Esempio n. 1
0
def test_ttl_action_expired():
    """Test that when a version is expired and not in the grace period, ttl_action returns TtlActions.EXPIRED."""
    version = 0
    store = MagicMock(__class__=ProviderStore)
    provider = CachingMostRecentProvider(provider_store=store,
                                         material_name="my material",
                                         version_ttl=0.0)
    provider._grace_period = 0.0
    provider._cache.put(version, (time.time(), "value"))

    assert provider._last_updated is None

    ttl_action = provider._ttl_action(version, "decrypt")
    assert ttl_action is TtlActions.EXPIRED
Esempio n. 2
0
def test_encryption_materials_cache_in_grace_period_acquire_lock():
    """Test encryption grace period behavior.

    When the TTL is GRACE_PERIOD and we successfully acquire the lock for retrieving new materials,
    we call to the provider store for new materials.
    """
    store = MockProviderStore()
    name = "material"
    provider = CachingMostRecentProvider(provider_store=store,
                                         material_name=name,
                                         version_ttl=0.0)
    provider._grace_period = 10.0

    test1 = provider.encryption_materials(sentinel.encryption_context_1)
    assert test1 is sentinel.material_0_encryption

    assert provider._version == 0
    assert len(provider._cache._cache) == 1

    # On the first call, we expect calls to each of the provider's APIs
    expected_calls = [
        ("max_version", name),
        ("get_or_create_provider", name, 0),
        ("version_from_material_description", 0),
    ]

    assert store.provider_calls == expected_calls

    provider._lock = MagicMock()
    provider._lock.acquire.return_value = True

    test2 = provider.encryption_materials(sentinel.encryption_context_1)
    assert test2 is sentinel.material_0_encryption

    assert provider._version == 0
    assert len(provider._cache._cache) == 1

    # On the second call, we acquired the lock so we should have tried to retrieve new materials (note no extra call
    # to get_or_create_provider, because the version has not changed)
    expected_calls.append(("max_version", name))
    expected_calls.append(("version_from_material_description", 0))
    assert store.provider_calls == expected_calls
Esempio n. 3
0
def test_encryption_materials_cache_in_grace_period_fail_to_acquire_lock():
    """Test encryption grace period behavior.

    When the TTL is GRACE_PERIOD and we fail to acquire the lock for retrieving new materials,
    we use the materials from the cache.
    """
    store = MockProviderStore()
    name = "material"
    provider = CachingMostRecentProvider(provider_store=store,
                                         material_name=name,
                                         version_ttl=0.0)
    provider._grace_period = 10.0

    test1 = provider.encryption_materials(sentinel.encryption_context_1)
    assert test1 is sentinel.material_0_encryption

    assert provider._version == 0
    assert len(provider._cache._cache) == 1

    # On the first call, we expect calls to each of the provider's APIs
    expected_calls = [
        ("max_version", name),
        ("get_or_create_provider", name, 0),
        ("version_from_material_description", 0),
    ]

    assert store.provider_calls == expected_calls

    # Now that the cache is populated, pretend the lock cannot be acquired; grace_period should allow the cached value
    provider._lock = MagicMock()
    provider._lock.acquire.return_value = False

    test2 = provider.encryption_materials(sentinel.encryption_context_1)
    assert test2 is sentinel.material_0_encryption

    assert provider._version == 0
    assert len(provider._cache._cache) == 1

    # On the second call, we expect no additional calls because we are in our grace period.
    assert store.provider_calls == expected_calls
Esempio n. 4
0
def test_caching_provider_decryption_materials_cache_in_grace_period_fail_to_acquire_lock(
):
    """Test decryption grace period behavior for CachingMostRecentProvider.

    When using a CachingMostRecentProvider and the cache is in grace period on decryption and we fail to
    acquire the lock, we use materials from the cache.
    Note that this test only runs for CachingMostRecentProvider, as MostRecentProvider does not use TTL on decryption.
    """
    store = MockProviderStore()
    name = "material"
    provider = CachingMostRecentProvider(provider_store=store,
                                         material_name=name,
                                         version_ttl=0.0)
    provider._grace_period = 10.0

    context = MagicMock(material_description=0)

    test1 = provider.decryption_materials(context)
    assert test1 is sentinel.material_0_decryption
    assert len(provider._cache._cache) == 1

    expected_calls = [("version_from_material_description", 0),
                      ("get_or_create_provider", name, 0)]

    assert store.provider_calls == expected_calls

    # Now that the cache is populated, pretend the lock cannot be acquired; grace_period should allow the cached value
    provider._lock = MagicMock()
    provider._lock.acquire.return_value = False

    test2 = provider.decryption_materials(context)
    assert test2 is sentinel.material_0_decryption
    assert len(provider._cache._cache) == 1

    # Since we used the cache value, we should not see another call to get_or_create_provider
    expected_calls.append(("version_from_material_description", 0))

    assert store.provider_calls == expected_calls
Esempio n. 5
0
def test_caching_provider_decryption_materials_cache_in_grace_period_acquire_lock(
):
    """Test decryption grace period behavior for CachingMostRecentProvider.

    When using a CachingMostRecentProvider and the cache is in grace period on decryption and we
    successfully acquire the lock, we retrieve new materials.
    Note that this test only runs for CachingMostRecentProvider, as MostRecentProvider does not use TTL on decryption.
    """
    store = MockProviderStore()
    name = "material"
    provider = CachingMostRecentProvider(provider_store=store,
                                         material_name=name,
                                         version_ttl=0.0)
    provider._grace_period = 10.0

    context = MagicMock(material_description=0)

    test1 = provider.decryption_materials(context)
    assert test1 is sentinel.material_0_decryption
    assert len(provider._cache._cache) == 1

    expected_calls = [("version_from_material_description", 0),
                      ("get_or_create_provider", name, 0)]

    assert store.provider_calls == expected_calls

    provider._lock = MagicMock()
    provider._lock.acquire.return_value = True

    test2 = provider.decryption_materials(context)
    assert test2 is sentinel.material_0_decryption
    assert len(provider._cache._cache) == 1

    # Since we successfully acquired the lock we should have made a new call to the provider store
    expected_calls.append(("version_from_material_description", 0))
    expected_calls.append(("get_or_create_provider", name, 0))

    assert store.provider_calls == expected_calls