def RestorePrivateValueWrapping(json):
"""Wrap private values in JSON decoded structure.
@param json: the json-decoded value to protect.
"""
result = []
for secrets_dict in json:
if secrets_dict is None:
data = serializer.PrivateDict()
else:
data = serializer.PrivateDict(secrets_dict)
result.append(data)
return result
def _create_instance(self, cfg):
"""Create and return an instance object"""
inst = objects.Instance(name="test.example.com",
uuid="test-uuid",
disks=[], nics=[],
disk_template=constants.DT_DISKLESS,
primary_node=cfg.GetMasterNode(),
osparams_private=serializer.PrivateDict(),
beparams={})
return inst
def testLeak(self):
pDict = serializer.PrivateDict()
pDict["bar"] = "egg"
self.assertTrue("egg" not in str(pDict),
"Value leaked in str(PrivateDict)")
self.assertTrue("egg" not in repr(pDict),
"Value leak in repr(PrivateDict)")
self.assertTrue("egg" not in "{0}".format(pDict),
"Value leaked in PrivateDict.__format__")
self.assertTrue(b"egg" not in serializer.Dump(pDict),
"Value leaked in serializer.Dump(PrivateDict)")
def testPrivateDictUnprivate(self):
pDict = serializer.PrivateDict()
pDict["bar"] = "egg"
uDict = pDict.Unprivate()
nDict = {"bar": "egg"}
self.assertEqual(type(uDict), dict,
"PrivateDict.Unprivate() did not return a dict")
self.assertEqual(pDict, uDict,
"PrivateDict.Unprivate() equality failure")
self.assertEqual(nDict, uDict,
"PrivateDict.Unprivate() failed to return")
def testProperAccess(self):
pDict = serializer.PrivateDict()
pDict["bar"] = "egg"
self.assertTrue("egg" == pDict["bar"].Get(),
"Value not returned by Private.Get()")
self.assertTrue("egg" == pDict.GetPrivate("bar"),
"Value not returned by Private.GetPrivate()")
self.assertTrue("egg" == pDict.Unprivate()["bar"],
"Value not returned by PrivateDict.Unprivate()")
json = serializer.Dump(
pDict, private_encoder=serializer.EncodeWithPrivateFields)
self.assertTrue(b"egg" in json)
def testSecretParamsCheckWithError(self):
op = opcodes.OpInstanceCreate(
instance_name="plain.example.com",
pnode="master.example.com",
disk_template=constants.DT_PLAIN,
mode=constants.INSTANCE_CREATE,
nics=[{}],
disks=[{
constants.IDISK_SIZE: 1024
}],
osparams_secret= serializer.PrivateDict({"foo":"bar",
"secret_param":"<redacted>"}),
os_type="debian-image")
self.assertRaises(errors.OpPrereqError, mcpu._CheckSecretParameters, op)
def testSecretParamsCheckNoError(self):
op = opcodes.OpInstanceCreate(
instance_name="plain.example.com",
pnode="master.example.com",
disk_template=constants.DT_PLAIN,
mode=constants.INSTANCE_CREATE,
nics=[{}],
disks=[{
constants.IDISK_SIZE: 1024
}],
osparams_secret= serializer.PrivateDict({"foo":"bar", "foo2":"bar2"}),
os_type="debian-image")
try:
mcpu._CheckSecretParameters(op)
except errors.OpPrereqError:
self.fail("OpPrereqError raised unexpectedly in _CheckSecretParameters")
class TestSerializer(testutils.GanetiTestCase):
"""Serializer tests"""
_TESTDATA = [
"test", 255, [1, 2, 3], (1, 2, 3), {
"1": 2,
"foo": "bar"
},
[
"abc", 1, 2, 3, 999, {
"a1": ("Hello", "World"),
"a2": "This is only a test",
"a3": None,
"osparams:": serializer.PrivateDict({
"foo": 5,
})
}
]
]
def _TestSerializer(self, dump_fn, load_fn):
_dump_fn = lambda data: dump_fn(
data, private_encoder=serializer.EncodeWithPrivateFields)
for data in self._TESTDATA:
self.assertTrue(_dump_fn(data).endswith(b"\n"))
self.assertEqualValues(load_fn(_dump_fn(data)), data)
def testGeneric(self):
self._TestSerializer(serializer.Dump, serializer.Load)
def testSignedGeneric(self):
self._TestSigned(serializer.DumpSigned, serializer.LoadSigned)
def testJson(self):
self._TestSerializer(serializer.DumpJson, serializer.LoadJson)
def testSignedJson(self):
self._TestSigned(serializer.DumpSignedJson, serializer.LoadSignedJson)
def _TestSigned(self, dump_fn, load_fn):
_dump_fn = lambda *args, **kwargs: dump_fn(*args,
private_encoder=serializer.
EncodeWithPrivateFields,
**kwargs)
for data in self._TESTDATA:
self.assertEqualValues(load_fn(_dump_fn(data, "mykey"), "mykey"),
(data, ""))
self.assertEqualValues(
load_fn(_dump_fn(data, "myprivatekey", salt="mysalt"),
"myprivatekey"), (data, "mysalt"))
keydict = {
"mykey_id": "myprivatekey",
}
self.assertEqualValues(
load_fn(
_dump_fn(data,
"myprivatekey",
salt="mysalt",
key_selector="mykey_id"), keydict.get),
(data, "mysalt"))
self.assertRaises(
errors.SignatureError, load_fn,
_dump_fn(data,
"myprivatekey",
salt="mysalt",
key_selector="mykey_id"), {}.get)
self.assertRaises(errors.SignatureError, load_fn,
_dump_fn("test", "myprivatekey"), "myotherkey")
self.assertRaises(errors.SignatureError, load_fn,
serializer.DumpJson("This is a test"), "mykey")
self.assertRaises(errors.SignatureError, load_fn,
serializer.DumpJson({}), "mykey")
# Message missing salt and HMAC
tdata = {
"msg": "Foo",
}
self.assertRaises(errors.SignatureError, load_fn,
serializer.DumpJson(tdata), "mykey")
def testDictGet(self):
result = serializer.PrivateDict().GetPrivate("bar", "tar")
self.assertTrue(
"tar" == result,
"Private.GetPrivate() did not handle the default case")
def testFillDict(self):
pDict = serializer.PrivateDict()
pDict["bar"] = "egg"
self.assertEqual(pDict, objects.FillDict({}, pDict))
def testEquality(self):
pDict = serializer.PrivateDict()
pDict["bar"] = "egg"
nDict = {"bar": "egg"}
self.assertEqual(pDict, nDict, "PrivateDict-dict equality failure")
