Skip to content

PYTHON-3110 Remove use of example.com in CSFLE tests #848

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Feb 8, 2022
Merged

PYTHON-3110 Remove use of example.com in CSFLE tests #848

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
51 changes: 30 additions & 21 deletions test/test_encryption.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1205,16 +1205,17 @@ def setUp(self):
kms_tls_options=KMS_TLS_OPTS)

kms_providers_invalid = copy.deepcopy(kms_providers)
kms_providers_invalid['azure']['identityPlatformEndpoint'] = 'example.com:443'
kms_providers_invalid['gcp']['endpoint'] = 'example.com:443'
kms_providers_invalid['azure']['identityPlatformEndpoint'] = 'doesnotexist.invalid:443'
kms_providers_invalid['gcp']['endpoint'] = 'doesnotexist.invalid:443'
kms_providers_invalid['kmip']['endpoint'] = 'doesnotexist.local:5698'
self.client_encryption_invalid = ClientEncryption(
kms_providers=kms_providers_invalid,
key_vault_namespace='keyvault.datakeys',
key_vault_client=client_context.client,
codec_options=OPTS,
kms_tls_options=KMS_TLS_OPTS)
self._kmip_host_error = ''
self._kmip_host_error = None
self._invalid_host_error = None

def tearDown(self):
self.client_encryption.close()
Expand Down Expand Up @@ -1295,9 +1296,9 @@ def test_06_aws_endpoint_invalid_host(self):
"region": "us-east-1",
"key": ("arn:aws:kms:us-east-1:579766882180:key/"
"89fcc2c4-08b0-4bd9-9f25-e30687b580d0"),
"endpoint": "example.com"
"endpoint": "doesnotexist.invalid"
}
with self.assertRaisesRegex(EncryptionError, 'parse error'):
with self.assertRaisesRegex(EncryptionError, self.invalid_host_error):
self.client_encryption.create_data_key(
'aws', master_key=master_key)

Expand All @@ -1309,8 +1310,8 @@ def test_07_azure(self):
self.run_test_expected_success('azure', master_key)

# The full error should be something like:
# "Invalid JSON in KMS response. HTTP status=404. Error: Got parse error at '<', position 0: 'SPECIAL_EXPECTED'"
with self.assertRaisesRegex(EncryptionError, 'parse error'):
# "[Errno 8] nodename nor servname provided, or not known"
with self.assertRaisesRegex(EncryptionError, self.invalid_host_error):
self.client_encryption_invalid.create_data_key(
'azure', master_key=master_key)

Expand All @@ -1326,8 +1327,8 @@ def test_08_gcp_valid_endpoint(self):
self.run_test_expected_success('gcp', master_key)

# The full error should be something like:
# "Invalid JSON in KMS response. HTTP status=404. Error: Got parse error at '<', position 0: 'SPECIAL_EXPECTED'"
with self.assertRaisesRegex(EncryptionError, 'parse error'):
# "[Errno 8] nodename nor servname provided, or not known"
with self.assertRaisesRegex(EncryptionError, self.invalid_host_error):
self.client_encryption_invalid.create_data_key(
'gcp', master_key=master_key)

Expand All @@ -1339,30 +1340,38 @@ def test_09_gcp_invalid_endpoint(self):
"location": "global",
"keyRing": "key-ring-csfle",
"keyName": "key-name-csfle",
"endpoint": "example.com:443"}
"endpoint": "doesnotexist.invalid:443"}

# The full error should be something like:
# "Invalid KMS response, no access_token returned. HTTP status=200"
with self.assertRaisesRegex(EncryptionError, "Invalid KMS response"):
self.client_encryption.create_data_key(
'gcp', master_key=master_key)

def kmip_host_error(self):
if self._kmip_host_error:
return self._kmip_host_error
def dns_error(self, host, port):
# The full error should be something like:
# "[Errno 8] nodename nor servname provided, or not known"
try:
socket.getaddrinfo('doesnotexist.local', 5698, socket.AF_INET,
socket.SOCK_STREAM)
except Exception as exc:
self._kmip_host_error = re.escape(str(exc))
return self._kmip_host_error
with self.assertRaises(Exception) as ctx:
socket.getaddrinfo(host, port, socket.AF_INET, socket.SOCK_STREAM)
return re.escape(str(ctx.exception))

@property
def invalid_host_error(self):
if self._invalid_host_error is None:
self._invalid_host_error = self.dns_error(
'doesnotexist.invalid', 443)
return self._invalid_host_error

@property
def kmip_host_error(self):
if self._kmip_host_error is None:
self._kmip_host_error = self.dns_error('doesnotexist.local', 5698)
return self._kmip_host_error

def test_10_kmip_invalid_endpoint(self):
key = {'keyId': '1'}
self.run_test_expected_success('kmip', key)
with self.assertRaisesRegex(EncryptionError, self.kmip_host_error()):
with self.assertRaisesRegex(EncryptionError, self.kmip_host_error):
self.client_encryption_invalid.create_data_key('kmip', key)

def test_11_kmip_master_key_endpoint(self):
Expand All @@ -1379,7 +1388,7 @@ def test_11_kmip_master_key_endpoint(self):

def test_12_kmip_master_key_invalid_endpoint(self):
key = {'keyId': '1', 'endpoint': 'doesnotexist.local:5698'}
with self.assertRaisesRegex(EncryptionError, self.kmip_host_error()):
with self.assertRaisesRegex(EncryptionError, self.kmip_host_error):
self.client_encryption.create_data_key('kmip', key)


Expand Down