Esempio n. 1
0
def test_bootstrap(mocker):
    mocker.patch(
        'confidant.encrypted_settings.cryptolib.decrypt_datakey',
        return_value=b'1cVUbJT58SbMt4Wk4xmEZoNhZGdWO_vg1IJiXwc6HGs==',
    )
    mocker.patch(
        'confidant.encrypted_settings.Fernet.decrypt',
        return_value='{secret: value, secret2: value2}\n',
    )
    enc_set = EncryptedSettings(None)
    decrypted = enc_set._bootstrap(
        '{"secrets": "encryptedstring", "data_key": "dGhla2V5"}')
    assert decrypted['secret2'] == 'value2'
Esempio n. 2
0
# The port the WSGI app should use.
PORT = int_env('PORT', 8080)
# The directory to use for static content. To use minified resources, set this
# to 'dist'.
STATIC_FOLDER = str_env('STATIC_FOLDER', 'public')

# Bootstrapping

# A base64 encoded and KMS encrypted YAML string that contains secrets that
# confidant should use for its own secrets. The blob should be generated using
# confidant's generate_secrets_bootstrap script via manage.py. It uses the
# KMS_MASTER_KEY for decryption.
# If SECRETS_BOOTSTRAP starts with file://, then it will load the blob from a
# file, rather than reading the blob from the environment.
SECRETS_BOOTSTRAP = str_env('SECRETS_BOOTSTRAP')
encrypted_settings = EncryptedSettings(SECRETS_BOOTSTRAP)

# User authentication method switcher.
# Supported methods:
# - 'google' # Google OAuth
# - 'saml'   # SAML Identity Provider
# - 'header' # Header-based authentication
USER_AUTH_MODULE = str_env('USER_AUTH_MODULE', 'google')

# An email suffix that can be used to restrict access to the web interface.
# Example: @example.com
# For backwards compatibility, also support setting this with
# GOOGLE_AUTH_EMAIL_SUFFIX.
USER_EMAIL_SUFFIX = (str_env('USER_EMAIL_SUFFIX', None)
                     or str_env('GOOGLE_AUTH_EMAIL_SUFFIX', None))
Esempio n. 3
0
 def test_register(self):
     enc_set = EncryptedSettings(None)
     enc_set.register('Foo', 'Bar')
     self.assertEqual(enc_set.secret_names, ['Foo'])
Esempio n. 4
0
 def test_bootstrap_filefail(self):
     enc_set = EncryptedSettings(None)
     decrypted = enc_set._bootstrap('file://FILE/DOES/NOT/EXIST')
     self.assertEqual(decrypted, {})
Esempio n. 5
0
 def test_bootstrap(self, mockdecryptkey, mockdecrypt):
     enc_set = EncryptedSettings(None)
     decrypted = enc_set._bootstrap(
         '{"secrets": "encryptedstring", "data_key": "dGhla2V5"}')
     self.assertEqual(decrypted['secret2'], 'value2')
Esempio n. 6
0
 def test_get_registered_default(self):
     enc_set = EncryptedSettings(None)
     enc_set.register('Foo', 'Bar')
     enc_set.register('Bar', 'Baz')
     enc_set.decrypted_secrets = {'Foo': 'DecryptedFoo'}
     self.assertEqual(enc_set.get_secret('Bar'), 'Baz')
Esempio n. 7
0
def test_get_registered():
    enc_set = EncryptedSettings(None)
    enc_set.register('Foo', 'Bar')
    enc_set.decrypted_secrets = {'Foo': 'DecryptedBar'}
    assert enc_set.get_secret('Foo') == 'DecryptedBar'
Esempio n. 8
0
def test_bootstrap_filefail():
    enc_set = EncryptedSettings(None)
    decrypted = enc_set._bootstrap('file://FILE/DOES/NOT/EXIST')
    assert decrypted == {}
Esempio n. 9
0
def test_register():
    enc_set = EncryptedSettings(None)
    enc_set.register('Foo', 'Bar')
    assert enc_set.secret_names == ['Foo']
Esempio n. 10
0
def test_get_registered_default():
    enc_set = EncryptedSettings(None, None)
    enc_set.register('Foo', 'Bar')
    enc_set.register('Bar', 'Baz')
    enc_set.decrypted_secrets = {'Foo': 'DecryptedFoo'}
    assert enc_set.get_secret('Bar') == 'Baz'