Merge "Fix error for invalid auth_encryption_key"
This commit is contained in:
commit
b59a76bbd9
heat
@ -77,6 +77,7 @@ class FaultWrapper(wsgi.Middleware):
|
||||
'StopActionFailed': webob.exc.HTTPInternalServerError,
|
||||
'EventSendFailed': webob.exc.HTTPInternalServerError,
|
||||
'ServerBuildFailed': webob.exc.HTTPInternalServerError,
|
||||
'InvalidEncryptionKey': webob.exc.HTTPInternalServerError,
|
||||
'NotSupported': webob.exc.HTTPBadRequest,
|
||||
'MissingCredentialError': webob.exc.HTTPBadRequest,
|
||||
'UserParameterMissing': webob.exc.HTTPBadRequest,
|
||||
|
@ -21,6 +21,7 @@ from oslo_serialization import jsonutils
|
||||
from oslo_utils import encodeutils
|
||||
from oslo_utils import importutils
|
||||
|
||||
from heat.common import exception
|
||||
from heat.common.i18n import _
|
||||
|
||||
auth_opts = [
|
||||
@ -128,7 +129,10 @@ def cryptography_decrypt_v1(value, encryption_key=None):
|
||||
encryption_key = get_valid_encryption_key(encryption_key, fix_length=True)
|
||||
encoded_key = base64.b64encode(encryption_key.encode('utf-8'))
|
||||
sym = fernet.Fernet(encoded_key)
|
||||
return sym.decrypt(encodeutils.safe_encode(value))
|
||||
try:
|
||||
return sym.decrypt(encodeutils.safe_encode(value))
|
||||
except fernet.InvalidToken:
|
||||
raise exception.InvalidEncryptionKey()
|
||||
|
||||
|
||||
def get_valid_encryption_key(encryption_key, fix_length=False):
|
||||
|
@ -161,6 +161,11 @@ class TemplateOutputError(HeatException):
|
||||
msg_fmt = _('Error in %(resource)s output %(attribute)s: %(message)s')
|
||||
|
||||
|
||||
class InvalidEncryptionKey(HeatException):
|
||||
msg_fmt = _('Can not decrypt data with the auth_encryption_key'
|
||||
' in heat config.')
|
||||
|
||||
|
||||
class InvalidExternalResourceDependency(HeatException):
|
||||
msg_fmt = _("Invalid dependency with external %(resource_type)s "
|
||||
"resource: %(external_id)s")
|
||||
|
@ -60,3 +60,17 @@ class CryptTest(common.HeatTestCase):
|
||||
|
||||
def test_encrypt_decrypt_dict_default_enc_key(self):
|
||||
self._test_encrypt_decrypt_dict()
|
||||
|
||||
def test_decrypt_dict_invalid_key(self):
|
||||
data = {'p1': u'happy',
|
||||
'2': [u'a', u'little', u'blue'],
|
||||
'6': 7}
|
||||
encrypted_data = crypt.encrypted_dict(
|
||||
data, '767c3ed056cbaa3b9dfedb8c6f825bf0')
|
||||
ex = self.assertRaises(exception.InvalidEncryptionKey,
|
||||
crypt.decrypted_dict,
|
||||
encrypted_data,
|
||||
'767c3ed056cbaa3b9dfedb8c6f825bf1')
|
||||
self.assertEqual('Can not decrypt data with the auth_encryption_key '
|
||||
'in heat config.',
|
||||
six.text_type(ex))
|
||||
|
Loading…
x
Reference in New Issue
Block a user