From 3a8d09ec770a56d6ff8589b32152a3e9ceca9b64 Mon Sep 17 00:00:00 2001
From: Alessandro Pilotti <apilotti@cloudbasesolutions.com>
Date: Mon, 24 Sep 2018 20:28:08 +0200
Subject: [PATCH] Fixes Python3 issue in decoding password

The 'nova get-password' command shows a passowrd as bytes
instead of string in Python 3 currently.
It should be shown as string.
So fix it.

Co-Authored-By: Takashi Natsume <natsume.takashi@lab.ntt.co.jp>
Change-Id: Ibcfb071fcc3c74535b800295ec95ca5ec8bc3c9b
Closes-Bug: #1794167
---
 novaclient/crypto.py                     |  5 ++
 novaclient/tests/unit/test_crypto.py     | 74 ++++++++++++++++++++++++
 novaclient/tests/unit/v2/test_servers.py |  2 +-
 3 files changed, 80 insertions(+), 1 deletion(-)
 create mode 100644 novaclient/tests/unit/test_crypto.py

diff --git a/novaclient/crypto.py b/novaclient/crypto.py
index 21af60cdc..699dbac0e 100644
--- a/novaclient/crypto.py
+++ b/novaclient/crypto.py
@@ -16,6 +16,8 @@
 import base64
 import subprocess
 
+import six
+
 
 class DecryptionFailure(Exception):
     pass
@@ -35,4 +37,7 @@ def decrypt_password(private_key, password):
     proc.stdin.close()
     if proc.returncode:
         raise DecryptionFailure(err)
+
+    if not six.PY2 and isinstance(out, bytes):
+        return out.decode('utf-8')
     return out
diff --git a/novaclient/tests/unit/test_crypto.py b/novaclient/tests/unit/test_crypto.py
new file mode 100644
index 000000000..0e876a070
--- /dev/null
+++ b/novaclient/tests/unit/test_crypto.py
@@ -0,0 +1,74 @@
+# Copyright 2018 NTT Corporation
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+import base64
+import subprocess
+
+import mock
+
+from novaclient import crypto
+from novaclient.tests.unit import utils
+
+
+class CryptoTest(utils.TestCase):
+
+    def setUp(self):
+        super(CryptoTest, self).setUp()
+        # The password string that passed as the method argument
+        self.password_string = 'Test Password'
+        # The return value of Popen.communicate
+        self.decrypt_password = b'Decrypt Password'
+        self.private_key = 'Test Private Key'
+
+    @mock.patch('subprocess.Popen')
+    def test_decrypt_password(self, mock_open):
+        mocked_proc = mock.Mock()
+        mock_open.return_value = mocked_proc
+        mocked_proc.returncode = 0
+        mocked_proc.communicate.return_value = (self.decrypt_password, '')
+
+        decrypt_password = crypto.decrypt_password(self.private_key,
+                                                   self.password_string)
+
+        # The return value is 'str' in both python 2 and python 3
+        self.assertIsInstance(decrypt_password, str)
+        self.assertEqual('Decrypt Password', decrypt_password)
+
+        mock_open.assert_called_once_with(
+            ['openssl', 'rsautl', '-decrypt', '-inkey', self.private_key],
+            stdin=subprocess.PIPE,
+            stdout=subprocess.PIPE,
+            stderr=subprocess.PIPE)
+        mocked_proc.communicate.assert_called_once_with(
+            base64.b64decode(self.password_string))
+        mocked_proc.stdin.close.assert_called_once_with()
+
+    @mock.patch('subprocess.Popen')
+    def test_decrypt_password_failure(self, mock_open):
+        mocked_proc = mock.Mock()
+        mock_open.return_value = mocked_proc
+        mocked_proc.returncode = 1  # Error case
+        mocked_proc.communicate.return_value = (self.decrypt_password, '')
+
+        self.assertRaises(crypto.DecryptionFailure, crypto.decrypt_password,
+                          self.private_key, self.password_string)
+
+        mock_open.assert_called_once_with(
+            ['openssl', 'rsautl', '-decrypt', '-inkey', self.private_key],
+            stdin=subprocess.PIPE,
+            stdout=subprocess.PIPE,
+            stderr=subprocess.PIPE)
+        mocked_proc.communicate.assert_called_once_with(
+            base64.b64decode(self.password_string))
+        mocked_proc.stdin.close.assert_called_once_with()
diff --git a/novaclient/tests/unit/v2/test_servers.py b/novaclient/tests/unit/v2/test_servers.py
index 427a4eff8..cf3aec562 100644
--- a/novaclient/tests/unit/v2/test_servers.py
+++ b/novaclient/tests/unit/v2/test_servers.py
@@ -715,7 +715,7 @@ class ServersTest(utils.FixturedTestCase):
         s = self.cs.servers.get(1234)
         password = s.get_password('novaclient/tests/unit/idfake.pem')
         self.assert_request_id(password, fakes.FAKE_REQUEST_ID_LIST)
-        self.assertEqual(b'FooBar123', password)
+        self.assertEqual('FooBar123', password)
         self.assert_called('GET', '/servers/1234/os-server-password')
 
     def test_get_password_without_key(self):