123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170 |
- # -*- coding: utf-8 -*-
- # Import Python Libs
- from __future__ import absolute_import, print_function, unicode_literals
- from textwrap import dedent
- # Import Salt Testing libs
- from tests.support.mixins import LoaderModuleMockMixin
- from tests.support.unit import skipIf, TestCase
- from tests.support.mock import (
- NO_MOCK,
- NO_MOCK_REASON,
- MagicMock,
- patch
- )
- # Import Salt libs
- import salt.renderers.gpg as gpg
- from salt.exceptions import SaltRenderError
- @skipIf(NO_MOCK, NO_MOCK_REASON)
- class GPGTestCase(TestCase, LoaderModuleMockMixin):
- '''
- unit test GPG renderer
- '''
- def setup_loader_modules(self):
- return {gpg: {}}
- def test__get_gpg_exec(self):
- '''
- test _get_gpg_exec
- '''
- gpg_exec = '/bin/gpg'
- with patch('salt.utils.path.which', MagicMock(return_value=gpg_exec)):
- self.assertEqual(gpg._get_gpg_exec(), gpg_exec)
- with patch('salt.utils.path.which', MagicMock(return_value=False)):
- self.assertRaises(SaltRenderError, gpg._get_gpg_exec)
- def test__decrypt_ciphertext(self):
- '''
- test _decrypt_ciphertext
- '''
- key_dir = '/etc/salt/gpgkeys'
- secret = 'Use more salt.'
- crypted = '-----BEGIN PGP MESSAGE-----!@#$%^&*()_+-----END PGP MESSAGE-----'
- multisecret = 'password is {0} and salt is {0}'.format(secret)
- multicrypted = 'password is {0} and salt is {0}'.format(crypted)
- class GPGDecrypt(object):
- def communicate(self, *args, **kwargs):
- return [secret, None]
- class GPGNotDecrypt(object):
- def communicate(self, *args, **kwargs):
- return [None, 'decrypt error']
- with patch('salt.renderers.gpg._get_key_dir', MagicMock(return_value=key_dir)), \
- patch('salt.utils.path.which', MagicMock()):
- with patch('salt.renderers.gpg.Popen', MagicMock(return_value=GPGDecrypt())):
- self.assertEqual(gpg._decrypt_ciphertexts(crypted), secret)
- self.assertEqual(
- gpg._decrypt_ciphertexts(multicrypted), multisecret)
- with patch('salt.renderers.gpg.Popen', MagicMock(return_value=GPGNotDecrypt())):
- self.assertEqual(gpg._decrypt_ciphertexts(crypted), crypted)
- self.assertEqual(
- gpg._decrypt_ciphertexts(multicrypted), multicrypted)
- def test__decrypt_object(self):
- '''
- test _decrypt_object
- '''
- secret = 'Use more salt.'
- crypted = '-----BEGIN PGP MESSAGE-----!@#$%^&*()_+-----END PGP MESSAGE-----'
- secret_map = {'secret': secret}
- crypted_map = {'secret': crypted}
- secret_list = [secret]
- crypted_list = [crypted]
- with patch('salt.renderers.gpg._decrypt_ciphertext', MagicMock(return_value=secret)):
- self.assertEqual(gpg._decrypt_object(secret), secret)
- self.assertEqual(gpg._decrypt_object(crypted), secret)
- self.assertEqual(gpg._decrypt_object(crypted_map), secret_map)
- self.assertEqual(gpg._decrypt_object(crypted_list), secret_list)
- self.assertEqual(gpg._decrypt_object(None), None)
- def test_render(self):
- '''
- test render
- '''
- key_dir = '/etc/salt/gpgkeys'
- secret = 'Use more salt.'
- crypted = '-----BEGIN PGP MESSAGE-----!@#$%^&*()_+'
- with patch('salt.renderers.gpg._get_gpg_exec', MagicMock(return_value=True)):
- with patch('salt.renderers.gpg._get_key_dir', MagicMock(return_value=key_dir)):
- with patch('salt.renderers.gpg._decrypt_object', MagicMock(return_value=secret)):
- self.assertEqual(gpg.render(crypted), secret)
- def test_multi_render(self):
- key_dir = '/etc/salt/gpgkeys'
- secret = 'Use more salt.'
- expected = '\n'.join([secret]*3)
- crypted = dedent('''\
- -----BEGIN PGP MESSAGE-----
- !@#$%^&*()_+
- -----END PGP MESSAGE-----
- -----BEGIN PGP MESSAGE-----
- !@#$%^&*()_+
- -----END PGP MESSAGE-----
- -----BEGIN PGP MESSAGE-----
- !@#$%^&*()_+
- -----END PGP MESSAGE-----
- ''')
- with patch('salt.renderers.gpg._get_gpg_exec', MagicMock(return_value=True)):
- with patch('salt.renderers.gpg._get_key_dir', MagicMock(return_value=key_dir)):
- with patch('salt.renderers.gpg._decrypt_ciphertext', MagicMock(return_value=secret)):
- self.assertEqual(gpg.render(crypted), expected)
- def test_render_with_binary_data_should_return_binary_data(self):
- key_dir = '/etc/salt/gpgkeys'
- secret = b'Use\x8b more\x8b salt.'
- expected = b'\n'.join([secret]*3)
- crypted = dedent('''\
- -----BEGIN PGP MESSAGE-----
- !@#$%^&*()_+
- -----END PGP MESSAGE-----
- -----BEGIN PGP MESSAGE-----
- !@#$%^&*()_+
- -----END PGP MESSAGE-----
- -----BEGIN PGP MESSAGE-----
- !@#$%^&*()_+
- -----END PGP MESSAGE-----
- ''')
- with patch('salt.renderers.gpg._get_gpg_exec', MagicMock(return_value=True)):
- with patch('salt.renderers.gpg._get_key_dir', MagicMock(return_value=key_dir)):
- with patch('salt.renderers.gpg._decrypt_ciphertext', MagicMock(return_value=secret)):
- self.assertEqual(gpg.render(crypted), expected)
- def test_render_with_translate_newlines_should_translate_newlines(self):
- key_dir = '/etc/salt/gpgkeys'
- secret = b'Use\x8b more\x8b salt.'
- expected = b'\n\n'.join([secret]*3)
- crypted = dedent('''\
- -----BEGIN PGP MESSAGE-----
- !@#$%^&*()_+
- -----END PGP MESSAGE-----\\n
- -----BEGIN PGP MESSAGE-----
- !@#$%^&*()_+
- -----END PGP MESSAGE-----\\n
- -----BEGIN PGP MESSAGE-----
- !@#$%^&*()_+
- -----END PGP MESSAGE-----
- ''')
- with patch('salt.renderers.gpg._get_gpg_exec', MagicMock(return_value=True)):
- with patch('salt.renderers.gpg._get_key_dir', MagicMock(return_value=key_dir)):
- with patch('salt.renderers.gpg._decrypt_ciphertext', MagicMock(return_value=secret)):
- self.assertEqual(
- gpg.render(crypted, translate_newlines=True),
- expected,
- )
|