Fix error for invalid auth_encryption_key

cryptography module throws an InvalidToken exception that does
not have any error message.

Change-Id: Ied520cd9ff60032fad1ae13e4a81dad6847d82ab
Closes-Bug: #1711047
changes/92/494092/2
rabi 5 years ago
parent 8eb4b57747
commit 46adb6649d
  1. 1
      heat/api/middleware/fault.py
  2. 6
      heat/common/crypt.py
  3. 5
      heat/common/exception.py
  4. 14
      heat/tests/test_crypt.py

@ -77,6 +77,7 @@ class FaultWrapper(wsgi.Middleware):
'StopActionFailed': webob.exc.HTTPInternalServerError,
'EventSendFailed': webob.exc.HTTPInternalServerError,
'ServerBuildFailed': webob.exc.HTTPInternalServerError,
'InvalidEncryptionKey': webob.exc.HTTPInternalServerError,
'NotSupported': webob.exc.HTTPBadRequest,
'MissingCredentialError': webob.exc.HTTPBadRequest,
'UserParameterMissing': webob.exc.HTTPBadRequest,

@ -21,6 +21,7 @@ from oslo_serialization import jsonutils
from oslo_utils import encodeutils
from oslo_utils import importutils
from heat.common import exception
from heat.common.i18n import _
auth_opts = [
@ -128,7 +129,10 @@ def cryptography_decrypt_v1(value, encryption_key=None):
encryption_key = get_valid_encryption_key(encryption_key, fix_length=True)
encoded_key = base64.b64encode(encryption_key.encode('utf-8'))
sym = fernet.Fernet(encoded_key)
return sym.decrypt(encodeutils.safe_encode(value))
try:
return sym.decrypt(encodeutils.safe_encode(value))
except fernet.InvalidToken:
raise exception.InvalidEncryptionKey()
def get_valid_encryption_key(encryption_key, fix_length=False):

@ -161,6 +161,11 @@ class TemplateOutputError(HeatException):
msg_fmt = _('Error in %(resource)s output %(attribute)s: %(message)s')
class InvalidEncryptionKey(HeatException):
msg_fmt = _('Can not decrypt data with the auth_encryption_key'
' in heat config.')
class InvalidExternalResourceDependency(HeatException):
msg_fmt = _("Invalid dependency with external %(resource_type)s "
"resource: %(external_id)s")

@ -60,3 +60,17 @@ class CryptTest(common.HeatTestCase):
def test_encrypt_decrypt_dict_default_enc_key(self):
self._test_encrypt_decrypt_dict()
def test_decrypt_dict_invalid_key(self):
data = {'p1': u'happy',
'2': [u'a', u'little', u'blue'],
'6': 7}
encrypted_data = crypt.encrypted_dict(
data, '767c3ed056cbaa3b9dfedb8c6f825bf0')
ex = self.assertRaises(exception.InvalidEncryptionKey,
crypt.decrypted_dict,
encrypted_data,
'767c3ed056cbaa3b9dfedb8c6f825bf1')
self.assertEqual('Can not decrypt data with the auth_encryption_key '
'in heat config.',
six.text_type(ex))

Loading…
Cancel
Save