"Fossies" - the Fresh Open Source Software Archive

Member "salt-3002.2/tests/unit/renderers/test_gpg.py" (18 Nov 2020, 11610 Bytes) of package /linux/misc/salt-3002.2.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Python source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "test_gpg.py": 3002.1_vs_3002.2.

    1 import os
    2 from subprocess import PIPE
    3 from textwrap import dedent
    4 
    5 import salt.renderers.gpg as gpg
    6 from salt.exceptions import SaltRenderError
    7 from tests.support.mixins import (
    8     AdaptedConfigurationTestCaseMixin,
    9     LoaderModuleMockMixin,
   10 )
   11 from tests.support.mock import MagicMock, Mock, call, patch
   12 from tests.support.unit import TestCase
   13 
   14 
   15 class GPGTestCase(TestCase, LoaderModuleMockMixin, AdaptedConfigurationTestCaseMixin):
   16     """
   17     unit test GPG renderer
   18     """
   19 
   20     def setup_loader_modules(self):
   21         return {gpg: {}}
   22 
   23     def test__get_gpg_exec(self):
   24         """
   25         test _get_gpg_exec
   26         """
   27         gpg_exec = "/bin/gpg"
   28 
   29         with patch("salt.utils.path.which", MagicMock(return_value=gpg_exec)):
   30             self.assertEqual(gpg._get_gpg_exec(), gpg_exec)
   31 
   32         with patch("salt.utils.path.which", MagicMock(return_value=False)):
   33             self.assertRaises(SaltRenderError, gpg._get_gpg_exec)
   34 
   35     def test__decrypt_ciphertext(self):
   36         """
   37         test _decrypt_ciphertext
   38         """
   39         key_dir = "/etc/salt/gpgkeys"
   40         secret = "Use more salt."
   41         crypted = "-----BEGIN PGP MESSAGE-----!@#$%^&*()_+-----END PGP MESSAGE-----"
   42 
   43         multisecret = "password is {0} and salt is {0}".format(secret)
   44         multicrypted = "password is {0} and salt is {0}".format(crypted)
   45 
   46         class GPGDecrypt:
   47             def communicate(self, *args, **kwargs):
   48                 return [secret, None]
   49 
   50         class GPGNotDecrypt:
   51             def communicate(self, *args, **kwargs):
   52                 return [None, "decrypt error"]
   53 
   54         with patch(
   55             "salt.renderers.gpg._get_key_dir", MagicMock(return_value=key_dir)
   56         ), patch("salt.utils.path.which", MagicMock()):
   57             with patch(
   58                 "salt.renderers.gpg.Popen", MagicMock(return_value=GPGDecrypt())
   59             ):
   60                 self.assertEqual(gpg._decrypt_ciphertexts(crypted), secret)
   61                 self.assertEqual(gpg._decrypt_ciphertexts(multicrypted), multisecret)
   62             with patch(
   63                 "salt.renderers.gpg.Popen", MagicMock(return_value=GPGNotDecrypt())
   64             ):
   65                 self.assertEqual(gpg._decrypt_ciphertexts(crypted), crypted)
   66                 self.assertEqual(gpg._decrypt_ciphertexts(multicrypted), multicrypted)
   67 
   68     def test__decrypt_object(self):
   69         """
   70         test _decrypt_object
   71         """
   72         secret = "Use more salt."
   73         crypted = "-----BEGIN PGP MESSAGE-----!@#$%^&*()_+-----END PGP MESSAGE-----"
   74 
   75         secret_map = {"secret": secret}
   76         crypted_map = {"secret": crypted}
   77 
   78         secret_list = [secret]
   79         crypted_list = [crypted]
   80 
   81         with patch(
   82             "salt.renderers.gpg._decrypt_ciphertext", MagicMock(return_value=secret)
   83         ):
   84             self.assertEqual(gpg._decrypt_object(secret), secret)
   85             self.assertEqual(gpg._decrypt_object(crypted), secret)
   86             self.assertEqual(gpg._decrypt_object(crypted_map), secret_map)
   87             self.assertEqual(gpg._decrypt_object(crypted_list), secret_list)
   88             self.assertEqual(gpg._decrypt_object(None), None)
   89 
   90     def test_render(self):
   91         """
   92         test render
   93         """
   94         key_dir = "/etc/salt/gpgkeys"
   95         secret = "Use more salt."
