def test_parse__as_env(self): class MyEnvParser(env.EnvParser): secret_key = env.CharField(max_length=24, as_env=True) is_important = env.BooleanField() aws_url = env.URLField(as_env='AWS_URL_WHAT') number_of_workers = env.IntegerField() content = encrypt( textwrap.dedent(''' secret: key: secret.whatever is_important: true aws: url: http://hello.word.org number: of: workers: '113' ''')) self.root_dir.join('env.szczyp').write(content, mode='w') e = MyEnvParser().parse() assert e.secret_key == 'secret.whatever' assert e.is_important is True assert e.aws_url == 'http://hello.word.org' assert e.number_of_workers == 113 assert os.environ['SECRET_KEY'] == 'secret.whatever' assert os.environ['AWS_URL_WHAT'] == 'http://hello.word.org' del os.environ['SECRET_KEY'] del os.environ['AWS_URL_WHAT']
def test_decrypt__specific_file_and_custom_key_file(self): content = encrypt( textwrap.dedent(''' secret: key: secret.whatever is_important: true aws: url: {{ a.b.c }} number: of: workers: '113' a: b: c: http://hello.word.org '''), '.e2e_encryption_key') self.root_dir.join('e2e.szczyp').write(content, mode='w') result = self.runner.invoke(cli, [ 'decrypt', '-k', '.e2e_encryption_key', str(self.root_dir.join('e2e.szczyp')) ]) assert result.exit_code == 0 assert sorted(self.root_dir.listdir()) == [ str(self.root_dir.join('.e2e_encryption_key')), str(self.root_dir.join('e2e.szczyp')), str(self.root_dir.join('e2e.yml')), ]
def test_parse__validation_errors(self): class MyEnvParser(env.EnvParser): secret_key = env.CharField(max_length=12) is_important = env.BooleanField() aws_url = env.URLField() number_of_workers = env.IntegerField() content = encrypt( textwrap.dedent(''' secret: key: secret.whatever is_important: whatever aws: url: not.url number: of: workers: not.number ''')) self.root_dir.join('env.szczyp').write(content, mode='w') with pytest.raises(ValidatorError) as e: MyEnvParser().parse() assert e.value.args[0] == ( 'env.aws_url: Text "not.url" is not valid URL')
def test_parse(self): class MyEnvParser(env.EnvParser): secret_key = env.CharField() is_important = env.BooleanField() aws_url = env.URLField() number_of_workers = env.IntegerField() content = encrypt( textwrap.dedent(''' secret: key: secret.whatever is_important: true aws: url: http://hello.word.org number: of: workers: '113' ''')) self.root_dir.join('env.szczyp').write(content, mode='w') e = MyEnvParser().parse() assert e.secret_key == 'secret.whatever' assert e.is_important is True assert e.aws_url == 'http://hello.word.org' assert e.number_of_workers == 113
def test_parse__singleton__same_gpg_file(self): secho = self.mocker.patch.object(click, 'secho') class MyEnvParser(env.EnvParser): secret_key = env.CharField() is_important = env.BooleanField() content = encrypt( textwrap.dedent(''' secret: key: secret.whatever is_important: true ''')) self.root_dir.join('env.szczyp').write(content, mode='w') for i in range(2): e = MyEnvParser().parse() assert e.secret_key == 'secret.whatever' assert e.is_important is True assert secho.call_args_list == [ call('[LOADING] env.szczyp', color='green'), call('[PARSING] tests.test_parser.MyEnvParser(env.szczyp)', color='green'), call('[PARSING] tests.test_parser.MyEnvParser(env.szczyp)', color='green'), ]
def test_parse__optional_without_defaults(self): class MyEnvParser(env.EnvParser): secret_key = env.CharField(required=False, allow_null=True) is_important = env.BooleanField(required=False, allow_null=True) aws_url = env.URLField(required=False, allow_null=True) number_of_workers = env.IntegerField(required=False, allow_null=True) content = encrypt( textwrap.dedent(''' what: event: yo ''')) self.root_dir.join('env.szczyp').write(content, mode='w') e = MyEnvParser().parse() assert e.secret_key is None assert e.is_important is None assert e.aws_url is None assert e.number_of_workers is None
def test_parse__complex_example__from_env_variable(self): class MyEnvParser(env.EnvParser): secret_key = env.CharField() is_important = env.BooleanField() aws_url = env.URLField() number_of_workers = env.IntegerField() content = encrypt( textwrap.dedent(''' secret: key: secret.whatever is_important: true aws: url: {{ a.b.c }} number: of: workers: '113' a: b: c: http://hello.word.org ''')) os.environ['SZCZYPIOREK_ENVIRONMENT'] = content e = MyEnvParser().parse() assert e.secret_key == 'secret.whatever' assert e.is_important is True assert e.aws_url == 'http://hello.word.org' assert e.number_of_workers == 113
