145 lines
4.4 KiB
Python
145 lines
4.4 KiB
Python
# Copyright 2018 AT&T Intellectual Property. All other rights reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
import logging
|
|
import os
|
|
|
|
import mock
|
|
import pytest
|
|
import yaml
|
|
|
|
from pegleg import config
|
|
from pegleg.engine import bundle
|
|
from pegleg.engine.exceptions import GenesisBundleEncryptionException
|
|
from pegleg.engine.exceptions import GenesisBundleGenerateException
|
|
from pegleg.engine.util import files
|
|
from pegleg.engine.util.pegleg_secret_management import ENV_PASSPHRASE
|
|
from pegleg.engine.util.pegleg_secret_management import ENV_SALT
|
|
|
|
from tests.unit.fixtures import temp_path
|
|
|
|
SITE_DEFINITION = """
|
|
---
|
|
# High-level pegleg site definition file
|
|
schema: pegleg/SiteDefinition/v1
|
|
metadata:
|
|
schema: metadata/Document/v1
|
|
layeringDefinition:
|
|
abstract: false
|
|
layer: site
|
|
# NEWSITE-CHANGEME: Replace with the site name
|
|
name: test_site
|
|
storagePolicy: cleartext
|
|
data:
|
|
# The type layer this site will delpoy with. Type layer is found in the
|
|
# type folder.
|
|
site_type: foundry
|
|
...
|
|
|
|
"""
|
|
|
|
SITE_CONFIG_DATA = """
|
|
---
|
|
schema: promenade/EncryptionPolicy/v1
|
|
metadata:
|
|
schema: metadata/Document/v1
|
|
name: encryption-policy
|
|
layeringDefinition:
|
|
abstract: false
|
|
layer: site
|
|
storagePolicy: cleartext
|
|
data:
|
|
scripts:
|
|
genesis:
|
|
gpg: {}
|
|
join:
|
|
gpg: {}
|
|
---
|
|
schema: deckhand/LayeringPolicy/v1
|
|
metadata:
|
|
schema: metadata/Control/v1
|
|
name: layering-policy
|
|
data:
|
|
layerOrder:
|
|
- global
|
|
- type
|
|
- site
|
|
---
|
|
schema: deckhand/Passphrase/v1
|
|
metadata:
|
|
schema: metadata/Document/v1
|
|
name: ceph_swift_keystone_password
|
|
layeringDefinition:
|
|
abstract: false
|
|
layer: site
|
|
storagePolicy: cleartext
|
|
data: ABAgagajajkb839215387
|
|
...
|
|
"""
|
|
|
|
|
|
@mock.patch.dict(os.environ, {
|
|
ENV_PASSPHRASE: 'ytrr89erARAiPE34692iwUMvWqqBvC',
|
|
ENV_SALT: 'MySecretSalt'
|
|
})
|
|
def test_no_encryption_key(temp_path):
|
|
# Write the test data to temp file
|
|
config_data = list(yaml.safe_load_all(SITE_CONFIG_DATA))
|
|
base_config_dir = os.path.join(temp_path, 'config_dir')
|
|
config.set_site_repo(base_config_dir)
|
|
config_dir = os.path.join(base_config_dir, 'site', 'test_site')
|
|
|
|
config_path = os.path.join(config_dir, 'config_file.yaml')
|
|
build_dir = os.path.join(temp_path, 'build_dir')
|
|
os.makedirs(config_dir)
|
|
|
|
files.write(config_path, config_data)
|
|
files.write(os.path.join(config_dir, "site-definition.yaml"),
|
|
yaml.safe_load_all(SITE_DEFINITION))
|
|
|
|
with pytest.raises(GenesisBundleEncryptionException,
|
|
match=r'.*no encryption policy or key is specified.*'):
|
|
bundle.build_genesis(build_path=build_dir,
|
|
encryption_key=None,
|
|
validators=False,
|
|
debug=logging.ERROR,
|
|
site_name="test_site")
|
|
|
|
|
|
@mock.patch.dict(os.environ, {
|
|
ENV_PASSPHRASE: 'ytrr89erARAiPE34692iwUMvWqqBvC',
|
|
ENV_SALT: 'MySecretSalt'
|
|
})
|
|
def test_failed_deckhand_validation(temp_path):
|
|
# Write the test data to temp file
|
|
config_data = list(yaml.safe_load_all(SITE_CONFIG_DATA))
|
|
base_config_dir = os.path.join(temp_path, 'config_dir')
|
|
config.set_site_repo(base_config_dir)
|
|
config_dir = os.path.join(base_config_dir, 'site', 'test_site')
|
|
|
|
config_path = os.path.join(config_dir, 'config_file.yaml')
|
|
build_dir = os.path.join(temp_path, 'build_dir')
|
|
os.makedirs(config_dir)
|
|
files.write(config_path, config_data)
|
|
files.write(os.path.join(config_dir, "site-definition.yaml"),
|
|
yaml.safe_load_all(SITE_DEFINITION))
|
|
key = 'MyverYSecretEncryptionKey382803'
|
|
with pytest.raises(GenesisBundleGenerateException,
|
|
match=r'.*failed on deckhand validation.*'):
|
|
bundle.build_genesis(build_path=build_dir,
|
|
encryption_key=key,
|
|
validators=False,
|
|
debug=logging.ERROR,
|
|
site_name="test_site")
|