Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make plaintext and ciphertext optional for batch operations #1049

Merged
merged 1 commit into from
Sep 10, 2023
Merged

Make plaintext and ciphertext optional for batch operations #1049

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
12 changes: 8 additions & 4 deletions hvac/api/secrets_engines/transit.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -314,7 +314,7 @@ def export_key(self, name, key_type, version=None, mount_point=DEFAULT_MOUNT_POI
def encrypt_data(
self,
name,
plaintext,
plaintext=None,
context=None,
key_version=None,
nonce=None,
Expand All @@ -335,7 +335,7 @@ def encrypt_data(

:param name: Specifies the name of the encryption key to encrypt against. This is specified as part of the URL.
:type name: str | unicode
:param plaintext: Specifies base64 encoded plaintext to be encoded.
:param plaintext: Specifies base64 encoded plaintext to be encoded. Ignored if ``batch_input`` is set, otherwise required.
:type plaintext: str | unicode
:param context: Specifies the base64 encoded context for key derivation. This is required if key derivation is
enabled for this key.
Expand Down Expand Up @@ -367,6 +367,8 @@ def encrypt_data(
:return: The JSON response of the request.
:rtype: dict
"""
if plaintext is None and batch_input is None:
raise ValueError("plaintext must be specified unless batch_input is set")
params = {
"plaintext": plaintext,
}
Expand Down Expand Up @@ -395,7 +397,7 @@ def encrypt_data(
def decrypt_data(
self,
name,
ciphertext,
ciphertext=None,
context=None,
nonce=None,
batch_input=None,
Expand All @@ -408,7 +410,7 @@ def decrypt_data(

:param name: Specifies the name of the encryption key to decrypt against. This is specified as part of the URL.
:type name: str | unicode
:param ciphertext: the ciphertext to decrypt.
:param ciphertext: The ciphertext to decrypt. Ignored if ``batch_input`` is set, otherwise required.
:type ciphertext: str | unicode
:param context: Specifies the base64 encoded context for key derivation. This is required if key derivation is
enabled.
Expand All @@ -426,6 +428,8 @@ def decrypt_data(
:return: The JSON response of the request.
:rtype: dict
"""
if ciphertext is None and batch_input is None:
raise ValueError("ciphertext must be specified unless batch_input is set")
params = {
"ciphertext": ciphertext,
}
Expand Down
8 changes: 8 additions & 0 deletions tests/integration_tests/api/secrets_engines/test_transit.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -989,3 +989,11 @@ def test_trim_key(self, label, min_version=2, raises=False, exception_message=""
first=bool(trim_key_response),
second=True,
)

def test_encrypt_data_requires_plaintext_arg_if_not_in_batch_mode(self):
with self.assertRaises(ValueError, msg="plaintext must be specified"):
self.client.secrets.transit.encrypt_data(name="any-key")

def test_decrypt_data_requires_cipher_arg_if_not_in_batch_mode(self):
with self.assertRaises(ValueError, msg="ciphertext must be specified"):
self.client.secrets.transit.decrypt_data(name="any-key")