diff options
-rw-r--r-- | heat/db/sqlalchemy/api.py | 23 | ||||
-rw-r--r-- | heat/tests/test_sqlalchemy_api.py | 66 |
2 files changed, 83 insertions, 6 deletions
diff --git a/heat/db/sqlalchemy/api.py b/heat/db/sqlalchemy/api.py index 9acc4a3e0..67ac6f380 100644 --- a/heat/db/sqlalchemy/api.py +++ b/heat/db/sqlalchemy/api.py @@ -96,6 +96,17 @@ def resource_get_all(context): return results +def _encrypt(value): + if value is not None: + return crypt.encrypt(value.encode('utf-8')) + + +def _decrypt(enc_value): + value = crypt.decrypt(enc_value) + if value is not None: + return unicode(value, 'utf-8') + + def resource_create(context, values): resource_ref = models.Resource() resource_ref.update(values) @@ -206,9 +217,9 @@ def user_creds_create(context): values = context.to_dict() user_creds_ref = models.UserCreds() user_creds_ref.update(values) - user_creds_ref.password = crypt.encrypt(values['password']) - user_creds_ref.service_password = crypt.encrypt(values['service_password']) - user_creds_ref.aws_creds = crypt.encrypt(values['aws_creds']) + user_creds_ref.password = _encrypt(values['password']) + user_creds_ref.service_password = _encrypt(values['service_password']) + user_creds_ref.aws_creds = _encrypt(values['aws_creds']) user_creds_ref.save(_session(context)) return user_creds_ref @@ -218,9 +229,9 @@ def user_creds_get(user_creds_id): # Return a dict copy of db results, do not decrypt details into db_result # or it can be committed back to the DB in decrypted form result = dict(db_result) - result['password'] = crypt.decrypt(result['password']) - result['service_password'] = crypt.decrypt(result['service_password']) - result['aws_creds'] = crypt.decrypt(result['aws_creds']) + result['password'] = _decrypt(result['password']) + result['service_password'] = _decrypt(result['service_password']) + result['aws_creds'] = _decrypt(result['aws_creds']) return result diff --git a/heat/tests/test_sqlalchemy_api.py b/heat/tests/test_sqlalchemy_api.py new file mode 100644 index 000000000..e8c58afce --- /dev/null +++ b/heat/tests/test_sqlalchemy_api.py @@ -0,0 +1,66 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +import unittest + +import mox +from nose.plugins.attrib import attr + +from heat.common import context +from heat.db.sqlalchemy import api as db_api + + +@attr(tag=['unit', 'sqlalchemy']) +@attr(speed='fast') +class SqlAlchemyTest(unittest.TestCase): + def setUp(self): + self.m = mox.Mox() + + def tearDown(self): + self.m.UnsetStubs() + + def test_user_creds_password(self): + ctx = context.RequestContext.from_dict({ + 'tenant_id': 'test_tenant_id', + 'tenant': 'test_tenant', + 'username': 'test_username', + 'password': 'password', + 'service_password': 'service_password', + 'aws_creds': 'aws_creds_123', + 'roles': [], + 'auth_url': 'http://server.test:5000/v2.0', + }) + + db_creds = db_api.user_creds_create(ctx) + load_creds = db_api.user_creds_get(db_creds.id) + + self.assertEqual(load_creds.get('username'), 'test_username') + self.assertEqual(load_creds.get('password'), 'password') + self.assertEqual(load_creds.get('service_password'), + 'service_password') + self.assertEqual(load_creds.get('aws_creds'), 'aws_creds_123') + self.assertEqual(load_creds.get('tenant'), 'test_tenant') + self.assertEqual(load_creds.get('tenant_id'), 'test_tenant_id') + self.assertNotEqual(None, load_creds.get('created_at')) + self.assertEqual(None, load_creds.get('updated_at')) + self.assertEqual(load_creds.get('auth_url'), + 'http://server.test:5000/v2.0') + + def test_user_creds_none(self): + ctx = context.RequestContext() + db_creds = db_api.user_creds_create(ctx) + load_creds = db_api.user_creds_get(db_creds.id) + + self.assertEqual(None, load_creds.get('username')) + self.assertEqual(None, load_creds.get('password')) + self.assertEqual(None, load_creds.get('service_password')) + self.assertEqual(None, load_creds.get('aws_creds')) |