def test_success_without_mocking(self): LOG.info("TestKeyRunner test_success_without_mocking: initializing...") keyRunner = KeyRunner() response = keyRunner.get_key_binary() self.assertNotEqual(response, None, "TestKeyRunner test_success_without\ _mocking: Failed!") if response is not None: LOG.info("TestKeyRunner test_success_without_mocking: Key Retrieved\ !") print "binary key is: " + response with open('key.bin', 'wb') as fh: fh.write(response) LOG.info("TestKeyRunner test_success_without_mocking: finalizing...")
def test_partial_success_with_mocking(self): keyRunner = KeyRunner() conf = keyRunner.conf KM_OPT_GRP_NAME = keyRunner.config.KM_OPT_GRP_NAME conf_opts = getattr(conf, KM_OPT_GRP_NAME) kms_base = conf_opts.kms_base kms_get_key_api = conf_opts.kms_get_key_api kms_key_id = conf_opts.kms_key_id URL = kms_base+kms_get_key_api+kms_key_id responses.add(responses.GET, URL, status=200, body=None, content_type="application/json") response = keyRunner.get_key_binary() self.assertEqual(response, None, "TestKeyRunner \ test_partial_success_with_mocking: Failed!")
def test_successful_failure_code_403_with_mocking(self): keyRunner = KeyRunner() conf = keyRunner.conf KM_OPT_GRP_NAME = keyRunner.config.KM_OPT_GRP_NAME conf_opts = getattr(conf, KM_OPT_GRP_NAME) kms_base = conf_opts.kms_base kms_get_key_api = conf_opts.kms_get_key_api kms_key_id = conf_opts.kms_key_id URL = kms_base+kms_get_key_api+kms_key_id responses.add(responses.GET, URL, status=403, body='aVeryVerySecretKey', content_type="application/json") with self.assertRaises(MarshalHTTPException) as cm: keyRunner.get_key_binary() self.assertEqual(cm.exception.status_code, 403, "TestKeyRunner\ test_successful_failure_code_403_with_mocking:\ Failed! Response Code="+str(cm.exception.status_code))
def agent_main(): LOG.info('Starting Marshal...') KM_OPT_GRP_NAME = config.KM_OPT_GRP_NAME km_conf_opts = getattr(CONF, KM_OPT_GRP_NAME) kms_type = km_conf_opts.kms_type.lower() VOL_CRYPT_GRP_NAME = config.VOL_CRYPT_GRP_NAME vc_conf_opts = getattr(CONF, VOL_CRYPT_GRP_NAME) action = vc_conf_opts.action device = vc_conf_opts.dev managed_name = vc_conf_opts.mn license_file = vc_conf_opts.lf key_size = str(vc_conf_opts.ks) cipher = vc_conf_opts.ci LOG.info('KMS type: %s', kms_type) lic = License(license_file, kms_type) vc = VolCrypt(device, managed_name) action = action.lower() LOG.info('%s action requested.', action) if action == 'unset': action = 'close' if action == 'isluks': check_if_luks(vc, device, managed_name) sys.exit(1) elif action == 'open' or action == 'format' or action == 'set': setNeedsFormat = False if not check_if_luks(vc, device, managed_name): if action == 'open': # For debugging, comment this exit and uncomment the pass sys.exit(1) # pass elif action == 'set': setNeedsFormat = True auth = Auth(CONF, lic, kms_type) try: token, kms_endpoint = auth.get_token() except MarshalHTTPException: print 'Authentication failed.' LOG.info('Unable to authenticate against Keystone.') sys.exit(1) try: key_runner = KeyRunner(lic, token, kms_endpoint) except MissingKMSConfigurationError as e: LOG.info(e.message) print e.message sys.exit(1) try: print 'Attempting to fetch key from KMS...' binary_key = key_runner.get_key_binary() print 'Key successfully retrieved from KMS...' except PayloadDecodingError: LOG.info('Unable to parse KMS response.') print 'Unable to parse KMS response.' sys.exit(1) except MarshalHTTPException as e: LOG.info('Error requesting key from from KMS: %s', e.status_code) print 'Unable to access KMS.' sys.exit(1) tmpdir = tempfile.mkdtemp() key_file_name = 'key.bin' # Ensure the file is read/write by the creator only saved_umask = os.umask(0077) path = os.path.join(tmpdir, key_file_name) try: with open(path, "wb") as tmp: tmp.write(binary_key) if action == 'open': if managed_name is None: missing_managed_name() result = vc.open_volume(key_file=path) if result == 0: print 'The volume was successfully opened.' elif action == 'format': result = vc.format_volume(cipher=cipher, key_size=key_size, key_file=path) if result == 0: print 'The volume was successfully formatted.' elif action == 'set': if setNeedsFormat: result = vc.format_volume(cipher=cipher, key_size=key_size, key_file=path) if result == 0: print 'The volume was successfully formatted.' if managed_name is None: missing_managed_name() result = vc.open_volume(key_file=path) if result == 0: print 'The volume was successfully opened.' elif result == 2: LOG.info("Open failed on set. Attempting format...") result = vc.format_volume(cipher=cipher, key_size=key_size, key_file=path) if result == 0: print 'The volume was successfully formatted.' result = vc.open_volume(key_file=path) if result == 0: print 'The volume was successfully opened.' except IOError as e: print 'IOError' else: pass finally: os.remove(path) os.umask(saved_umask) os.rmdir(tmpdir) elif action == 'close': if not check_if_luks(vc, device, managed_name): sys.exit(1) if managed_name is None: missing_managed_name() result = vc.close_volume() if result == 0: print 'The volume was successfully closed.' elif action == 'status': if not check_if_luks(vc, device, managed_name): sys.exit(1) if managed_name is None: missing_managed_name() vc.status_volume()