def test_secrets(self): engine = PlumberyEngine() engine.secrets = {'hello': 'world'} engine.save_secrets(plan='test_engine.yaml') engine.secrets = {} engine.load_secrets(plan='test_engine.yaml') self.assertEqual(engine.secrets['hello'], 'world') engine.forget_secrets(plan='test_engine.yaml') self.assertEqual(os.path.isfile('.test_engine.secrets'), False)
def test_lookup(self): engine = PlumberyEngine() self.assertEqual(engine.lookup('plumbery.version'), __version__) engine.secrets = {} random = engine.lookup('secret.random') self.assertEqual(len(random), 9) self.assertEqual(engine.lookup('secret.random'), random) md5 = engine.lookup('secret.random.md5') self.assertEqual(len(md5), 32) self.assertNotEqual(md5, random) sha = engine.lookup('secret.random.sha1') self.assertEqual(len(sha), 40) self.assertNotEqual(sha, random) sha = engine.lookup('secret.random.sha256') self.assertEqual(len(sha), 64) self.assertNotEqual(sha, random) id1 = engine.lookup('id1.uuid') self.assertEqual(len(id1), 36) self.assertEqual(engine.lookup('id1.uuid'), id1) id2 = engine.lookup('id2.uuid') self.assertEqual(len(id2), 36) self.assertNotEqual(id1, id2) engine.lookup('application.secret') engine.lookup('database.secret') engine.lookup('master.secret') engine.lookup('slave.secret') original = b'hello world' print('original: {}'.format(original)) text = ensure_string(engine.lookup('rsa_public.pair1')) print('rsa_public.pair1: {}'.format(text)) self.assertTrue(text.startswith('ssh-rsa ')) text = b(text) key = serialization.load_ssh_public_key( data=text, backend=default_backend()) encrypted = key.encrypt( original, padding.OAEP( mgf=padding.MGF1(algorithm=hashes.SHA1()), algorithm=hashes.SHA1(), label=None ) ) encrypted = base64.b64encode(encrypted) print('encrypted: {}'.format(encrypted)) privateKey = engine.lookup('rsa_private.pair1') print('rsa_private.pair1: {}'.format(privateKey)) self.assertTrue(ensure_string(privateKey).startswith( '-----BEGIN RSA PRIVATE KEY-----')) privateKey = serialization.load_pem_private_key( b(privateKey), password=None, backend=default_backend()) decrypted = privateKey.decrypt( base64.b64decode(encrypted), padding.OAEP( mgf=padding.MGF1(algorithm=hashes.SHA1()), algorithm=hashes.SHA1(), label=None ) ) print('decrypted: {}'.format(decrypted)) self.assertEqual(decrypted, original) token = engine.lookup('https://discovery.etcd.io/new') self.assertEqual(token.startswith( 'https://discovery.etcd.io/'), True) self.assertEqual(len(token), 58) self.assertEqual(len(engine.secrets), 13) with self.assertRaises(LookupError): localKey = engine.lookup('rsa_private.local') localKey = engine.lookup('rsa_public.local') if len(localKey) > 0: path = engine.get_shared_key_files()[0] with open(os.path.expanduser(path)) as stream: text = stream.read() stream.close() self.assertEqual(localKey.strip(), text.strip()) plogging.info("Successful lookup of local public key")
def test_lookup(self): engine = PlumberyEngine() self.assertEqual(engine.lookup('plumbery.version'), __version__) engine.secrets = {} random = engine.lookup('secret.random') self.assertEqual(len(random), 9) self.assertEqual(engine.lookup('secret.random'), random) md5 = engine.lookup('secret.random.md5') self.assertEqual(len(md5), 32) self.assertNotEqual(md5, random) sha = engine.lookup('secret.random.sha1') self.assertEqual(len(sha), 40) self.assertNotEqual(sha, random) sha = engine.lookup('secret.random.sha256') self.assertEqual(len(sha), 64) self.assertNotEqual(sha, random) id1 = engine.lookup('id1.uuid') self.assertEqual(len(id1), 36) self.assertEqual(engine.lookup('id1.uuid'), id1) id2 = engine.lookup('id2.uuid') self.assertEqual(len(id2), 36) self.assertNotEqual(id1, id2) engine.lookup('application.secret') engine.lookup('database.secret') engine.lookup('master.secret') engine.lookup('slave.secret') original = b'hello world' if HAS_CRYPTO: text = engine.lookup('pair1.rsa_public') self.assertTrue(ensure_string(text).startswith('ssh-rsa ')) key = RSA.importKey(text) cipher = PKCS1_OAEP.new(key) encrypted = cipher.encrypt(original) privateKey = engine.lookup('pair1.rsa_private') self.assertTrue( ensure_string(privateKey).startswith( '-----BEGIN RSA PRIVATE KEY-----')) key = RSA.importKey(engine.lookup('pair1.rsa_private')) cipher = PKCS1_OAEP.new(key) decrypted = cipher.decrypt(encrypted) self.assertEqual(decrypted, original) token = engine.lookup('https://discovery.etcd.io/new') self.assertEqual(token.startswith('https://discovery.etcd.io/'), True) self.assertEqual(len(token), 58) self.assertEqual(len(engine.secrets), 13) with self.assertRaises(LookupError): localKey = engine.lookup('local.rsa_private') localKey = engine.lookup('rsa_public.local') try: path = '~/.ssh/id_rsa.pub' with open(os.path.expanduser(path)) as stream: text = stream.read() stream.close() self.assertEqual(localKey.strip(), text.strip()) plogging.info("Successful lookup of local public key") except IOError: pass
