Skip to content

Commit

Permalink
Merge pull request #21 from pmuller/feature/output-result-stdout
Browse files Browse the repository at this point in the history
fix(cli): write results to stdout
  • Loading branch information
pmuller authored Apr 30, 2024
2 parents c1bf1af + d91f41f commit a2d54aa
Show file tree
Hide file tree
Showing 3 changed files with 16 additions and 23 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,3 +3,4 @@
## Unreleased

* fix: add support for nested pillar data
* fix(cli): write results to stdout
12 changes: 6 additions & 6 deletions src/saltstack_age/cli.py
Original file line number Diff line number Diff line change
Expand Up @@ -144,15 +144,15 @@ def determine_encryption_type(

def encrypt(arguments: Namespace) -> None:
value = get_value(arguments).encode()
type_ = determine_encryption_type(arguments)

if determine_encryption_type(arguments) == "identity":
if type_ == "identity":
recipients = [identity.to_public() for identity in get_identities(arguments)]
ciphertext = pyrage.encrypt(value, recipients)
LOGGER.info("ENC[age-identity,%s]", b64encode(ciphertext).decode())

else:
ciphertext = pyrage.passphrase.encrypt(value, get_passphrase(arguments))
LOGGER.info("ENC[age-passphrase,%s]", b64encode(ciphertext).decode())

_ = sys.stdout.write(f"ENC[age-{type_},{b64encode(ciphertext).decode()}]\n")


def decrypt(arguments: Namespace) -> None:
Expand All @@ -172,10 +172,10 @@ def decrypt(arguments: Namespace) -> None:
)
raise SystemExit(-1)

LOGGER.info("%s", secure_value.decrypt(arguments.identities[0]))
_ = sys.stdout.write(secure_value.decrypt(arguments.identities[0]))

else: # isinstance(secure_value, PassphraseSecureValue)
LOGGER.info("%s", secure_value.decrypt(get_passphrase(arguments)))
_ = sys.stdout.write(secure_value.decrypt(get_passphrase(arguments)))


def main(cli_args: Sequence[str] | None = None) -> None:
Expand Down
26 changes: 9 additions & 17 deletions tests/integration/test_cli.py
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
import logging
from collections.abc import Sequence
from pathlib import Path

Expand All @@ -13,40 +12,35 @@
)


def test_encrypt__passphrase(caplog: pytest.LogCaptureFixture) -> None:
# Only keep INFO log records
caplog.set_level(logging.INFO)
def test_encrypt__passphrase(capsys: pytest.CaptureFixture[str]) -> None:
# Run the CLI tool
main(["-P", "woah that is so secret", "enc", "another secret"])
# Ensure we get a passphrase secure value string
secure_value_string = caplog.record_tuples[0][2]
secure_value_string = capsys.readouterr().out
secure_value = parse_secure_value(secure_value_string)
assert isinstance(secure_value, PassphraseSecureValue)
# Ensure we can decrypt it
assert secure_value.decrypt("woah that is so secret") == "another secret"


def test_encrypt__single_recipient(
caplog: pytest.LogCaptureFixture,
capsys: pytest.CaptureFixture[str],
example_age_key: str,
) -> None:
# Only keep INFO log records
caplog.set_level(logging.INFO)
# Run the CLI tool
main(["-i", example_age_key, "enc", "foo"])
# Ensure we get an identity secure value string
secure_value_string = caplog.record_tuples[0][2]
secure_value_string = capsys.readouterr().out
secure_value = parse_secure_value(secure_value_string)
assert isinstance(secure_value, IdentitySecureValue)
# Ensure we can decrypt it using the same identity
assert secure_value.decrypt(read_identity_file(example_age_key)) == "foo"


def test_encrypt__multiple_recipients(
caplog: pytest.LogCaptureFixture, tmp_path: Path
capsys: pytest.CaptureFixture[str],
tmp_path: Path,
) -> None:
# Only keep INFO log records
caplog.set_level(logging.INFO)
# Generate identities
identity1 = pyrage.x25519.Identity.generate()
identity1_path = tmp_path / "identity1"
Expand All @@ -66,7 +60,7 @@ def test_encrypt__multiple_recipients(
]
)
# Ensure we get an identity secure value string
secure_value_string = caplog.record_tuples[0][2]
secure_value_string = capsys.readouterr().out
secure_value = parse_secure_value(secure_value_string)
assert isinstance(secure_value, IdentitySecureValue)
# Ensure we can decrypt it using all the recipient identities
Expand Down Expand Up @@ -114,15 +108,13 @@ def test_decrypt(
environment: None | dict[str, str],
args: Sequence[str],
result: str,
caplog: pytest.LogCaptureFixture,
capsys: pytest.CaptureFixture[str],
monkeypatch: pytest.MonkeyPatch,
) -> None:
# Setup environment variables
for name, value in (environment or {}).items():
monkeypatch.setenv(name, value)
# Only keep INFO log records
caplog.set_level(logging.INFO)
# Run the CLI tool
main(args)
# Ensure we get the expected result
assert caplog.record_tuples == [("saltstack_age.cli", logging.INFO, result)]
assert capsys.readouterr().out == result

0 comments on commit a2d54aa

Please sign in to comment.