Minor reorg of sqlalchemy encrypt test functions
Move the encrypt and decrypt inner functions to the top of the method to make it obvious that they don't rely on method scoped variables (except hidden_params_dict). Pass encrypt_value as an argument to decrypt for its assertions. Change-Id: I8f1374a91da83d8d1b86c9d75c4492319051da06 Related-Bug: #1479723
This commit is contained in:
parent
9e007acc44
commit
750d4e4df9
|
@ -3147,8 +3147,7 @@ class DBAPICryptParamsPropsTest(common.HeatTestCase):
|
||||||
|
|
||||||
return db_api.raw_template_create(self.ctx, template)
|
return db_api.raw_template_create(self.ctx, template)
|
||||||
|
|
||||||
def _test_db_encrypt_decrypt(self, batch_size=50):
|
def _test_db_encrypt_decrypt(self, template_ids, batch_size=50):
|
||||||
session = self.ctx.session
|
|
||||||
hidden_params_dict = {
|
hidden_params_dict = {
|
||||||
'param2': 'bar',
|
'param2': 'bar',
|
||||||
'param_number': '456',
|
'param_number': '456',
|
||||||
|
@ -3156,28 +3155,13 @@ class DBAPICryptParamsPropsTest(common.HeatTestCase):
|
||||||
'param_map': '{\"test\":\"json\"}',
|
'param_map': '{\"test\":\"json\"}',
|
||||||
'param_comma_list': '[\"Hola\", \"Senor\"]'}
|
'param_comma_list': '[\"Hola\", \"Senor\"]'}
|
||||||
|
|
||||||
raw_templates = session.query(models.RawTemplate).all()
|
|
||||||
self.assertNotEqual([], raw_templates)
|
|
||||||
for r_tmpl in raw_templates:
|
|
||||||
for param_name, param_value in hidden_params_dict.items():
|
|
||||||
self.assertEqual(param_value,
|
|
||||||
r_tmpl.environment['parameters'][param_name])
|
|
||||||
self.assertEqual('foo',
|
|
||||||
r_tmpl.environment['parameters']['param1'])
|
|
||||||
resources = session.query(models.Resource).all()
|
|
||||||
self.assertNotEqual([], resources)
|
|
||||||
for resource in resources:
|
|
||||||
self.assertEqual('bar1', resource.properties_data['foo1'])
|
|
||||||
|
|
||||||
def encrypt(enc_key=None):
|
def encrypt(enc_key=None):
|
||||||
if enc_key is None:
|
if enc_key is None:
|
||||||
enc_key = cfg.CONF.auth_encryption_key
|
enc_key = cfg.CONF.auth_encryption_key
|
||||||
self.assertEqual([], db_api.db_encrypt_parameters_and_properties(
|
self.assertEqual([], db_api.db_encrypt_parameters_and_properties(
|
||||||
self.ctx, enc_key, batch_size=batch_size))
|
self.ctx, enc_key, batch_size=batch_size))
|
||||||
session = self.ctx.session
|
for template_id in template_ids:
|
||||||
enc_raw_templates = session.query(models.RawTemplate).all()
|
enc_tmpl = db_api.raw_template_get(self.ctx, template_id)
|
||||||
self.assertNotEqual([], enc_raw_templates)
|
|
||||||
for enc_tmpl in enc_raw_templates:
|
|
||||||
for param_name in hidden_params_dict.keys():
|
for param_name in hidden_params_dict.keys():
|
||||||
self.assertEqual(
|
self.assertEqual(
|
||||||
'cryptography_decrypt_v1',
|
'cryptography_decrypt_v1',
|
||||||
|
@ -3188,30 +3172,20 @@ class DBAPICryptParamsPropsTest(common.HeatTestCase):
|
||||||
self.assertIsNone(
|
self.assertIsNone(
|
||||||
enc_tmpl.environment['parameters'].get('param3'))
|
enc_tmpl.environment['parameters'].get('param3'))
|
||||||
|
|
||||||
encrypt_value = enc_tmpl.environment['parameters']['param2'][1]
|
ev = enc_tmpl.environment['parameters']['param2'][1]
|
||||||
enc_resources = session.query(models.Resource).all()
|
for resource in self.resources:
|
||||||
self.assertNotEqual([], enc_resources)
|
enc_prop = db_api.resource_get(self.ctx, resource.id)
|
||||||
for enc_prop in enc_resources:
|
|
||||||
self.assertEqual('cryptography_decrypt_v1',
|
self.assertEqual('cryptography_decrypt_v1',
|
||||||
enc_prop.properties_data['foo1'][0])
|
enc_prop.properties_data['foo1'][0])
|
||||||
return encrypt_value
|
return ev
|
||||||
|
|
||||||
# Test encryption
|
def decrypt(encrypt_value, enc_key=None):
|
||||||
encrypt_value = encrypt()
|
|
||||||
|
|
||||||
# Test that encryption is idempotent
|
|
||||||
encrypt_value2 = encrypt()
|
|
||||||
self.assertEqual(encrypt_value, encrypt_value2)
|
|
||||||
|
|
||||||
def decrypt(enc_key=None):
|
|
||||||
if enc_key is None:
|
if enc_key is None:
|
||||||
enc_key = cfg.CONF.auth_encryption_key
|
enc_key = cfg.CONF.auth_encryption_key
|
||||||
self.assertEqual([], db_api.db_decrypt_parameters_and_properties(
|
self.assertEqual([], db_api.db_decrypt_parameters_and_properties(
|
||||||
self.ctx, enc_key, batch_size=batch_size))
|
self.ctx, enc_key, batch_size=batch_size))
|
||||||
session = self.ctx.session
|
for template_id in template_ids:
|
||||||
dec_templates = session.query(models.RawTemplate).all()
|
