pytest-securestore/pytest_securestore.py at master · gregfitch/pytest-securestore · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
# -*- coding: utf-8 -*-

from io import BytesIO
from os import getenv

import pytest
from pyAesCrypt import decryptStream as decrypt
from yaml import safe_load as load_yaml


__all__ = ["store"]


def pytest_addoption(parser):
    """Add an option to pass the decryption password and an encrypted store."""
    group = parser.getgroup("securestore", "Secure storage")
    group.addoption(
        "--secure-store-password",
        action="store",
        dest="secure_store_password",
        default=getenv("SECURE_STORE_PASSWORD", None),
        help="Set the secure storage decryption password."
    )
    group.addoption(
        "--secure-store-filename",
        action="store",
        dest="secure_store_filename",
        default=getenv("SECURE_STORE_FILENAME", None),
        help="Set the secure storage path and filename."
    )

    parser.addini(
        name="secure_store_password",
        help="Set the secure storage decryption password.",
        default=getenv("SECURE_STORE_PASSWORD", None)
    )
    parser.addini(
        name="secure_store_filename",
        help="Set the secure storage path and filename.",
        default=getenv("SECURE_STORE_FILENAME", None)
    )


class Secret:
    def __init__(self, value):
        self.set_value(value)

    def __repr__(self):
        return "Secret(********)"

    def __str__(self):
        return "********"

    def __eq__(self, other_value):
        if not isinstance(other_value, str):
            return NotImplemented
        return self._value == other_value

    def get_value(self):
        return self._value

    def set_value(self, value):
        self._value = value

    def del_value(self):
        del self._value

    value = property(get_value, set_value, del_value)


def replace_item(obj, key):
    """Replace a specific key with a Secret value, recursively."""
    for k, value in obj.items():
        if isinstance(value, dict):
            obj[k] = replace_item(value, key)
    if key in obj:
        obj[key] = Secret(obj[key])
    return obj


@pytest.fixture(scope="module")
def store(request):
    """Decrypt a YAML file and return a value dictionary."""
    file = request.config.option.secure_store_filename
    if not file:
        file = request.config.getini('secure_store_filename')
    password = request.config.option.secure_store_password
    if not password:
        password = request.config.getini('secure_store_password')
    buffer_size = 64 * 1024  # 64K decryption buffer

    # Read in the encrypted, binary file
    with open(str(file), "rb") as store_in:
        lines = b''
        for line in store_in.readlines():
            lines = lines + line
        encrypted = BytesIO(lines)

    # Decrypt the stream
    stream_length = len(encrypted.getvalue())
    decrypted = BytesIO()
    encrypted.seek(0)
    decrypt(encrypted, decrypted, password, buffer_size, stream_length)
    temp_obj = load_yaml(decrypted.getvalue().decode("utf-8"))
    return replace_item(temp_obj, 'password')