URGENT Fix for decryption

This patch fixes a critical bug in decryption which prevents the
decrypted data from being output and adds a unit test to ensure the
output is being generated.

Change-Id: Ica791cd9d309dfff254fe7e35023d130b3d63153
This commit is contained in:
Lev Morgan 2019-03-05 17:56:15 -06:00 committed by Stacey Fletcher
parent 0252b71750
commit 50ce7a02e0
2 changed files with 12 additions and 10 deletions

View File

@ -529,7 +529,7 @@ def encrypt(*, save_location, author, site_name):
def decrypt(*, file_name, site_name): def decrypt(*, file_name, site_name):
engine.repository.process_repositories(site_name) engine.repository.process_repositories(site_name)
engine.secrets.decrypt(file_name, site_name) click.echo(engine.secrets.decrypt(file_name, site_name))
@main.group(help="Miscellaneous generate commands") @main.group(help="Miscellaneous generate commands")

View File

@ -516,24 +516,20 @@ class TestSiteSecretsActions(BaseCLIActionTest):
"PEGLEG_PASSPHRASE": "123456789012345678901234567890", "PEGLEG_PASSPHRASE": "123456789012345678901234567890",
"PEGLEG_SALT": "123456" "PEGLEG_SALT": "123456"
}) })
def test_site_secrets_encrypt_local_repo_path(self): def test_site_secrets_encrypt_and_decrypt_local_repo_path(self):
"""Validates ``generate-pki`` action using local repo path.""" """Validates ``generate-pki`` action using local repo path."""
# Scenario: # Scenario:
# #
# 1) Encrypt a file in a local repo # 1) Encrypt a file in a local repo
repo_path = self.treasuremap_path repo_path = self.treasuremap_path
with open(os.path.join(repo_path, "site", "airship-seaworthy", file_path = os.path.join(repo_path, "site", "airship-seaworthy",
"secrets", "passphrases", "ceph_fsid.yaml"), "secrets", "passphrases", "ceph_fsid.yaml")
"r") \ with open(file_path, "r") as ceph_fsid_fi:
as ceph_fsid_fi:
ceph_fsid = yaml.load(ceph_fsid_fi) ceph_fsid = yaml.load(ceph_fsid_fi)
ceph_fsid["metadata"]["storagePolicy"] = "encrypted" ceph_fsid["metadata"]["storagePolicy"] = "encrypted"
with open(os.path.join(repo_path, "site", "airship-seaworthy", with open(file_path, "w") as ceph_fsid_fi:
"secrets", "passphrases", "ceph_fsid.yaml"),
"w") \
as ceph_fsid_fi:
yaml.dump(ceph_fsid, ceph_fsid_fi) yaml.dump(ceph_fsid, ceph_fsid_fi)
secrets_opts = ['secrets', 'encrypt', '-a', 'test', self.site_name] secrets_opts = ['secrets', 'encrypt', '-a', 'test', self.site_name]
@ -549,6 +545,12 @@ class TestSiteSecretsActions(BaseCLIActionTest):
assert "encrypted" in ceph_fsid["data"] assert "encrypted" in ceph_fsid["data"]
assert "managedDocument" in ceph_fsid["data"] assert "managedDocument" in ceph_fsid["data"]
relative_file_path = os.path.join("secrets", "passphrases",
"ceph_fsid.yaml")
secrets_opts = ['secrets', 'decrypt', '-f', relative_file_path,
self.site_name]
result = self.runner.invoke(cli.site, ['-r', repo_path] + secrets_opts)
assert result.exit_code == 0, result.output
class TestTypeCliActions(BaseCLIActionTest): class TestTypeCliActions(BaseCLIActionTest):
"""Tests type-level CLI actions.""" """Tests type-level CLI actions."""