fixed secure config handling and added test

blue-yonder · Jan 7, 2018 · cbc7f38 · cbc7f38
1 parent 44b414e
commit cbc7f38
Show file tree

Hide file tree

Showing 4 changed files with 30 additions and 6 deletions.
diff --git a/postgraas_server/configuration.py b/postgraas_server/configuration.py
@@ -16,8 +16,8 @@ def get_default_config_filename():
 
 def _load_secrets(filename='/secrets'):
     try:
-        with open(filename, 'rb') as secrets_file:
-            secrets = json.loads(secrets_file.read())
+        with open(filename, 'r') as secrets_file:
+            secrets = json.load(secrets_file)
     except IOError as e:
         if e.errno in (errno.ENOENT, errno.EISDIR):
             return {}
@@ -34,7 +34,7 @@ def get_config(config_filename=get_default_config_filename(), secrets_file='/sec
     if secrets:
         try:
             import secure_config.secrets as sec
-            parsed_dict = sec.load_secret_dict(password=password, config_dict=config_dict)
+            config = sec.load_secret_dict(password=secrets['encryption_key'], config_dict=config)
         except ImportError as e:
             logger.debug('secure_config not installed')
 

diff --git a/tests/test_unit/application_secure.cfg b/tests/test_unit/application_secure.cfg
@@ -0,0 +1,7 @@
+{
+  "metadb":
+    {
+        "db_name": "postgraas",
+        "db_password": "$SECRET;0.1;AES256|613839656430373831386237333266306163376563343632663138346163323162333830333861666263326330663238346361666165313266373363316236370a613135396239326632663739376364313466616535333733626165333738303166303761366132633033346433376263393734643132336432393764623465330a65353264343035353236643533303464333561393637643966663165663739656130613435366564383065303834303066613338353631663430613061623833"
+    }
+}
diff --git a/tests/test_unit/secret_file.json b/tests/test_unit/secret_file.json
@@ -0,0 +1,3 @@
+{
+  "encryption_key": "v3rys3cur3"
+}
diff --git a/tests/test_unit/test_configuration.py b/tests/test_unit/test_configuration.py
@@ -5,8 +5,14 @@
     from io import StringIO
 import json
 
-import postgraas_server.configuration as cf
+try:
+    import secure_config.secrets
+    HAS_SECURE_CONFIG=True
+except ImportError:
+    HAS_SECURE_CONFIG = False
 
+import postgraas_server.configuration as cf
+import pytest
 
 class TestConfiguration:
     module_path = os.path.abspath(os.path.dirname(__file__))
@@ -53,6 +59,14 @@ def test_get_user(self):
 
         assert username == expected
 
+    @pytest.mark.skipif(not HAS_SECURE_CONFIG,
+                        reason="secure_config not installed")
     def test_secrets(self, tmpdir):
-        #TODO
-        assert True
+        expected_secret = secure_config.secrets.EncryptedSecret("v3rys3cur3", "correct_db_password")
+        print(expected_secret)
+        test_config = os.path.join(self.module_path, 'application_secure.cfg')
+        secret_file = os.path.join(self.module_path, 'secret_file.json')
+        config_undecrypted = cf.get_config(test_config)
+        assert config_undecrypted['metadb']["db_password"] == expected_secret.dumps()
+        config_decrypted = cf.get_config(test_config, secrets_file=secret_file)
+        assert config_decrypted['metadb']["db_password"].decrypt() == "correct_db_password"