def _provision_client_cert(self, cert_path):
"""Executes certificate provider to obtain client certificate and keys."""
cert_command_string = config.get('Credentials',
'cert_provider_command', None)
if cert_command_string:
cert_command = cert_command_string.split(' ')
else:
# Load the default certificate provider if sit is not provided by user.
cert_command = _default_command()
try:
command_stdout_string, _ = execution_util.ExecuteExternalCommand(
cert_command)
sections = _split_pem_into_sections(command_stdout_string,
self.logger)
with open(cert_path, 'w+') as f:
f.write(sections['CERTIFICATE'])
f.write(sections['ENCRYPTED PRIVATE KEY'])
self.client_cert_password = sections['PASSPHRASE'].splitlines()[1]
except (exception.ExternalBinaryError, OSError) as e:
raise CertProvisionError(e)
except KeyError as e:
raise CertProvisionError(
'Invalid output format from certificate provider, no %s' % e)
def _stet_transform(subcommand, blob_id, in_file_path, out_file_path, logger):
"""Runs a STET transform on a file.
Encrypts for uploads. Decrypts for downloads. Automatically populates
flags for the STET binary.
Args:
subcommand (StetSubcommandName): Subcommand to call on STET binary.
blob_id (str): Cloud URL that binary uses for validation.
in_file_path (str): File to be transformed source.
out_file_path (str): Where to write result of transform.
logger (logging.Logger): For logging STET binary output.
Raises:
KeyError: STET binary or config could not be found.
"""
binary_path = config.get('GSUtil', 'stet_binary_path',
_get_stet_binary_from_path())
if not binary_path:
raise KeyError('Could not find STET binary in boto config or PATH.')
command_args = [os.path.expanduser(binary_path), subcommand]
config_path = config.get('GSUtil', 'stet_config_path', None)
if config_path:
command_args.append('--config-file=' + os.path.expanduser(config_path))
command_args.extend(['--blob-id=' + blob_id, in_file_path, out_file_path])
_, stderr = execution_util.ExecuteExternalCommand(command_args)
logger.debug(stderr)
def testExternalCommandRaisesFormattedStderr(self, mock_Popen):
mock_command_process = mock.Mock()
mock_command_process.returncode = 1
mock_command_process.communicate.return_value = (None, b'error.\n')
mock_Popen.return_value = mock_command_process
with self.assertRaisesRegexp(exception.ExternalBinaryError, 'error'):
execution_util.ExecuteExternalCommand(['fake-command'])
def testExternalCommandReturnsNoOutput(self, mock_Popen):
mock_command_process = mock.Mock()
mock_command_process.returncode = 1
mock_command_process.communicate.return_value = (None, b'error')
mock_Popen.return_value = mock_command_process
with self.assertRaises(OSError):
execution_util.ExecuteExternalCommand(['fake-command'])
mock_Popen.assert_called_once_with(['fake-command'],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
def testExternalCommandReturnsBytesOutput(self, mock_Popen):
mock_command_process = mock.Mock()
mock_command_process.returncode = 0
mock_command_process.communicate.return_value = (b'a', b'b')
mock_Popen.return_value = mock_command_process
stdout, stderr = execution_util.ExecuteExternalCommand(['fake-command'])
self.assertEqual(stdout, 'a')
self.assertEqual(stderr, 'b')
mock_Popen.assert_called_once_with(['fake-command'],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
def testExternalCommandReturnsNoOutput(self, mock_Popen):
mock_command_process = mock.Mock()
mock_command_process.returncode = 0
mock_command_process.communicate.return_value = (None, None)
mock_Popen.return_value = mock_command_process
stdout, stderr = execution_util.ExecuteExternalCommand(['fake-command'])
self.assertIsNone(stdout)
self.assertIsNone(stderr)
mock_Popen.assert_called_once_with(['fake-command'],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)