def test_secrets(self):
engine = PlumberyEngine()
engine.secrets = {'hello': 'world'}
engine.save_secrets(plan='test_engine.yaml')
engine.secrets = {}
engine.load_secrets(plan='test_engine.yaml')
self.assertEqual(engine.secrets['hello'], 'world')
engine.forget_secrets(plan='test_engine.yaml')
self.assertEqual(os.path.isfile('.test_engine.secrets'), False)
def test_secrets(self):
engine = PlumberyEngine()
engine.secrets = {'hello': 'world'}
engine.save_secrets(plan='test_engine.yaml')
engine.secrets = {}
engine.load_secrets(plan='test_engine.yaml')
self.assertEqual(engine.secrets['hello'], 'world')
engine.forget_secrets(plan='test_engine.yaml')
self.assertEqual(os.path.isfile('.test_engine.secrets'), False)
def test_lookup(self):
engine = PlumberyEngine()
self.assertEqual(engine.lookup('plumbery.version'), __version__)
engine.secrets = {}
random = engine.lookup('secret.random')
self.assertEqual(len(random), 9)
self.assertEqual(engine.lookup('secret.random'), random)
md5 = engine.lookup('secret.random.md5')
self.assertEqual(len(md5), 32)
self.assertNotEqual(md5, random)
sha = engine.lookup('secret.random.sha1')
self.assertEqual(len(sha), 40)
self.assertNotEqual(sha, random)
sha = engine.lookup('secret.random.sha256')
self.assertEqual(len(sha), 64)
self.assertNotEqual(sha, random)
id1 = engine.lookup('id1.uuid')
self.assertEqual(len(id1), 36)
self.assertEqual(engine.lookup('id1.uuid'), id1)
id2 = engine.lookup('id2.uuid')
self.assertEqual(len(id2), 36)
self.assertNotEqual(id1, id2)
engine.lookup('application.secret')
engine.lookup('database.secret')
engine.lookup('master.secret')
engine.lookup('slave.secret')
original = b'hello world'
print('original: {}'.format(original))
text = ensure_string(engine.lookup('rsa_public.pair1'))
print('rsa_public.pair1: {}'.format(text))
self.assertTrue(text.startswith('ssh-rsa '))
text = b(text)
key = serialization.load_ssh_public_key(
data=text,
backend=default_backend())
encrypted = key.encrypt(
original,
padding.OAEP(
mgf=padding.MGF1(algorithm=hashes.SHA1()),
algorithm=hashes.SHA1(),
label=None
)
)
encrypted = base64.b64encode(encrypted)
print('encrypted: {}'.format(encrypted))
privateKey = engine.lookup('rsa_private.pair1')
print('rsa_private.pair1: {}'.format(privateKey))
self.assertTrue(ensure_string(privateKey).startswith(
'-----BEGIN RSA PRIVATE KEY-----'))
privateKey = serialization.load_pem_private_key(
b(privateKey),
password=None,
backend=default_backend())
decrypted = privateKey.decrypt(
base64.b64decode(encrypted),
padding.OAEP(
mgf=padding.MGF1(algorithm=hashes.SHA1()),
algorithm=hashes.SHA1(),
label=None
)
)
print('decrypted: {}'.format(decrypted))
self.assertEqual(decrypted, original)
token = engine.lookup('https://discovery.etcd.io/new')
self.assertEqual(token.startswith(
'https://discovery.etcd.io/'), True)
self.assertEqual(len(token), 58)
self.assertEqual(len(engine.secrets), 13)
with self.assertRaises(LookupError):
localKey = engine.lookup('rsa_private.local')
localKey = engine.lookup('rsa_public.local')
if len(localKey) > 0:
path = engine.get_shared_key_files()[0]
with open(os.path.expanduser(path)) as stream:
text = stream.read()
stream.close()
self.assertEqual(localKey.strip(), text.strip())
plogging.info("Successful lookup of local public key")
def test_lookup(self):
engine = PlumberyEngine()
self.assertEqual(engine.lookup('plumbery.version'), __version__)
