diff options
author | Sascha Peilicke <saschpe@suse.de> | 2012-06-21 13:20:12 +0200 |
---|---|---|
committer | Sascha Peilicke <saschpe@suse.de> | 2012-07-03 10:18:56 +0200 |
commit | 9aa2dda073b455e73d14c212cebb637ef6c4cab5 (patch) | |
tree | 28340a3d0e5e68a82037cf02d66f36020669cdf5 /horizon/tests/utils_tests.py | |
parent | 8e8d5a75d538ad3300859fc3d59e7bdfd760129c (diff) | |
download | tuskar-ui-9aa2dda073b455e73d14c212cebb637ef6c4cab5.tar.gz |
Provide utilities to automate secure secret key generation
Implements blueprint automatic-secure-key-generation
Reduce the likeliness that the (commented-out) default key is abused
and document possible options instead.
Also use a non-empty SECRET_KEY for development / testing environments.
A later patch would make it a hard error if no SECRET_KEY is defined
(i.e. Django defaults to an empty string which is anything but secure).
Unfortunately, I can't do it now as the devstack integration test would
fail (they don't set a SECRET_KEY either) currently. So, when this
blueprint is accepted, I would submit a fix to devstack and afterwards
add the error message to warn the user about insecure defaults.
Addressed PEP-8 issues
Change-Id: Ifdab8e6b6fb3025fde7a2b92beb046ec9c5cba7f
Diffstat (limited to 'horizon/tests/utils_tests.py')
-rw-r--r-- | horizon/tests/utils_tests.py | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/horizon/tests/utils_tests.py b/horizon/tests/utils_tests.py index c7588dbc..7fb30182 100644 --- a/horizon/tests/utils_tests.py +++ b/horizon/tests/utils_tests.py @@ -15,9 +15,12 @@ # under the License. +import os + from horizon import test from django.core.exceptions import ValidationError from horizon.utils import fields +from horizon.utils import secret_key class ValidatorsTests(test.TestCase): @@ -169,3 +172,24 @@ class ValidatorsTests(test.TestCase): "169.144.11.107/8") self.assertIsNone(iprange.validate("fe80::204:61ff:254.157.241.86/36")) self.assertIsNone(iprange.validate("169.144.11.107/18")) + + +class SecretKeyTests(test.TestCase): + def test_generate_secret_key(self): + key = secret_key.generate_key(32) + self.assertEqual(len(key), 32) + self.assertNotEqual(key, secret_key.generate_key(32)) + + def test_generate_or_read_key_from_file(self): + key_file = ".test_secret_key_store" + key = secret_key.generate_or_read_from_file(key_file) + + # Consecutive reads should come from the already existing file: + self.assertEqual(key, secret_key.generate_or_read_from_file(key_file)) + + # Key file only be read/writable by user: + self.assertEqual(oct(os.stat(key_file).st_mode & 0777), "0600") + os.chmod(key_file, 0777) + self.assertRaises(secret_key.FilePermissionError, + secret_key.generate_or_read_from_file, key_file) + os.remove(key_file) |