def test_lookup(self): engine = PlumberyEngine() self.assertEqual(engine.lookup('plumbery.version'), __version__) engine.secrets = {} random = engine.lookup('random.secret') self.assertEqual(len(random), 9) self.assertEqual(engine.lookup('random.secret'), random) md5 = engine.lookup('random.md5.secret') self.assertEqual(len(md5), 32) self.assertNotEqual(md5, random) sha = engine.lookup('random.sha1.secret') self.assertEqual(len(sha), 40) self.assertNotEqual(sha, random) sha = engine.lookup('random.sha256.secret') self.assertEqual(len(sha), 64) self.assertNotEqual(sha, random) id1 = engine.lookup('id1.uuid') self.assertEqual(len(id1), 36) self.assertEqual(engine.lookup('id1.uuid'), id1) id2 = engine.lookup('id2.uuid') self.assertEqual(len(id2), 36) self.assertNotEqual(id1, id2) engine.lookup('application.secret') engine.lookup('database.secret') engine.lookup('master.secret') engine.lookup('slave.secret') original = 'hello world' text = engine.lookup('pair1.rsa_public') self.assertEqual(text.startswith('ssh-rsa '), True) key = RSA.importKey(text) encrypted = key.publickey().encrypt(original, 32) privateKey = engine.lookup('pair1.rsa_private') self.assertEqual( privateKey.startswith('-----BEGIN RSA PRIVATE KEY-----'), True) key = RSA.importKey(engine.lookup('pair1.rsa_private')) decrypted = key.decrypt(ast.literal_eval(str(encrypted))) self.assertEqual(decrypted, original) self.assertEqual(len(engine.secrets), 12) with self.assertRaises(LookupError): localKey = engine.lookup('local.rsa_private') localKey = engine.lookup('local.rsa_public') try: path = '~/.ssh/id_rsa.pub' with open(os.path.expanduser(path)) as stream: text = stream.read() stream.close() self.assertEqual(localKey.strip(), text.strip()) logging.info("Successful lookup of local public key") except IOError: pass
def test_lookup(self): engine = PlumberyEngine() self.assertEqual(engine.lookup('plumbery.version'), __version__) engine.secrets = {} random = engine.lookup('secret.random') self.assertEqual(len(random), 9) self.assertEqual(engine.lookup('secret.random'), random) md5 = engine.lookup('secret.random.md5') self.assertEqual(len(md5), 32) self.assertNotEqual(md5, random) sha = engine.lookup('secret.random.sha1') self.assertEqual(len(sha), 40) self.assertNotEqual(sha, random) sha = engine.lookup('secret.random.sha256') self.assertEqual(len(sha), 64) self.assertNotEqual(sha, random) id1 = engine.lookup('id1.uuid') self.assertEqual(len(id1), 36) self.assertEqual(engine.lookup('id1.uuid'), id1) id2 = engine.lookup('id2.uuid') self.assertEqual(len(id2), 36) self.assertNotEqual(id1, id2) engine.lookup('application.secret') engine.lookup('database.secret') engine.lookup('master.secret') engine.lookup('slave.secret') original = b'hello world' print('original: {}'.format(original)) text = ensure_string(engine.lookup('rsa_public.pair1')) print('rsa_public.pair1: {}'.format(text)) self.assertTrue(text.startswith('ssh-rsa ')) text = b(text) key = serialization.load_ssh_public_key(data=text, backend=default_backend()) encrypted = key.encrypt( original, padding.OAEP(mgf=padding.MGF1(algorithm=hashes.SHA1()), algorithm=hashes.SHA1(), label=None)) encrypted = base64.b64encode(encrypted) print('encrypted: {}'.format(encrypted)) privateKey = engine.lookup('rsa_private.pair1') print('rsa_private.pair1: {}'.format(privateKey)) self.assertTrue( ensure_string(privateKey).startswith( '-----BEGIN RSA PRIVATE KEY-----')) privateKey = serialization.load_pem_private_key( b(privateKey), password=None, backend=default_backend()) decrypted = privateKey.decrypt( base64.b64decode(encrypted), padding.OAEP(mgf=padding.MGF1(algorithm=hashes.SHA1()), algorithm=hashes.SHA1(), label=None)) print('decrypted: {}'.format(decrypted)) self.assertEqual(decrypted, original) token = engine.lookup('https://discovery.etcd.io/new') self.assertEqual(token.startswith('https://discovery.etcd.io/'), True) self.assertEqual(len(token), 58) self.assertEqual(len(engine.secrets), 13) with self.assertRaises(LookupError): localKey = engine.lookup('rsa_private.local') localKey = engine.lookup('rsa_public.local') if len(localKey) > 0: path = engine.get_shared_key_files()[0] with open(os.path.expanduser(path)) as stream: text = stream.read() stream.close() self.assertEqual(localKey.strip(), text.strip()) plogging.info("Successful lookup of local public key")
