Merge pull request #47998 from rallytime/bp-47989

Back-port #47989 to 2018.3.1

salt/cloud/clouds/ec2.py

@@ -4762,7 +4762,7 @@ def get_password_data(
             rsa_key = kwargs['key']
             pwdata = base64.b64decode(pwdata)
             if HAS_M2:
-                key = RSA.load_key_string(rsa_key)
+                key = RSA.load_key_string(rsa_key.encode())
                 password = key.private_decrypt(pwdata, RSA.pkcs1_padding)
             else:
                 dsize = Crypto.Hash.SHA.digest_size

tests/unit/cloud/clouds/test_ec2.py

@@ -2,14 +2,27 @@
 
 # Import Python libs
 from __future__ import absolute_import, print_function, unicode_literals
+import os
+import tempfile
 
 # Import Salt Libs
 from salt.cloud.clouds import ec2
 from salt.exceptions import SaltCloudSystemExit
+import salt.utils.files
 
 # Import Salt Testing Libs
 from tests.support.unit import TestCase, skipIf
 from tests.support.mock import NO_MOCK, NO_MOCK_REASON, patch, PropertyMock
+from tests.support.paths import TMP
+from tests.unit.test_crypt import PRIVKEY_DATA
+
+PASS_DATA = (
+    b'qOjCKDlBdcNEbJ/J8eRl7sH+bYIIm4cvHHY86gh2NEUnufFlFo0gGVTZR05Fj0cw3n/w7gR'
+    b'urNXz5JoeSIHVuNI3YTwzL9yEAaC0kuy8EbOlO2yx8yPGdfml9BRwOV7A6b8UFo9co4H7fz'
+    b'DdScMKU2yzvRYvp6N6Q2cJGBmPsemnXWWusb+1vZVWxcRAQmG3ogF6Z5rZSYAYH0N4rqJgH'
+    b'mQfzuyb+jrBvV/IOoV1EdO9jGSH9338aS47NjrmNEN/SpnS6eCWZUwwyHbPASuOvWiY4QH/'
+    b'0YZC6EGccwiUmt0ZOxIynk+tEyVPTkiS0V8RcZK6YKqMWHpKmPtLBzfuoA=='
+)
 
 
 @skipIf(NO_MOCK, NO_MOCK_REASON)
@@ -18,6 +31,14 @@ class EC2TestCase(TestCase):
     Unit TestCase for salt.cloud.clouds.ec2 module.
     '''
 
+    def setUp(self):
+        with tempfile.NamedTemporaryFile(dir=TMP, suffix='.pem', delete=True) as fp:
+            self.key_file = fp.name
+
+    def tearDown(self):
+        if os.path.exists(self.key_file):
+            os.remove(self.key_file)
+
     def test__validate_key_path_and_mode(self):
 
         # Key file exists
@@ -38,3 +59,26 @@ def test__validate_key_path_and_mode(self):
         with patch('os.path.exists', return_value=False):
             self.assertRaises(
                 SaltCloudSystemExit, ec2._validate_key_path_and_mode, 'key_file')
+
+    @patch('salt.cloud.clouds.ec2._get_node')
+    @patch('salt.cloud.clouds.ec2.get_location')
+    @patch('salt.cloud.clouds.ec2.get_provider')
+    @patch('salt.utils.aws.query')
+    def test_get_password_data(self, query, get_provider, get_location, _get_node):
+        query.return_value = [
+            {
+            'passwordData': PASS_DATA
+            }
+        ]
+        _get_node.return_value = {'instanceId': 'i-abcdef'}
+        get_location.return_value = 'us-west2'
+        get_provider.return_value = 'ec2'
+        ec2.__opts__ = {}  # pylint: disable=unmocked-patch-dunder
+        ec2.__active_provider_name__ = None  # pylint: disable=unmocked-patch
+        with salt.utils.files.fopen(self.key_file, 'w') as fp:
+            fp.write(PRIVKEY_DATA)
+        ret = ec2.get_password_data(
+            name='i-abcddef', kwargs={'key_file': self.key_file}, call='action'
+        )
+        assert ret['passwordData'] == PASS_DATA
+        assert ret['password'] == b'testp4ss!'