def test_forge(self): # user-pass secret = Secret.forge( Secret.TYPE_USER_PASS, username="******", password="******" ) self.assertDictEqual(secret, { 'username': "******", 'password': "******" }) # token secret = Secret.forge( Secret.TYPE_TOKEN, token="0xDEADBEEF" ) self.assertDictEqual(secret, {'token': "0xDEADBEEF"}) # key-secret secret = Secret.forge( Secret.TYPE_KEY_SECRET, key="abc12377x", secret="frog blast the vent core" ) self.assertDictEqual(secret, { 'key': "abc12377x", 'secret': "frog blast the vent core" })
def test_construction(self): # Set secret 'data' directly secret = Secret( name="LEGO", system="www.lego.com", sub_system="UI", type=Secret.TYPE_USER_PASS, data={'username': '******', 'password': '******'} ) self.assertDictEqual(secret.data, { 'username': '******', 'password': '******' }) # "Forge" secret 'data' from kwargs secret = Secret( name="LEGO", system="api.lego.com", sub_system="REST API", type=Secret.TYPE_KEY_SECRET, key="4c1300c900d1af3de0e67560f542090b", secret="bWluaS1maWcK" ) self.assertDictEqual(secret.data, { 'key': "4c1300c900d1af3de0e67560f542090b", 'secret': "bWluaS1maWcK" })
def test_encryption(self): Secret.purge() stype = Secret.TYPE_USER_PASS username = '******' password = '******' secret = Secret( name="My Email Account", system="email.com", sub_system="UI", type=stype, data={'username': username, 'password': password}, note="Personal Email **ONLY**" ) self.assertEqual(secret.data['username'], username) self.assertEqual(secret.data['password'], password) secret.save() with open('tests/tmp/Secrets-test.json') as file: raw_data = json.load(file).get('_default', {}).get('1', {}).get('data') self.assertNotEqual(raw_data['username'], secret.data['username']) self.assertNotEqual(raw_data['password'], secret.data['password']) self.assertEqual(self.crypto.decrypt(raw_data['username']), secret.data['username']) self.assertEqual(self.crypto.decrypt(raw_data['password']), secret.data['password']) self.assertEqual(secret.data['username'], username) self.assertEqual(secret.data['password'], password) # Load and check stuff secret2 = Secret(id=1) secret2.load() self.assertEqual(secret2.type, stype) self.assertEqual(secret2.data['username'], username) self.assertEqual(secret2.data['password'], password)
def xform_secret_data(value, **kwargs): record = kwargs.get('record', {}) old_data = value.split(':', 2) new_data = Secret.TEMPLATES[record['type']].copy() if record['type'] == Secret.TYPE_USER_PASS: new_data['username'] = old_data[0] new_data['password'] = old_data[1] elif record['type'] == Secret.TYPE_TOKEN: new_data['token'] = old_data[1] if old_data[1] else old_data[0] elif record['type'] == Secret.TYPE_KEY_SECRET: new_data['key'] = old_data[0] new_data['secret'] = old_data[1] return Secret.forge(record['type'], **new_data)
def test_blot(self): license = 'this is the way the world ends. not with a bang...' secret = Secret( name="Hydra License", system="Hydra", sub_system="license", type=Secret.TYPE_BLOT, data={'content': license} ) self.assertEqual(secret.type, Secret.TYPE_BLOT) self.assertDictEqual(secret.data, { 'content': license })
def prune_unused(tags): entries = LogEntry.fetch() notes = Note.fetch() secrets = Secret.fetch() todos = Todo.fetch() work_days = WorkDay.fetch() unused_tags = [] for tag in tags: used = False for items in (entries, notes, secrets, todos, work_days): used = used_by(tag, items) if used: break if not used: unused_tags.append(tag) for tag in unused_tags: print(F"Pruning {tag.id:04d} - [{tag.name}].") tag.delete()
