Example #1
0
 def test_fails_on_unknown_provider(self):
     with pytest.raises(ImportError) as err:
         get_config_yourself(
             {"crypto": {
                 "provider": "fake-provider",
                 "key": "adsf"
             }})
Example #2
0
    def test_override(self, input_config, other_config,
                      expected_overridden_config):
        with warnings.catch_warnings(record=True):
            input_with_kms_entries = get_config_yourself(
                add_kms_entries(input_config), add_kms_entries(other_config))

            expected_with_kms_entries = get_config_yourself(
                add_kms_entries(expected_overridden_config))

            assert input_with_kms_entries._data == expected_with_kms_entries._data
Example #3
0
 def test_fails_on_bad_secret(self):
     with pytest.raises(errors.DecryptError) as err:
         get_config_yourself(
             {
                 "crypto": {
                     "provider": "password",
                     "key": KEYS["password"]
                 },
                 "secret": {
                     "ciphertext": "bad-secret",
                     "encrypted": "true"
                 },
             },
             password="******",
         )
Example #4
0
    def test_overrides_warn_on_potential_errors(self):
        with warnings.catch_warnings(record=True) as warns:
            # Cause all warnings to always be triggered.
            warnings.simplefilter("always")
            crypto = {"key": "<key>"}
            source = {
                "crypto": crypto,
                "key": {
                    "encrypted": True,
                    "ciphertext": "Wlc1amNubHdkRzFs"
                },
            }
            override = {
                "crypto": crypto,
                "key": {
                    "encrypted": True,
                    "ciphertext": "Y3JhcCEK"
                },
                "ignored": True,
            }

            with pytest.raises(errors.InvalidConfig):
                cfg = get_config_yourself(source, override)

            all_warnings = "\n".join([str(w.message) for w in warns])
            assert "<key>" in all_warnings
            assert "<ignored>" in all_warnings
            assert "defaulting to `kms`" in all_warnings
Example #5
0
    def test_decrypts(self):
        secret = {
            "ciphertext":
            "Ds84SJ3l3l0Xz2CSlo3Ap0MF3bNTFA/+IVZ8uLIk7YhEC/mVrV5je6LlaBst7Xj2ggWs9pN6",
            "encrypted": "true",
        }
        cfg = get_config_yourself(
            {
                "crypto": {
                    "provider":
                    "password",
                    "key":
                    "dRVeKIGwNwJU0LQ69eUwsUyQRCyPh7DMRiU1bK//LtoMg81SHohquBR9S5fSYa6Uz+yvAHrx2KjBzS+0QXs6bM6fDJVpNodXOgA5XtNMV+iA8hVZlkC12cnfsNw=",
                },
                "secret": secret,
                "nested": {
                    "secret": secret
                },
                "list": [{
                    "secret": secret
                }, secret],
            },
            password="******",
        )

        assert cfg["secret"] == "secret"
        assert cfg["nested"]["secret"] == "secret"
        assert cfg["list"][0]["secret"] == "secret"
        assert cfg["list"][1] == "secret"
        assert len(cfg) == 4
Example #6
0
    def test_verify_overrides_are_not_destructive(self, source, override):
        original_source = deepcopy(source)
        with warnings.catch_warnings(record=True):
            resulting_config = get_config_yourself(source, override)

        # the original object was not modified
        assert source == original_source
        # the resulting config has been overridden
        assert not resulting_config["key"]["nested"]["value"]
        # make sure the nested value that is defined in source and not defined in the override is present
        assert "unchanged" in resulting_config["key"]["nested"]
        assert resulting_config["key"]["nested"]["unchanged"]
Example #7
0
    def test_verify_returned_encrypted_config_can_not_modify_original(
            self, input_config):
        input_config_with_kms = add_kms_entries(input_config)
        original = input_config_with_kms["key"]
        with warnings.catch_warnings(record=True):
            config_yourself = get_config_yourself(input_config_with_kms,
                                                  {"key": "overriden"})
        with pytest.raises(TypeError):
            config_yourself["foo"] = "bar"

        assert input_config_with_kms["key"] == original
        assert config_yourself["key"] == "overriden"
Example #8
0
    def test_config(self, input_config, expected_config):
        input_with_kms_entries = add_kms_entries(input_config)
        expected_with_kms_entries = add_kms_entries(expected_config)
        config_yourself = get_config_yourself(input_with_kms_entries)

        assert config_yourself._data == expected_with_kms_entries