def test_set_master_multi_keys():
kms = KMS(region_name='us-least-4')
t_keys = ['arn:east_region:key', 'arn:west_region:key']
kms.set_master_keys(t_keys)
assert len(kms.master_keys) == len(t_keys)
assert sorted(kms.master_keys) == sorted(t_keys)
assert type(kms.master_keys) == list
def test_set_encryption_multi_regions():
kms = KMS(region_name='us-least-4')
t_regions = ['us-least-4', 'us-jest-5']
kms.set_encryption_regions(t_regions)
assert len(kms.enc_regions) == len(t_regions)
assert sorted(kms.enc_regions) == sorted(t_regions)
assert type(kms.enc_regions) == list
def test_set_master_keys():
kms = KMS(region_name='us-least-4')
t_keys = 'arn:single_region:key'
kms.set_master_keys(t_keys)
assert len(kms.master_keys) == 1
assert kms.master_keys == [t_keys]
assert type(kms.master_keys) == list
def test_set_encryption_regions():
kms = KMS(region_name='us-least-4')
t_regions = 'us-jest-5'
kms.set_encryption_regions(t_regions)
assert len(kms.enc_regions) == 1
assert kms.enc_regions == [t_regions]
assert type(kms.enc_regions) == list
def test_decrypt_object(aes, key):
aes.return_value = (b'{"this": "is a test", "with": ["a", "list", "of", \
"items"], "and": { "some": "nested info"}}',
'some_header_stuff_from_encryptor')
key.return_value = {
'this': 'is a test',
'with': ['a', 'list', 'of', 'items'],
'and': {
'some': 'nested info'
}
}
kms = KMS(region_name='us-least-4')
kms.set_encryption_regions('us-least-4')
kms.set_master_keys('arn:now:I:am:the:master')
kms.set_master_keys()
cipher_object = {
'cipher_text': 'encrypted_text_la_la_la',
'encryptor_header': 'some_header_stuff_from_encryptor'
}
result = kms.decrypt_object(cipher_object)
assert result == {
'this': 'is a test',
'with': ['a', 'list', 'of', 'items'],
'and': {
'some': 'nested info'
}
}
def test_set_key_provider_error2(aes):
aes.side_effect = Exception()
kms = KMS(region_name='us-least-4')
kms.set_encryption_regions('us-least-4')
kms.set_master_keys('arn:now:I:am:the:master')
with pytest.raises(Exception, match=r'Could not set key_provider'):
kms.set_key_provider()
def test_encrypt(aes, key):
aes.return_value = ('encrypted_text_la_la_la', 'encrypted_header_x')
key.return_value = 'something'
kms = KMS(region_name='us-least-4')
kms.set_encryption_regions('us-least-4')
kms.set_master_keys('arn:now:I:am:the:master')
kms.set_master_keys()
result = kms.encrypt_it('stuff to encrypt')
assert result['cipher_text'] == 'encrypted_text_la_la_la'
assert result['encryptor_header'] == 'encrypted_header_x'
def test_init():
kms = KMS(region_name='us-least-4')
inspect.isclass(KMS)
assert isinstance(kms, KMS)
assert str(type(kms.kms)) == "<class 'botocore.client.KMS'>"
assert len(kms.enc_regions) == 0
assert len(kms.master_keys) == 0
def test_decrypt_bad_header(aes, key):
aes.return_value = ('plain_text_ok', 'wrong_header_stuff_from_encryptor')
key.return_value = 'something'
kms = KMS(region_name='us-least-4')
kms.set_encryption_regions('us-least-4')
kms.set_master_keys('arn:now:I:am:the:master')
kms.set_master_keys()
cipher_object = {
'cipher_text': 'encrypted_text_la_la_la',
'encryptor_header': 'some_header_stuff_from_encryptor'
}
with pytest.raises(Exception, match='Encryption headers do not match!!!'):
kms.decrypt_it(cipher_object)
def test_set_key_provider(aes):
aes.return_value = 'something'
kms = KMS(region_name='us-least-4')
kms.set_encryption_regions('us-least-4')
kms.set_master_keys('arn:now:I:am:the:master')
kms.set_key_provider()
assert kms.key_provider == 'something'
def test_decrypt(aes, key):
aes.return_value = ('plain_text_ok', 'some_header_stuff_from_encryptor')
key.return_value = 'something'
kms = KMS(region_name='us-least-4')
kms.set_encryption_regions('us-least-4')
kms.set_master_keys('arn:now:I:am:the:master')
kms.set_master_keys()
cipher_object = {
'cipher_text': 'encrypted_text_la_la_la',
'encryptor_header': 'some_header_stuff_from_encryptor'
}
result = kms.decrypt_it(cipher_object)
assert result == 'plain_text_ok'
def test_encrypt_broken_object(jsn, aes, key):
jsn.side_effect = Exception()
aes.return_value = ('encrypted_text_la_la_la', 'encrypted_header_x')
key.return_value = 'something'
kms = KMS(region_name='us-least-4')
kms.set_encryption_regions('us-least-4')
kms.set_master_keys('arn:now:I:am:the:master')
kms.set_master_keys()
test_obj = {
'this': 'is a test',
'with': ['a', 'list', 'of', 'items'],
'and': {
'some': 'nested info'
}
}
with pytest.raises(Exception, match='Could not serialize object'):
kms.encrypt_object(test_obj)
def test_encrypt_object(aes, key):
aes.return_value = ('encrypted_text_la_la_la', 'encrypted_header_x')
key.return_value = 'something'
kms = KMS(region_name='us-least-4')
kms.set_encryption_regions('us-least-4')
kms.set_master_keys('arn:now:I:am:the:master')
kms.set_master_keys()
test_obj = {
'this': 'is a test',
'with': ['a', 'list', 'of', 'items'],
'and': {
'some': 'nested info'
}
}
result = kms.encrypt_object(test_obj)
assert result['cipher_text'] == 'encrypted_text_la_la_la'
assert result['encryptor_header'] == 'encrypted_header_x'
def test_set_key_provider_error():
kms = KMS(region_name='us-least-4')
with pytest.raises(Exception, match=r'Region or Master Keys not set'):
kms.set_key_provider()