def setup(self):
self._plaintext_payload = 'plaintext credentials'
self._encrypted_payload = encrypt_with_kms(self._plaintext_payload,
REGION, KMS_ALIAS)
self._credentials = Credentials(self._encrypted_payload,
is_encrypted=True,
region=REGION)
def test_kms_decrypt(self):
"""OutputDispatcher - KMS Decrypt"""
test_data = 'data to encrypt'
encrypted = encrypt_with_kms(test_data, REGION, KMS_ALIAS)
decrypted = self._dispatcher._kms_decrypt(encrypted)
assert_equal(decrypted, test_data)
def test_save_and_load_credentials(self):
"""SpooledTempfileDriver - Save and Load Credentials"""
raw_credentials = 'aaaa'
descriptor = 'descriptor'
encrypted_raw_credentials = encrypt_with_kms(raw_credentials, REGION, KMS_ALIAS)
credentials = Credentials(encrypted_raw_credentials, True, REGION)
assert_true(self._sp_driver.save_credentials(descriptor, credentials))
loaded_credentials = self._sp_driver.load_credentials(descriptor)
assert_is_not_none(loaded_credentials)
assert_true(loaded_credentials.is_encrypted())
assert_equal(loaded_credentials.get_data_kms_decrypted(), raw_credentials)
def test_save_and_load_credentials_persists_statically(self):
"""LocalFileDriver - Save and Load Credentials"""
raw_credentials = 'aaaa'
descriptor = 'descriptor'
encrypted_raw_credentials = encrypt_with_kms(raw_credentials, REGION, KMS_ALIAS)
credentials = Credentials(encrypted_raw_credentials, True, REGION)
assert_true(self._fs_driver.save_credentials(descriptor, credentials))
driver2 = LocalFileDriver(REGION, 'service') # Create a separate, identical driver
loaded_credentials = driver2.load_credentials(descriptor)
assert_is_not_none(loaded_credentials)
assert_true(loaded_credentials.is_encrypted())
assert_equal(loaded_credentials.get_data_kms_decrypted(), raw_credentials)
def test_save_automatically_decrypts(self):
"""EphemeralUnencryptedDriver - Save Automatically Decrypts"""
raw_credentials_dict = {
'python': 'is very difficult',
'someone': 'save meeeee',
}
descriptor = 'descriptor5'
raw_credentials = json.dumps(raw_credentials_dict)
encrypted_raw_credentials = encrypt_with_kms(raw_credentials, REGION, KMS_ALIAS)
credentials = Credentials(encrypted_raw_credentials, True, REGION)
assert_true(self._ep_driver.save_credentials(descriptor, credentials))
loaded_credentials = self._ep_driver.load_credentials(descriptor)
assert_is_not_none(loaded_credentials)
assert_false(loaded_credentials.is_encrypted())
assert_equal(json.loads(loaded_credentials.data()), raw_credentials_dict)
def test_save_and_load_credentials_persists_statically(self):
"""SpooledTempfileDriver - Save and Load Credentials"""
raw_credentials_dict = {
'python': 'is very difficult',
'someone': 'save meeeee',
}
descriptor = 'descriptor'
raw_credentials = json.dumps(raw_credentials_dict)
encrypted_raw_credentials = encrypt_with_kms(raw_credentials, REGION, KMS_ALIAS)
credentials = Credentials(encrypted_raw_credentials, True)
assert_true(self._sp_driver.save_credentials(descriptor, credentials))
driver2 = SpooledTempfileDriver('service', REGION) # Create a separate, identical driver
loaded_credentials = driver2.load_credentials(descriptor)
assert_is_not_none(loaded_credentials)
assert_true(loaded_credentials.is_encrypted())
assert_equal(loaded_credentials.get_data_kms_decrypted(), raw_credentials)