def decrypt_config(self):
"Decrypt entries as necessary with decryptLoop from Cipher"
if 1 == 1:
#try:
cipher = Cipher(self.password)
cipher.decrypt_dict(self.data)
else:
#except:
errmsg = "Error decrypting configuration"
raise MachineConfigurationException(self.machine_name, errmsg)
def test_encrypted_ci(self):
self.reset_packages()
cipher = Cipher(CONFIG_PASSWORD)
cipher_text = cipher.encrypt_string("/tmp/foogazi")
package_config = {"test": {"value":"nowisthetimeforalldooment",
"enc_directory": cipher_text},
"packages": ["TestPackageType4"],
}
self.make_localhost_config(additional_config=package_config)
self.reset_packages()
url = '/json/machine/reconcile/localhost'
status, output, cmd_output = self.run_job(url, data={}, timeout=60)
assert status == OK, output
def _scp_all_client_data(self, raw_data):
"""If the remote machine has a configuration key, we will
encrypt its configuration data and secure-copy it to him rather
than stream the data to bc.py's stdin"""
enc_key = self.data['config_key']
yaml_data_str = yaml.dump(raw_data)
cipher = Cipher(enc_key)
enc_data = cipher.encrypt_string(yaml_data_str)
dest_path = os.path.join(self.spkg_dir, self.machine_name, "client.yml.enc")
temp_file = tempfile.mkstemp()[1]
open(temp_file, 'w').write(enc_data)
self.scp(temp_file, dest_path, False)
#self.server_log.debug("Cleaning local temporary file %s" % temp_file)
#os.system("rm -f %s" % temp_file)
self._stream_data("config_key: '%s'\n" % enc_key)
def _validate_password(self, password):
"Very shallow password validation"
lazy_dog = "the_quick_brown_fox_jumped_over_the_lazy_dog\n"
test_decrypt_file = os.path.join(self.server_home, 'admin',
'encryption_validation.yml')
if not os.path.isfile(test_decrypt_file):
msg = "%s doesn't exist, creating..." % test_decrypt_file
self.server_log.warning( msg )
cipher = Cipher(password)
enc_lazy = cipher.encrypt_string(lazy_dog)
enc_dict = { "enc_test" : enc_lazy }
open( test_decrypt_file, 'w' ).write(yaml.dump( enc_dict ))
try:
cipher_dict = yaml.load(open(test_decrypt_file, 'r').read())
except IOError:
return FAIL, "Encryption not set up properly. %s not readable"
try:
cipher = Cipher(password)
clear_dict = cipher.decrypt_dict(cipher_dict)
except DecryptionException:
return FAIL, ["Invalid configuration key."]
if clear_dict.get("test") == lazy_dog:
return OK, ['Configuration key set.']
return FAIL, ["Invalid configuration key."]
def data_request(self):
"Obtain configuration data from the server"
b64_data = []
while True:
#Logger.info( "STARTING READ" )
chunk = sys.stdin.read(STREAM_BLOCK_SIZE).strip()
#Logger.info( "READ FROM SERVER: [%s]" % chunk)
if not chunk or chunk[0] == ' ' or chunk.endswith("-"):
chunk = chunk[:-1]
b64_data.append(chunk)
break
b64_data.append(chunk)
sys.stdout.write(">\n")
sys.stdout.flush()
#Logger.info("FINISHED INPUT LOOP")
#print "b64_data: ", b64_data
json_data = ''
#json_data = zlib.decompress(base64.decodestring(''.join(b64_data)))
json_data = base64.decodestring(''.join(b64_data))
#print "json_dataa", json_data
Logger.debug("Received %s lines of json" % len(json_data.split('\n')))
try:
input_data = json.loads(json_data)
#print "input_dataa", input_data
except:
ermsg = "Configuration data not YAML-parseable: %s" % (repr(json_data))
file_number, filename = tempfile.mkstemp(suffix=".yml")
fh = open(filename, 'w')
Logger.error("Writing bad data to %s" % filename)
for line in json_data.split('\n'):
fh.write("[%s]" % line)
fh.flush()
fh.close()
raise ConfigurationException(ermsg)
if type(input_data) == type("string"):
ermsg = "Configuration data not YAML-parseable: %s" % (repr(json_data))
raise ConfigurationException(ermsg)
if type(input_data) != type({}) and type(input_data) != type([]):
input_data = input_data.next()
config_key = input_data.get("config_key", None)
if config_key:
try:
from bombardier_core.Cipher import Cipher
except ImportError:
msg = "This machine cannot accept an encrypted configuration"
raise ConfigurationException(msg)
enc_json_file = make_path(get_spkg_path(), self.instance_name,
'client.yml.enc')
if not os.path.isfile(enc_json_file):
msg = "%s file doesn't exist" % enc_json_file
raise ConfigurationException(msg)
enc_data = open(enc_json_file).read()
cipher = Cipher(config_key)
plain_json_str = cipher.decrypt_string(enc_data)
try:
input_data = json.loads(plain_json_str)
except:
ermsg = "Received bad YAML file: %s" % enc_json_file
raise ConfigurationException(ermsg)
config_data = input_data.get("config_data")
if not config_data:
raise ConfigurationException("No configuration data received")
package_data = input_data.get("package_data", {})
self.config = Config(self.instance_name, config_data)
self.repository = Repository(self.instance_name, package_data)