From f74b23bf8b1c49942a589e759913e59f5de736c8 Mon Sep 17 00:00:00 2001 From: Shane Harvey Date: Mon, 7 Feb 2022 17:33:16 -0800 Subject: [PATCH 1/3] PYTHON-3110 Remove use of example.com in CSFLE tests (#848) (cherry picked from commit 561ee7cf77fcbdefb9e2f46691f2b2ba4c65198b) --- test/test_encryption.py | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/test/test_encryption.py b/test/test_encryption.py index 37be4f1ae4..03b28cbe20 100644 --- a/test/test_encryption.py +++ b/test/test_encryption.py @@ -1115,14 +1115,14 @@ def setUp(self): codec_options=OPTS) kms_providers_invalid = copy.deepcopy(kms_providers) - kms_providers_invalid['azure']['identityPlatformEndpoint'] = 'example.com:443' - kms_providers_invalid['gcp']['endpoint'] = 'example.com:443' + + kms_providers_invalid['azure']['identityPlatformEndpoint'] = 'doesnotexist.invalid:443' + kms_providers_invalid['gcp']['endpoint'] = 'doesnotexist.invalid:443' self.client_encryption_invalid = ClientEncryption( kms_providers=kms_providers_invalid, key_vault_namespace='keyvault.datakeys', key_vault_client=client_context.client, codec_options=OPTS) - def tearDown(self): self.client_encryption.close() self.client_encryption_invalid.close() @@ -1202,9 +1202,9 @@ def test_06_aws_endpoint_invalid_host(self): "region": "us-east-1", "key": ("arn:aws:kms:us-east-1:579766882180:key/" "89fcc2c4-08b0-4bd9-9f25-e30687b580d0"), - "endpoint": "example.com" + "endpoint": "doesnotexist.invalid" } - with self.assertRaisesRegex(EncryptionError, 'parse error'): + with self.assertRaisesRegex(EncryptionError, self.invalid_host_error): self.client_encryption.create_data_key( 'aws', master_key=master_key) @@ -1216,8 +1216,8 @@ def test_07_azure(self): self.run_test_expected_success('azure', master_key) # The full error should be something like: - # "Invalid JSON in KMS response. HTTP status=404. Error: Got parse error at '<', position 0: 'SPECIAL_EXPECTED'" - with self.assertRaisesRegex(EncryptionError, 'parse error'): + # "[Errno 8] nodename nor servname provided, or not known" + with self.assertRaisesRegex(EncryptionError, self.invalid_host_error): self.client_encryption_invalid.create_data_key( 'azure', master_key=master_key) @@ -1233,8 +1233,8 @@ def test_08_gcp_valid_endpoint(self): self.run_test_expected_success('gcp', master_key) # The full error should be something like: - # "Invalid JSON in KMS response. HTTP status=404. Error: Got parse error at '<', position 0: 'SPECIAL_EXPECTED'" - with self.assertRaisesRegex(EncryptionError, 'parse error'): + # "[Errno 8] nodename nor servname provided, or not known" + with self.assertRaisesRegex(EncryptionError, self.invalid_host_error): self.client_encryption_invalid.create_data_key( 'gcp', master_key=master_key) @@ -1246,7 +1246,7 @@ def test_09_gcp_invalid_endpoint(self): "location": "global", "keyRing": "key-ring-csfle", "keyName": "key-name-csfle", - "endpoint": "example.com:443"} + "endpoint": "doesnotexist.invalid:443"} # The full error should be something like: # "Invalid KMS response, no access_token returned. HTTP status=200" @@ -1335,7 +1335,7 @@ def test_explicit(self): 'AQGVERPgAAAAAAAAAAAAAAAC5DbBSwPwfSlBrDtRuglvNvCXD1KzDuCKY2P+4bRFtHDjpTOE2XuytPAUaAbXf1orsPq59PVZmsbTZbt2CB8qaQ==') def test_automatic(self): - expected_document_extjson = textwrap.dedent(""" + expected_document_extjson = textwrap.dedent(""" {"secret_azure": { "$binary": { "base64": "AQGVERPgAAAAAAAAAAAAAAAC5DbBSwPwfSlBrDtRuglvNvCXD1KzDuCKY2P+4bRFtHDjpTOE2XuytPAUaAbXf1orsPq59PVZmsbTZbt2CB8qaQ==", @@ -1361,7 +1361,7 @@ def test_explicit(self): 'ARgj/gAAAAAAAAAAAAAAAAACwFd+Y5Ojw45GUXNvbcIpN9YkRdoHDHkR4kssdn0tIMKlDQOLFkWFY9X07IRlXsxPD8DcTiKnl6XINK28vhcGlg==') def test_automatic(self): - expected_document_extjson = textwrap.dedent(""" + expected_document_extjson = textwrap.dedent(""" {"secret_gcp": { "$binary": { "base64": "ARgj/gAAAAAAAAAAAAAAAAACwFd+Y5Ojw45GUXNvbcIpN9YkRdoHDHkR4kssdn0tIMKlDQOLFkWFY9X07IRlXsxPD8DcTiKnl6XINK28vhcGlg==", From b2042a2b0aad8085834c9bd9162b2c2cb9b9e8a6 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Tue, 8 Feb 2022 13:46:02 -0600 Subject: [PATCH 2/3] add missing handling of invalid_host_error --- test/test_encryption.py | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/test/test_encryption.py b/test/test_encryption.py index 03b28cbe20..58d5c24207 100644 --- a/test/test_encryption.py +++ b/test/test_encryption.py @@ -1123,6 +1123,8 @@ def setUp(self): key_vault_namespace='keyvault.datakeys', key_vault_client=client_context.client, codec_options=OPTS) + self._invalid_host_error = None + def tearDown(self): self.client_encryption.close() self.client_encryption_invalid.close() @@ -1255,6 +1257,20 @@ def test_09_gcp_invalid_endpoint(self): 'gcp', master_key=master_key) + def dns_error(self, host, port): + # The full error should be something like: + # "[Errno 8] nodename nor servname provided, or not known" + with self.assertRaises(Exception) as ctx: + socket.getaddrinfo(host, port, socket.AF_INET, socket.SOCK_STREAM) + return re.escape(str(ctx.exception)) + + @property + def invalid_host_error(self): + if self._invalid_host_error is None: + self._invalid_host_error = self.dns_error( + 'doesnotexist.invalid', 443) + return self._invalid_host_error + class AzureGCPEncryptionTestMixin(object): DEK = None KMS_PROVIDER_MAP = None From 6f614b9b3e93a4e1930864c53dd349c4ea48b783 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Wed, 9 Feb 2022 17:42:53 -0600 Subject: [PATCH 3/3] add missing import --- test/test_encryption.py | 1 + 1 file changed, 1 insertion(+) diff --git a/test/test_encryption.py b/test/test_encryption.py index 58d5c24207..e138101be4 100644 --- a/test/test_encryption.py +++ b/test/test_encryption.py @@ -17,6 +17,7 @@ import base64 import copy import os +import re import traceback import socket import sys