def test_serialize(self): # set data directly secret = Secret( name="My Email Account", system="email.com", sub_system="UI", type=Secret.TYPE_USER_PASS, data={'username': '******', 'password': '******'}, note="Personal Email **ONLY**" ) data = secret.serialize() self.assertEqual(secret.name, "My Email Account") self.assertEqual(secret.system, "email.com") self.assertEqual(secret.sub_system, "UI") self.assertEqual(secret.type, Secret.TYPE_USER_PASS) self.assertEqual(secret.data['username'], "rufus42") self.assertEqual(secret.data['password'], "y5kqyRrPXUUjS4DM") self.assertEqual(secret.note, "Personal Email **ONLY**") # forge data directly secret = Secret( name="My Email Account", system="email.com", sub_system="UI", type=Secret.TYPE_USER_PASS, username='******', password='******', note="Personal Email **ONLY**" ) data = secret.serialize() self.assertEqual(secret.name, "My Email Account") self.assertEqual(secret.system, "email.com") self.assertEqual(secret.sub_system, "UI") self.assertEqual(secret.type, Secret.TYPE_USER_PASS) self.assertEqual(secret.data['username'], "rufus007") self.assertEqual(secret.data['password'], "y5kqyRrXPXUUjS4DM") self.assertEqual(secret.note, "Personal Email **ONLY**")
def test_forge_missing_args(self): with self.assertRaisesRegex(ValueError, "Missing Required Value: 'username'"): Secret.forge( Secret.TYPE_USER_PASS, password="******" )
def test_forge_invalid_type(self): with self.assertRaisesRegex(TypeError, "Invalid Secret Type: 'base64-encoded-string'"): Secret.forge('base64-encoded-string', string="deciduous manifestations")
def test_tagging(self): # Basic instance secret = Secret( name="LEGO", system="www.lego.com", sub_system="UI", type=Secret.TYPE_USER_PASS, data={'username': '******', 'password': '******'}, ) self.assertIsNotNone(secret.tags) self.assertIsInstance(secret.tags, set) self.assertEqual(len(secret.tags), 0) # Create with Tags secret.tag("lego") secret.tag("brick-by-brick") self.assertEqual(len(secret.tags), 2) self.assertIsInstance(list(secret.tags)[0], Tag) secret.save() # Retrieve has Tags secret2 = Secret(id=secret.id) secret2.load() self.assertIsNotNone(secret2.tags) self.assertIsInstance(secret2.tags, set) self.assertEqual(len(secret2.tags), 2) self.assertIsInstance(list(secret2.tags)[0], Tag) self.assertTrue(Tag(name="lego") in secret2.tags) # Update tags secret2.tag("studs-r-us") self.assertEqual(len(secret2.tags), 3) self.assertIsInstance(list(secret2.tags)[2], Tag) secret2.save() secret3 = Secret(id=secret2.id) secret3.load() self.assertIsNotNone(secret3.tags) self.assertIsInstance(secret3.tags, set) self.assertEqual(len(secret3.tags), 3) self.assertTrue(Tag(name="lego") in secret3.tags) self.assertTrue(Tag(name="brick-by-brick") in secret3.tags) self.assertTrue(Tag(name="studs-r-us") in secret3.tags)
def test_missing_encryption_key(self): Secret.ENCRYPTION_KEY = None with self.assertRaisesRegex(Exception, "Secret - Encryption Key not set"): secret = Secret(name="bad wolf")
import pprint import sys sys.path.append(".") from cartaro.model.secret import Secret ################################################################################ if __name__ == "__main__": parser = argparse.ArgumentParser( description='Re-key Encrypted Secret Data') parser.add_argument('old_key', type=str, help='Old Key') parser.add_argument('new_key', type=str, help='New Key') args = parser.parse_args() env = os.getenv('CARTARO_ENV') if not env: raise Exception("CARTARO_ENV **must** be set.") doc_path = os.getenv('CARTARO_DOC_PATH') if not doc_path: raise Exception("CARTARO_DOC_PATH **must** be set.") print(F"Re-keying Secrets for '{env}' in '{doc_path}'") Secret.ENCRYPTION_KEY = args.old_key secrets = Secret.fetch() for secret in secrets: secret.rekey(args.new_key) print(F"*** Remember to update your CartaroCfg.json file! ***")