
with tarfile.open(fileobj=fp, mode='w:gz') as tar:
for fname in io_dict:
ioobj = io_dict[fname]
tarinfo = tarfile.TarInfo(name=fname)
tarinfo.size = ioobj.seek(0, 2)
tarinfo.mtime = time.time()
ioobj.seek(0)
tar.addfile(tarinfo, ioobj)
for f in file_list:
tar.add(f)
fp.seek(0)
return base64.encode_as_bytes(fp.getvalue())
def test_secret_update_two_phase(self):
"""Covers updating a secret's payload data."""
# Create
test_model = secret_models.SecretModel(**self.create_two_phase_data)
resp, secret_ref = self.behaviors.create_secret(test_model)
self.assertEqual(201, resp.status_code)
# Update
payload = b"gF6+lLoF3ohA9aPRpt+6bQ=="
payload_content_type = "application/octet-stream"
payload_content_encoding = "base64"
update_resp = self.behaviors.update_secret_payload(
secret_ref, payload=payload,
payload_content_type=payload_content_type,
payload_content_encoding=payload_content_encoding)
self.assertEqual(204, update_resp.status_code)
# Get/Check Updated
sec_resp = self.behaviors.get_secret(
secret_ref=secret_ref,
payload_content_type=payload_content_type)
self.assertEqual(200, sec_resp.status_code)
self.assertEqual(b'gF6+lLoF3ohA9aPRpt+6bQ==',
oslo_base64.encode_as_bytes(sec_resp.content))
def test_non_ascii_character_with_plain_text_raises_exception(self):
exception = s.SecretAcceptNotSupportedException
kwargs = {
'unencrypted': base64.encode_as_bytes(b'\xff'),
'content_type': 'text/plain'
}
self.assertRaises(exception, self.denormalize, **kwargs)
def test_non_ascii_character_with_plain_text_raises_exception(self):
exception = s.SecretAcceptNotSupportedException
kwargs = {
'unencrypted': base64.encode_as_bytes(b'\xff'),
'content_type': 'text/plain'
}
self.assertRaises(exception, self.denormalize, **kwargs)
def test_can_normalize_tmp_plain_text(self):
unencrypted, content_type = self.normalize(
unencrypted='stuff',
content_type='text/plain',
content_encoding='',
secret_type=s.SecretType.OPAQUE)
self.assertEqual(base64.encode_as_bytes('stuff'), unencrypted)
self.assertEqual('text/plain', content_type)
def test_null_content_encoding_gets_passed_through(self):
unencrypted, content_type = self.normalize(
unencrypted='bam',
content_type='application/octet-stream',
content_encoding=None,
secret_type=s.SecretType.OPAQUE)
self.assertEqual(base64.encode_as_bytes('bam'), unencrypted)
self.assertEqual('application/octet-stream', content_type)
def test_can_normalize_tmp_plain_text(self):
unencrypted, content_type = self.normalize(
unencrypted='stuff',
content_type='text/plain',
content_encoding='',
secret_type=s.SecretType.OPAQUE
)
self.assertEqual(base64.encode_as_bytes('stuff'), unencrypted)
self.assertEqual('text/plain', content_type)
def test_null_content_encoding_gets_passed_through(self):
unencrypted, content_type = self.normalize(
unencrypted='bam',
content_type='application/octet-stream',
content_encoding=None,
secret_type=s.SecretType.OPAQUE
)
self.assertEqual(base64.encode_as_bytes('bam'), unencrypted)
self.assertEqual('application/octet-stream', content_type)
def setUp(self):
super(TestStoreLogs, self).setUp()
CONF.set_override('processing_hooks', 'ramdisk_error,example',
'processing')
self.tempdir = tempfile.mkdtemp()
self.addCleanup(lambda: shutil.rmtree(self.tempdir))
CONF.set_override('ramdisk_logs_dir', self.tempdir, 'processing')
self.logs = b'test logs'
self.data['logs'] = base64.encode_as_bytes(self.logs)
def test_max_injected_file_content_bytes(self):
# Quota is 10 * 1024
# Hm, apparently quota is checked against the base64 encoded string
# even though the api-ref claims the limit is for the decoded data.
# Subtract 3072 characters to account for that.
content = base64.encode_as_bytes(
''.join(['a' for i in range(10 * 1024 - 3072)]))
server = self._build_server()
personality = [{'path': '/test/path', 'contents': content}]
server['personality'] = personality
self.api.post_server({'server': server})
def setUp(self):
super(TestStoreLogs, self).setUp()
CONF.set_override('processing_hooks', 'ramdisk_error,example',
'processing')
self.tempdir = tempfile.mkdtemp()
self.addCleanup(lambda: shutil.rmtree(self.tempdir))
CONF.set_override('ramdisk_logs_dir', self.tempdir, 'processing')
self.logs = b'test logs'
self.data['logs'] = base64.encode_as_bytes(self.logs)
def test_secret_get(self):
"""Covers getting a secret's payload data."""