engine.secrets = {}
random = engine.lookup('secret.random')
self.assertEqual(len(random), 9)
self.assertEqual(engine.lookup('secret.random'), random)
md5 = engine.lookup('secret.random.md5')
self.assertEqual(len(md5), 32)
self.assertNotEqual(md5, random)
sha = engine.lookup('secret.random.sha1')
self.assertEqual(len(sha), 40)
self.assertNotEqual(sha, random)
sha = engine.lookup('secret.random.sha256')
self.assertEqual(len(sha), 64)
self.assertNotEqual(sha, random)
id1 = engine.lookup('id1.uuid')
self.assertEqual(len(id1), 36)
self.assertEqual(engine.lookup('id1.uuid'), id1)
id2 = engine.lookup('id2.uuid')
self.assertEqual(len(id2), 36)
self.assertNotEqual(id1, id2)
engine.lookup('application.secret')
engine.lookup('database.secret')
engine.lookup('master.secret')
engine.lookup('slave.secret')
original = b'hello world'
if HAS_CRYPTO:
text = engine.lookup('pair1.rsa_public')
self.assertTrue(ensure_string(text).startswith('ssh-rsa '))
key = RSA.importKey(text)
cipher = PKCS1_OAEP.new(key)
encrypted = cipher.encrypt(original)
privateKey = engine.lookup('pair1.rsa_private')
self.assertTrue(
ensure_string(privateKey).startswith(
'-----BEGIN RSA PRIVATE KEY-----'))
key = RSA.importKey(engine.lookup('pair1.rsa_private'))
cipher = PKCS1_OAEP.new(key)
decrypted = cipher.decrypt(encrypted)
self.assertEqual(decrypted, original)
token = engine.lookup('https://discovery.etcd.io/new')
self.assertEqual(token.startswith('https://discovery.etcd.io/'),
True)
self.assertEqual(len(token), 58)
self.assertEqual(len(engine.secrets), 13)
with self.assertRaises(LookupError):
localKey = engine.lookup('local.rsa_private')
localKey = engine.lookup('rsa_public.local')
try:
path = '~/.ssh/id_rsa.pub'
with open(os.path.expanduser(path)) as stream:
text = stream.read()
stream.close()
self.assertEqual(localKey.strip(), text.strip())
plogging.info("Successful lookup of local public key")
except IOError:
pass
def test_lookup(self):
engine = PlumberyEngine()
self.assertEqual(engine.lookup('plumbery.version'), __version__)
engine.secrets = {}
random = engine.lookup('random.secret')
self.assertEqual(len(random), 9)
self.assertEqual(engine.lookup('random.secret'), random)
md5 = engine.lookup('random.md5.secret')
self.assertEqual(len(md5), 32)
self.assertNotEqual(md5, random)
sha = engine.lookup('random.sha1.secret')
self.assertEqual(len(sha), 40)
self.assertNotEqual(sha, random)
sha = engine.lookup('random.sha256.secret')
self.assertEqual(len(sha), 64)
self.assertNotEqual(sha, random)
id1 = engine.lookup('id1.uuid')
self.assertEqual(len(id1), 36)
self.assertEqual(engine.lookup('id1.uuid'), id1)
id2 = engine.lookup('id2.uuid')
self.assertEqual(len(id2), 36)
self.assertNotEqual(id1, id2)
engine.lookup('application.secret')
engine.lookup('database.secret')
engine.lookup('master.secret')
engine.lookup('slave.secret')
original = 'hello world'
text = engine.lookup('pair1.rsa_public')
self.assertEqual(text.startswith('ssh-rsa '), True)
key = RSA.importKey(text)
encrypted = key.publickey().encrypt(original, 32)
privateKey = engine.lookup('pair1.rsa_private')
self.assertEqual(
privateKey.startswith('-----BEGIN RSA PRIVATE KEY-----'), True)
key = RSA.importKey(engine.lookup('pair1.rsa_private'))
decrypted = key.decrypt(ast.literal_eval(str(encrypted)))
self.assertEqual(decrypted, original)
self.assertEqual(len(engine.secrets), 12)
