Fix error for invalid auth_encryption_key

cryptography module throws an InvalidToken exception that does not have any error message. Change-Id: Ied520cd9ff60032fad1ae13e4a81dad6847d82ab Closes-Bug: #1711047
2017-08-16 12:02:56 +05:30 · 2017-08-16 12:02:56 +05:30 · 46adb6649d
parent 8eb4b57747
commit 46adb6649d
4 changed files with 25 additions and 1 deletions
--- a/heat/api/middleware/fault.py
+++ b/heat/api/middleware/fault.py
@ -77,6 +77,7 @@ class FaultWrapper(wsgi.Middleware):
        'StopActionFailed': webob.exc.HTTPInternalServerError,
        'EventSendFailed': webob.exc.HTTPInternalServerError,
        'ServerBuildFailed': webob.exc.HTTPInternalServerError,
+        'InvalidEncryptionKey': webob.exc.HTTPInternalServerError,
        'NotSupported': webob.exc.HTTPBadRequest,
        'MissingCredentialError': webob.exc.HTTPBadRequest,
        'UserParameterMissing': webob.exc.HTTPBadRequest,
--- a/heat/common/crypt.py
+++ b/heat/common/crypt.py
@ -21,6 +21,7 @@ from oslo_serialization import jsonutils
 from oslo_utils import encodeutils
 from oslo_utils import importutils

+from heat.common import exception
 from heat.common.i18n import _

 auth_opts = [
@ -128,7 +129,10 @@ def cryptography_decrypt_v1(value, encryption_key=None):
    encryption_key = get_valid_encryption_key(encryption_key, fix_length=True)
    encoded_key = base64.b64encode(encryption_key.encode('utf-8'))
    sym = fernet.Fernet(encoded_key)
+    try:
        return sym.decrypt(encodeutils.safe_encode(value))
+    except fernet.InvalidToken:
+        raise exception.InvalidEncryptionKey()


 def get_valid_encryption_key(encryption_key, fix_length=False):
--- a/heat/common/exception.py
+++ b/heat/common/exception.py
@ -161,6 +161,11 @@ class TemplateOutputError(HeatException):
    msg_fmt = _('Error in %(resource)s output %(attribute)s: %(message)s')


+class InvalidEncryptionKey(HeatException):
+    msg_fmt = _('Can not decrypt data with the auth_encryption_key'
+                ' in heat config.')
+
+
 class InvalidExternalResourceDependency(HeatException):
    msg_fmt = _("Invalid dependency with external %(resource_type)s "
                "resource: %(external_id)s")
--- a/heat/tests/test_crypt.py
+++ b/heat/tests/test_crypt.py
@ -60,3 +60,17 @@ class CryptTest(common.HeatTestCase):

    def test_encrypt_decrypt_dict_default_enc_key(self):
        self._test_encrypt_decrypt_dict()
+
+    def test_decrypt_dict_invalid_key(self):
+        data = {'p1': u'happy',
+                '2': [u'a', u'little', u'blue'],
+                '6': 7}
+        encrypted_data = crypt.encrypted_dict(
+            data, '767c3ed056cbaa3b9dfedb8c6f825bf0')
+        ex = self.assertRaises(exception.InvalidEncryptionKey,
+                               crypt.decrypted_dict,
+                               encrypted_data,
+                               '767c3ed056cbaa3b9dfedb8c6f825bf1')
+        self.assertEqual('Can not decrypt data with the auth_encryption_key '
+                         'in heat config.',
+                         six.text_type(ex))