def get_shared_secret_txn(): # Load secret from database, if it exists. secret_in_db_hex = Config.objects.get_config("rpc_shared_secret") if secret_in_db_hex is None: secret_in_db = None else: secret_in_db = to_bin(secret_in_db_hex) # Load secret from the filesystem, if it exists. secret_on_fs = get_shared_secret_from_filesystem() if secret_in_db is None and secret_on_fs is None: secret = os.urandom(16) # 16-bytes of crypto-standard noise. Config.objects.set_config("rpc_shared_secret", to_hex(secret)) set_shared_secret_on_filesystem(secret) elif secret_in_db is None: secret = secret_on_fs Config.objects.set_config("rpc_shared_secret", to_hex(secret)) elif secret_on_fs is None: secret = secret_in_db set_shared_secret_on_filesystem(secret) elif secret_in_db == secret_on_fs: secret = secret_in_db # or secret_on_fs. else: raise AssertionError( "The secret stored in the database does not match the secret " "stored on the filesystem at %s. Please investigate." % get_shared_secret_filesystem_path()) return secret
def test__deals_fine_with_whitespace_in_filesystem_value(self): secret = self.write_secret() write_text_file( security.get_shared_secret_filesystem_path(), " %s\n" % security.to_hex(secret), ) self.assertEqual(secret, security.get_shared_secret_from_filesystem())
def test____sets_url(self): secret = factory.make_bytes() expected_url = factory.make_simple_http_url() register_command.run( self.make_args(url=expected_url, secret=to_hex(secret))) with ClusterConfiguration.open() as config: observed = config.maas_url self.assertEqual([expected_url], observed)
def test__restarts_maas_rackd_service(self): url = factory.make_simple_http_url() secret = factory.make_bytes() register_command.run(self.make_args(url=url, secret=to_hex(secret))) self.assertThat( self.mock_call_and_check, MockCallsMatch(call(['systemctl', 'stop', 'maas-rackd']), call(['systemctl', 'enable', 'maas-rackd']), call(['systemctl', 'start', 'maas-rackd'])))
def test__show_service_start_error(self): url = factory.make_simple_http_url() secret = factory.make_bytes() register_command.run(self.make_args(url=url, secret=to_hex(secret))) mock_call_and_check = self.patch(register_command, 'call_and_check') mock_call_and_check.side_effect = [ call(), call(), ExternalProcessError(1, 'systemctl start', 'mock error'), ] mock_stderr = self.patch(register_command.stderr, 'write') with ExpectedException(SystemExit): register_command.run(self.make_args(url=url, secret=to_hex(secret))) self.assertThat( mock_stderr, MockCallsMatch( call('Unable to enable and start the maas-rackd service.'), call('\n'), call('Failed with error: mock error.'), call('\n'), ))
def test__show_service_stop_error(self): url = factory.make_simple_http_url() secret = factory.make_bytes() register_command.run(self.make_args(url=url, secret=to_hex(secret))) mock_call_and_check = self.patch(register_command, "call_and_check") mock_call_and_check.side_effect = [ ExternalProcessError(1, "systemctl stop", "mock error"), call(), call(), ] mock_stderr = self.patch(register_command.stderr, "write") with ExpectedException(SystemExit): register_command.run(self.make_args(url=url, secret=to_hex(secret))) self.assertThat( mock_stderr, MockCallsMatch( call("Unable to stop maas-rackd service."), call("\n"), call("Failed with error: mock error."), call("\n"), ), )
def test___prompts_user_for_url(self): expected_url = factory.make_simple_http_url() secret = factory.make_bytes() stdin = self.patch(register_command, "stdin") stdin.isatty.return_value = True input = self.patch(register_command, "input") input.return_value = expected_url register_command.run(self.make_args(url=None, secret=to_hex(secret))) with ClusterConfiguration.open() as config: observed = config.maas_url self.expectThat(input, MockCalledOnceWith("MAAS region controller URL: ")) self.expectThat([expected_url], Equals(observed))
def write_secret(self): secret = factory.make_bytes() secret_path = security.get_shared_secret_filesystem_path() makedirs(dirname(secret_path), exist_ok=True) write_text_file(secret_path, security.to_hex(secret)) return secret
def test__deletes_maas_id_file(self): self.useFixture(MAASIDFixture(factory.make_string())) url = factory.make_simple_http_url() secret = factory.make_bytes() register_command.run(self.make_args(url=url, secret=to_hex(secret))) self.assertIsNone(get_maas_id())
def test___sets_secret(self): url = factory.make_simple_http_url() expected = factory.make_bytes() register_command.run(self.make_args(url=url, secret=to_hex(expected))) observed = get_shared_secret_from_filesystem() self.assertEqual(expected, observed)
def write_secret(self): secret = factory.make_bytes() secret_path = security.get_shared_secret_filesystem_path() secret_path.parent.mkdir(parents=True, exist_ok=True) secret_path.write_text(security.to_hex(secret)) return secret