test_model = secret_models.SecretModel(**self.create_default_data)
resp, secret_ref = self.behaviors.create_secret(test_model)
self.assertEqual(201, resp.status_code)
get_resp = self.behaviors.get_secret(secret_ref,
test_model.payload_content_type)
self.assertEqual(200, get_resp.status_code)
self.assertEqual(test_model.payload,
oslo_base64.encode_as_bytes(get_resp.content))
def test_secret_get(self):
"""Covers getting a secret's payload data."""
test_model = secret_models.SecretModel(**self.create_default_data)
resp, secret_ref = self.behaviors.create_secret(test_model)
self.assertEqual(201, resp.status_code)
get_resp = self.behaviors.get_secret(secret_ref,
test_model.payload_content_type)
self.assertEqual(200, get_resp.status_code)
self.assertEqual(test_model.payload,
oslo_base64.encode_as_bytes(get_resp.content))
def test_create_server_with_injected_files(self):
# Creates a server with injected_files.
personality = []
# Inject a text file
data = 'Hello, World!'
personality.append({
'path': '/helloworld.txt',
'contents': base64.encode_as_bytes(data),
})
# Inject a binary file
data = zlib.compress('Hello, World!')
personality.append({
'path': '/helloworld.zip',
'contents': base64.encode_as_bytes(data),
})
# Create server
server = self._build_minimal_create_server_request()
server['personality'] = personality
post = {'server': server}
created_server = self.api.post_server(post)
LOG.debug("created_server: %s" % created_server)
self.assertTrue(created_server['id'])
created_server_id = created_server['id']
# Check it's there
found_server = self.api.get_server(created_server_id)
self.assertEqual(created_server_id, found_server['id'])
found_server = self._wait_for_state_change(found_server, 'BUILD')
self.assertEqual('ACTIVE', found_server['status'])
# Cleanup
self._delete_server(created_server_id)
def test_create_server_with_injected_files(self):
# Creates a server with injected_files.
personality = []
# Inject a text file
data = 'Hello, World!'
personality.append({
'path': '/helloworld.txt',
'contents': base64.encode_as_bytes(data),
})
# Inject a binary file
data = zlib.compress('Hello, World!')
personality.append({
'path': '/helloworld.zip',
'contents': base64.encode_as_bytes(data),
})
# Create server
server = self._build_minimal_create_server_request()
server['personality'] = personality
post = {'server': server}
created_server = self.api.post_server(post)
LOG.debug("created_server: %s" % created_server)
self.assertTrue(created_server['id'])
created_server_id = created_server['id']
# Check it's there
found_server = self.api.get_server(created_server_id)
self.assertEqual(created_server_id, found_server['id'])
found_server = self._wait_for_state_change(found_server, 'BUILD')
self.assertEqual('ACTIVE', found_server['status'])
# Cleanup
self._delete_server(created_server_id)
def _get_log_file_data_as_encoded_content():
"""Gzip and base64 encode files and BytesIO buffers.
This method gets the log files created by SUM based
firmware update and tar zip the files.
:returns: A gzipped and base64 encoded string as text.
"""
with io.BytesIO() as fp:
with tarfile.open(fileobj=fp, mode='w:gz') as tar:
for f in OUTPUT_FILES:
if os.path.isfile(f):
tar.add(f)
fp.seek(0)
return base64.encode_as_bytes(fp.getvalue())
def make_configdrive(path):
"""Make the config drive file.
:param path: The directory containing the config drive files.
:returns: A gzipped and base64 encoded configdrive string.
