def test_decrypt_sensitive_data_persister(
self, get_is_persisted_method, get_is_secure_method,
sensitive_data_encryption_metod, is_root_method,
get_ambari_properties_method, search_file_message,
get_YN_input_method, update_properties_method,
read_passwd_for_alias_method, save_passwd_for_alias_method,
read_ambari_user_method, exists_mock):
# Testing call under root
is_root_method.return_value = True
search_file_message.return_value = "filepath"
read_ambari_user_method.return_value = None
p = Properties()
FAKE_PWD_STRING = '${alias=fakealias}'
p.process_pair(JDBC_PASSWORD_PROPERTY, FAKE_PWD_STRING)
p.process_pair(SSL_TRUSTSTORE_PASSWORD_PROPERTY, FAKE_PWD_STRING)
p.process_pair(JDBC_RCA_PASSWORD_FILE_PROPERTY, FAKE_PWD_STRING)
get_ambari_properties_method.return_value = p
get_is_persisted_method.return_value = (True, "filepath")
get_is_secure_method.return_value = True
get_YN_input_method.side_effect = [True, False]
read_passwd_for_alias_method.return_value = "fakepassword"
save_passwd_for_alias_method.return_value = 0
exists_mock.return_value = False
options = self._create_empty_options_mock()
setup_sensitive_data_encryption(options)
calls = [call(options, "decryption")]
sensitive_data_encryption_metod.assert_has_calls(calls)
self.assertTrue(get_YN_input_method.called)
self.assertTrue(update_properties_method.called)
self.assertTrue(read_passwd_for_alias_method.called)
self.assertTrue(2, read_passwd_for_alias_method.call_count)
self.assertTrue(2, save_passwd_for_alias_method.call_count)
result_expected = {
JDBC_PASSWORD_PROPERTY: "fakepassword",
JDBC_RCA_PASSWORD_FILE_PROPERTY: "fakepassword",
SSL_TRUSTSTORE_PASSWORD_PROPERTY: "fakepassword",
SECURITY_IS_ENCRYPTION_ENABLED: 'false',
SECURITY_SENSITIVE_DATA_ENCRYPTON_ENABLED: 'false'
}
sorted_x = sorted(result_expected.iteritems(),
key=operator.itemgetter(0))
sorted_y = sorted(update_properties_method.call_args[0][1].iteritems(),
key=operator.itemgetter(0))
self.assertEquals(sorted_x, sorted_y)
pass
def test_setup_sensitive_data_encryption_no_ambari_prop_not_root(
self, is_root_method, get_ambari_properties_method):
is_root_method.return_value = False
get_ambari_properties_method.return_value = -1
options = self._create_empty_options_mock()
try:
setup_sensitive_data_encryption(options)
self.fail("Should throw exception")
except FatalException as fe:
self.assertTrue('Failed to read properties file.' == fe.reason)
pass
pass
def test_setup_sensitive_data_encryption_persist(
self, sensitive_data_encryption_metod, is_root_method,
get_ambari_properties_method, search_file_message,
get_YN_input_method, save_master_key_method,
update_properties_method, read_ambari_user_method,
read_master_key_method, get_is_persisted_method,
get_is_secure_method, exists_mock, save_passwd_for_alias_method):
is_root_method.return_value = True
p = Properties()
FAKE_PWD_STRING = "fakepasswd"
p.process_pair(JDBC_PASSWORD_PROPERTY, FAKE_PWD_STRING)
get_ambari_properties_method.return_value = p
search_file_message.return_value = "propertiesfile"
master_key = "aaa"
read_master_key_method.return_value = master_key
get_YN_input_method.return_value = True
read_ambari_user_method.return_value = None
get_is_persisted_method.return_value = (True, "filepath")
get_is_secure_method.return_value = False
exists_mock.return_value = False
save_passwd_for_alias_method.return_value = 0
options = self._create_empty_options_mock()
setup_sensitive_data_encryption(options)
self.assertTrue(get_YN_input_method.called)
self.assertTrue(read_master_key_method.called)
self.assertTrue(read_ambari_user_method.called)
self.assertTrue(update_properties_method.called)
self.assertTrue(save_master_key_method.called)
sensitive_data_encryption_metod.assert_called_with(
options, "encryption")
result_expected = {
JDBC_PASSWORD_PROPERTY: get_alias_string(JDBC_RCA_PASSWORD_ALIAS),
SECURITY_IS_ENCRYPTION_ENABLED: 'true',
SECURITY_SENSITIVE_DATA_ENCRYPTON_ENABLED: 'true'
