Merge pull request #47989 from dwoz/awscloud

Properly decode password from aws using m2crypto
2025-04-17 10:10:20 +00:00 · 2018-06-06 13:44:28 -07:00 · 2018-06-06 13:44:28 -07:00 · 1ce7d6c38a
commit 1ce7d6c38a
parent 76068c83f5 23ab2727be
2 changed files with 51 additions and 2 deletions
--- a/salt/cloud/clouds/ec2.py
+++ b/salt/cloud/clouds/ec2.py
@ -4762,7 +4762,7 @@ def get_password_data(
            rsa_key = kwargs['key']
            pwdata = base64.b64decode(pwdata)
            if HAS_M2:
-                key = RSA.load_key_string(rsa_key)
+                key = RSA.load_key_string(rsa_key.encode('ascii'))
                password = key.private_decrypt(pwdata, RSA.pkcs1_padding)
            else:
                dsize = Crypto.Hash.SHA.digest_size
--- a/tests/unit/cloud/clouds/test_ec2.py
+++ b/tests/unit/cloud/clouds/test_ec2.py
@ -2,22 +2,50 @@

 # Import Python libs
 from __future__ import absolute_import, print_function, unicode_literals
+import os
+import tempfile

 # Import Salt Libs
 from salt.cloud.clouds import ec2
 from salt.exceptions import SaltCloudSystemExit
+import salt.utils.files

 # Import Salt Testing Libs
 from tests.support.unit import TestCase, skipIf
+from tests.support.mixins import LoaderModuleMockMixin
 from tests.support.mock import NO_MOCK, NO_MOCK_REASON, patch, PropertyMock
+from tests.support.paths import TMP
+from tests.unit.test_crypt import PRIVKEY_DATA
+
+
+PASS_DATA = (
+    b'qOjCKDlBdcNEbJ/J8eRl7sH+bYIIm4cvHHY86gh2NEUnufFlFo0gGVTZR05Fj0cw3n/w7gR'
+    b'urNXz5JoeSIHVuNI3YTwzL9yEAaC0kuy8EbOlO2yx8yPGdfml9BRwOV7A6b8UFo9co4H7fz'
+    b'DdScMKU2yzvRYvp6N6Q2cJGBmPsemnXWWusb+1vZVWxcRAQmG3ogF6Z5rZSYAYH0N4rqJgH'
+    b'mQfzuyb+jrBvV/IOoV1EdO9jGSH9338aS47NjrmNEN/SpnS6eCWZUwwyHbPASuOvWiY4QH/'
+    b'0YZC6EGccwiUmt0ZOxIynk+tEyVPTkiS0V8RcZK6YKqMWHpKmPtLBzfuoA=='
+)


@skipIf(NO_MOCK, NO_MOCK_REASON)
-class EC2TestCase(TestCase):
+class EC2TestCase(TestCase, LoaderModuleMockMixin):
    '''
    Unit TestCase for salt.cloud.clouds.ec2 module.
    '''

+    def setUp(self):
+        super(EC2TestCase, self).setUp()
+        with tempfile.NamedTemporaryFile(dir=TMP, suffix='.pem', delete=True) as fp:
+            self.key_file = fp.name
+
+    def tearDown(self):
+        super(EC2TestCase, self).tearDown()
+        if os.path.exists(self.key_file):
+            os.remove(self.key_file)
+
+    def setup_loader_modules(self):
+        return {ec2: {'__opts__': {}}}
+
    def test__validate_key_path_and_mode(self):

        # Key file exists
@ -38,3 +66,24 @@ class EC2TestCase(TestCase):
        with patch('os.path.exists', return_value=False):
            self.assertRaises(
                SaltCloudSystemExit, ec2._validate_key_path_and_mode, 'key_file')
+
+    @patch('salt.cloud.clouds.ec2._get_node')
+    @patch('salt.cloud.clouds.ec2.get_location')
+    @patch('salt.cloud.clouds.ec2.get_provider')
+    @patch('salt.utils.aws.query')
+    def test_get_password_data(self, query, get_provider, get_location, _get_node):
+        query.return_value = [
+            {
+            'passwordData': PASS_DATA
+            }
+        ]
+        _get_node.return_value = {'instanceId': 'i-abcdef'}
+        get_location.return_value = 'us-west2'
+        get_provider.return_value = 'ec2'
+        with salt.utils.files.fopen(self.key_file, 'w') as fp:
+            fp.write(PRIVKEY_DATA)
+        ret = ec2.get_password_data(
+            name='i-abcddef', kwargs={'key_file': self.key_file}, call='action'
+        )
+        assert ret['passwordData'] == PASS_DATA
+        assert ret['password'] == b'testp4ss!'