1
1
import os
2
2
import uuid
3
3
4
+ import keyring
4
5
import pytest
6
+ import yaml
5
7
6
- from user_sync .credentials import *
7
- from user_sync .error import AssertionException
8
+ from tests .util import update_dict
9
+ from user_sync import encryption
10
+ from user_sync .credentials import CredentialConfig , CredentialManager , Key , LdapCredentialConfig , UmapiCredentialConfig
8
11
9
12
10
13
@pytest .fixture
@@ -17,6 +20,19 @@ def ldap_config_file(fixture_dir):
17
20
return os .path .join (fixture_dir , 'connector-ldap.yml' )
18
21
19
22
23
+ @pytest .fixture
24
+ def modify_umapi_config (tmp_config_files ):
25
+ (_ , _ , umapi_config_file ) = tmp_config_files
26
+
27
+ def _modify_umapi_config (keys , val ):
28
+ conf = yaml .safe_load (open (umapi_config_file ))
29
+ conf = update_dict (conf , keys , val )
30
+ yaml .dump (conf , open (umapi_config_file , 'w' ))
31
+
32
+ return umapi_config_file
33
+ return _modify_umapi_config
34
+
35
+
20
36
def test_nested_set (ldap_config_file ):
21
37
c = CredentialConfig (ldap_config_file )
22
38
c .set_nested_key (['password' ], {'secure' : 'somethingverysecure' })
@@ -27,37 +43,37 @@ def test_nested_set(ldap_config_file):
27
43
def test_retrieve_ldap_creds_valid (tmp_config_files ):
28
44
(_ , ldap_config_file , _ ) = tmp_config_files
29
45
c = CredentialConfig (ldap_config_file )
30
- key_list = ['password' ]
31
- plaintext_cred = c .get_nested_key (key_list )
32
- c .store_key (key_list )
33
- retrieved_plaintext_cred = c .retrieve_key (key_list )
46
+ key = Key ( ['password' ])
47
+ plaintext_cred = c .get_nested_key (key . key_path )
48
+ c .store_key (key )
49
+ retrieved_plaintext_cred = c .retrieve_key (key )
34
50
assert retrieved_plaintext_cred == plaintext_cred
35
51
36
52
37
53
def test_retrieve_ldap_creds_invalid (tmp_config_files ):
38
54
(_ , ldap_config_file , _ ) = tmp_config_files
39
55
c = CredentialConfig (ldap_config_file )
40
- key_list = ['password' ]
56
+ key = Key ( ['password' ])
41
57
# if store_key has not been called previously, retrieve_key returns None
42
- assert c .retrieve_key (key_list ) is None
58
+ assert c .retrieve_key (key ) is None
43
59
44
60
45
61
def test_revert_valid (tmp_config_files ):
46
62
(_ , ldap_config_file , _ ) = tmp_config_files
47
63
c = CredentialConfig (ldap_config_file )
48
- key_list = ['password' ]
49
- plaintext_cred = c .get_nested_key (key_list )
50
- c .store_key (key_list )
51
- reverted_plaintext_cred = c .revert_key (key_list )
64
+ key = Key ( ['password' ])
65
+ plaintext_cred = c .get_nested_key (key . key_path )
66
+ c .store_key (key )
67
+ reverted_plaintext_cred = c .revert_key (key )
52
68
assert reverted_plaintext_cred == plaintext_cred
53
69
54
70
55
71
def test_revert_invalid (tmp_config_files ):
56
72
(_ , ldap_config_file , _ ) = tmp_config_files
57
73
c = CredentialConfig (ldap_config_file )
58
- key_list = ['password' ]
74
+ key = Key ( ['password' ])
59
75
# assume store_key has not been called
60
- assert c .revert_key (key_list ) is None
76
+ assert c .revert_key (key ) is None
61
77
62
78
63
79
def test_retrieve_revert_ldap_valid (tmp_config_files ):
@@ -84,20 +100,18 @@ def test_retrieve_revert_ldap_invalid(tmp_config_files):
84
100
# if store has not been previously called before retrieve and revert we can expect the following
85
101
retrieved_key_dict = ldap .retrieve ()
