Fix error for invalid auth_encryption_key
cryptography module throws an InvalidToken exception that does not have any error message. Change-Id: Ied520cd9ff60032fad1ae13e4a81dad6847d82ab Closes-Bug: #1711047
This commit is contained in:
parent
8eb4b57747
commit
46adb6649d
|
@ -77,6 +77,7 @@ class FaultWrapper(wsgi.Middleware):
|
||||||
'StopActionFailed': webob.exc.HTTPInternalServerError,
|
'StopActionFailed': webob.exc.HTTPInternalServerError,
|
||||||
'EventSendFailed': webob.exc.HTTPInternalServerError,
|
'EventSendFailed': webob.exc.HTTPInternalServerError,
|
||||||
'ServerBuildFailed': webob.exc.HTTPInternalServerError,
|
'ServerBuildFailed': webob.exc.HTTPInternalServerError,
|
||||||
|
'InvalidEncryptionKey': webob.exc.HTTPInternalServerError,
|
||||||
'NotSupported': webob.exc.HTTPBadRequest,
|
'NotSupported': webob.exc.HTTPBadRequest,
|
||||||
'MissingCredentialError': webob.exc.HTTPBadRequest,
|
'MissingCredentialError': webob.exc.HTTPBadRequest,
|
||||||
'UserParameterMissing': webob.exc.HTTPBadRequest,
|
'UserParameterMissing': webob.exc.HTTPBadRequest,
|
||||||
|
|
|
@ -21,6 +21,7 @@ from oslo_serialization import jsonutils
|
||||||
from oslo_utils import encodeutils
|
from oslo_utils import encodeutils
|
||||||
from oslo_utils import importutils
|
from oslo_utils import importutils
|
||||||
|
|
||||||
|
from heat.common import exception
|
||||||
from heat.common.i18n import _
|
from heat.common.i18n import _
|
||||||
|
|
||||||
auth_opts = [
|
auth_opts = [
|
||||||
|
@ -128,7 +129,10 @@ def cryptography_decrypt_v1(value, encryption_key=None):
|
||||||
encryption_key = get_valid_encryption_key(encryption_key, fix_length=True)
|
encryption_key = get_valid_encryption_key(encryption_key, fix_length=True)
|
||||||
encoded_key = base64.b64encode(encryption_key.encode('utf-8'))
|
encoded_key = base64.b64encode(encryption_key.encode('utf-8'))
|
||||||
sym = fernet.Fernet(encoded_key)
|
sym = fernet.Fernet(encoded_key)
|
||||||
return sym.decrypt(encodeutils.safe_encode(value))
|
try:
|
||||||
|
return sym.decrypt(encodeutils.safe_encode(value))
|
||||||
|
except fernet.InvalidToken:
|
||||||
|
raise exception.InvalidEncryptionKey()
|
||||||
|
|
||||||
|
|
||||||
def get_valid_encryption_key(encryption_key, fix_length=False):
|
def get_valid_encryption_key(encryption_key, fix_length=False):
|
||||||
|
|
|
@ -161,6 +161,11 @@ class TemplateOutputError(HeatException):
|
||||||
msg_fmt = _('Error in %(resource)s output %(attribute)s: %(message)s')
|
msg_fmt = _('Error in %(resource)s output %(attribute)s: %(message)s')
|
||||||
|
|
||||||
|
|
||||||
|
class InvalidEncryptionKey(HeatException):
|
||||||
|
msg_fmt = _('Can not decrypt data with the auth_encryption_key'
|
||||||
|
' in heat config.')
|
||||||
|
|
||||||
|
|
||||||
class InvalidExternalResourceDependency(HeatException):
|
class InvalidExternalResourceDependency(HeatException):
|
||||||
msg_fmt = _("Invalid dependency with external %(resource_type)s "
|
msg_fmt = _("Invalid dependency with external %(resource_type)s "
|
||||||
"resource: %(external_id)s")
|
"resource: %(external_id)s")
|
||||||
|
|
|
@ -60,3 +60,17 @@ class CryptTest(common.HeatTestCase):
|
||||||
|
|
||||||
def test_encrypt_decrypt_dict_default_enc_key(self):
|
def test_encrypt_decrypt_dict_default_enc_key(self):
|
||||||
self._test_encrypt_decrypt_dict()
|
self._test_encrypt_decrypt_dict()
|
||||||
|
|
||||||
|
def test_decrypt_dict_invalid_key(self):
|
||||||
|
data = {'p1': u'happy',
|
||||||
|
'2': [u'a', u'little', u'blue'],
|
||||||
|
'6': 7}
|
||||||
|
encrypted_data = crypt.encrypted_dict(
|
||||||
|
data, '767c3ed056cbaa3b9dfedb8c6f825bf0')
|
||||||
|
ex = self.assertRaises(exception.InvalidEncryptionKey,
|
||||||
|
crypt.decrypted_dict,
|
||||||
|
encrypted_data,
|
||||||
|
'767c3ed056cbaa3b9dfedb8c6f825bf1')
|
||||||
|
self.assertEqual('Can not decrypt data with the auth_encryption_key '
|
||||||
|
'in heat config.',
|
||||||
|
six.text_type(ex))
|
||||||
|
|
Loading…
Reference in New Issue