diff options
| author | Matt Martz <matt@sivel.net> | 2018-08-20 23:26:10 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-08-20 23:26:10 +0200 |
| commit | 617372f8c0103c0f508f640bbb2f9f4a1fc85957 (patch) | |
| tree | c397f7dcfba2d564e585b8eb8f2fd55cda535b47 /test/units/parsing/vault | |
| parent | Fix enable_snat parameter (#44418) (diff) | |
| download | ansible-617372f8c0103c0f508f640bbb2f9f4a1fc85957.tar.xz ansible-617372f8c0103c0f508f640bbb2f9f4a1fc85957.zip | |
Mass nuke deprecated items that are easily removed. ci_complete (#44320)
Diffstat (limited to 'test/units/parsing/vault')
| -rw-r--r-- | test/units/parsing/vault/test_vault.py | 21 | ||||
| -rw-r--r-- | test/units/parsing/vault/test_vault_editor.py | 69 |
2 files changed, 0 insertions, 90 deletions
diff --git a/test/units/parsing/vault/test_vault.py b/test/units/parsing/vault/test_vault.py index 7035a225fb..20c64a9b20 100644 --- a/test/units/parsing/vault/test_vault.py +++ b/test/units/parsing/vault/test_vault.py @@ -751,20 +751,6 @@ class TestVaultLib(unittest.TestCase): self.assertEqual(cipher_name, u'TEST', msg="cipher name was not properly set") self.assertEqual(b_version, b"9.9", msg="version was not properly set") - def test_encrypt_decrypt_aes(self): - self.v.cipher_name = u'AES' - vault_secrets = self._vault_secrets_from_password('default', 'ansible') - self.v.secrets = vault_secrets - # AES encryption code has been removed, so this is old output for - # AES-encrypted 'foobar' with password 'ansible'. - b_vaulttext = b'''$ANSIBLE_VAULT;1.1;AES -53616c7465645f5fc107ce1ef4d7b455e038a13b053225776458052f8f8f332d554809d3f150bfa3 -fe3db930508b65e0ff5947e4386b79af8ab094017629590ef6ba486814cf70f8e4ab0ed0c7d2587e -786a5a15efeb787e1958cbdd480d076c -''' - b_plaintext = self.v.decrypt(b_vaulttext) - self.assertEqual(b_plaintext, b"foobar", msg="decryption failed") - def test_encrypt_decrypt_aes256(self): self.v.cipher_name = u'AES256' plaintext = u"foobar" @@ -929,13 +915,6 @@ fe3db930508b65e0ff5947e4386b79af8ab094017629590ef6ba486814cf70f8e4ab0ed0c7d2587e self.assertEqual('ansible_devel', vault_id) self.assertEqual(b'1.2', b_version) - def test_encrypt_encrypted(self): - self.v.cipher_name = u'AES' - b_vaulttext = b"$ANSIBLE_VAULT;9.9;TEST\n%s" % hexlify(b"ansible") - vaulttext = to_text(b_vaulttext, errors='strict') - self.assertRaises(errors.AnsibleError, self.v.encrypt, b_vaulttext) - self.assertRaises(errors.AnsibleError, self.v.encrypt, vaulttext) - def test_decrypt_decrypted(self): plaintext = u"ansible" self.assertRaises(errors.AnsibleError, self.v.decrypt, plaintext) diff --git a/test/units/parsing/vault/test_vault_editor.py b/test/units/parsing/vault/test_vault_editor.py index b416bb2c84..b9166a334b 100644 --- a/test/units/parsing/vault/test_vault_editor.py +++ b/test/units/parsing/vault/test_vault_editor.py @@ -36,11 +36,6 @@ from ansible.module_utils._text import to_bytes, to_text from units.mock.vault_helper import TextVaultSecret -v10_data = """$ANSIBLE_VAULT;1.0;AES -53616c7465645f5fd0026926a2d415a28a2622116273fbc90e377225c12a347e1daf4456d36a77f9 -9ad98d59f61d06a4b66718d855f16fb7bdfe54d1ec8aeaa4d06c2dc1fa630ae1846a029877f0eeb1 -83c62ffb04c2512995e815de4b4d29ed""" - v11_data = """$ANSIBLE_VAULT;1.1;AES256 62303130653266653331306264616235333735323636616539316433666463323964623162386137 3961616263373033353631316333623566303532663065310a393036623466376263393961326530 @@ -458,33 +453,6 @@ class TestVaultEditor(unittest.TestCase): self.assertTrue(os.path.exists(tmp_file.name)) - def test_decrypt_1_0(self): - # Skip testing decrypting 1.0 files if we don't have access to AES, KDF or Counter. - v10_file = tempfile.NamedTemporaryFile(delete=False) - with v10_file as f: - f.write(to_bytes(v10_data)) - - ve = self._vault_editor(self._secrets("ansible")) - - # make sure the password functions for the cipher - error_hit = False - try: - ve.decrypt_file(v10_file.name) - except errors.AnsibleError: - error_hit = True - raise - - # verify decrypted content - f = open(v10_file.name, "rb") - fdata = to_text(f.read()) - f.close() - - os.unlink(v10_file.name) - - assert error_hit is False, "error decrypting 1.0 file" - self.assertEqual(fdata.strip(), "foo") - assert fdata.strip() == "foo", "incorrect decryption of 1.0 file: %s" % fdata.strip() - def test_decrypt_1_1(self): v11_file = tempfile.NamedTemporaryFile(delete=False) with v11_file as f: @@ -509,43 +477,6 @@ class TestVaultEditor(unittest.TestCase): assert error_hit is False, "error decrypting 1.1 file" assert fdata.strip() == "foo", "incorrect decryption of 1.1 file: %s" % fdata.strip() - def test_rekey_migration(self): - v10_file = tempfile.NamedTemporaryFile(delete=False) - with v10_file as f: - f.write(to_bytes(v10_data)) - - ve = self._vault_editor(self._secrets("ansible")) - - # make sure the password functions for the cipher - error_hit = False - new_secrets = self._secrets("ansible2") - try: - ve.rekey_file(v10_file.name, vault.match_encrypt_secret(new_secrets)[1]) - except errors.AnsibleError: - error_hit = True - - # verify decrypted content - f = open(v10_file.name, "rb") - fdata = f.read() - f.close() - - assert error_hit is False, "error rekeying 1.0 file to 1.1" - - # ensure filedata can be decrypted, is 1.1 and is AES256 - vl = VaultLib(new_secrets) - dec_data = None - error_hit = False - try: - dec_data = vl.decrypt(fdata) - except errors.AnsibleError: - error_hit = True - - os.unlink(v10_file.name) - - self.assertIn(b'AES256', fdata, 'AES256 was not found in vault file %s' % to_text(fdata)) - assert error_hit is False, "error decrypting migrated 1.0 file" - assert dec_data.strip() == b"foo", "incorrect decryption of rekeyed/migrated file: %s" % dec_data - def test_real_path_dash(self): filename = '-' ve = self._vault_editor() |