dec_tmpl = db_api.raw_template_get(self.ctx, template_id)
|
||||||
self.assertNotEqual([], dec_templates)
|
|
||||||
for dec_tmpl in dec_templates:
|
|
||||||
self.assertNotEqual(
|
self.assertNotEqual(
|
||||||
encrypt_value,
|
encrypt_value,
|
||||||
r_tmpl.environment['parameters']['param2'][1])
|
r_tmpl.environment['parameters']['param2'][1])
|
||||||
|
@ -3233,21 +3207,39 @@ class DBAPICryptParamsPropsTest(common.HeatTestCase):
|
||||||
'param3'))
|
'param3'))
|
||||||
|
|
||||||
decrypt_value = dec_tmpl.environment['parameters']['param2'][1]
|
decrypt_value = dec_tmpl.environment['parameters']['param2'][1]
|
||||||
dec_resources = session.query(models.Resource).all()
|
for resource in self.resources:
|
||||||
self.assertNotEqual([], dec_resources)
|
dec_prop = db_api.resource_get(self.ctx, resource.id)
|
||||||
for dec_prop in dec_resources:
|
|
||||||
self.assertEqual('bar1', dec_prop.properties_data['foo1'])
|
self.assertEqual('bar1', dec_prop.properties_data['foo1'])
|
||||||
return decrypt_value
|
return decrypt_value
|
||||||
|
|
||||||
|
for template_id in template_ids:
|
||||||
|
r_tmpl = db_api.raw_template_get(self.ctx, template_id)
|
||||||
|
for param_name, param_value in hidden_params_dict.items():
|
||||||
|
self.assertEqual(param_value,
|
||||||
|
r_tmpl.environment['parameters'][param_name])
|
||||||
|
self.assertEqual('foo',
|
||||||
|
r_tmpl.environment['parameters']['param1'])
|
||||||
|
for resource in self.resources:
|
||||||
|
resource = db_api.resource_get(self.ctx, resource.id)
|
||||||
|
self.assertEqual('bar1', resource.properties_data['foo1'])
|
||||||
|
|
||||||
|
# Test encryption
|
||||||
|
encrypt_value = encrypt()
|
||||||
|
|
||||||
|
# Test that encryption is idempotent
|
||||||
|
encrypt_value2 = encrypt()
|
||||||
|
self.assertEqual(encrypt_value, encrypt_value2)
|
||||||
|
|
||||||
# Test decryption
|
# Test decryption
|
||||||
decrypt_value = decrypt()
|
decrypt_value = decrypt(encrypt_value)
|
||||||
|
|
||||||
# Test that decryption is idempotent
|
# Test that decryption is idempotent
|
||||||
decrypt_value2 = decrypt()
|
decrypt_value2 = decrypt(encrypt_value)
|
||||||
|
|
||||||
# Test using a different encryption key to encrypt & decrypt
|
# Test using a different encryption key to encrypt & decrypt
|
||||||
encrypt_value3 = encrypt(enc_key='774c15be099ea74123a9b9592ff12680')
|
encrypt_value3 = encrypt(enc_key='774c15be099ea74123a9b9592ff12680')
|
||||||
decrypt_value3 = decrypt(enc_key='774c15be099ea74123a9b9592ff12680')
|
decrypt_value3 = decrypt(encrypt_value3,
|
||||||
|
enc_key='774c15be099ea74123a9b9592ff12680')
|
||||||
self.assertEqual(decrypt_value, decrypt_value2, decrypt_value3)
|
self.assertEqual(decrypt_value, decrypt_value2, decrypt_value3)
|
||||||
self.assertNotEqual(encrypt_value, decrypt_value)
|
self.assertNotEqual(encrypt_value, decrypt_value)
|
||||||
self.assertNotEqual(encrypt_value3, decrypt_value3)
|
self.assertNotEqual(encrypt_value3, decrypt_value3)
|
||||||
|
@ -3261,7 +3253,7 @@ class DBAPICryptParamsPropsTest(common.HeatTestCase):
|
||||||
"""Test encryption and decryption for single template"""
|
"""Test encryption and decryption for single template"""
|
||||||
tmpl = self._create_template()
|
tmpl = self._create_template()
|
||||||
self.addCleanup(self._delete_templates, [tmpl])
|
self.addCleanup(self._delete_templates, [tmpl])
|
||||||
self._test_db_encrypt_decrypt()
|
self._test_db_encrypt_decrypt([tmpl.id])
|
||||||
|
|
||||||
def test_db_encrypt_decrypt_in_batches(self):
|
def test_db_encrypt_decrypt_in_batches(self):
|
||||||
"""Test encryption and decryption in for several templates.
|
"""Test encryption and decryption in for several templates.
|
||||||
|
@ -3272,7 +3264,8 @@ class DBAPICryptParamsPropsTest(common.HeatTestCase):
|
||||||
tmpl1 = self._create_template()
|
tmpl1 = self._create_template()
|
||||||
tmpl2 = self._create_template()
|
tmpl2 = self._create_template()
|
||||||
self.addCleanup(self._delete_templates, [tmpl1, tmpl2])
|
self.addCleanup(self._delete_templates, [tmpl1, tmpl2])
|
||||||
self._test_db_encrypt_decrypt(batch_size=1)
|
template_ids = [tmpl1.id, tmpl2.id]
|
||||||
|
self._test_db_encrypt_decrypt(template_ids, batch_size=1)
|
||||||
|
|
||||||
def test_db_encrypt_decrypt_exception_continue(self):
|
def test_db_encrypt_decrypt_exception_continue(self):
|
||||||
"""Test that encryption and decryption proceed after an exception"""
|
"""Test that encryption and decryption proceed after an exception"""
|
||||||
|
|
Loading…
Reference in New Issue