class TestExistingVault(TestCase):
def setUp(self):
self.salt = b'\xe2\x98\xe5\xdc\xeb\xf5\xcc\xd8'
self.password = '******'
fd, fnm = tempfile.mkstemp(prefix='vault-')
os.write(fd, json.dumps(RAW_DATA).encode('utf-8'))
os.write(fd, b'\n')
os.close(fd)
self.path = fnm
self.vault = Vault(self.salt, self.password, self.path)
def tearDown(self):
if os.path.exists(self.path):
os.unlink(self.path)
def test_vault_keys(self):
actual_keys = sorted(self.vault.keys())
self.assertEqual(actual_keys, ['abc', 'def'])
def test_vault_len(self):
self.assertEqual(len(self.vault), 2)
def test_vault_items(self):
actual_items = sorted(self.vault.items(), key=lambda item: item[0])
self.assertEqual(actual_items, [('abc', 'xyz'), ('def', 'fed')])
def test_vault_getitem(self):
encrypted_value = self.vault.data['abc']
self.assertEqual(encrypted_value, 'HnzqInYmVC+2Y/KNYvUlfUQFcxQfMSZ8dXZCNQCzBs914J/7wNZPTuXWzBub2db46z+o')
decrypted_value = self.vault['abc']
self.assertEqual(decrypted_value, 'xyz')
def test_vault_in(self):
self.assertIn('abc', self.vault)
def test_vault_setitem(self):
self.assertNotIn('PASSWORD', self.vault)
expected_value = 'Every g;;d boy does f1ne'
self.vault['PASSWORD'] = expected_value
self.assertIn('PASSWORD', self.vault)
othervault = Vault(self.salt, self.password, self.path)
actual_value = othervault['PASSWORD']
self.assertEqual(actual_value, expected_value)
def test_bad_salt(self):
bad_salt = os.urandom(8)
othervault = Vault(bad_salt, self.password, self.path)
with self.assertRaises(InvalidMessageAuthenticationCode):
othervault['abc'] == 'xyz'
def test_bad_password(self):
bad_password = '******'
othervault = Vault(self.salt, bad_password, self.path)
with self.assertRaises(InvalidMessageAuthenticationCode):
othervault['abc'] == 'xyz'
def setUp(self):
self.salt = b'\xe2\x98\xe5\xdc\xeb\xf5\xcc\xd8'
self.password = '******'
fd, fnm = tempfile.mkstemp(prefix='vault-')
os.write(fd, json.dumps(RAW_DATA).encode('utf-8'))
os.write(fd, b'\n')
os.close(fd)
self.path = fnm
self.vault = Vault(self.salt, self.password, self.path)
def setUp(self):
self.salt = b'\xe2\x98\xe5\xdc\xeb\xf5\xcc\xd8'
self.password = '******'
fd, fnm = tempfile.mkstemp(prefix='vault-')
os.close(fd)
os.unlink(fnm)
self.path = fnm
self.vault = Vault(self.salt, self.password, self.path)
def test_vault_setitem(self):
self.assertNotIn('PASSWORD', self.vault)
expected_value = 'Every g;;d boy does f1ne'
self.vault['PASSWORD'] = expected_value
self.assertIn('PASSWORD', self.vault)
othervault = Vault(self.salt, self.password, self.path)
actual_value = othervault['PASSWORD']
self.assertEqual(actual_value, expected_value)
def main_guts(prog, args):
opts = parse_args(prog, args)
if opts.cmd == 'newsalt':
return newsalt_command(raw=opts.raw)
salt = opts.salt
if not salt:
sys.stderr.write(
'salt required: provide --salt or CONFSECRETS_SALT via environment\n'
)
return 1
salt = b64decode(opts.salt)
if not opts.key:
sys.stderr.write(
'key required: provide --key or CONFSECRETS_KEY via environment\n')
return 1
if not opts.path:
sys.stderr.write(
'path required: provide --path or CONFSECRETS_PATH via environment\n'
)
return 1
vault = Vault(salt, opts.key, opts.path)
if opts.cmd == 'list':
return list_secrets_command(vault)
elif opts.cmd == 'read':
return get_secret_command(vault, opts.name)
elif opts.cmd == 'write':
return put_secret_command(vault, opts.name, opts.value)
elif opts.cmd == 'rm':
return rm_secret_command(vault, opts.name)
else:
sys.stderr.write('A command is required\n')
return 1
def test_bad_password(self):
bad_password = '******'
othervault = Vault(self.salt, bad_password, self.path)
with self.assertRaises(InvalidMessageAuthenticationCode):
othervault['abc'] == 'xyz'
def test_bad_salt(self):
bad_salt = os.urandom(8)
othervault = Vault(bad_salt, self.password, self.path)
with self.assertRaises(InvalidMessageAuthenticationCode):
othervault['abc'] == 'xyz'