"""
# Make sure path it's readable
if not os.access(path, os.R_OK):
raise exc.CommandError(_('The directory "%s" is not readable') % path)
with tempfile.NamedTemporaryFile() as tmpfile:
with tempfile.NamedTemporaryFile() as tmpzipfile:
publisher = 'iotronicclient-configdrive 0.1'
try:
p = subprocess.Popen(['genisoimage', '-o', tmpfile.name,
'-ldots', '-allow-lowercase',
'-allow-multidot', '-l',
'-publisher', publisher,
'-quiet', '-J',
'-r', '-V', 'config-2',
path],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
except OSError as e:
raise exc.CommandError(
_('Error generating the config drive. Make sure the '
'"genisoimage" tool is installed. Error: %s') % e)
stdout, stderr = p.communicate()
if p.returncode != 0:
raise exc.CommandError(
_('Error generating the config drive.'
'Stdout: "%(stdout)s". Stderr: %(stderr)s') %
{'stdout': stdout, 'stderr': stderr})
# Compress file
tmpfile.seek(0)
g = gzip.GzipFile(fileobj=tmpzipfile, mode='wb')
shutil.copyfileobj(tmpfile, g)
g.close()
tmpzipfile.seek(0)
return base64.encode_as_bytes(tmpzipfile.read())
def make_configdrive(path):
"""Make the config drive file.
:param path: The directory containing the config drive files.
:returns: A gzipped and base64 encoded configdrive string.
"""
# Make sure path it's readable
if not os.access(path, os.R_OK):
raise exc.CommandError(_('The directory "%s" is not readable') % path)
with tempfile.NamedTemporaryFile() as tmpfile:
with tempfile.NamedTemporaryFile() as tmpzipfile:
publisher = 'ironicclient-configdrive 0.1'
try:
p = subprocess.Popen([
'genisoimage', '-o', tmpfile.name, '-ldots',
'-allow-lowercase', '-allow-multidot', '-l', '-publisher',
publisher, '-quiet', '-J', '-r', '-V', 'config-2', path
],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
except OSError as e:
raise exc.CommandError(
_('Error generating the config drive. Make sure the '
'"genisoimage" tool is installed. Error: %s') % e)
stdout, stderr = p.communicate()
if p.returncode != 0:
raise exc.CommandError(
_('Error generating the config drive.'
'Stdout: "%(stdout)s". Stderr: %(stderr)s') % {
'stdout': stdout,
'stderr': stderr
})
# Compress file
tmpfile.seek(0)
g = gzip.GzipFile(fileobj=tmpzipfile, mode='wb')
shutil.copyfileobj(tmpfile, g)
g.close()
tmpzipfile.seek(0)
return base64.encode_as_bytes(tmpzipfile.read())
def __call__(self, req):
if req.environ['REQUEST_METHOD'] == 'POST':
if 'server' in req.json:
if 'user_data' not in req.json['server']:
if self._conf_get('default_user_data_file', 'api'):
# Read the user_data file into a string, encode,
# and jam into req
file = open(self._conf_get('default_user_data_file',
'api'),
mode='r')
user_data = file.read()
file.close()
LOG.warning(
"Injecting default user_data into new server request."
)
jsonbody = req.json
jsonbody['server'][
'user_data'] = base64.encode_as_bytes(user_data)
req.body = json.dumps(jsonbody)
return self.application
def generate(dst,
hostname,
domainname,
instance_id=None,
public_keys=None,
user_data=None,
network_data=None,
ironic_format=False):
''' Generate config drive
:param dst: destination file to place config drive.
:param hostname: hostname of Instance.
:param domainname: instance domain.
:param instance_id: UUID of the instance.
:param public_keys: dict of public keys.
:param user_data: custom user data dictionary.
:param network_data: custom network info dictionary.