   96         crypted = "-----BEGIN PGP MESSAGE-----!@#$%^&*()_+"
   97 
   98         with patch("salt.renderers.gpg._get_gpg_exec", MagicMock(return_value=True)):
   99             with patch(
  100                 "salt.renderers.gpg._get_key_dir", MagicMock(return_value=key_dir)
  101             ):
  102                 with patch(
  103                     "salt.renderers.gpg._decrypt_object", MagicMock(return_value=secret)
  104                 ):
  105                     self.assertEqual(gpg.render(crypted), secret)
  106 
  107     def test_render_bytes(self):
  108         """
  109         test rendering bytes
  110         """
  111         key_dir = "/etc/salt/gpgkeys"
  112         binfo = b"User more salt."
  113 
  114         with patch("salt.renderers.gpg._get_gpg_exec", MagicMock(return_value=True)):
  115             with patch(
  116                 "salt.renderers.gpg._get_key_dir", MagicMock(return_value=key_dir)
  117             ):
  118                 self.assertEqual(gpg.render(binfo), binfo.decode())
  119 
  120     def test_multi_render(self):
  121         key_dir = "/etc/salt/gpgkeys"
  122         secret = "Use more salt."
  123         expected = "\n".join([secret] * 3)
  124         crypted = dedent(
  125             """\
  126             -----BEGIN PGP MESSAGE-----
  127             !@#$%^&*()_+
  128             -----END PGP MESSAGE-----
  129             -----BEGIN PGP MESSAGE-----
  130             !@#$%^&*()_+
  131             -----END PGP MESSAGE-----
  132             -----BEGIN PGP MESSAGE-----
  133             !@#$%^&*()_+
  134             -----END PGP MESSAGE-----
  135         """
  136         )
  137 
  138         with patch("salt.renderers.gpg._get_gpg_exec", MagicMock(return_value=True)):
  139             with patch(
  140                 "salt.renderers.gpg._get_key_dir", MagicMock(return_value=key_dir)
  141             ):
  142                 with patch(
  143                     "salt.renderers.gpg._decrypt_ciphertext",
  144                     MagicMock(return_value=secret),
  145                 ):
  146                     self.assertEqual(gpg.render(crypted), expected)
  147 
  148     def test_render_with_binary_data_should_return_binary_data(self):
  149         key_dir = "/etc/salt/gpgkeys"
  150         secret = b"Use\x8b more\x8b salt."
  151         expected = b"\n".join([secret] * 3)
  152         crypted = dedent(
  153             """\
  154             -----BEGIN PGP MESSAGE-----
  155             !@#$%^&*()_+
  156             -----END PGP MESSAGE-----
  157             -----BEGIN PGP MESSAGE-----
  158             !@#$%^&*()_+
  159             -----END PGP MESSAGE-----
  160             -----BEGIN PGP MESSAGE-----
  161             !@#$%^&*()_+
  162             -----END PGP MESSAGE-----
  163         """
  164         )
  165 
  166         with patch("salt.renderers.gpg._get_gpg_exec", MagicMock(return_value=True)):
  167             with patch(
  168                 "salt.renderers.gpg._get_key_dir", MagicMock(return_value=key_dir)
  169             ):
  170                 with patch(
  171                     "salt.renderers.gpg._decrypt_ciphertext",
  172                     MagicMock(return_value=secret),
  173                 ):
  174                     self.assertEqual(gpg.render(crypted, encoding="utf-8"), expected)
  175 
  176     def test_render_with_translate_newlines_should_translate_newlines(self):
  177         key_dir = "/etc/salt/gpgkeys"
  178         secret = b"Use\x8b more\x8b salt."
  179         expected = b"\n\n".join([secret] * 3)
  180         crypted = dedent(
  181             """\
  182             -----BEGIN PGP MESSAGE-----
  183             !@#$%^&*()_+
  184             -----END PGP MESSAGE-----\\n
  185             -----BEGIN PGP MESSAGE-----
  186             !@#$%^&*()_+
  187             -----END PGP MESSAGE-----\\n
  188             -----BEGIN PGP MESSAGE-----
  189             !@#$%^&*()_+
  190             -----END PGP MESSAGE-----
  191         """
  192         )
  193 
  194         with patch("salt.renderers.gpg._get_gpg_exec", MagicMock(return_value=True)):
  195             with patch(
  196                 "salt.renderers.gpg._get_key_dir", MagicMock(return_value=key_dir)
  197             ):
  198                 with patch(
  199                     "salt.renderers.gpg._decrypt_ciphertext",
  200                     MagicMock(return_value=secret),
  201                 ):
  202                     self.assertEqual(
  203                         gpg.render(crypted, translate_newlines=True, encoding="utf-8"),
  204                         expected,
  205                     )
  206 
  207     def test_render_without_cache(self):
  208         key_dir = "/etc/salt/gpgkeys"
  209         secret = "Use more salt."
