def test_render_with_translate_newlines_should_translate_newlines(self):
key_dir = "/etc/salt/gpgkeys"
secret = b"Use\x8b more\x8b salt."
expected = b"\n\n".join([secret] * 3)
crypted = dedent(
"""\
-----BEGIN PGP MESSAGE-----
!@#$%^&*()_+
-----END PGP MESSAGE-----\\n
-----BEGIN PGP MESSAGE-----
!@#$%^&*()_+
-----END PGP MESSAGE-----\\n
-----BEGIN PGP MESSAGE-----
!@#$%^&*()_+
-----END PGP MESSAGE-----
"""
)
with patch("salt.renderers.gpg._get_gpg_exec", MagicMock(return_value=True)):
with patch(
"salt.renderers.gpg._get_key_dir", MagicMock(return_value=key_dir)
):
with patch(
"salt.renderers.gpg._decrypt_ciphertext",
MagicMock(return_value=secret),
):
self.assertEqual(
gpg.render(crypted, translate_newlines=True, encoding="utf-8"),
expected,
)
def test_render_with_translate_newlines_should_translate_newlines(self):
key_dir = '/etc/salt/gpgkeys'
secret = b'Use\x8b more\x8b salt.'
expected = b'\n\n'.join([secret] * 3)
crypted = dedent('''\
-----BEGIN PGP MESSAGE-----
!@#$%^&*()_+
-----END PGP MESSAGE-----\\n
-----BEGIN PGP MESSAGE-----
!@#$%^&*()_+
-----END PGP MESSAGE-----\\n
-----BEGIN PGP MESSAGE-----
!@#$%^&*()_+
-----END PGP MESSAGE-----
''')
with patch('salt.renderers.gpg._get_gpg_exec',
MagicMock(return_value=True)):
with patch('salt.renderers.gpg._get_key_dir',
MagicMock(return_value=key_dir)):
with patch('salt.renderers.gpg._decrypt_ciphertext',
MagicMock(return_value=secret)):
self.assertEqual(
gpg.render(crypted,
translate_newlines=True,
encoding='utf-8'),
expected,
)
def test_multi_render(self):
key_dir = "/etc/salt/gpgkeys"
secret = "Use more salt."
expected = "\n".join([secret] * 3)
crypted = dedent(
"""\
-----BEGIN PGP MESSAGE-----
!@#$%^&*()_+
-----END PGP MESSAGE-----
-----BEGIN PGP MESSAGE-----
!@#$%^&*()_+
-----END PGP MESSAGE-----
-----BEGIN PGP MESSAGE-----
!@#$%^&*()_+
-----END PGP MESSAGE-----
"""
)
with patch("salt.renderers.gpg._get_gpg_exec", MagicMock(return_value=True)):
with patch(
"salt.renderers.gpg._get_key_dir", MagicMock(return_value=key_dir)
):
with patch(
"salt.renderers.gpg._decrypt_ciphertext",
MagicMock(return_value=secret),
):
self.assertEqual(gpg.render(crypted), expected)
def test_render_with_binary_data_should_return_binary_data():
key_dir = "/etc/salt/gpgkeys"
secret = b"Use\x8b more\x8b salt."
expected = b"\n".join([secret] * 3)
crypted = dedent("""\
-----BEGIN PGP MESSAGE-----
!@#$%^&*()_+
-----END PGP MESSAGE-----
-----BEGIN PGP MESSAGE-----
!@#$%^&*()_+
-----END PGP MESSAGE-----
-----BEGIN PGP MESSAGE-----
!@#$%^&*()_+
-----END PGP MESSAGE-----
""")
with patch("salt.renderers.gpg._get_gpg_exec",
MagicMock(return_value=True)):
with patch("salt.renderers.gpg._get_key_dir",
MagicMock(return_value=key_dir)):
with patch(
"salt.renderers.gpg._decrypt_ciphertext",
MagicMock(return_value=secret),
):
assert gpg.render(crypted, encoding="utf-8") == expected
def test_render_with_cache():
key_dir = "/etc/salt/gpgkeys"
secret = "Use more salt."
expected = "\n".join([secret] * 3)
crypted = dedent("""\
-----BEGIN PGP MESSAGE-----
!@#$%^&*()_+
-----END PGP MESSAGE-----
-----BEGIN PGP MESSAGE-----
!@#$%^&*()_+
-----END PGP MESSAGE-----
-----BEGIN PGP MESSAGE-----
!@#$%^&*()_+
-----END PGP MESSAGE-----
""")
minion_opts = salt.config.DEFAULT_MINION_OPTS.copy()
minion_opts["gpg_cache"] = True
with patch.dict(gpg.__opts__, minion_opts):
with patch("salt.renderers.gpg.Popen") as popen_mock:
popen_mock.return_value = Mock(communicate=lambda *args, **kwargs:
(secret, None),
)
with patch(
"salt.renderers.gpg._get_gpg_exec",
MagicMock(return_value="/usr/bin/gpg"),
):
with patch(
"salt.renderers.gpg._get_key_dir",
MagicMock(return_value=key_dir),
):
with patch(
"salt.utils.atomicfile.atomic_open",
MagicMock(),
) as atomic_open_mock:
assert gpg.render(crypted) == expected
gpg_call = call(
[
"/usr/bin/gpg",
"--homedir",
"/etc/salt/gpgkeys",
"--status-fd",
"2",
"--no-tty",
"-d",
],
shell=False,
stderr=PIPE,
stdin=PIPE,
stdout=PIPE,
)
popen_mock.assert_has_calls([gpg_call] * 1)
atomic_open_mock.assert_has_calls([
call(
os.path.join(minion_opts["cachedir"],
"gpg_cache"),
"wb+",
)
])
def test_render_bytes():
"""
test rendering bytes
"""
key_dir = "/etc/salt/gpgkeys"
binfo = b"User more salt."