:param ironic_format: create base64 of gzipped ISO format
CLI Example:
.. code-block:: bash
salt '*' configdrive.generate dst=/tmp/my_cfgdrive.iso hostname=host1
'''
instance_md = {}
public_keys = public_keys or {}
instance_md['uuid'] = instance_id or uuidutils.generate_uuid()
instance_md['hostname'] = '%s.%s' % (hostname, domainname)
instance_md['name'] = hostname
instance_md['public_keys'] = public_keys
data = json.dumps(instance_md)
if user_data:
user_data = '#cloud-config\n\n' + yaml.dump(user_data,
default_flow_style=False)
LOG.debug('Generating config drive for %s' % hostname)
with ConfigDriveBuilder(dst) as cfgdrive:
cfgdrive.add_file('openstack/latest/meta_data.json', data)
if user_data:
cfgdrive.add_file('openstack/latest/user_data', user_data)
if network_data:
cfgdrive.add_file('openstack/latest/network_data.json',
json.dumps(network_data))
cfgdrive.add_file('openstack/latest/vendor_data.json', '{}')
cfgdrive.add_file('openstack/latest/vendor_data2.json', '{}')
b64_gzip = None
if ironic_format:
with open(dst) as f:
with tempfile.NamedTemporaryFile() as tmpzipfile:
g = gzip.GzipFile(fileobj=tmpzipfile, mode='wb')
shutil.copyfileobj(f, g)
g.close()
tmpzipfile.seek(0)
b64_gzip = base64.encode_as_bytes(tmpzipfile.read())
with open(dst, 'w') as f:
f.write(b64_gzip)
LOG.debug('Config drive was built %s' % dst)
res = {}
res['meta-data'] = data
if user_data:
res['user-data'] = user_data
if b64_gzip:
res['base64_gzip'] = b64_gzip
return res
def test_ascii_characters_to_utf8_with_app_octet_stream(self):
unencrypted = self.denormalize(base64.encode_as_bytes('bam'),
'application/octet-stream')
self.assertEqual(b'bam', unencrypted)
class WhenNormalizingBeforeEncryption(utils.BaseTestCase):
dataset_for_raised_exceptions = {
'non_encrypted_content': {
'exception': s.SecretNoPayloadProvidedException,
'unencrypted': None,
'secret_type': s.SecretType.OPAQUE,
'content_type': '',
'content_encoding': ''
},
'invalid_content_type': {
'exception': s.SecretContentTypeNotSupportedException,
'unencrypted': 'stuff',
'secret_type': s.SecretType.OPAQUE,
'content_type': 'nope',
'content_encoding': ''
},
'content_encoding_isnt_base64': {
'exception': s.SecretContentEncodingMustBeBase64,
'unencrypted': 'stuff',
'secret_type': s.SecretType.OPAQUE,
'content_type': 'application/octet-stream',
'content_encoding': 'other_stuff',
'enforce_text_only': True
},
'unsupported_content_encoding': {
'exception': s.SecretContentEncodingNotSupportedException,
'unencrypted': 'stuff',
'secret_type': s.SecretType.OPAQUE,
'content_type': 'application/octet-stream',
'content_encoding': 'other_stuff'
}
}
dataset_for_normalization = {
'plain_text': {
'unencrypted': 'stuff',
'secret_type': s.SecretType.OPAQUE,
'content_type': 'text/plain',
'content_encoding': '',
'expected': base64.encode_as_bytes('stuff')
},
'binary_base64': {
'unencrypted': base64.encode_as_bytes('stuff'),
'secret_type': s.SecretType.OPAQUE,
'content_type': 'application/octet-stream',
'content_encoding': 'base64',
'expected': base64.encode_as_bytes('stuff')
},
'binary': {
'unencrypted': 'stuff',
'secret_type': s.SecretType.OPAQUE,
'content_type': 'application/octet-stream',
'content_encoding': None,
'expected': base64.encode_as_bytes('stuff')
},
'symmetric_base64': {
'unencrypted': base64.encode_as_bytes('stuff'),
'secret_type': s.SecretType.SYMMETRIC,
'content_type': 'application/octet-stream',
'content_encoding': 'base64',
'expected': base64.encode_as_bytes('stuff')
},
'symmetric': {
'unencrypted': 'stuff',
'secret_type': s.SecretType.SYMMETRIC,
'content_type': 'application/octet-stream',
'content_encoding': None,
'expected': base64.encode_as_bytes('stuff')
},
'private_base64': {
'unencrypted': base64.encode_as_bytes(keys.get_private_key_pem()),
'secret_type': s.SecretType.PRIVATE,
'content_type': 'application/octet-stream',
'content_encoding': 'base64',
'expected': base64.encode_as_bytes(keys.get_private_key_pem())
},
'private': {
'unencrypted': keys.get_private_key_pem(),
'secret_type': s.SecretType.PRIVATE,
'content_type': 'application/octet-stream',
'content_encoding': None,
'expected': base64.encode_as_bytes(keys.get_private_key_pem())
},
'public_base64': {
'unencrypted': base64.encode_as_bytes(keys.get_public_key_pem()),
'secret_type': s.SecretType.PUBLIC,
