How to use the bless.config.bless_config.BlessConfig function in bless

To help you get started, we’ve selected a few bless examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github Netflix / bless / tests / config / test_bless_config.py View on Github external
def test_configs(config, region, expected_cert_valid, expected_entropy_min, expected_rand_seed,
                 expected_log_level, expected_password, expected_username_validation, expected_key_compression):
    config = BlessConfig(region, config_file=config)
    assert expected_cert_valid == config.getint(BLESS_OPTIONS_SECTION,
                                                CERTIFICATE_VALIDITY_BEFORE_SEC_OPTION)
    assert expected_cert_valid == config.getint(BLESS_OPTIONS_SECTION,
                                                CERTIFICATE_VALIDITY_AFTER_SEC_OPTION)

    assert expected_entropy_min == config.getint(BLESS_OPTIONS_SECTION,
                                                 ENTROPY_MINIMUM_BITS_OPTION)
    assert expected_rand_seed == config.getint(BLESS_OPTIONS_SECTION,
                                               RANDOM_SEED_BYTES_OPTION)
    assert expected_log_level == config.get(BLESS_OPTIONS_SECTION, LOGGING_LEVEL_OPTION)
    assert expected_password == config.getpassword()
    assert expected_username_validation == config.get(BLESS_OPTIONS_SECTION,
                                                      USERNAME_VALIDATION_OPTION)
    assert expected_key_compression == config.get(BLESS_CA_SECTION,
                                                  CA_PRIVATE_KEY_COMPRESSION_OPTION)
github Netflix / bless / tests / config / test_bless_config.py View on Github external
def test_zlib_positive_compression(monkeypatch):
    extra_environment_variables = {
        'bless_ca_default_password': '',
        'bless_ca_ca_private_key_compression': 'zlib',
        'bless_ca_ca_private_key': str(base64.b64encode(zlib.compress(b'')), encoding='ascii')
    }

    for k, v in extra_environment_variables.items():
        monkeypatch.setenv(k, v)

    # Create an empty config, everything is set in the environment
    config = BlessConfig('us-east-1', config_file='')

    assert b'' == config.getprivatekey()
github Netflix / bless / tests / config / test_bless_config.py View on Github external
def test_config_no_password():
    with pytest.raises(ValueError) as e:
        BlessConfig('bogus-region',
                    config_file=os.path.join(os.path.dirname(__file__), 'full.cfg'))
    assert 'No Region Specific And No Default Password Provided.' == str(e.value)

    config = BlessConfig('bogus-region',
                         config_file=os.path.join(os.path.dirname(__file__), 'full-with-default.cfg'))
    assert '' == config.getpassword()
github Netflix / bless / tests / config / test_bless_config.py View on Github external
def test_wrong_compression_env_key(monkeypatch):
    extra_environment_variables = {
        'bless_ca_default_password': '',
        'bless_ca_ca_private_key_compression': 'lzh',
        'bless_ca_ca_private_key': str(base64.b64encode(b''), encoding='ascii')
    }

    for k, v in extra_environment_variables.items():
        monkeypatch.setenv(k, v)

    # Create an empty config, everything is set in the environment
    config = BlessConfig('us-east-1', config_file='')

    with pytest.raises(ValueError) as e:
        config.getprivatekey()

    assert "Compression lzh is not supported." == str(e.value)
github Netflix / bless / tests / config / test_bless_config.py View on Github external
'bless_ca_us_east_1_password': '',
        'bless_ca_default_password': '',
        'bless_ca_ca_private_key_file': '',
        'bless_ca_ca_private_key': str(base64.b64encode(b''), encoding='ascii'),

        'kms_auth_use_kmsauth': 'True',
        'kms_auth_kmsauth_key_id': '',
        'kms_auth_kmsauth_serviceid': 'bless-test',
    }

    for k, v in extra_environment_variables.items():
        monkeypatch.setenv(k, v)

