def test__reads_with_lock(self): lock = FileLock(security.get_shared_secret_filesystem_path()) self.assertFalse(lock.is_locked()) def check_lock(path): self.assertTrue(lock.is_locked()) return "12" # Two arbitrary hex characters. read_text_file = self.patch_autospec(security, "read_text_file") read_text_file.side_effect = check_lock security.get_shared_secret_from_filesystem() self.assertThat(read_text_file, MockCalledOnceWith(ANY)) self.assertFalse(lock.is_locked())
def test__deals_fine_with_whitespace_in_filesystem_value(self): secret = self.write_secret() write_text_file( security.get_shared_secret_filesystem_path(), " %s\n" % security.to_hex(secret), ) self.assertEqual(secret, security.get_shared_secret_from_filesystem())
def get_shared_secret_txn(): # Load secret from database, if it exists. secret_in_db_hex = Config.objects.get_config("rpc_shared_secret") if secret_in_db_hex is None: secret_in_db = None else: secret_in_db = to_bin(secret_in_db_hex) # Load secret from the filesystem, if it exists. secret_on_fs = get_shared_secret_from_filesystem() if secret_in_db is None and secret_on_fs is None: secret = os.urandom(16) # 16-bytes of crypto-standard noise. Config.objects.set_config("rpc_shared_secret", to_hex(secret)) set_shared_secret_on_filesystem(secret) elif secret_in_db is None: secret = secret_on_fs Config.objects.set_config("rpc_shared_secret", to_hex(secret)) elif secret_on_fs is None: secret = secret_in_db set_shared_secret_on_filesystem(secret) elif secret_in_db == secret_on_fs: secret = secret_in_db # or secret_on_fs. else: raise AssertionError( "The secret stored in the database does not match the secret " "stored on the filesystem at %s. Please investigate." % get_shared_secret_filesystem_path()) return secret
def test__deals_gracefully_with_eof_from_tty(self): stdin = self.patch_autospec(security, "stdin") stdin.isatty.return_value = True input = self.patch(security, "input") input.side_effect = EOFError() self.installAndCheckExitCode(1) self.assertIsNone(security.get_shared_secret_from_filesystem())
def test__reads_secret_from_stdin(self): secret = factory.make_bytes() stdin = self.patch_autospec(security, "stdin") stdin.readline.return_value = b2a_hex(secret).decode("ascii") stdin.isatty.return_value = False self.installAndCheckExitCode(0) self.assertEqual(secret, security.get_shared_secret_from_filesystem())
def test__ignores_surrounding_whitespace_from_tty(self): secret = factory.make_bytes() stdin = self.patch_autospec(security, "stdin") stdin.isatty.return_value = True input = self.patch(security, "input") input.return_value = " " + b2a_hex(secret).decode("ascii") + " \n" self.installAndCheckExitCode(0) self.assertEqual(secret, security.get_shared_secret_from_filesystem())
def test__deals_gracefully_with_interrupt_from_tty(self): stdin = self.patch_autospec(security, "stdin") stdin.isatty.return_value = True input = self.patch(security, "input") input.side_effect = KeyboardInterrupt() self.assertRaises( KeyboardInterrupt, security.InstallSharedSecretScript.run, sentinel.args) self.assertIsNone( security.get_shared_secret_from_filesystem())
def test__reads_secret_from_tty(self): secret = factory.make_bytes() stdin = self.patch_autospec(security, "stdin") stdin.isatty.return_value = True input = self.patch(security, "input") input.return_value = b2a_hex(secret).decode("ascii") self.installAndCheckExitCode(0) self.assertThat(input, MockCalledOnceWith("Secret (hex/base16 encoded): ")) self.assertEqual(secret, security.get_shared_secret_from_filesystem())
def test__prompts_user_for_secret(self): url = factory.make_simple_http_url() expected_previous_value = factory.make_bytes() set_shared_secret_on_filesystem(expected_previous_value) InstallSharedSecretScript_mock = self.patch( register_command, "InstallSharedSecretScript") args = self.make_args(url=url, secret=None) register_command.run(args) observed = get_shared_secret_from_filesystem() self.expectThat(expected_previous_value, Equals(observed)) self.expectThat(InstallSharedSecretScript_mock.run, MockCalledOnceWith(args))
def makeService(self, options, clock=reactor, sleep=sleep): """Construct the MAAS Cluster service.""" register_sigusr1_toggle_cprofile("rackd") register_sigusr2_thread_dump_handler() clean_prometheus_dir() add_patches_to_txtftp() add_patches_to_twisted() self._loadSettings() self._configureCrochet() if settings.DEBUG: # Always log at debug level in debug mode. self._configureLogging(3) else: self._configureLogging(options["verbosity"]) with ClusterConfiguration.open() as config: tftp_root = config.tftp_root tftp_port = config.tftp_port from provisioningserver import services secret = None for elapsed, remaining, wait in retries(timeout=5 * 60, clock=clock): secret = get_shared_secret_from_filesystem() if secret is not None: break sleep(wait) if secret is not None: # only setup services if the shared secret is configured for service in self._makeServices(tftp_root, tftp_port, clock=clock): service.setServiceParent(services) reactor.callInThread(generate_certificate_if_needed) return services
def test__same_secret_is_returned_on_subsequent_calls(self): self.write_secret() self.assertEqual( security.get_shared_secret_from_filesystem(), security.get_shared_secret_from_filesystem(), )
def test__returns_secret_when_one_exists(self): secret = self.write_secret() self.assertEqual(secret, security.get_shared_secret_from_filesystem())
def test__returns_None_when_no_secret_exists(self): self.assertIsNone(security.get_shared_secret_from_filesystem())
def test___sets_secret(self): url = factory.make_simple_http_url() expected = factory.make_bytes() register_command.run(self.make_args(url=url, secret=to_hex(expected))) observed = get_shared_secret_from_filesystem() self.assertEqual(expected, observed)
def test_reads_with_lock(self): mock_file_lock = self.patch_autospec(security, "FileLock") security.set_shared_secret_on_filesystem(b"foo") security.get_shared_secret_from_filesystem() mock_file_lock.assert_called()
def ensureSharedSecret(self): """Make sure the shared-secret is set.""" if get_shared_secret_from_filesystem() is None: set_shared_secret_on_filesystem(factory.make_bytes())