def test_success_without_mocking(self):
LOG.info("TestKeyRunner test_success_without_mocking: initializing...")
keyRunner = KeyRunner()
response = keyRunner.get_key_binary()
self.assertNotEqual(response, None, "TestKeyRunner test_success_without\
_mocking: Failed!")
if response is not None:
LOG.info("TestKeyRunner test_success_without_mocking: Key Retrieved\
!")
print "binary key is: " + response
with open('key.bin', 'wb') as fh:
fh.write(response)
LOG.info("TestKeyRunner test_success_without_mocking: finalizing...")
def test_partial_success_with_mocking(self):
keyRunner = KeyRunner()
conf = keyRunner.conf
KM_OPT_GRP_NAME = keyRunner.config.KM_OPT_GRP_NAME
conf_opts = getattr(conf, KM_OPT_GRP_NAME)
kms_base = conf_opts.kms_base
kms_get_key_api = conf_opts.kms_get_key_api
kms_key_id = conf_opts.kms_key_id
URL = kms_base+kms_get_key_api+kms_key_id
responses.add(responses.GET, URL,
status=200,
body=None,
content_type="application/json")
response = keyRunner.get_key_binary()
self.assertEqual(response, None, "TestKeyRunner \
test_partial_success_with_mocking: Failed!")
def test_successful_failure_code_403_with_mocking(self):
keyRunner = KeyRunner()
conf = keyRunner.conf
KM_OPT_GRP_NAME = keyRunner.config.KM_OPT_GRP_NAME
conf_opts = getattr(conf, KM_OPT_GRP_NAME)
kms_base = conf_opts.kms_base
kms_get_key_api = conf_opts.kms_get_key_api
kms_key_id = conf_opts.kms_key_id
URL = kms_base+kms_get_key_api+kms_key_id
responses.add(responses.GET, URL,
status=403,
body='aVeryVerySecretKey',
content_type="application/json")
with self.assertRaises(MarshalHTTPException) as cm:
keyRunner.get_key_binary()
self.assertEqual(cm.exception.status_code, 403, "TestKeyRunner\
test_successful_failure_code_403_with_mocking:\
Failed! Response Code="+str(cm.exception.status_code))
def agent_main():
LOG.info('Starting Marshal...')
KM_OPT_GRP_NAME = config.KM_OPT_GRP_NAME
km_conf_opts = getattr(CONF, KM_OPT_GRP_NAME)
kms_type = km_conf_opts.kms_type.lower()
VOL_CRYPT_GRP_NAME = config.VOL_CRYPT_GRP_NAME
vc_conf_opts = getattr(CONF, VOL_CRYPT_GRP_NAME)
action = vc_conf_opts.action
device = vc_conf_opts.dev
managed_name = vc_conf_opts.mn
license_file = vc_conf_opts.lf
key_size = str(vc_conf_opts.ks)
cipher = vc_conf_opts.ci
LOG.info('KMS type: %s', kms_type)
lic = License(license_file, kms_type)
vc = VolCrypt(device, managed_name)
action = action.lower()
LOG.info('%s action requested.', action)
if action == 'unset':
action = 'close'
if action == 'isluks':
check_if_luks(vc, device, managed_name)
sys.exit(1)
elif action == 'open' or action == 'format' or action == 'set':
setNeedsFormat = False
if not check_if_luks(vc, device, managed_name):
if action == 'open':
# For debugging, comment this exit and uncomment the pass
sys.exit(1)
# pass
elif action == 'set':
setNeedsFormat = True
auth = Auth(CONF, lic, kms_type)
try:
token, kms_endpoint = auth.get_token()
except MarshalHTTPException:
print 'Authentication failed.'
LOG.info('Unable to authenticate against Keystone.')
sys.exit(1)
try:
key_runner = KeyRunner(lic, token, kms_endpoint)
except MissingKMSConfigurationError as e:
LOG.info(e.message)
print e.message
sys.exit(1)
try:
print 'Attempting to fetch key from KMS...'
binary_key = key_runner.get_key_binary()
print 'Key successfully retrieved from KMS...'
except PayloadDecodingError:
LOG.info('Unable to parse KMS response.')
print 'Unable to parse KMS response.'
sys.exit(1)
except MarshalHTTPException as e:
LOG.info('Error requesting key from from KMS: %s', e.status_code)
print 'Unable to access KMS.'
sys.exit(1)
tmpdir = tempfile.mkdtemp()
key_file_name = 'key.bin'
# Ensure the file is read/write by the creator only
saved_umask = os.umask(0077)
path = os.path.join(tmpdir, key_file_name)
try:
with open(path, "wb") as tmp:
tmp.write(binary_key)
if action == 'open':
if managed_name is None:
missing_managed_name()
result = vc.open_volume(key_file=path)
if result == 0:
print 'The volume was successfully opened.'
elif action == 'format':
result = vc.format_volume(cipher=cipher, key_size=key_size,
key_file=path)
if result == 0:
print 'The volume was successfully formatted.'
elif action == 'set':
if setNeedsFormat:
result = vc.format_volume(cipher=cipher, key_size=key_size,
key_file=path)
if result == 0:
print 'The volume was successfully formatted.'
if managed_name is None:
missing_managed_name()
result = vc.open_volume(key_file=path)
if result == 0:
print 'The volume was successfully opened.'
elif result == 2:
LOG.info("Open failed on set. Attempting format...")
result = vc.format_volume(cipher=cipher, key_size=key_size,
key_file=path)
if result == 0:
print 'The volume was successfully formatted.'
result = vc.open_volume(key_file=path)
if result == 0:
print 'The volume was successfully opened.'
except IOError as e:
print 'IOError'
else:
pass
finally:
os.remove(path)
os.umask(saved_umask)
os.rmdir(tmpdir)
elif action == 'close':
if not check_if_luks(vc, device, managed_name):
sys.exit(1)
if managed_name is None:
missing_managed_name()
result = vc.close_volume()
if result == 0:
print 'The volume was successfully closed.'
elif action == 'status':
if not check_if_luks(vc, device, managed_name):
sys.exit(1)
if managed_name is None:
missing_managed_name()
vc.status_volume()
