test_gpg.py 6.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170
  1. # -*- coding: utf-8 -*-
  2. # Import Python Libs
  3. from __future__ import absolute_import, print_function, unicode_literals
  4. from textwrap import dedent
  5. # Import Salt Testing libs
  6. from tests.support.mixins import LoaderModuleMockMixin
  7. from tests.support.unit import skipIf, TestCase
  8. from tests.support.mock import (
  9. NO_MOCK,
  10. NO_MOCK_REASON,
  11. MagicMock,
  12. patch
  13. )
  14. # Import Salt libs
  15. import salt.renderers.gpg as gpg
  16. from salt.exceptions import SaltRenderError
  17. @skipIf(NO_MOCK, NO_MOCK_REASON)
  18. class GPGTestCase(TestCase, LoaderModuleMockMixin):
  19. '''
  20. unit test GPG renderer
  21. '''
  22. def setup_loader_modules(self):
  23. return {gpg: {}}
  24. def test__get_gpg_exec(self):
  25. '''
  26. test _get_gpg_exec
  27. '''
  28. gpg_exec = '/bin/gpg'
  29. with patch('salt.utils.path.which', MagicMock(return_value=gpg_exec)):
  30. self.assertEqual(gpg._get_gpg_exec(), gpg_exec)
  31. with patch('salt.utils.path.which', MagicMock(return_value=False)):
  32. self.assertRaises(SaltRenderError, gpg._get_gpg_exec)
  33. def test__decrypt_ciphertext(self):
  34. '''
  35. test _decrypt_ciphertext
  36. '''
  37. key_dir = '/etc/salt/gpgkeys'
  38. secret = 'Use more salt.'
  39. crypted = '-----BEGIN PGP MESSAGE-----!@#$%^&*()_+-----END PGP MESSAGE-----'
  40. multisecret = 'password is {0} and salt is {0}'.format(secret)
  41. multicrypted = 'password is {0} and salt is {0}'.format(crypted)
  42. class GPGDecrypt(object):
  43. def communicate(self, *args, **kwargs):
  44. return [secret, None]
  45. class GPGNotDecrypt(object):
  46. def communicate(self, *args, **kwargs):
  47. return [None, 'decrypt error']
  48. with patch('salt.renderers.gpg._get_key_dir', MagicMock(return_value=key_dir)), \
  49. patch('salt.utils.path.which', MagicMock()):
  50. with patch('salt.renderers.gpg.Popen', MagicMock(return_value=GPGDecrypt())):
  51. self.assertEqual(gpg._decrypt_ciphertexts(crypted), secret)
  52. self.assertEqual(
  53. gpg._decrypt_ciphertexts(multicrypted), multisecret)
  54. with patch('salt.renderers.gpg.Popen', MagicMock(return_value=GPGNotDecrypt())):
  55. self.assertEqual(gpg._decrypt_ciphertexts(crypted), crypted)
  56. self.assertEqual(
  57. gpg._decrypt_ciphertexts(multicrypted), multicrypted)
  58. def test__decrypt_object(self):
  59. '''
  60. test _decrypt_object
  61. '''
  62. secret = 'Use more salt.'
  63. crypted = '-----BEGIN PGP MESSAGE-----!@#$%^&*()_+-----END PGP MESSAGE-----'
  64. secret_map = {'secret': secret}
  65. crypted_map = {'secret': crypted}
  66. secret_list = [secret]
  67. crypted_list = [crypted]
  68. with patch('salt.renderers.gpg._decrypt_ciphertext', MagicMock(return_value=secret)):
  69. self.assertEqual(gpg._decrypt_object(secret), secret)
  70. self.assertEqual(gpg._decrypt_object(crypted), secret)
  71. self.assertEqual(gpg._decrypt_object(crypted_map), secret_map)
  72. self.assertEqual(gpg._decrypt_object(crypted_list), secret_list)
  73. self.assertEqual(gpg._decrypt_object(None), None)
  74. def test_render(self):
  75. '''
  76. test render
  77. '''
  78. key_dir = '/etc/salt/gpgkeys'
  79. secret = 'Use more salt.'
