Python Credentials.encrypt Examples

Example #1

File: test_provider.py Project: yutiansut/streamalert

class TestCredentialsUnencrypted(object):
    def setup(self):
        self._plaintext_payload = 'plaintext credentials'
        self._credentials = Credentials(self._plaintext_payload, is_encrypted=False)

    def test_is_encrypted(self):
        """Credentials - Plaintext Credentials - Is Encrypted"""
        assert_false(self._credentials.is_encrypted())

    def test_is_data(self):
        """Credentials - Plaintext Credentials - Data"""
        assert_equal(self._credentials.data(), self._plaintext_payload)

    @patch('logging.Logger.error')
    def test_get_data_kms_decrypted(self, logging_error):
        """Credentials - Plaintext Credentials - KMS Decrypt"""
        assert_is_none(self._credentials.get_data_kms_decrypted())
        logging_error.assert_called_with('Cannot decrypt Credentials as they are already decrypted')

    @mock_kms
    def test_encrypt(self):
        """Credentials - Plaintext Credentials - Encrypt

        Doubly-encrypting the credentials should do nothing.
        """
        self._credentials.encrypt(REGION, KMS_ALIAS)

        assert_true(self._credentials.is_encrypted())
        assert_equal(self._credentials.data(), 'InBsYWludGV4dCBjcmVkZW50aWFscyI=')

Example #2

File: test_provider.py Project: yutiansut/streamalert

class TestCredentialsEmpty(object):
    def setup(self):
        self._plaintext_payload = ''
        self._credentials = Credentials(self._plaintext_payload, is_encrypted=False)

    @mock_kms
    def test_encrypt(self):
        """Credentials - Empty Credentials - Encrypt - Does nothing when payload is empty"""
        self._credentials.encrypt(REGION, KMS_ALIAS)

        assert_true(self._credentials.is_encrypted())
        assert_equal(self._credentials.data(), '')

Example #3

class TestCredentialsEncrypted(object):
    @mock_kms
    def setup(self):
        self._plaintext_payload = 'plaintext credentials'
        self._encrypted_payload = encrypt_with_kms(self._plaintext_payload,
                                                   REGION, KMS_ALIAS)
        self._credentials = Credentials(self._encrypted_payload,
                                        is_encrypted=True,
                                        region=REGION)

    def test_is_encrypted(self):
        """Credentials - Encrypted Credentials - Is Encrypted"""
        assert_true(self._credentials.is_encrypted())

    def test_is_data(self):
        """Credentials - Encrypted Credentials - Data"""
        assert_equal(self._credentials.data(), self._encrypted_payload)

    @mock_kms
    def test_get_data_kms_decrypted(self):
        """Credentials - Encrypted Credentials - KMS Decrypt"""
        decrypted = self._credentials.get_data_kms_decrypted()
        assert_equal(decrypted, self._plaintext_payload)

    def test_encrypt(self):
        """Credentials - Encrypted Credentials - Encrypt

        Doubly-encrypting the credentials should do nothing.
        """
        self._credentials.encrypt(REGION, KMS_ALIAS)
        assert_equal(self._credentials.data(), self._encrypted_payload)

    @patch('boto3.client')
    @patch('logging.Logger.exception')
    def test_decrypt_kms_error(self, logging_exception, boto3):
        """Credentials - Encrypted Credentials - KMS Decrypt - Errors if KMS Fails to Respond"""

        # We pretend that KMS errors out
        boto3_client = MagicMock()
        boto3.return_value = boto3_client

        response = MagicMock()
        boto3_client.decrypt.side_effect = ClientError(response, 'kms_decrypt')

        assert_is_none(self._credentials.get_data_kms_decrypted())
        logging_exception.assert_called_with(
            'an error occurred during credentials decryption')