with self.assertRaises(LookupError):
localKey = engine.lookup('local.rsa_private')
localKey = engine.lookup('local.rsa_public')
try:
path = '~/.ssh/id_rsa.pub'
with open(os.path.expanduser(path)) as stream:
text = stream.read()
stream.close()
self.assertEqual(localKey.strip(), text.strip())
logging.info("Successful lookup of local public key")
except IOError:
pass
def test_lookup(self):
engine = PlumberyEngine()
self.assertEqual(engine.lookup('plumbery.version'), __version__)
engine.secrets = {}
random = engine.lookup('secret.random')
self.assertEqual(len(random), 9)
self.assertEqual(engine.lookup('secret.random'), random)
md5 = engine.lookup('secret.random.md5')
self.assertEqual(len(md5), 32)
self.assertNotEqual(md5, random)
sha = engine.lookup('secret.random.sha1')
self.assertEqual(len(sha), 40)
self.assertNotEqual(sha, random)
sha = engine.lookup('secret.random.sha256')
self.assertEqual(len(sha), 64)
self.assertNotEqual(sha, random)
id1 = engine.lookup('id1.uuid')
self.assertEqual(len(id1), 36)
self.assertEqual(engine.lookup('id1.uuid'), id1)
id2 = engine.lookup('id2.uuid')
self.assertEqual(len(id2), 36)
self.assertNotEqual(id1, id2)
engine.lookup('application.secret')
engine.lookup('database.secret')
engine.lookup('master.secret')
engine.lookup('slave.secret')
original = b'hello world'
print('original: {}'.format(original))
text = ensure_string(engine.lookup('rsa_public.pair1'))
print('rsa_public.pair1: {}'.format(text))
self.assertTrue(text.startswith('ssh-rsa '))
text = b(text)
key = serialization.load_ssh_public_key(data=text,
backend=default_backend())
encrypted = key.encrypt(
original,
padding.OAEP(mgf=padding.MGF1(algorithm=hashes.SHA1()),
algorithm=hashes.SHA1(),
label=None))
encrypted = base64.b64encode(encrypted)
print('encrypted: {}'.format(encrypted))
privateKey = engine.lookup('rsa_private.pair1')
print('rsa_private.pair1: {}'.format(privateKey))
self.assertTrue(
ensure_string(privateKey).startswith(
'-----BEGIN RSA PRIVATE KEY-----'))
privateKey = serialization.load_pem_private_key(
b(privateKey), password=None, backend=default_backend())
decrypted = privateKey.decrypt(
base64.b64decode(encrypted),
padding.OAEP(mgf=padding.MGF1(algorithm=hashes.SHA1()),
algorithm=hashes.SHA1(),
label=None))
print('decrypted: {}'.format(decrypted))
self.assertEqual(decrypted, original)
token = engine.lookup('https://discovery.etcd.io/new')
self.assertEqual(token.startswith('https://discovery.etcd.io/'), True)
self.assertEqual(len(token), 58)
self.assertEqual(len(engine.secrets), 13)
with self.assertRaises(LookupError):
localKey = engine.lookup('rsa_private.local')
localKey = engine.lookup('rsa_public.local')
if len(localKey) > 0:
path = engine.get_shared_key_files()[0]
with open(os.path.expanduser(path)) as stream:
text = stream.read()
stream.close()
self.assertEqual(localKey.strip(), text.strip())
plogging.info("Successful lookup of local public key")
def test_lookup(self):
engine = PlumberyEngine()
self.assertEqual(engine.lookup('plumbery.version'), __version__)
engine.secrets = {}
random = engine.lookup('secret.random')
self.assertEqual(len(random), 9)
self.assertEqual(engine.lookup('secret.random'), random)
md5 = engine.lookup('secret.random.md5')
self.assertEqual(len(md5), 32)
self.assertNotEqual(md5, random)
sha = engine.lookup('secret.random.sha1')
self.assertEqual(len(sha), 40)
self.assertNotEqual(sha, random)
