コード例 #1
0
ファイル: test_provider.py プロジェクト: zachzeid/streamalert 
class TestCredentialsUnencrypted:
    def setup(self):
        self._plaintext_payload = 'plaintext credentials'
        self._credentials = Credentials(self._plaintext_payload,
                                        is_encrypted=False)

    def test_is_encrypted(self):
        """Credentials - Plaintext Credentials - Is Encrypted"""
        assert_false(self._credentials.is_encrypted())

    def test_is_data(self):
        """Credentials - Plaintext Credentials - Data"""
        assert_equal(self._credentials.data(), self._plaintext_payload)

    @patch('logging.Logger.error')
    def test_get_data_kms_decrypted(self, logging_error):
        """Credentials - Plaintext Credentials - KMS Decrypt"""
        assert_is_none(self._credentials.get_data_kms_decrypted())
        logging_error.assert_called_with(
            'Cannot decrypt Credentials as they are already decrypted')

    @mock_kms
    def test_encrypt(self):
        """Credentials - Plaintext Credentials - Encrypt

        Doubly-encrypting the credentials should do nothing.
        """
        self._credentials.encrypt(REGION, KMS_ALIAS)

        assert_true(self._credentials.is_encrypted())
        assert_equal(self._credentials.data(),
                     'InBsYWludGV4dCBjcmVkZW50aWFscyI='.encode())
コード例 #2
0
ファイル: test_provider.py プロジェクト: vkumbha/streamalert 
class TestCredentialsEmpty:
    def setup(self):
        self._plaintext_payload = ''
        self._credentials = Credentials(self._plaintext_payload,
                                        is_encrypted=False)

    def test_encrypt(self):
        """Credentials - Empty Credentials - Encrypt - Does nothing when payload is empty"""
        self._credentials.encrypt(REGION, KMS_ALIAS)

        assert_true(self._credentials.is_encrypted())
        assert_equal(self._credentials.data(), '')
コード例 #3
0
ファイル: test_provider.py プロジェクト: vkumbha/streamalert 
class TestCredentialsUnencrypted:
    def setup(self):
        self.kms_mocker = mock_kms()
        self.kms_mocker.start()
        setup_mock_kms(REGION, KMS_ALIAS)
        self._plaintext_payload = 'plaintext credentials'
        self._credentials = Credentials(self._plaintext_payload,
                                        is_encrypted=False)

    def teardown(self):
        self.kms_mocker.stop()

    def test_is_encrypted(self):
        """Credentials - Plaintext Credentials - Is Encrypted"""
        assert_false(self._credentials.is_encrypted())

    def test_is_data(self):
        """Credentials - Plaintext Credentials - Data"""
        assert_equal(self._credentials.data(), self._plaintext_payload)

    @patch('logging.Logger.error')
    def test_get_data_kms_decrypted(self, logging_error):
        """Credentials - Plaintext Credentials - KMS Decrypt"""
        assert_is_none(self._credentials.get_data_kms_decrypted())
        logging_error.assert_called_with(
            'Cannot decrypt Credentials as they are already decrypted')

    def test_encrypt(self):
        """Credentials - Plaintext Credentials - Encrypt

        Doubly-encrypting the credentials should do nothing.
        """
        self._credentials.encrypt(REGION, KMS_ALIAS)

        assert_true(self._credentials.is_encrypted())

        # moto changed from simply base64 encoding data to actually
        # doing proper encryption/decryption. See here:
        # https://github.com/earlrob/moto/commit/98581b9196768ad8d5eaa1e02ca744c0c3b2098e
        assert_not_equal(self._credentials.data(), 'plaintext credentials')
コード例 #4
0
ファイル: test_provider.py プロジェクト: vkumbha/streamalert 
class TestCredentialsEncrypted:
    def setup(self):
        self.kms_mocker = mock_kms()
        self.kms_mocker.start()
        setup_mock_kms(REGION, KMS_ALIAS)
        self._plaintext_payload = 'plaintext credentials'
        self._encrypted_payload = encrypt_with_kms(self._plaintext_payload,
                                                   REGION, KMS_ALIAS)
        self._credentials = Credentials(self._encrypted_payload,
                                        is_encrypted=True,
                                        region=REGION)

    def teardown(self):
        self.kms_mocker.stop()

    def test_is_encrypted(self):
        """Credentials - Encrypted Credentials - Is Encrypted"""
        assert_true(self._credentials.is_encrypted())

    def test_is_data(self):
        """Credentials - Encrypted Credentials - Data"""
        assert_equal(self._credentials.data(), self._encrypted_payload)

    def test_get_data_kms_decrypted(self):
        """Credentials - Encrypted Credentials - KMS Decrypt"""
        decrypted = self._credentials.get_data_kms_decrypted()
        assert_equal(decrypted, self._plaintext_payload.encode())

    def test_encrypt(self):
        """Credentials - Encrypted Credentials - Encrypt

        Doubly-encrypting the credentials should do nothing.
        """
        self._credentials.encrypt(REGION, KMS_ALIAS)
        assert_equal(self._credentials.data(), self._encrypted_payload)

    @patch('boto3.client')
    @patch('logging.Logger.exception')
    def test_decrypt_kms_error(self, logging_exception, boto3):
        """Credentials - Encrypted Credentials - KMS Decrypt - Errors if KMS Fails to Respond"""

        # We pretend that KMS errors out
        boto3_client = MagicMock()
        boto3.return_value = boto3_client

        response = MagicMock()
        boto3_client.decrypt.side_effect = ClientError(response, 'kms_decrypt')

        assert_is_none(self._credentials.get_data_kms_decrypted())
        logging_exception.assert_called_with(
            'an error occurred during credentials decryption')