def test_encrypt__encryption_key_exists__success(self): create_encryption_key_if_not_exist() encrypted = encrypt('hello world').strip() content = read_encrypted(encrypted) assert content['key_hash'] is not None assert content['gpg'].startswith('-----BEGIN PGP MESSAGE-----') assert content['gpg'].endswith('-----END PGP MESSAGE-----') assert decrypt(encrypted) == 'hello world' assert len( self.root_dir.join('.szczypiorek_encryption_key').read()) > 128
def test_encrypt__empty_content__success(self): self.mocker.patch( 'szczypiorek.crypto.get_encryption_key').return_value = ('secret', 'hash') encrypted = encrypt('').strip() content = read_encrypted(encrypted) assert content['key_hash'] == 'hash' assert content['gpg'].startswith('-----BEGIN PGP MESSAGE-----') assert content['gpg'].endswith('-----END PGP MESSAGE-----') assert decrypt(encrypted) == ''
def test_encrypt__no_encryption_key__success(self): assert self.root_dir.join( '.szczypiorek_encryption_key').exists() is False encrypted = encrypt('hello world').strip() content = read_encrypted(encrypted) assert content['key_hash'] is not None assert content['gpg'].startswith('-----BEGIN PGP MESSAGE-----') assert content['gpg'].endswith('-----END PGP MESSAGE-----') assert decrypt(encrypted) == 'hello world' assert self.root_dir.join( '.szczypiorek_encryption_key').exists() is True
def test_print_env(self): content = encrypt(textwrap.dedent(''' a: b ''')) self.root_dir.join('env.szczyp').write(content, mode='w') global my_env my_env = MyEnvParser().parse() # noqa result = self.runner.invoke(cli, ['print-env', 'tests.test_cli.my_env']) assert result.exit_code == 0 assert result.output.strip() == textwrap.dedent(''' a: b ''').strip()
def test_decrypt__wrong_passphrase__error(self): self.mocker.patch( 'szczypiorek.crypto.get_encryption_key').side_effect = [ ('secret.0', 'hash'), ('secret.1', 'hash') ] encrypted = encrypt('what is it') with pytest.raises(DecryptionError) as e: decrypt(encrypted) assert e.value.args[0] == normalize(""" Something went wrong while attempting to decrypt. The big chance is that you've used broken encryption key. Therefore if you see this message it means that you're trying to do something bad. Stop doing that. """)
def test_print_env__hide_sensitive(self): content = encrypt( textwrap.dedent(''' password: my.secret my_super_password: 123whatever secret: not tell anyone some_secret: not just any secret my_key: to open any doors key: yup not_some_important: just show it a: b c: '{"my_password": "******"}' ''')) self.root_dir.join('env.szczyp').write(content, mode='w') global my_env my_env = SensitiveEnvParser().parse() # noqa result = self.runner.invoke(cli, ['print-env', 'tests.test_cli.my_env']) assert result.exit_code == 0 assert result.output.strip() == textwrap.dedent(''' a: b c: { "my_password": "******" } key: ********** my_key: ********** my_super_password: ********** not_some_important: just show it password: ********** secret: ********** some_secret: ********** ''').strip()
def test_parse__optional_with_defaults(self): class MyEnvParser(env.EnvParser): secret_key = env.CharField(required=False, default='hello') is_important = env.BooleanField(required=False, default=False) aws_url = env.URLField(required=False, default='http://hi.pl') number_of_workers = env.IntegerField(required=False, default=12) content = encrypt( textwrap.dedent(''' what: event: yo ''')) self.root_dir.join('env.szczyp').write(content, mode='w') e = MyEnvParser().parse() assert e.secret_key == 'hello' assert e.is_important is False assert e.aws_url == 'http://hi.pl' assert e.number_of_workers == 12
def set_encrypted(self, json, filepath=None, key_filepath=None): content = encrypt(dump_yaml(json), key_filepath=key_filepath) filepath = filepath or 'env.szczyp' self.root_dir.join(filepath).write(content, mode='w')
def test_decrypt__empty_gpg_content__success(self): assert decrypt(encrypt('')) == ''