    # Create an empty config, everything is set in the environment
    config = BlessConfig('us-east-1', config_file='')

    assert 1 == config.getint(BLESS_OPTIONS_SECTION, CERTIFICATE_VALIDITY_AFTER_SEC_OPTION)
    assert 1 == config.getint(BLESS_OPTIONS_SECTION, CERTIFICATE_VALIDITY_BEFORE_SEC_OPTION)
    assert 2 == config.getint(BLESS_OPTIONS_SECTION, ENTROPY_MINIMUM_BITS_OPTION)
    assert 3 == config.getint(BLESS_OPTIONS_SECTION, RANDOM_SEED_BYTES_OPTION)
    assert 'DEBUG' == config.get(BLESS_OPTIONS_SECTION, LOGGING_LEVEL_OPTION)
    assert 'permit-X11-forwarding' == config.get(BLESS_OPTIONS_SECTION, CERTIFICATE_EXTENSIONS_OPTION)
    assert 'debian' == config.get(BLESS_OPTIONS_SECTION, USERNAME_VALIDATION_OPTION)
    assert 'useradd' == config.get(BLESS_OPTIONS_SECTION, REMOTE_USERNAMES_VALIDATION_OPTION)

    assert '' == config.getpassword()
    assert '' == config.get(BLESS_CA_SECTION, CA_PRIVATE_KEY_FILE_OPTION)
    assert b'' == config.getprivatekey()

    assert config.getboolean(KMSAUTH_SECTION, KMSAUTH_USEKMSAUTH_OPTION)
    assert '' == config.get(KMSAUTH_SECTION, KMSAUTH_KEY_ID_OPTION)
github Netflix / bless / tests / config / test_bless_config.py View on Github external
def test_empty_config():
    with pytest.raises(ValueError):
        BlessConfig('us-west-2', config_file='')
github Netflix / bless / tests / config / test_bless_config.py View on Github external
def test_none_compression_env_key(monkeypatch):
    extra_environment_variables = {
        'bless_ca_default_password': '',
        'bless_ca_ca_private_key_compression': 'none',
        'bless_ca_ca_private_key': str(base64.b64encode(b''), encoding='ascii')
    }

    for k, v in extra_environment_variables.items():
        monkeypatch.setenv(k, v)

    # Create an empty config, everything is set in the environment
    config = BlessConfig('us-east-1', config_file='')

    assert b'' == config.getprivatekey()
github Netflix / bless / tests / config / test_bless_config.py View on Github external
def test_config_no_password():
    with pytest.raises(ValueError) as e:
        BlessConfig('bogus-region',
                    config_file=os.path.join(os.path.dirname(__file__), 'full.cfg'))
    assert 'No Region Specific And No Default Password Provided.' == str(e.value)

    config = BlessConfig('bogus-region',
                         config_file=os.path.join(os.path.dirname(__file__), 'full-with-default.cfg'))
    assert '' == config.getpassword()
github Netflix / bless / bless / cache / bless_lambda_cache.py View on Github external
def __init__(self, ca_private_key_password=None,
                 config_file=None):
        """

        :param ca_private_key_password: For local testing, if the password is provided, skip the KMS
        decrypt.
        :param config_file: The config file to load the SSH CA private key from, and additional settings.
        """
        # AWS Region determines configs related to KMS
        if 'AWS_REGION' in os.environ:
            self.region = os.environ['AWS_REGION']
        else:
            self.region = 'us-west-2'

            # Load the deployment config values
        self.config = BlessConfig(self.region, config_file=config_file)

        password_ciphertext_b64 = self.config.getpassword()

        # decrypt ca private key password
        if ca_private_key_password is None:
            kms_client = boto3.client('kms', region_name=self.region)
            try:
                ca_password = kms_client.decrypt(
                    CiphertextBlob=base64.b64decode(password_ciphertext_b64))
                self.ca_private_key_password = ca_password['Plaintext']
            except ClientError as e:
                self.ca_private_key_password_error = str(e)
        else:
            self.ca_private_key_password = ca_private_key_password
github Netflix / bless / bless / config / bless_config.py View on Github external
def get(self, section, option, **kwargs):
        """
        Gets a value from the configuration.

        Checks the environment  before looking in the config file.
        :param section: The config section to look in
        :param option: The config option to look at
        :return: The value of the config option
        """
        environment_key = self._environment_key(section, option)
        output = os.environ.get(environment_key, None)
        if output is None:
            output = super(BlessConfig, self).get(section, option, **kwargs)
        return output