def test_get_error_encryptos(self): encryption = {'control_location': 'front-end', 'provider': 'ErrorEncryptor'} self.assertRaises(ValueError, encryptors.get_volume_encryptor, root_helper=None, connection_info=self.connection_info, keymgr=fake.fake_api(), execute=self.mock_execute, **encryption)
def test_get_encryptors(self): root_helper = None encryption = {'control_location': 'front-end', 'provider': 'LuksEncryptor'} encryptor = encryptors.get_volume_encryptor( root_helper=root_helper, connection_info=self.connection_info, keymgr=fake.fake_api(), execute=self.mock_execute, **encryption) self.assertIsInstance(encryptor, encryptors.luks.LuksEncryptor, "encryptor is not an instance of LuksEncryptor") encryption = {'control_location': 'front-end', 'provider': 'CryptsetupEncryptor'} encryptor = encryptors.get_volume_encryptor( root_helper=root_helper, connection_info=self.connection_info, keymgr=fake.fake_api(), execute=self.mock_execute, **encryption) self.assertIsInstance(encryptor, encryptors.cryptsetup.CryptsetupEncryptor, "encryptor is not an instance of" "CryptsetupEncryptor") encryption = {'control_location': 'front-end', 'provider': 'NoOpEncryptor'} encryptor = encryptors.get_volume_encryptor( root_helper=root_helper, connection_info=self.connection_info, keymgr=fake.fake_api(), execute=self.mock_execute, **encryption) self.assertIsInstance(encryptor, encryptors.nop.NoOpEncryptor, "encryptor is not an instance of NoOpEncryptor")
def test_init_volume_encryption_not_supported(self): # Tests that creating a CryptsetupEncryptor fails if there is no # device_path key. type = 'unencryptable' data = dict(volume_id='a194699b-aa07-4433-a945-a5d23802043e') connection_info = dict(driver_volume_type=type, data=data) exc = self.assertRaises(exception.VolumeEncryptionNotSupported, cryptsetup.CryptsetupEncryptor, root_helper=self.root_helper, connection_info=connection_info, keymgr=fake.fake_api()) self.assertIn(type, six.text_type(exc))
def setUp(self): super(VolumeEncryptorTestCase, self).setUp() self.connection_info = { "data": { "device_path": "/dev/disk/by-path/" "ip-192.0.2.0:3260-iscsi-iqn.2010-10.org.openstack" ":volume-fake_uuid-lun-1", }, } self.root_helper = None self.keymgr = fake.fake_api() self.encryptor = self._create()
def test_init_volume_encryption_with_old_name(self, mock_exists): # If an old name crypt device exists, dev_path should be the old name. old_dev_name = self.dev_path.split('/')[-1] encryptor = cryptsetup.CryptsetupEncryptor( root_helper=self.root_helper, connection_info=self.connection_info, keymgr=fake.fake_api(), execute=self.mock_execute) self.assertFalse(encryptor.dev_name.startswith('crypt-')) self.assertEqual(old_dev_name, encryptor.dev_name) self.assertEqual(self.dev_path, encryptor.dev_path) self.assertEqual(self.symlink_path, encryptor.symlink_path) mock_exists.assert_called_once_with('/dev/mapper/%s' % old_dev_name) self.mock_execute.assert_called_once_with( 'cryptsetup', 'status', old_dev_name, run_as_root=True)
def test_init_volume_encryption_with_old_name(self, mock_exists): # If an old name crypt device exists, dev_path should be the old name. old_dev_name = self.dev_path.split('/')[-1] encryptor = cryptsetup.CryptsetupEncryptor( root_helper=self.root_helper, connection_info=self.connection_info, keymgr=fake.fake_api(), execute=self.mock_execute) self.assertFalse(encryptor.dev_name.startswith('crypt-')) self.assertEqual(old_dev_name, encryptor.dev_name) self.assertEqual(self.dev_path, encryptor.dev_path) self.assertEqual(self.symlink_path, encryptor.symlink_path) mock_exists.assert_called_once_with('/dev/mapper/%s' % old_dev_name) self.mock_execute.assert_called_once_with('cryptsetup', 'status', old_dev_name, run_as_root=True)
def test_error_log(self, log): encryption = {'control_location': 'front-end', 'provider': 'TestEncryptor'} provider = 'TestEncryptor' try: encryptors.get_volume_encryptor( root_helper=None, connection_info=self.connection_info, keymgr=fake.fake_api(), execute=self.mock_execute, **encryption) except Exception as e: log.error.assert_called_once_with("Error instantiating " "%(provider)s: " "%(exception)s", {'provider': provider, 'exception': e})
def test_init_volume_encryption_with_wwn(self, mock_exists, mock_execute): # If an wwn name crypt device exists, dev_path should be based on wwn. old_dev_name = self.dev_path.split('/')[-1] wwn = 'fake_wwn' connection_info = copy.deepcopy(self.connection_info) connection_info['data']['multipath_id'] = wwn encryptor = cryptsetup.CryptsetupEncryptor( root_helper=self.root_helper, connection_info=connection_info, keymgr=fake.fake_api(), execute=mock_execute) self.assertFalse(encryptor.dev_name.startswith('crypt-')) self.assertEqual(wwn, encryptor.dev_name) self.assertEqual(self.dev_path, encryptor.dev_path) self.assertEqual(self.symlink_path, encryptor.symlink_path) mock_exists.assert_has_calls([ mock.call('/dev/mapper/%s' % old_dev_name), mock.call('/dev/mapper/%s' % wwn)]) mock_execute.assert_called_once_with( 'cryptsetup', 'status', wwn, run_as_root=True)
def setUp(self): super(VolumeEncryptorTestCase, self).setUp() self.cmds = [] self.connection_info = { "data": { "device_path": "/dev/disk/by-path/" "ip-192.0.2.0:3260-iscsi-iqn.2010-10.org.openstack" ":volume-fake_uuid-lun-1", }, } patcher = mock.patch("os_brick.privileged.rootwrap.execute") self.mock_execute = patcher.start() self.addCleanup(patcher.stop) _hex = codecs.getdecoder("hex_codec")('0' * 32)[0] self.encryption_key = array.array('B', _hex).tolist() self.root_helper = None self.encryptor = self._create(root_helper=self.root_helper, connection_info=self.connection_info, keymgr=fake.fake_api(), execute=self.mock_execute)
def test_fetch_secret(self): # fake KeyManager populated with secret km = fake.fake_api() secret_id = km.store("fake_context", opaque_data.OpaqueData(b"super_secret!")) # driver config config = "[key_manager]\nbackend=vault" mapping = "[DEFAULT]\nmy_secret=" + secret_id # creating temp files with tempfile.NamedTemporaryFile() as config_file: config_file.write(config.encode("utf-8")) config_file.flush() with tempfile.NamedTemporaryFile() as mapping_file: mapping_file.write(mapping.encode("utf-8")) mapping_file.flush() self.conf_fixture.load_raw_values( group='castellan_source', driver='castellan', config_file=config_file.name, mapping_file=mapping_file.name, ) source = self.driver.open_source_from_opt_group( self.conf, 'castellan_source') # replacing key_manager with fake one source._mngr = km # testing if the source is able to retrieve # the secret value stored in the key_manager # using the secret_id from the mapping file self.assertEqual("super_secret!", source.get("DEFAULT", "my_secret", cfg.StrOpt(""))[0])