def test_bootstrap(mocker):
mocker.patch(
'confidant.encrypted_settings.cryptolib.decrypt_datakey',
return_value=b'1cVUbJT58SbMt4Wk4xmEZoNhZGdWO_vg1IJiXwc6HGs==',
)
mocker.patch(
'confidant.encrypted_settings.Fernet.decrypt',
return_value='{secret: value, secret2: value2}\n',
)
enc_set = EncryptedSettings(None)
decrypted = enc_set._bootstrap(
'{"secrets": "encryptedstring", "data_key": "dGhla2V5"}')
assert decrypted['secret2'] == 'value2'
# The port the WSGI app should use.
PORT = int_env('PORT', 8080)
# The directory to use for static content. To use minified resources, set this
# to 'dist'.
STATIC_FOLDER = str_env('STATIC_FOLDER', 'public')
# Bootstrapping
# A base64 encoded and KMS encrypted YAML string that contains secrets that
# confidant should use for its own secrets. The blob should be generated using
# confidant's generate_secrets_bootstrap script via manage.py. It uses the
# KMS_MASTER_KEY for decryption.
# If SECRETS_BOOTSTRAP starts with file://, then it will load the blob from a
# file, rather than reading the blob from the environment.
SECRETS_BOOTSTRAP = str_env('SECRETS_BOOTSTRAP')
encrypted_settings = EncryptedSettings(SECRETS_BOOTSTRAP)
# User authentication method switcher.
# Supported methods:
# - 'google' # Google OAuth
# - 'saml' # SAML Identity Provider
# - 'header' # Header-based authentication
USER_AUTH_MODULE = str_env('USER_AUTH_MODULE', 'google')
# An email suffix that can be used to restrict access to the web interface.
# Example: @example.com
# For backwards compatibility, also support setting this with
# GOOGLE_AUTH_EMAIL_SUFFIX.
USER_EMAIL_SUFFIX = (str_env('USER_EMAIL_SUFFIX', None)
or str_env('GOOGLE_AUTH_EMAIL_SUFFIX', None))
def test_register(self):
enc_set = EncryptedSettings(None)
enc_set.register('Foo', 'Bar')
self.assertEqual(enc_set.secret_names, ['Foo'])
def test_bootstrap_filefail(self):
enc_set = EncryptedSettings(None)
decrypted = enc_set._bootstrap('file://FILE/DOES/NOT/EXIST')
self.assertEqual(decrypted, {})
def test_bootstrap(self, mockdecryptkey, mockdecrypt):
enc_set = EncryptedSettings(None)
decrypted = enc_set._bootstrap(
'{"secrets": "encryptedstring", "data_key": "dGhla2V5"}')
self.assertEqual(decrypted['secret2'], 'value2')
def test_get_registered_default(self):
enc_set = EncryptedSettings(None)
enc_set.register('Foo', 'Bar')
enc_set.register('Bar', 'Baz')
enc_set.decrypted_secrets = {'Foo': 'DecryptedFoo'}
self.assertEqual(enc_set.get_secret('Bar'), 'Baz')
def test_get_registered():
enc_set = EncryptedSettings(None)
enc_set.register('Foo', 'Bar')
enc_set.decrypted_secrets = {'Foo': 'DecryptedBar'}
assert enc_set.get_secret('Foo') == 'DecryptedBar'
def test_bootstrap_filefail():
enc_set = EncryptedSettings(None)
decrypted = enc_set._bootstrap('file://FILE/DOES/NOT/EXIST')
assert decrypted == {}
def test_register():
enc_set = EncryptedSettings(None)
enc_set.register('Foo', 'Bar')
assert enc_set.secret_names == ['Foo']
def test_get_registered_default():
enc_set = EncryptedSettings(None, None)
enc_set.register('Foo', 'Bar')
enc_set.register('Bar', 'Baz')
enc_set.decrypted_secrets = {'Foo': 'DecryptedFoo'}
assert enc_set.get_secret('Bar') == 'Baz'