with patch("salt.renderers.gpg._get_gpg_exec", MagicMock(return_value=True)):
with patch("salt.renderers.gpg._get_key_dir", MagicMock(return_value=key_dir)):
assert gpg.render(binfo) == binfo.decode()
def test_render(self):
'''
test render
'''
key_dir = '/etc/salt/gpgkeys'
secret = 'Use more salt.'
crypted = '-----BEGIN PGP MESSAGE-----!@#$%^&*()_+'
with patch('salt.renderers.gpg._get_gpg_exec', MagicMock(return_value=True)):
with patch('salt.renderers.gpg._get_key_dir', MagicMock(return_value=key_dir)):
with patch('salt.renderers.gpg._decrypt_object', MagicMock(return_value=secret)):
self.assertEqual(gpg.render(crypted), secret)
def test_render(self):
'''
test render
'''
key_dir = '/etc/salt/gpgkeys'
secret = 'Use more salt.'
crypted = '-----BEGIN PGP MESSAGE-----!@#$%^&*()_+'
with patch('salt.renderers.gpg._get_gpg_exec', MagicMock(return_value=True)):
with patch('salt.renderers.gpg._get_key_dir', MagicMock(return_value=key_dir)):
with patch('salt.renderers.gpg._decrypt_object', MagicMock(return_value=secret)):
self.assertEqual(gpg.render(crypted), secret)
def test_render():
"""
test render
"""
key_dir = "/etc/salt/gpgkeys"
secret = "Use more salt."
crypted = "-----BEGIN PGP MESSAGE-----!@#$%^&*()_+"
with patch("salt.renderers.gpg._get_gpg_exec", MagicMock(return_value=True)):
with patch("salt.renderers.gpg._get_key_dir", MagicMock(return_value=key_dir)):
with patch(
"salt.renderers.gpg._decrypt_object", MagicMock(return_value=secret)
):
assert gpg.render(crypted) == secret
def test_render_without_cache(self):
key_dir = "/etc/salt/gpgkeys"
secret = "Use more salt."
expected = "\n".join([secret] * 3)
crypted = dedent(
"""\
-----BEGIN PGP MESSAGE-----
!@#$%^&*()_+
-----END PGP MESSAGE-----
-----BEGIN PGP MESSAGE-----
!@#$%^&*()_+
-----END PGP MESSAGE-----
-----BEGIN PGP MESSAGE-----
!@#$%^&*()_+
-----END PGP MESSAGE-----
"""
)
with patch("salt.renderers.gpg.Popen") as popen_mock:
popen_mock.return_value = Mock(
communicate=lambda *args, **kwargs: (secret, None),
)
with patch(
"salt.renderers.gpg._get_gpg_exec",
MagicMock(return_value="/usr/bin/gpg"),
):
with patch(
"salt.renderers.gpg._get_key_dir", MagicMock(return_value=key_dir)
):
self.assertEqual(gpg.render(crypted), expected)
gpg_call = call(
[
"/usr/bin/gpg",
"--homedir",
"/etc/salt/gpgkeys",
"--status-fd",
"2",
"--no-tty",
"-d",
],
shell=False,
stderr=PIPE,
stdin=PIPE,
stdout=PIPE,
)
popen_mock.assert_has_calls([gpg_call] * 3)
def test_multi_render(self):
key_dir = '/etc/salt/gpgkeys'
secret = 'Use more salt.'
expected = '\n'.join([secret] * 3)
crypted = dedent('''\
-----BEGIN PGP MESSAGE-----
!@#$%^&*()_+
-----END PGP MESSAGE-----
-----BEGIN PGP MESSAGE-----
!@#$%^&*()_+
-----END PGP MESSAGE-----
-----BEGIN PGP MESSAGE-----
!@#$%^&*()_+
-----END PGP MESSAGE-----
''')
with patch('salt.renderers.gpg._get_gpg_exec',
MagicMock(return_value=True)):
with patch('salt.renderers.gpg._get_key_dir',
MagicMock(return_value=key_dir)):
with patch('salt.renderers.gpg._decrypt_ciphertext',
MagicMock(return_value=secret)):
self.assertEqual(gpg.render(crypted), expected)