def test_lookup(self): engine = PlumberyEngine() self.assertEqual(engine.lookup('plumbery.version'), __version__) engine.secrets = {} random = engine.lookup('secret.random') self.assertEqual(len(random), 9) self.assertEqual(engine.lookup('secret.random'), random) md5 = engine.lookup('secret.random.md5') self.assertEqual(len(md5), 32) self.assertNotEqual(md5, random) sha = engine.lookup('secret.random.sha1') self.assertEqual(len(sha), 40) self.assertNotEqual(sha, random) sha = engine.lookup('secret.random.sha256') self.assertEqual(len(sha), 64) self.assertNotEqual(sha, random) id1 = engine.lookup('id1.uuid') self.assertEqual(len(id1), 36) self.assertEqual(engine.lookup('id1.uuid'), id1) id2 = engine.lookup('id2.uuid') self.assertEqual(len(id2), 36) self.assertNotEqual(id1, id2) engine.lookup('application.secret') engine.lookup('database.secret') engine.lookup('master.secret') engine.lookup('slave.secret') original = b'hello world' if HAS_CRYPTO: text = engine.lookup('pair1.rsa_public') self.assertTrue(ensure_string(text).startswith('ssh-rsa ')) key = RSA.importKey(text) cipher = PKCS1_OAEP.new(key) encrypted = cipher.encrypt(original) privateKey = engine.lookup('pair1.rsa_private') self.assertTrue(ensure_string(privateKey).startswith( '-----BEGIN RSA PRIVATE KEY-----')) key = RSA.importKey(engine.lookup('pair1.rsa_private')) cipher = PKCS1_OAEP.new(key) decrypted = cipher.decrypt(encrypted) self.assertEqual(decrypted, original) token = engine.lookup('https://discovery.etcd.io/new') self.assertEqual(token.startswith( 'https://discovery.etcd.io/'), True) self.assertEqual(len(token), 58) self.assertEqual(len(engine.secrets), 13) with self.assertRaises(LookupError): localKey = engine.lookup('local.rsa_private') localKey = engine.lookup('rsa_public.local') try: path = '~/.ssh/id_rsa.pub' with open(os.path.expanduser(path)) as stream: text = stream.read() stream.close() self.assertEqual(localKey.strip(), text.strip()) plogging.info("Successful lookup of local public key") except IOError: pass
def test_lookup(self): engine = PlumberyEngine() self.assertEqual(engine.lookup('plumbery.version'), __version__) engine.secrets = {} random = engine.lookup('random.secret') self.assertEqual(len(random), 9) self.assertEqual(engine.lookup('random.secret'), random) md5 = engine.lookup('random.md5.secret') self.assertEqual(len(md5), 32) self.assertNotEqual(md5, random) sha = engine.lookup('random.sha1.secret') self.assertEqual(len(sha), 40) self.assertNotEqual(sha, random) sha = engine.lookup('random.sha256.secret') self.assertEqual(len(sha), 64) self.assertNotEqual(sha, random) id1 = engine.lookup('id1.uuid') self.assertEqual(len(id1), 36) self.assertEqual(engine.lookup('id1.uuid'), id1) id2 = engine.lookup('id2.uuid') self.assertEqual(len(id2), 36) self.assertNotEqual(id1, id2) engine.lookup('application.secret') engine.lookup('database.secret') engine.lookup('master.secret') engine.lookup('slave.secret') original = 'hello world' text = engine.lookup('pair1.rsa_public') self.assertEqual(text.startswith('ssh-rsa '), True) key = RSA.importKey(text) encrypted = key.publickey().encrypt(original, 32) privateKey = engine.lookup('pair1.rsa_private') self.assertEqual(privateKey.startswith( '-----BEGIN RSA PRIVATE KEY-----'), True) key = RSA.importKey(engine.lookup('pair1.rsa_private')) decrypted = key.decrypt(ast.literal_eval(str(encrypted))) self.assertEqual(decrypted, original) self.assertEqual(len(engine.secrets), 12) with self.assertRaises(LookupError): localKey = engine.lookup('local.rsa_private') localKey = engine.lookup('local.rsa_public') try: path = '~/.ssh/id_rsa.pub' with open(os.path.expanduser(path)) as stream: text = stream.read() stream.close() self.assertEqual(localKey.strip(), text.strip()) logging.info("Successful lookup of local public key") except IOError: pass