コード例 #1
0
 def test__deals_fine_with_whitespace_in_filesystem_value(self):
     secret = self.write_secret()
     write_text_file(
         security.get_shared_secret_filesystem_path(),
         " %s\n" % security.to_hex(secret),
     )
     self.assertEqual(secret, security.get_shared_secret_from_filesystem())
コード例 #2
0
ファイル: security.py プロジェクト: ocni-dtu/maas 
def get_shared_secret_txn():
    # Load secret from database, if it exists.
    secret_in_db_hex = Config.objects.get_config("rpc_shared_secret")
    if secret_in_db_hex is None:
        secret_in_db = None
    else:
        secret_in_db = to_bin(secret_in_db_hex)
    # Load secret from the filesystem, if it exists.
    secret_on_fs = get_shared_secret_from_filesystem()

    if secret_in_db is None and secret_on_fs is None:
        secret = os.urandom(16)  # 16-bytes of crypto-standard noise.
        Config.objects.set_config("rpc_shared_secret", to_hex(secret))
        set_shared_secret_on_filesystem(secret)
    elif secret_in_db is None:
        secret = secret_on_fs
        Config.objects.set_config("rpc_shared_secret", to_hex(secret))
    elif secret_on_fs is None:
        secret = secret_in_db
        set_shared_secret_on_filesystem(secret)
    elif secret_in_db == secret_on_fs:
        secret = secret_in_db  # or secret_on_fs.
    else:
        raise AssertionError(
            "The secret stored in the database does not match the secret "
            "stored on the filesystem at %s. Please investigate." %
            get_shared_secret_filesystem_path())

    return secret
コード例 #3
0
ファイル: test_security.py プロジェクト: zhangrb/maas 
 def test__writes_with_secure_permissions(self):
     secret = factory.make_bytes()
     security.set_shared_secret_on_filesystem(secret)
     secret_path = security.get_shared_secret_filesystem_path()
     perms_observed = stat(secret_path).st_mode & 0o777
     perms_expected = 0o640
     self.assertEqual(
         perms_expected, perms_observed,
         "Expected %04o, got %04o." % (perms_expected, perms_observed))
コード例 #4
0
    def test__writes_with_lock(self):
        lock = FileLock(security.get_shared_secret_filesystem_path())
        self.assertFalse(lock.is_locked())

        def check_lock(path, data):
            self.assertTrue(lock.is_locked())

        write_text_file = self.patch_autospec(security, "write_text_file")
        write_text_file.side_effect = check_lock
        security.set_shared_secret_on_filesystem(b"foo")
        self.assertThat(write_text_file, MockCalledOnceWith(ANY, ANY))
        self.assertFalse(lock.is_locked())
コード例 #5
0
    def test__reads_with_lock(self):
        lock = FileLock(security.get_shared_secret_filesystem_path())
        self.assertFalse(lock.is_locked())

        def check_lock(path):
            self.assertTrue(lock.is_locked())
            return "12"  # Two arbitrary hex characters.

        read_text_file = self.patch_autospec(security, "read_text_file")
        read_text_file.side_effect = check_lock
        security.get_shared_secret_from_filesystem()
        self.assertThat(read_text_file, MockCalledOnceWith(ANY))
        self.assertFalse(lock.is_locked())
コード例 #6
0
ファイル: test_security.py プロジェクト: zhangrb/maas 
    def test__prints_message_when_secret_is_installed(self):
        stdin = self.patch_autospec(security, "stdin")
        stdin.readline.return_value = (
            b2a_hex(factory.make_bytes()).decode("ascii"))
        stdin.isatty.return_value = False

        print = self.patch(security, "print")

        self.installAndCheckExitCode(0)
        shared_secret_path = security.get_shared_secret_filesystem_path()
        self.assertThat(
            print, MockCalledOnceWith(
                "Secret installed to %s." % shared_secret_path))
コード例 #7
0
 def test__errors_when_filesystem_value_cannot_be_decoded(self):
     self.write_secret()
     write_text_file(security.get_shared_secret_filesystem_path(), "_")
     self.assertRaises(binascii.Error,
                       security.get_shared_secret_from_filesystem)
コード例 #8
0
 def test__errors_reading_file_are_raised(self):
     self.write_secret()
     secret_path = security.get_shared_secret_filesystem_path()
     chmod(secret_path, 0o000)
     self.assertRaises(IOError, security.get_shared_secret_from_filesystem)
コード例 #9
0
 def write_secret(self):
     secret = factory.make_bytes()
     secret_path = security.get_shared_secret_filesystem_path()
     makedirs(dirname(secret_path), exist_ok=True)
     write_text_file(secret_path, security.to_hex(secret))
     return secret
コード例 #10
0
 def delete_secret(self):
     security._fernet_psk = None
     secret_file = security.get_shared_secret_filesystem_path()
     if os.path.isfile(secret_file):
         os.remove(secret_file)
コード例 #11
0
 def read_secret(self):
     secret_path = security.get_shared_secret_filesystem_path()
     secret_hex = read_text_file(secret_path)
     return security.to_bin(secret_hex)
コード例 #12
0
ファイル: test_security.py プロジェクト: th3architect/maas 
 def write_secret(self):
     secret = factory.make_bytes()
     secret_path = security.get_shared_secret_filesystem_path()
     secret_path.parent.mkdir(parents=True, exist_ok=True)
     secret_path.write_text(security.to_hex(secret))
     return secret
コード例 #13
0
ファイル: test_security.py プロジェクト: th3architect/maas 
 def delete_secret(self):
     security._fernet_psk = None
     secret_file = security.get_shared_secret_filesystem_path()
     if secret_file.exists():
         secret_file.unlink()