86
102
assert retrieved_key_dict == {}
87
-
88
103
creds = ldap .revert ()
89
104
assert creds == {}
90
105
91
106
92
-
93
- def test_retrieve_revert_umapi_valid (tmp_config_files ):
94
- (_ , _ , umapi_config_file ) = tmp_config_files
95
- umapi = UmapiCredentialConfig (umapi_config_file )
107
+ def test_retrieve_revert_umapi_valid (private_key , modify_umapi_config ):
108
+ umapi_config_file = modify_umapi_config (['enterprise' , 'priv_key_path' ], private_key )
109
+ umapi = UmapiCredentialConfig (umapi_config_file , auto = True )
96
110
# Using the api_key for assertions. The rest can be added in later if deemed necessary
97
111
assert not umapi .parse_secure_key (umapi .get_nested_key (['enterprise' , 'client_id' ]))
98
112
unsecured_api_key = umapi .get_nested_key (['enterprise' , 'client_id' ])
99
113
umapi .store ()
100
- with open (umapi_config_file ) as f :
114
+ with open (umapi_config_file , 'r' ) as f :
101
115
data = yaml .load (f )
102
116
assert umapi .parse_secure_key (data ['enterprise' ]['client_id' ])
103
117
retrieved_key_dict = umapi .retrieve ()
@@ -108,9 +122,10 @@ def test_retrieve_revert_umapi_valid(tmp_config_files):
108
122
assert data ['enterprise' ]['client_id' ] == unsecured_api_key
109
123
110
124
111
- def test_credman_retrieve_revert_valid (tmp_config_files ):
112
- (root_config_file , ldap_config_file , umapi_config_file ) = tmp_config_files
113
- credman = CredentialManager (root_config_file )
125
+ def test_credman_retrieve_revert_valid (tmp_config_files , private_key , modify_umapi_config ):
126
+ (root_config_file , ldap_config_file , _ ) = tmp_config_files
127
+ umapi_config_file = modify_umapi_config (['enterprise' , 'priv_key_path' ], private_key )
128
+ credman = CredentialManager (root_config_file , auto = True )
114
129
with open (ldap_config_file ) as f :
115
130
data = yaml .load (f )
116
131
plaintext_ldap_password = data ['password' ]
@@ -137,8 +152,9 @@ def test_credman_retrieve_revert_valid(tmp_config_files):
137
152
assert data ['enterprise' ]['client_id' ] == plaintext_umapi_api_key
138
153
139
154
140
- def test_credman_retrieve_revert_invalid (tmp_config_files ):
141
- (root_config_file , ldap_config_file , umapi_config_file ) = tmp_config_files
155
+ def test_credman_retrieve_revert_invalid (tmp_config_files , private_key , modify_umapi_config ):
156
+ (root_config_file , ldap_config_file , _ ) = tmp_config_files
157
+ umapi_config_file = modify_umapi_config (['enterprise' , 'priv_key_path' ], private_key )
142
158
credman = CredentialManager (root_config_file )
143
159
# if credman.store() has not been called first then we can expect the following
144
160
retrieved_creds = credman .retrieve ()
@@ -147,7 +163,6 @@ def test_credman_retrieve_revert_invalid(tmp_config_files):
147
163
assert creds == {}
148
164
149
165
150
-
151
166
def test_set ():
152
167
identifier = 'TestId'
153
168
value = 'TestValue'
@@ -170,7 +185,7 @@ def test_set_long():
170
185
value = "" .join ([str (uuid .uuid4 ()) for x in range (500 )])
171
186
172
187
if isinstance (keyring .get_keyring (), keyring .backends .Windows .WinVaultKeyring ):
173
- with pytest .raises (AssertionException ):
188
+ with pytest .raises (Exception ):
174
189
cm .set (identifier , value )
175
190
else :
176
191
cm .set (identifier , value )
@@ -189,7 +204,8 @@ def test_get_not_valid():
