def test_parse__as_env(self):
class MyEnvParser(env.EnvParser):
secret_key = env.CharField(max_length=24, as_env=True)
is_important = env.BooleanField()
aws_url = env.URLField(as_env='AWS_URL_WHAT')
number_of_workers = env.IntegerField()
content = encrypt(
textwrap.dedent('''
secret:
key: secret.whatever
is_important: true
aws:
url: http://hello.word.org
number:
of:
workers: '113'
'''))
self.root_dir.join('env.szczyp').write(content, mode='w')
e = MyEnvParser().parse()
assert e.secret_key == 'secret.whatever'
assert e.is_important is True
assert e.aws_url == 'http://hello.word.org'
assert e.number_of_workers == 113
assert os.environ['SECRET_KEY'] == 'secret.whatever'
assert os.environ['AWS_URL_WHAT'] == 'http://hello.word.org'
del os.environ['SECRET_KEY']
del os.environ['AWS_URL_WHAT']
def test_decrypt__specific_file_and_custom_key_file(self):
content = encrypt(
textwrap.dedent('''
secret:
key: secret.whatever
is_important: true
aws:
url: {{ a.b.c }}
number:
of:
workers: '113'
a:
b:
c: http://hello.word.org
'''), '.e2e_encryption_key')
self.root_dir.join('e2e.szczyp').write(content, mode='w')
result = self.runner.invoke(cli, [
'decrypt', '-k', '.e2e_encryption_key',
str(self.root_dir.join('e2e.szczyp'))
])
assert result.exit_code == 0
assert sorted(self.root_dir.listdir()) == [
str(self.root_dir.join('.e2e_encryption_key')),
str(self.root_dir.join('e2e.szczyp')),
str(self.root_dir.join('e2e.yml')),
]
def test_parse__validation_errors(self):
class MyEnvParser(env.EnvParser):
secret_key = env.CharField(max_length=12)
is_important = env.BooleanField()
aws_url = env.URLField()
number_of_workers = env.IntegerField()
content = encrypt(
textwrap.dedent('''
secret:
key: secret.whatever
is_important: whatever
aws:
url: not.url
number:
of:
workers: not.number
'''))
self.root_dir.join('env.szczyp').write(content, mode='w')
with pytest.raises(ValidatorError) as e:
MyEnvParser().parse()
assert e.value.args[0] == (
'env.aws_url: Text "not.url" is not valid URL')
def test_parse(self):
class MyEnvParser(env.EnvParser):
secret_key = env.CharField()
is_important = env.BooleanField()
aws_url = env.URLField()
number_of_workers = env.IntegerField()
content = encrypt(
textwrap.dedent('''
secret:
key: secret.whatever
is_important: true
aws:
url: http://hello.word.org
number:
of:
workers: '113'
'''))
self.root_dir.join('env.szczyp').write(content, mode='w')
e = MyEnvParser().parse()
assert e.secret_key == 'secret.whatever'
assert e.is_important is True
assert e.aws_url == 'http://hello.word.org'
assert e.number_of_workers == 113
def test_parse__singleton__same_gpg_file(self):
secho = self.mocker.patch.object(click, 'secho')
class MyEnvParser(env.EnvParser):
secret_key = env.CharField()
is_important = env.BooleanField()
content = encrypt(
textwrap.dedent('''
secret:
key: secret.whatever
is_important: true
'''))
self.root_dir.join('env.szczyp').write(content, mode='w')
for i in range(2):
e = MyEnvParser().parse()
assert e.secret_key == 'secret.whatever'
assert e.is_important is True
assert secho.call_args_list == [
call('[LOADING] env.szczyp', color='green'),
call('[PARSING] tests.test_parser.MyEnvParser(env.szczyp)',
color='green'),
call('[PARSING] tests.test_parser.MyEnvParser(env.szczyp)',
color='green'),
]
def test_parse__optional_without_defaults(self):
class MyEnvParser(env.EnvParser):
secret_key = env.CharField(required=False, allow_null=True)
is_important = env.BooleanField(required=False, allow_null=True)
aws_url = env.URLField(required=False, allow_null=True)
number_of_workers = env.IntegerField(required=False,
allow_null=True)
content = encrypt(
textwrap.dedent('''
what:
event: yo
'''))
self.root_dir.join('env.szczyp').write(content, mode='w')
e = MyEnvParser().parse()
assert e.secret_key is None
assert e.is_important is None
assert e.aws_url is None
assert e.number_of_workers is None
def test_parse__complex_example__from_env_variable(self):
class MyEnvParser(env.EnvParser):
secret_key = env.CharField()
is_important = env.BooleanField()
aws_url = env.URLField()
number_of_workers = env.IntegerField()
content = encrypt(
textwrap.dedent('''
secret:
key: secret.whatever
is_important: true
aws:
url: {{ a.b.c }}
number:
of:
workers: '113'
a:
b:
c: http://hello.word.org
'''))
os.environ['SZCZYPIOREK_ENVIRONMENT'] = content
e = MyEnvParser().parse()
assert e.secret_key == 'secret.whatever'
assert e.is_important is True
assert e.aws_url == 'http://hello.word.org'
assert e.number_of_workers == 113
def test_encrypt__encryption_key_exists__success(self):
create_encryption_key_if_not_exist()
encrypted = encrypt('hello world').strip()
content = read_encrypted(encrypted)
assert content['key_hash'] is not None
assert content['gpg'].startswith('-----BEGIN PGP MESSAGE-----')
assert content['gpg'].endswith('-----END PGP MESSAGE-----')
assert decrypt(encrypted) == 'hello world'
assert len(
self.root_dir.join('.szczypiorek_encryption_key').read()) > 128
def test_encrypt__empty_content__success(self):
self.mocker.patch(
'szczypiorek.crypto.get_encryption_key').return_value = ('secret',
'hash')
encrypted = encrypt('').strip()
content = read_encrypted(encrypted)
assert content['key_hash'] == 'hash'
assert content['gpg'].startswith('-----BEGIN PGP MESSAGE-----')
assert content['gpg'].endswith('-----END PGP MESSAGE-----')
assert decrypt(encrypted) == ''
def test_encrypt__no_encryption_key__success(self):
assert self.root_dir.join(
'.szczypiorek_encryption_key').exists() is False
encrypted = encrypt('hello world').strip()
content = read_encrypted(encrypted)
assert content['key_hash'] is not None
assert content['gpg'].startswith('-----BEGIN PGP MESSAGE-----')
assert content['gpg'].endswith('-----END PGP MESSAGE-----')
assert decrypt(encrypted) == 'hello world'
assert self.root_dir.join(
'.szczypiorek_encryption_key').exists() is True
def test_print_env(self):
content = encrypt(textwrap.dedent('''
a: b
'''))
self.root_dir.join('env.szczyp').write(content, mode='w')
global my_env
my_env = MyEnvParser().parse() # noqa
result = self.runner.invoke(cli,
['print-env', 'tests.test_cli.my_env'])
assert result.exit_code == 0
assert result.output.strip() == textwrap.dedent('''
a: b
''').strip()
def test_decrypt__wrong_passphrase__error(self):
self.mocker.patch(
'szczypiorek.crypto.get_encryption_key').side_effect = [
('secret.0', 'hash'), ('secret.1', 'hash')
]
encrypted = encrypt('what is it')
with pytest.raises(DecryptionError) as e:
decrypt(encrypted)
assert e.value.args[0] == normalize("""
Something went wrong while attempting to decrypt. The big chance
is that you've used broken encryption key.
Therefore if you see this message it means that you're trying to
do something bad. Stop doing that.
""")
def test_print_env__hide_sensitive(self):
content = encrypt(
textwrap.dedent('''
password: my.secret
my_super_password: 123whatever
secret: not tell anyone
some_secret: not just any secret
my_key: to open any doors
key: yup
not_some_important: just show it
a: b
c: '{"my_password": "******"}'
'''))
self.root_dir.join('env.szczyp').write(content, mode='w')
global my_env
my_env = SensitiveEnvParser().parse() # noqa
result = self.runner.invoke(cli,
['print-env', 'tests.test_cli.my_env'])
assert result.exit_code == 0
assert result.output.strip() == textwrap.dedent('''
a: b
c: {
"my_password": "******"
}
key: **********
my_key: **********
my_super_password: **********
not_some_important: just show it
password: **********
secret: **********
some_secret: **********
''').strip()
def test_parse__optional_with_defaults(self):
class MyEnvParser(env.EnvParser):
secret_key = env.CharField(required=False, default='hello')
is_important = env.BooleanField(required=False, default=False)
aws_url = env.URLField(required=False, default='http://hi.pl')
number_of_workers = env.IntegerField(required=False, default=12)
content = encrypt(
textwrap.dedent('''
what:
event: yo
'''))
self.root_dir.join('env.szczyp').write(content, mode='w')
e = MyEnvParser().parse()
assert e.secret_key == 'hello'
assert e.is_important is False
assert e.aws_url == 'http://hi.pl'
assert e.number_of_workers == 12
def set_encrypted(self, json, filepath=None, key_filepath=None):
content = encrypt(dump_yaml(json), key_filepath=key_filepath)
filepath = filepath or 'env.szczyp'
self.root_dir.join(filepath).write(content, mode='w')
def test_decrypt__empty_gpg_content__success(self):
assert decrypt(encrypt('')) == ''
