Skip to content

Commit

Permalink
csfle consolidate tests; firm up deserializing deeply nested key_alt_…
Browse files Browse the repository at this point in the history
…name lists when parsed by variable_decode
  • Loading branch information
dill0wn committed Sep 20, 2024
1 parent a05d8f8 commit 8e1315b
Show file tree
Hide file tree
Showing 3 changed files with 58 additions and 5 deletions.
7 changes: 5 additions & 2 deletions ming/encryption.py
Original file line number Diff line number Diff line change
Expand Up @@ -32,8 +32,11 @@ def clean_config(cls, config: dict) -> dict:
if config.get('provider_options', None):
for provider, values in list((config['provider_options'] or dict()).items()):
if 'key_alt_names' in values and not isinstance(values['key_alt_names'], list):
key_alt_names = [s.strip() for s in values['key_alt_names'].split(',') if s]
config['provider_options'][provider]['key_alt_names'] = key_alt_names
try:
config['provider_options'][provider]['key_alt_names'] = json.loads(values['key_alt_names'])
except json.JSONDecodeError:
key_alt_names = [s.strip() for s in values['key_alt_names'].split(',') if s]
config['provider_options'][provider]['key_alt_names'] = key_alt_names

Check warning on line 39 in ming/encryption.py

View check run for this annotation

Codecov / codecov/patch

ming/encryption.py#L35-L39

Added lines #L35 - L39 were not covered by tests

return config

Expand Down
36 changes: 36 additions & 0 deletions ming/tests/test_encryption.py
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,42 @@ def test_validation_key_alt_names(self):
encryption = ming.Session.by_name('maindb').bind.encryption
self.assertEqual(encryption.provider_options, {'local': {'key_alt_names': ['datakey_test1']}})

def test_validation_key_alt_names2(self):
config_str = f"""
ming.maindb.uri = mim://host/maindb
ming.maindb.encryption.kms_providers.local.key = {self.LOCAL_KEY}
ming.maindb.encryption.key_vault_namespace = encryption_test.dataKeyVault
ming.maindb.encryption.provider_options.local.key_alt_names = ["datakey_test1", "datakey_test2"]
"""

self._parse_config(config_str)
encryption = ming.Session.by_name('maindb').bind.encryption
self.assertEqual(encryption.provider_options, {'local': {'key_alt_names': ['datakey_test1', 'datakey_test2']}})

def test_validation_key_alt_names3(self):
config_str = f"""
ming.maindb.uri = mim://host/maindb
ming.maindb.encryption.kms_providers.local.key = {self.LOCAL_KEY}
ming.maindb.encryption.key_vault_namespace = encryption_test.dataKeyVault
ming.maindb.encryption.provider_options.local.key_alt_names = datakey_test1, datakey_test2
"""

self._parse_config(config_str)
encryption = ming.Session.by_name('maindb').bind.encryption
self.assertEqual(encryption.provider_options, {'local': {'key_alt_names': ['datakey_test1', 'datakey_test2']}})

def test_validation_key_alt_names4(self):
config_str = f"""
ming.maindb.uri = mim://host/maindb
ming.maindb.encryption.kms_providers.local.key = {self.LOCAL_KEY}
ming.maindb.encryption.key_vault_namespace = encryption_test.dataKeyVault
ming.maindb.encryption.provider_options.local.key_alt_names = "datakey_test1", "datakey_test2"
"""

self._parse_config(config_str)
encryption = ming.Session.by_name('maindb').bind.encryption
self.assertEqual(encryption.provider_options, {'local': {'key_alt_names': ['datakey_test1', 'datakey_test2']}})

def test_validation_empty(self):
self._parse_config(f'''ming.maindb.uri = mim://host/maindb''')

Expand Down
20 changes: 17 additions & 3 deletions ming/validators.py
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@

import json
from .exc import MingConfigError
from .encryption import EncryptionConfig

Expand Down Expand Up @@ -55,10 +56,23 @@ class EncryptionConfigValidator(validators.FancyValidator):
" (https://pymongo.readthedocs.io/en/stable/api/pymongo/encryption.html#pymongo.encryption.ClientEncryption.create_data_key)."),
)

def _convert_to_python(self, field_dict, state):
if not field_dict:
def _convert_to_python(self, config: dict, state):
if not config:
return None

Check warning on line 61 in ming/validators.py

View check run for this annotation

Codecov / codecov/patch

ming/validators.py#L61

Added line #L61 was not covered by tests
return EncryptionConfig(field_dict)

# ensure key_alt_names is a list
provider_options = config.get('provider_options', None) or dict()
if provider_options:
for provider, options in list(provider_options.items()):
if 'key_alt_names' in options:
if not isinstance(options['key_alt_names'], list):
try:
config['provider_options'][provider]['key_alt_names'] = json.loads(options['key_alt_names'])
except json.JSONDecodeError:
key_alt_names = [s.strip(" ][\"'\t\r\n") for s in options['key_alt_names'].split(',') if s]
config['provider_options'][provider]['key_alt_names'] = key_alt_names

return EncryptionConfig(config)

def _validate_python(self, encryption_config: EncryptionConfig, state):
if not encryption_config:
Expand Down

0 comments on commit 8e1315b

Please sign in to comment.