fixed password decryption when using secure-config

blue-yonder · Jan 10, 2018 · 6789dbb · 6789dbb
1 parent 4ea3d1d
commit 6789dbb
Show file tree

Hide file tree

Showing 2 changed files with 52 additions and 2 deletions.
diff --git a/postgraas_server/configuration.py b/postgraas_server/configuration.py
@@ -50,11 +50,11 @@ def get_application_config(config):
 
 def get_meta_db_config_path(config):
     username = get_user(config)
-
+    password = get_password(config)
     db_path = 'postgresql://{db_username}:{db_pwd}@{host}:{port}/{db_name}'.format(
         db_name=config['metadb']['db_name'],
         db_username=username,
-        db_pwd=config['metadb']['db_pwd'],
+        db_pwd=password,
         host=config['metadb']['host'],
         port=config['metadb']['port']
     )
@@ -68,3 +68,11 @@ def get_user(config):
     except KeyError:
         username = config['metadb']['db_username']
     return username
+
+
+def get_password(config):
+    try:
+        password = config['metadb']['db_pwd'].decrypt()
+    except AttributeError:
+        password = config['metadb']['db_pwd']
+    return password
diff --git a/tests/test_unit/test_configuration.py b/tests/test_unit/test_configuration.py
@@ -70,3 +70,45 @@ def test_secrets(self, tmpdir):
         assert config_undecrypted['metadb']["db_password"] == expected_secret.dumps()
         config_decrypted = cf.get_config(test_config, secrets_file=secret_file)
         assert config_decrypted['metadb']["db_password"].decrypt() == "correct_db_password"
+
+    @pytest.mark.skipif(not HAS_SECURE_CONFIG,
+                        reason="secure_config not installed")
+    def test_get_meta_db_config_path(self, tmpdir):
+        config_dict = {
+                "metadb": {
+                    "host": "thisserver.host",
+                    "db_pwd": "$SECRET;0.1;AES256|613839656430373831386237333266306163376563343632663138346163323162333830333861666263326330663238346361666165313266373363316236370a613135396239326632663739376364313466616535333733626165333738303166303761366132633033346433376263393734643132336432393764623465330a65353264343035353236643533303464333561393637643966663165663739656130613435366564383065303834303066613338353631663430613061623833",
+                    "port": "5432",
+                    "db_name": "postgres",
+                    "db_username": "postgraas_user",
+                    "server": "thisserver"
+               }
+            }
+
+        config = secure_config.secrets.load_secret_dict(password="v3rys3cur3", config_dict=config_dict)
+        metadb_string = cf.get_meta_db_config_path(config)
+        print(metadb_string)
+        assert metadb_string == "postgresql://postgraas_user@thisserver:[email protected]:5432/postgres"
+
+    @pytest.mark.skipif(not HAS_SECURE_CONFIG,
+                        reason="secure_config not installed")
+    def test_get_secure_password(self, tmpdir):
+        config_dict = {
+                "metadb": {
+                    "db_pwd": "$SECRET;0.1;AES256|613839656430373831386237333266306163376563343632663138346163323162333830333861666263326330663238346361666165313266373363316236370a613135396239326632663739376364313466616535333733626165333738303166303761366132633033346433376263393734643132336432393764623465330a65353264343035353236643533303464333561393637643966663165663739656130613435366564383065303834303066613338353631663430613061623833",
+               }
+            }
+        config = secure_config.secrets.load_secret_dict(password="v3rys3cur3", config_dict=config_dict)
+        password_string = cf.get_password(config)
+        print(password_string)
+        assert password_string == "correct_db_password"
+
+    def test_get_plain_password(self, tmpdir):
+        config_dict = {
+                "metadb": {
+                    "db_pwd": "v3rys3cur3",
+               }
+            }
+        password_string = cf.get_password(config_dict)
+        print(password_string)
+        assert password_string == "v3rys3cur3"