}
sorted_x = sorted(result_expected.iteritems(),
key=operator.itemgetter(0))
sorted_y = sorted(update_properties_method.call_args[0][1].iteritems(),
key=operator.itemgetter(0))
self.assertEquals(sorted_x, sorted_y)
pass
def test_decrypt_missed_masterkey_not_persisted(
self, get_original_master_key_mock, is_root_method,
get_ambari_properties_method, search_file_message,
get_YN_input_method, save_master_key_method,
read_passwd_for_alias_method, save_passwd_for_alias_method,
read_ambari_user_method, exists_mock, get_is_secure_method,
get_is_persisted_method):
is_root_method.return_value = True
search_file_message.return_value = False
read_ambari_user_method.return_value = None
p = Properties()
FAKE_PWD_STRING = '${alias=fakealias}'
p.process_pair(JDBC_PASSWORD_PROPERTY,
get_alias_string(JDBC_RCA_PASSWORD_ALIAS))
p.process_pair(SSL_TRUSTSTORE_PASSWORD_PROPERTY, FAKE_PWD_STRING)
p.process_pair(JDBC_RCA_PASSWORD_FILE_PROPERTY, FAKE_PWD_STRING)
get_ambari_properties_method.return_value = p
get_YN_input_method.side_effect = [True, False]
get_original_master_key_mock.return_value = None
read_passwd_for_alias_method.return_value = "fakepassword"
save_passwd_for_alias_method.return_value = 0
exists_mock.return_value = False
get_is_secure_method.return_value = True
get_is_persisted_method.return_value = (False, "filePath")
options = self._create_empty_options_mock()
self.assertTrue(setup_sensitive_data_encryption(options) == 1)
self.assertFalse(save_master_key_method.called)
self.assertTrue(get_YN_input_method.called)
pass
def test_encrypt_part_not_persisted(
self, get_original_master_key_mock,
sensitive_data_encryption_metod, is_root_method,
get_ambari_properties_method, search_file_message,
get_YN_input_method, save_master_key_method,
update_properties_method, read_passwd_for_alias_method,
save_passwd_for_alias_method, read_ambari_user_method, exists_mock,
get_is_secure_method, get_is_persisted_method):
is_root_method.return_value = True
search_file_message.return_value = False
read_ambari_user_method.return_value = None
p = Properties()
FAKE_PWD_STRING = '${alias=fakealias}'
p.process_pair(JDBC_PASSWORD_PROPERTY,
get_alias_string(JDBC_RCA_PASSWORD_ALIAS))
p.process_pair(SSL_TRUSTSTORE_PASSWORD_PROPERTY, FAKE_PWD_STRING)
p.process_pair(JDBC_RCA_PASSWORD_FILE_PROPERTY, FAKE_PWD_STRING)
get_ambari_properties_method.return_value = p
master_key = "aaa"
get_YN_input_method.side_effect = [False, False, False]
get_original_master_key_mock.return_value = master_key
read_passwd_for_alias_method.return_value = "fakepassword"
save_passwd_for_alias_method.return_value = 0
exists_mock.return_value = False
get_is_secure_method.return_value = True
get_is_persisted_method.return_value = (False, "filePath")
options = self._create_empty_options_mock()
setup_sensitive_data_encryption(options)
calls = [call(options, "encryption", master_key)]
sensitive_data_encryption_metod.assert_has_calls(calls)
self.assertFalse(save_master_key_method.called)
self.assertTrue(get_YN_input_method.called)
self.assertTrue(get_original_master_key_mock.called)
self.assertTrue(update_properties_method.called)
self.assertTrue(read_passwd_for_alias_method.called)
self.assertTrue(2, read_passwd_for_alias_method.call_count)
self.assertTrue(2, save_passwd_for_alias_method.call_count)
self.assertFalse(save_master_key_method.called)
result_expected = {
JDBC_PASSWORD_PROPERTY:
get_alias_string(JDBC_RCA_PASSWORD_ALIAS),
JDBC_RCA_PASSWORD_FILE_PROPERTY:
get_alias_string(JDBC_RCA_PASSWORD_ALIAS),
SSL_TRUSTSTORE_PASSWORD_PROPERTY:
get_alias_string(SSL_TRUSTSTORE_PASSWORD_ALIAS),
SECURITY_IS_ENCRYPTION_ENABLED:
'true',
SECURITY_SENSITIVE_DATA_ENCRYPTON_ENABLED:
'true'
}
sorted_x = sorted(result_expected.iteritems(),
key=operator.itemgetter(0))
sorted_y = sorted(update_properties_method.call_args[0][1].iteritems(),
key=operator.itemgetter(0))
self.assertEquals(sorted_x, sorted_y)
pass
