def test__reads_with_lock(self):
lock = FileLock(security.get_shared_secret_filesystem_path())
self.assertFalse(lock.is_locked())
def check_lock(path):
self.assertTrue(lock.is_locked())
return "12" # Two arbitrary hex characters.
read_text_file = self.patch_autospec(security, "read_text_file")
read_text_file.side_effect = check_lock
security.get_shared_secret_from_filesystem()
self.assertThat(read_text_file, MockCalledOnceWith(ANY))
self.assertFalse(lock.is_locked())
def test__deals_fine_with_whitespace_in_filesystem_value(self):
secret = self.write_secret()
write_text_file(
security.get_shared_secret_filesystem_path(),
" %s\n" % security.to_hex(secret),
)
self.assertEqual(secret, security.get_shared_secret_from_filesystem())
def get_shared_secret_txn():
# Load secret from database, if it exists.
secret_in_db_hex = Config.objects.get_config("rpc_shared_secret")
if secret_in_db_hex is None:
secret_in_db = None
else:
secret_in_db = to_bin(secret_in_db_hex)
# Load secret from the filesystem, if it exists.
secret_on_fs = get_shared_secret_from_filesystem()
if secret_in_db is None and secret_on_fs is None:
secret = os.urandom(16) # 16-bytes of crypto-standard noise.
Config.objects.set_config("rpc_shared_secret", to_hex(secret))
set_shared_secret_on_filesystem(secret)
elif secret_in_db is None:
secret = secret_on_fs
Config.objects.set_config("rpc_shared_secret", to_hex(secret))
elif secret_on_fs is None:
secret = secret_in_db
set_shared_secret_on_filesystem(secret)
elif secret_in_db == secret_on_fs:
secret = secret_in_db # or secret_on_fs.
else:
raise AssertionError(
"The secret stored in the database does not match the secret "
"stored on the filesystem at %s. Please investigate." %
get_shared_secret_filesystem_path())
return secret
def test__deals_gracefully_with_eof_from_tty(self):
stdin = self.patch_autospec(security, "stdin")
stdin.isatty.return_value = True
input = self.patch(security, "input")
input.side_effect = EOFError()
self.installAndCheckExitCode(1)
self.assertIsNone(security.get_shared_secret_from_filesystem())
def test__reads_secret_from_stdin(self):
secret = factory.make_bytes()
stdin = self.patch_autospec(security, "stdin")
stdin.readline.return_value = b2a_hex(secret).decode("ascii")
stdin.isatty.return_value = False
self.installAndCheckExitCode(0)
self.assertEqual(secret, security.get_shared_secret_from_filesystem())
def test__ignores_surrounding_whitespace_from_tty(self):
secret = factory.make_bytes()
stdin = self.patch_autospec(security, "stdin")
stdin.isatty.return_value = True
input = self.patch(security, "input")
input.return_value = " " + b2a_hex(secret).decode("ascii") + " \n"
self.installAndCheckExitCode(0)
self.assertEqual(secret, security.get_shared_secret_from_filesystem())
def test__deals_gracefully_with_interrupt_from_tty(self):
stdin = self.patch_autospec(security, "stdin")
stdin.isatty.return_value = True
input = self.patch(security, "input")
input.side_effect = KeyboardInterrupt()
self.assertRaises(
KeyboardInterrupt,
security.InstallSharedSecretScript.run, sentinel.args)
self.assertIsNone(
security.get_shared_secret_from_filesystem())
def test__reads_secret_from_tty(self):
secret = factory.make_bytes()
stdin = self.patch_autospec(security, "stdin")
stdin.isatty.return_value = True
input = self.patch(security, "input")
input.return_value = b2a_hex(secret).decode("ascii")
self.installAndCheckExitCode(0)
self.assertThat(input,
MockCalledOnceWith("Secret (hex/base16 encoded): "))
self.assertEqual(secret, security.get_shared_secret_from_filesystem())
def test__prompts_user_for_secret(self):
url = factory.make_simple_http_url()
expected_previous_value = factory.make_bytes()
set_shared_secret_on_filesystem(expected_previous_value)
InstallSharedSecretScript_mock = self.patch(
register_command, "InstallSharedSecretScript")
args = self.make_args(url=url, secret=None)
register_command.run(args)
observed = get_shared_secret_from_filesystem()
self.expectThat(expected_previous_value, Equals(observed))
self.expectThat(InstallSharedSecretScript_mock.run,
MockCalledOnceWith(args))
def makeService(self, options, clock=reactor, sleep=sleep):
"""Construct the MAAS Cluster service."""
register_sigusr1_toggle_cprofile("rackd")
register_sigusr2_thread_dump_handler()
clean_prometheus_dir()
add_patches_to_txtftp()
add_patches_to_twisted()
self._loadSettings()
self._configureCrochet()
if settings.DEBUG:
# Always log at debug level in debug mode.
self._configureLogging(3)
else:
self._configureLogging(options["verbosity"])
with ClusterConfiguration.open() as config:
tftp_root = config.tftp_root
tftp_port = config.tftp_port
from provisioningserver import services
secret = None
for elapsed, remaining, wait in retries(timeout=5 * 60, clock=clock):
secret = get_shared_secret_from_filesystem()
if secret is not None:
break
sleep(wait)
if secret is not None:
# only setup services if the shared secret is configured
for service in self._makeServices(tftp_root,
tftp_port,
clock=clock):
service.setServiceParent(services)
reactor.callInThread(generate_certificate_if_needed)
return services
def test__same_secret_is_returned_on_subsequent_calls(self):
self.write_secret()
self.assertEqual(
security.get_shared_secret_from_filesystem(),
security.get_shared_secret_from_filesystem(),
)
def test__returns_secret_when_one_exists(self):
secret = self.write_secret()
self.assertEqual(secret, security.get_shared_secret_from_filesystem())
def test__returns_None_when_no_secret_exists(self):
self.assertIsNone(security.get_shared_secret_from_filesystem())
def test___sets_secret(self):
url = factory.make_simple_http_url()
expected = factory.make_bytes()
register_command.run(self.make_args(url=url, secret=to_hex(expected)))
observed = get_shared_secret_from_filesystem()
self.assertEqual(expected, observed)
def test_reads_with_lock(self):
mock_file_lock = self.patch_autospec(security, "FileLock")
security.set_shared_secret_on_filesystem(b"foo")
security.get_shared_secret_from_filesystem()
mock_file_lock.assert_called()
def ensureSharedSecret(self):
"""Make sure the shared-secret is set."""
if get_shared_secret_from_filesystem() is None:
set_shared_secret_on_filesystem(factory.make_bytes())