  80. crypted = '-----BEGIN PGP MESSAGE-----!@#$%^&*()_+'
  81. with patch('salt.renderers.gpg._get_gpg_exec', MagicMock(return_value=True)):
  82. with patch('salt.renderers.gpg._get_key_dir', MagicMock(return_value=key_dir)):
  83. with patch('salt.renderers.gpg._decrypt_object', MagicMock(return_value=secret)):
  84. self.assertEqual(gpg.render(crypted), secret)
  85. def test_multi_render(self):
  86. key_dir = '/etc/salt/gpgkeys'
  87. secret = 'Use more salt.'
  88. expected = '\n'.join([secret]*3)
  89. crypted = dedent('''\
  90. -----BEGIN PGP MESSAGE-----
  91. !@#$%^&*()_+
  92. -----END PGP MESSAGE-----
  93. -----BEGIN PGP MESSAGE-----
  94. !@#$%^&*()_+
  95. -----END PGP MESSAGE-----
  96. -----BEGIN PGP MESSAGE-----
  97. !@#$%^&*()_+
  98. -----END PGP MESSAGE-----
  99. ''')
  100. with patch('salt.renderers.gpg._get_gpg_exec', MagicMock(return_value=True)):
  101. with patch('salt.renderers.gpg._get_key_dir', MagicMock(return_value=key_dir)):
  102. with patch('salt.renderers.gpg._decrypt_ciphertext', MagicMock(return_value=secret)):
  103. self.assertEqual(gpg.render(crypted), expected)
  104. def test_render_with_binary_data_should_return_binary_data(self):
  105. key_dir = '/etc/salt/gpgkeys'
  106. secret = b'Use\x8b more\x8b salt.'
  107. expected = b'\n'.join([secret]*3)
  108. crypted = dedent('''\
  109. -----BEGIN PGP MESSAGE-----
  110. !@#$%^&*()_+
  111. -----END PGP MESSAGE-----
  112. -----BEGIN PGP MESSAGE-----
  113. !@#$%^&*()_+
  114. -----END PGP MESSAGE-----
  115. -----BEGIN PGP MESSAGE-----
  116. !@#$%^&*()_+
  117. -----END PGP MESSAGE-----
  118. ''')
  119. with patch('salt.renderers.gpg._get_gpg_exec', MagicMock(return_value=True)):
  120. with patch('salt.renderers.gpg._get_key_dir', MagicMock(return_value=key_dir)):
  121. with patch('salt.renderers.gpg._decrypt_ciphertext', MagicMock(return_value=secret)):
  122. self.assertEqual(gpg.render(crypted), expected)
  123. def test_render_with_translate_newlines_should_translate_newlines(self):
  124. key_dir = '/etc/salt/gpgkeys'
  125. secret = b'Use\x8b more\x8b salt.'
  126. expected = b'\n\n'.join([secret]*3)
  127. crypted = dedent('''\
  128. -----BEGIN PGP MESSAGE-----
  129. !@#$%^&*()_+
  130. -----END PGP MESSAGE-----\\n
  131. -----BEGIN PGP MESSAGE-----
  132. !@#$%^&*()_+
  133. -----END PGP MESSAGE-----\\n
  134. -----BEGIN PGP MESSAGE-----
  135. !@#$%^&*()_+
  136. -----END PGP MESSAGE-----
  137. ''')
  138. with patch('salt.renderers.gpg._get_gpg_exec', MagicMock(return_value=True)):
  139. with patch('salt.renderers.gpg._get_key_dir', MagicMock(return_value=key_dir)):
  140. with patch('salt.renderers.gpg._decrypt_ciphertext', MagicMock(return_value=secret)):
  141. self.assertEqual(
  142. gpg.render(crypted, translate_newlines=True),
  143. expected,
  144. )