189
204
def test_config_store (tmp_config_files ):
190
205
(_ , ldap_config_file , _ ) = tmp_config_files
191
206
ldap = LdapCredentialConfig (ldap_config_file )
192
- assert not ldap .parse_secure_key (ldap .get_nested_key (['password' ]))
207
+ key = Key (['password' ])
208
+ assert not ldap .parse_secure_key (ldap .get_nested_key (key .key_path ))
193
209
ldap .store ()
194
210
with open (ldap_config_file ) as f :
195
211
data = yaml .load (f )
@@ -199,14 +215,52 @@ def test_config_store(tmp_config_files):
199
215
def test_config_store_key (tmp_config_files ):
200
216
(_ , ldap_config_file , _ ) = tmp_config_files
201
217
ldap = LdapCredentialConfig (ldap_config_file )
202
- assert not ldap .parse_secure_key (ldap .get_nested_key (['password' ]))
203
- ldap .store_key (['password' ])
204
- assert ldap .parse_secure_key (ldap .get_nested_key (['password' ]))
218
+ key = Key (['password' ])
219
+ assert not ldap .parse_secure_key (ldap .get_nested_key (key .key_path ))
220
+ ldap .store_key (key )
221
+ assert ldap .parse_secure_key (ldap .get_nested_key (key .key_path ))
205
222
206
223
207
224
def test_config_store_key_none (tmp_config_files ):
208
225
(_ , ldap_config_file , _ ) = tmp_config_files
209
226
ldap = LdapCredentialConfig (ldap_config_file )
210
- ldap .set_nested_key (['password' ], [])
211
- with pytest .raises (AssertionException ):
212
- ldap .store_key (['password' ])
227
+ key = Key (['password' ])
228
+ ldap .set_nested_key (key .key_path , [])
229
+ assert ldap .store_key (key ) is None
230
+
231
+
232
+ def test_credman_encrypt_decrypt_key_path (tmp_config_files , private_key , modify_umapi_config ):
233
+ (root_config_file , ldap_config_file , _ ) = tmp_config_files
234
+ umapi_config_file = modify_umapi_config (['enterprise' , 'priv_key_path' ], private_key )
235
+ credman = CredentialManager (root_config_file , auto = True )
236
+ with open (private_key ) as f :
237
+ key_data = f .read ()
238
+ assert encryption .is_encryptable (key_data )
239
+ credman .store ()
240
+ with open (private_key ) as f :
241
+ key_data = f .read ()
242
+ assert not encryption .is_encryptable (key_data )
243
+ credman .revert ()
244
+ with open (private_key ) as f :
245
+ key_data = f .read ()
246
+ assert encryption .is_encryptable (key_data )
247
+
248
+
249
+ def test_credman_encrypt_decrypt_key_data (tmp_config_files , private_key , modify_umapi_config ):
250
+ (root_config_file , ldap_config_file , _ ) = tmp_config_files
251
+ umapi_config_file = modify_umapi_config (['enterprise' , 'priv_key_path' ], None )
252
+ with open (private_key ) as f :
253
+ key_data = f .read ()
254
+ umapi_config_file = modify_umapi_config (['enterprise' , 'priv_key_data' ], key_data )
255
+ credman = CredentialManager (root_config_file , auto = True )
256
+ with open (umapi_config_file ) as f :
257
+ umapi_dict = yaml .load (f )
258
+ assert encryption .is_encryptable (umapi_dict ['enterprise' ]['priv_key_data' ])
259
+ credman .store ()
260
+ with open (umapi_config_file ) as f :
261
+ umapi_dict = yaml .load (f )
262
+ assert not encryption .is_encryptable (umapi_dict ['enterprise' ]['priv_key_data' ])
263
+ credman .revert ()
264
+ with open (umapi_config_file ) as f :
265
+ umapi_dict = yaml .load (f )
266
+ assert encryption .is_encryptable (umapi_dict ['enterprise' ]['priv_key_data' ])
0 commit comments