airship
/
pegleg
Code Issues Proposed changes

Merge "Fix exception handling and add tests"

This commit is contained in:
Zuul 2019-02-28 21:53:33 +00:00 committed by Gerrit Code Review
parent 2596e7c840 aa241081c9
commit 566c792658
5 changed files with 59 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
pegleg/engine/util/encryption.py
View File

@ -15,8 +15,7 @@
import base64 import base64
import logging import logging
from cryptography.exceptions import InvalidSignature from cryptography import fernet
from cryptography.fernet import Fernet
from cryptography.hazmat.backends import default_backend from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
@ -57,8 +56,8 @@ def encrypt(unencrypted_data,
:rtype: bytes :rtype: bytes
""" """
return Fernet(_generate_key(passphrase, salt, key_length, return fernet.Fernet(_generate_key(
iterations)).encrypt(unencrypted_data) passphrase, salt, key_length, iterations)).encrypt(unencrypted_data)
def decrypt(encrypted_data, def decrypt(encrypted_data,
@ -88,14 +87,14 @@ def decrypt(encrypted_data,
:type iterations: positive integer. :type iterations: positive integer.
:return: Decrypted secret data :return: Decrypted secret data
:rtype: bytes :rtype: bytes
:raises InvalidSignature: If the provided passphrase, and/or :raises InvalidToken: If the provided passphrase, and/or
salt does not match the values used to encrypt the data. salt does not match the values used to encrypt the data.
""" """
try: try:
return Fernet(_generate_key(passphrase, salt, key_length, return fernet.Fernet(_generate_key(
iterations)).decrypt(encrypted_data) passphrase, salt, key_length, iterations)).decrypt(encrypted_data)
except InvalidSignature: except fernet.InvalidToken:
LOG.error('Signature verification to decrypt secrets failed. Please ' LOG.error('Signature verification to decrypt secrets failed. Please '
'check your provided passphrase and salt and try again.') 'check your provided passphrase and salt and try again.')
raise raise

1
test-requirements.txt
View File

@ -1,6 +1,7 @@
# Testing # Testing
pytest==3.2.1 pytest==3.2.1
pytest-cov==2.5.1 pytest-cov==2.5.1
testfixtures
mock==2.0.0 mock==2.0.0
# Formatting # Formatting

24
tests/unit/engine/test_generate_cryptostring.py
View File

@ -14,9 +14,13 @@
import os import os
import tempfile import tempfile
import uuid
from cryptography import fernet
import mock import mock
import pytest
import string import string
from testfixtures import log_capture
import yaml import yaml
from pegleg.engine.util.cryptostring import CryptoString from pegleg.engine.util.cryptostring import CryptoString
@ -176,3 +180,23 @@ def test_generate_passphrases(*_):
assert len(decrypted_passphrase) == 25 assert len(decrypted_passphrase) == 25
else: else:
assert len(decrypted_passphrase) == 24 assert len(decrypted_passphrase) == 24
@log_capture()
def test_generate_passphrases_exception(capture):
unenc_data = uuid.uuid4().bytes
passphrase1 = uuid.uuid4().bytes
passphrase2 = uuid.uuid4().bytes
salt1 = uuid.uuid4().bytes
salt2 = uuid.uuid4().bytes
# Generate random data and encrypt it
enc_data = encryption.encrypt(unenc_data, passphrase1, salt1)
# Decrypt using the wrong key to see to see the InvalidToken error
with pytest.raises(fernet.InvalidToken):
encryption.decrypt(enc_data, passphrase2, salt2)
capture.check(('pegleg.engine.util.encryption', 'ERROR',
('Signature verification to decrypt secrets failed. '
'Please check your provided passphrase and salt and '
'try again.')))

26
tests/unit/test_exceptions.py Normal file
View File

@ -0,0 +1,26 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import logging
import pytest
from testfixtures import log_capture
from pegleg.engine import exceptions as exc
@log_capture()
def test_exception_with_missing_kwargs(capture):
message = 'Testing missing kwargs exception with {text}'
with pytest.raises(exc.PeglegBaseException):
raise exc.PeglegBaseException(message=message, key="value")
capture.check(('pegleg.engine.exceptions', 'WARNING', 'Missing kwargs'))

2
tox.ini
View File

@ -60,7 +60,7 @@ commands =
{toxinidir}/tools/install-cfssl.sh {toxinidir}/tools/install-cfssl.sh
bash -c 'PATH=$PATH:~/.local/bin; pytest --cov=pegleg --cov-report \ bash -c 'PATH=$PATH:~/.local/bin; pytest --cov=pegleg --cov-report \
html:cover --cov-report xml:cover/coverage.xml --cov-report term \ html:cover --cov-report xml:cover/coverage.xml --cov-report term \
--cov-fail-under 84 tests/' --cov-fail-under 86 tests/'
whitelist_externals = whitelist_externals =
bash bash