sha = engine.lookup('secret.random.sha256')
self.assertEqual(len(sha), 64)
self.assertNotEqual(sha, random)
id1 = engine.lookup('id1.uuid')
self.assertEqual(len(id1), 36)
self.assertEqual(engine.lookup('id1.uuid'), id1)
id2 = engine.lookup('id2.uuid')
self.assertEqual(len(id2), 36)
self.assertNotEqual(id1, id2)
engine.lookup('application.secret')
engine.lookup('database.secret')
engine.lookup('master.secret')
engine.lookup('slave.secret')
original = b'hello world'
if HAS_CRYPTO:
text = engine.lookup('pair1.rsa_public')
self.assertTrue(ensure_string(text).startswith('ssh-rsa '))
key = RSA.importKey(text)
cipher = PKCS1_OAEP.new(key)
encrypted = cipher.encrypt(original)
privateKey = engine.lookup('pair1.rsa_private')
self.assertTrue(ensure_string(privateKey).startswith(
'-----BEGIN RSA PRIVATE KEY-----'))
key = RSA.importKey(engine.lookup('pair1.rsa_private'))
cipher = PKCS1_OAEP.new(key)
decrypted = cipher.decrypt(encrypted)
self.assertEqual(decrypted, original)
token = engine.lookup('https://discovery.etcd.io/new')
self.assertEqual(token.startswith(
'https://discovery.etcd.io/'), True)
self.assertEqual(len(token), 58)
self.assertEqual(len(engine.secrets), 13)
with self.assertRaises(LookupError):
localKey = engine.lookup('local.rsa_private')
localKey = engine.lookup('rsa_public.local')
try:
path = '~/.ssh/id_rsa.pub'
with open(os.path.expanduser(path)) as stream:
text = stream.read()
stream.close()
self.assertEqual(localKey.strip(), text.strip())
plogging.info("Successful lookup of local public key")
except IOError:
pass
def test_lookup(self):
engine = PlumberyEngine()
self.assertEqual(engine.lookup('plumbery.version'), __version__)
engine.secrets = {}
random = engine.lookup('random.secret')
self.assertEqual(len(random), 9)
self.assertEqual(engine.lookup('random.secret'), random)
md5 = engine.lookup('random.md5.secret')
self.assertEqual(len(md5), 32)
self.assertNotEqual(md5, random)
sha = engine.lookup('random.sha1.secret')
self.assertEqual(len(sha), 40)
self.assertNotEqual(sha, random)
sha = engine.lookup('random.sha256.secret')
self.assertEqual(len(sha), 64)
self.assertNotEqual(sha, random)
id1 = engine.lookup('id1.uuid')
self.assertEqual(len(id1), 36)
self.assertEqual(engine.lookup('id1.uuid'), id1)
id2 = engine.lookup('id2.uuid')
self.assertEqual(len(id2), 36)
self.assertNotEqual(id1, id2)
engine.lookup('application.secret')
engine.lookup('database.secret')
engine.lookup('master.secret')
engine.lookup('slave.secret')
original = 'hello world'
text = engine.lookup('pair1.rsa_public')
self.assertEqual(text.startswith('ssh-rsa '), True)
key = RSA.importKey(text)
encrypted = key.publickey().encrypt(original, 32)
privateKey = engine.lookup('pair1.rsa_private')
self.assertEqual(privateKey.startswith(
'-----BEGIN RSA PRIVATE KEY-----'), True)
key = RSA.importKey(engine.lookup('pair1.rsa_private'))
decrypted = key.decrypt(ast.literal_eval(str(encrypted)))
self.assertEqual(decrypted, original)
self.assertEqual(len(engine.secrets), 12)
with self.assertRaises(LookupError):
localKey = engine.lookup('local.rsa_private')
localKey = engine.lookup('local.rsa_public')
try:
path = '~/.ssh/id_rsa.pub'
with open(os.path.expanduser(path)) as stream:
text = stream.read()
stream.close()
self.assertEqual(localKey.strip(), text.strip())
logging.info("Successful lookup of local public key")
except IOError:
pass
