def encrypt_value(args):
return json.dumps({
'type': 'secret',
'encrypted': crypto.encrypt_value(
args.public_key,
args.cleartext
)
})
def test_explodes_on_invalid_encryption(self, app, backend):
unknown_key = crypto.recover_pubkey(
crypto.deserialize_private_key(crypto.generate_key()))
job = A_JOB.copy()
job['params'] = {
'param': {
'_striv_type': 'secret',
'encrypted': crypto.encrypt_value(unknown_key, 'verrah-secret')
}
}
response = app.post_json('/jobs', job, status=422)
assert_that(response.json,
has_entry('source', has_entry('_striv_type', 'secret')))
def test_passes_decrypted_secret_to_backend(self, app, backend):
execution = AN_EXECUTION.copy()
execution['payload_template'] = 'params.param'
app.app.store.upsert_entities(('execution', 'nomad', execution))
job = A_JOB.copy()
job['params'] = {
'param': {
'_striv_type':
'secret',
'encrypted':
crypto.encrypt_value(app.app.public_key_pem, 'verrah-secret')
}
}
app.post_json('/jobs', job)
assert backend.actions[0][3] == '"verrah-secret"\n'
def test_roundtrip_with_large_payload(private_key, public_key):
cleartext = 'text' * 10000
encrypted = crypto.encrypt_value(public_key, cleartext)
decrypted = crypto.decrypt_value(private_key, encrypted)
assert decrypted == cleartext
def test_roundtrip(private_key, public_key):
cleartext = 'verrah-secret'
encrypted = crypto.encrypt_value(public_key, cleartext)
assert encrypted != cleartext
decrypted = crypto.decrypt_value(private_key, encrypted)
assert decrypted == cleartext
def test_encrypted_text_is_base64(public_key):
cleartext = 'verrah-secret'
encrypted = crypto.encrypt_value(public_key, cleartext)
assert re.match('^[A-Za-z0-9+/]+={0,2}$', encrypted)