def parse():
args = parse_args()
logging.basicConfig(stream=sys.stderr,
level=_get_logging_level(args.verbose))
if args.command == 'decrypt':
decrypt_command = commands.DecryptCommand(args.filename,
outfile=args.outfile,
profile=args.profile)
decrypt_command.decrypt()
elif args.command == 'encrypt':
if args.encryption_context is not None and type(
args.encryption_context) is not dict:
print('Invalid dictionary in encryption context argument')
sys.exit(1)
encrypt_command = commands.EncryptCommand(
args.filename,
args.key_id,
outfile=args.outfile,
regions=args.regions,
profile=args.profile,
encryption_context=args.encryption_context)
encrypt_command.encrypt()
def test_cli__encrypt__stdin_decrypt_flow(setup_files_tuple,
kms_master_key_arn):
dummy_secrets_file, encrypted_file, decrypted_file = setup_files_tuple
# arrange for SECRET to be in stdin
with mock.patch('sys.stdin', StringIO.StringIO(SECRET)) as mock_in:
# test that passing no outfile generates an error when secret is in stdin
try:
encrypt_command = commands.EncryptCommand('-',
kms_master_key_arn,
outfile=None)
encrypt_command.encrypt()
assert False
except exceptions.OutfileRequired:
assert True
encrypt_command = commands.EncryptCommand('-',
kms_master_key_arn,
outfile=encrypted_file)
encrypt_command.encrypt()
decrypt_command = commands.DecryptCommand(encrypted_file,
outfile=decrypted_file)
decrypt_command.decrypt()
with open(decrypted_file, 'r') as f:
assert f.read() == SECRET
assert stat.S_IRUSR == os.stat(decrypted_file).st_mode & 0777
def test_cli__encrypt_decrypt_directory_flow(secrets_dir, kms_master_key_arn):
encrypt_command = commands.EncryptCommand(secrets_dir, kms_master_key_arn)
encrypt_command.encrypt()
assert os.path.isfile(os.path.join(secrets_dir, 'secrets-1.txt.encrypted'))
assert os.path.isfile(os.path.join(secrets_dir, 'secrets-2.txt.encrypted'))
os.remove(os.path.join(secrets_dir, 'secrets-1.txt'))
os.remove(os.path.join(secrets_dir, 'secrets-2.txt'))
decrypt_command = commands.DecryptCommand(secrets_dir)
decrypt_command.decrypt()
with open(os.path.join(secrets_dir, 'secrets-1.txt')) as f:
assert f.read() == SECRET
with open(os.path.join(secrets_dir, 'secrets-2.txt')) as f:
assert f.read() == SECRET
def test_cli__encrypt_decrypt_flow(setup_files_tuple, kms_master_key_arn):
secrets_file, encrypted_file, decrypted_file = setup_files_tuple
with open(secrets_file, 'w') as f:
f.write(SECRET)
encrypt_command = commands.EncryptCommand(secrets_file,
kms_master_key_arn,
outfile=encrypted_file)
encrypt_command.encrypt()
decrypt_command = commands.DecryptCommand(encrypted_file,
outfile=decrypted_file)
decrypt_command.decrypt()
with open(decrypted_file, 'r') as f:
assert f.read() == SECRET
assert stat.S_IRUSR == os.stat(decrypted_file).st_mode & 0777
def test_generate_decrypt_filename(infile, outfile, expected):
decrypt_command = commands.DecryptCommand(infile, outfile=outfile)
assert decrypt_command._generate_outfile(infile) == expected