'content_type': 'application/octet-stream',
'content_encoding': 'base64',
'expected': base64.encode_as_bytes(keys.get_public_key_pem())
},
'public': {
'unencrypted': keys.get_public_key_pem(),
'secret_type': s.SecretType.PUBLIC,
'content_type': 'application/octet-stream',
'content_encoding': None,
'expected': base64.encode_as_bytes(keys.get_public_key_pem())
},
'certificate_base64': {
'unencrypted': base64.encode_as_bytes(keys.get_certificate_pem()),
'secret_type': s.SecretType.CERTIFICATE,
'content_type': 'application/octet-stream',
'content_encoding': 'base64',
'expected': base64.encode_as_bytes(keys.get_certificate_pem())
},
'certificate': {
'unencrypted': keys.get_certificate_pem(),
'secret_type': s.SecretType.CERTIFICATE,
'content_type': 'application/octet-stream',
'content_encoding': None,
'expected': base64.encode_as_bytes(keys.get_certificate_pem())
},
}
def setUp(self):
super(WhenNormalizingBeforeEncryption, self).setUp()
# Aliasing to reduce the number of line continuations
self.normalize = translations.normalize_before_encryption
@utils.parameterized_dataset(dataset_for_normalization)
def test_can_normalize(self, **kwargs):
unencrypted, content_type = self.normalize(
unencrypted=kwargs['unencrypted'],
content_type=kwargs['content_type'],
content_encoding=kwargs['content_encoding'],
secret_type=kwargs['secret_type'])
self.assertEqual(kwargs['expected'], unencrypted)
self.assertEqual(kwargs['content_type'], content_type)
def test_can_normalize_tmp_plain_text(self):
unencrypted, content_type = self.normalize(
unencrypted='stuff',
content_type='text/plain',
content_encoding='',
secret_type=s.SecretType.OPAQUE)
self.assertEqual(base64.encode_as_bytes('stuff'), unencrypted)
self.assertEqual('text/plain', content_type)
def test_null_content_encoding_gets_passed_through(self):
unencrypted, content_type = self.normalize(
unencrypted='bam',
content_type='application/octet-stream',
content_encoding=None,
secret_type=s.SecretType.OPAQUE)
self.assertEqual(base64.encode_as_bytes('bam'), unencrypted)
self.assertEqual('application/octet-stream', content_type)
def test_can_normalize_base64_str(self):
unencrypted, content_type = self.normalize(
unencrypted=base64.encode_as_bytes('stuff').decode('utf-8'),
content_type='application/octet-stream',
content_encoding='base64',
secret_type=s.SecretType.OPAQUE)
self.assertEqual(base64.encode_as_bytes('stuff'), unencrypted)
self.assertEqual('application/octet-stream', content_type)
def test_can_normalize_base64_bytes(self):
unencrypted, content_type = self.normalize(
unencrypted=base64.encode_as_bytes('stuff'),
content_type='application/octet-stream',
content_encoding='base64',
secret_type=s.SecretType.OPAQUE)
self.assertEqual(base64.encode_as_bytes('stuff'), unencrypted)
self.assertEqual('application/octet-stream', content_type)
@utils.parameterized_dataset(dataset_for_raised_exceptions)
def test_normalize_raising_exceptions_with(self, exception, **kwargs):
self.assertRaises(exception, self.normalize, **kwargs)
def test_ascii_characters_to_utf8_with_plain_text(self):
secret = 'bam'
normalized_secret = base64.encode_as_bytes(secret)
unencrypted = self.denormalize(normalized_secret, 'text/plain')
self.assertEqual('bam', unencrypted)
def test_ascii_characters_to_utf8_with_app_octet_stream(self):
unencrypted = self.denormalize(base64.encode_as_bytes('bam'),
'application/octet-stream')
self.assertEqual(b'bam', unencrypted)
def test_ascii_characters_to_utf8_with_plain_text(self):
secret = 'bam'
normalized_secret = base64.encode_as_bytes(secret)
unencrypted = self.denormalize(normalized_secret, 'text/plain')
self.assertEqual('bam', unencrypted)
from oslo_serialization import base64
from oslo_serialization import jsonutils
data = 'hello OSLO'
print(base64.encode_as_bytes(data))
print(base64.encode_as_text(data))
data = {
'data': {
'name': 'zong',
'fullname': 'andrew zong',
'score': 0,
'password': {
'weak': '123456',
'strong': '******',
'passlen': [1, 2, 3, 4, 5]
}
}
}
with open("app.txt", 'w') as fw:
jsonutils.dump(data, fw)
print(jsonutils.dumps(data))
print(jsonutils.dump_as_bytes(data))
print(
jsonutils.to_primitive(data, convert_instances=True, max_depth=1, level=0))
def _hash(self, key):
return int(md5(b64.encode_as_bytes(key)).hexdigest(), 16)