  210         expected = "\n".join([secret] * 3)
  211         crypted = dedent(
  212             """\
  213             -----BEGIN PGP MESSAGE-----
  214             !@#$%^&*()_+
  215             -----END PGP MESSAGE-----
  216             -----BEGIN PGP MESSAGE-----
  217             !@#$%^&*()_+
  218             -----END PGP MESSAGE-----
  219             -----BEGIN PGP MESSAGE-----
  220             !@#$%^&*()_+
  221             -----END PGP MESSAGE-----
  222         """
  223         )
  224 
  225         with patch("salt.renderers.gpg.Popen") as popen_mock:
  226             popen_mock.return_value = Mock(
  227                 communicate=lambda *args, **kwargs: (secret, None),
  228             )
  229             with patch(
  230                 "salt.renderers.gpg._get_gpg_exec",
  231                 MagicMock(return_value="/usr/bin/gpg"),
  232             ):
  233                 with patch(
  234                     "salt.renderers.gpg._get_key_dir", MagicMock(return_value=key_dir)
  235                 ):
  236                     self.assertEqual(gpg.render(crypted), expected)
  237                     gpg_call = call(
  238                         [
  239                             "/usr/bin/gpg",
  240                             "--homedir",
  241                             "/etc/salt/gpgkeys",
  242                             "--status-fd",
  243                             "2",
  244                             "--no-tty",
  245                             "-d",
  246                         ],
  247                         shell=False,
  248                         stderr=PIPE,
  249                         stdin=PIPE,
  250                         stdout=PIPE,
  251                     )
  252                     popen_mock.assert_has_calls([gpg_call] * 3)
  253 
  254     def test_render_with_cache(self):
  255         key_dir = "/etc/salt/gpgkeys"
  256         secret = "Use more salt."
  257         expected = "\n".join([secret] * 3)
  258         crypted = dedent(
  259             """\
  260             -----BEGIN PGP MESSAGE-----
  261             !@#$%^&*()_+
  262             -----END PGP MESSAGE-----
  263             -----BEGIN PGP MESSAGE-----
  264             !@#$%^&*()_+
  265             -----END PGP MESSAGE-----
  266             -----BEGIN PGP MESSAGE-----
  267             !@#$%^&*()_+
  268             -----END PGP MESSAGE-----
  269         """
  270         )
  271 
  272         minion_opts = self.get_temp_config("minion", gpg_cache=True)
  273         with patch.dict(gpg.__opts__, minion_opts):
  274             with patch("salt.renderers.gpg.Popen") as popen_mock:
  275                 popen_mock.return_value = Mock(
  276                     communicate=lambda *args, **kwargs: (secret, None),
  277                 )
  278                 with patch(
  279                     "salt.renderers.gpg._get_gpg_exec",
  280                     MagicMock(return_value="/usr/bin/gpg"),
  281                 ):
  282                     with patch(
  283                         "salt.renderers.gpg._get_key_dir",
  284                         MagicMock(return_value=key_dir),
  285                     ):
  286                         with patch(
  287                             "salt.utils.atomicfile.atomic_open", MagicMock(),
  288                         ) as atomic_open_mock:
  289                             self.assertEqual(gpg.render(crypted), expected)
  290                             gpg_call = call(
  291                                 [
  292                                     "/usr/bin/gpg",
  293                                     "--homedir",
  294                                     "/etc/salt/gpgkeys",
  295                                     "--status-fd",
  296                                     "2",
  297                                     "--no-tty",
  298                                     "-d",
  299                                 ],
  300                                 shell=False,
  301                                 stderr=PIPE,
  302                                 stdin=PIPE,
  303                                 stdout=PIPE,
  304                             )
  305                             popen_mock.assert_has_calls([gpg_call] * 1)
  306                             atomic_open_mock.assert_has_calls(
  307                                 [
  308                                     call(
  309                                         os.path.join(
  310                                             minion_opts["cachedir"], "gpg_cache"
  311                                         ),
  312                                         "wb+",
  313                                     )
  314                                 ]
  315                             )