v1.3.0

tests/ext/vault/conftest.py

@@ -2,11 +2,30 @@
 # type: ignore
 from __future__ import annotations
 
+from unittest import mock
+
+import hvac
 import pytest
+from pytest_mock import MockerFixture
 
 from .fixtures import TestingVaultSecrets
 
 
+@pytest.fixture
+def hvac_client() -> mock.Mock:
+    return mock.Mock(spec=hvac.Client)
+
+
+@pytest.fixture
+def mock_hvac_client(mocker: MockerFixture,
+                     hvac_client: mock.Mock,
+                     ) -> mock.Mock:
+    return mocker.patch(
+        'keep_it_secret.ext.vault.hvac.Client',
+        return_value=hvac_client,
+    )
+
+
 @pytest.fixture
 def testing_vault_secrets() -> TestingVaultSecrets:
     return TestingVaultSecrets()

tests/ext/vault/test_AppRoleVaultSecrets.py

@@ -0,0 +1,124 @@
+# -*- coding: utf-8 -*-
+# type: ignore
+from __future__ import annotations
+
+import os
+from unittest import mock
+
+from keep_it_secret.ext import vault
+
+
+@mock.patch.dict(
+    os.environ,
+    {
+        'VAULT_URL': 'https://vault.work/',
+        'VAULT_ROLE_ID': 'test_role_id',
+        'VAULT_SECRET_ID': 'test_secret_id',
+    },
+)
+def test_init():
+    # When
+    result = vault.AppRoleVaultSecrets()
+
+    # Then
+    assert result.client is None
+
+
+@mock.patch.dict(
+    os.environ,
+    {
+        'VAULT_URL': 'https://vault.work/',
+        'VAULT_ROLE_ID': 'test_role_id',
+        'VAULT_SECRET_ID': 'test_secret_id',
+        'VAULT_CLIENT_CERT_PATH': '/tmp/vault_client_cert.pem',
+        'VAULT_CLIENT_KEY_PATH': '/tmp/vault_client_key.pem',
+        'VAULT_SERVER_CERT_PATH': '/tmp/vault_server_cert.pem',
+    },
+)
+def test_as_hvac_client_kwargs():
+    # Given
+    secrets = vault.AppRoleVaultSecrets()
+
+    # When
+    result = secrets.as_hvac_client_kwargs()
+
+    # Then
+    assert result == {
+        'url': 'https://vault.work/',
+        'cert': ('/tmp/vault_client_cert.pem', '/tmp/vault_client_key.pem'),
+        'verify': '/tmp/vault_server_cert.pem',
+    }
+
+
+@mock.patch.dict(
+    os.environ,
+    {
+        'VAULT_URL': 'https://vault.work/',
+        'VAULT_ROLE_ID': 'test_role_id',
+        'VAULT_SECRET_ID': 'test_secret_id',
+    },
+)
+def test_as_hvac_client_kwargs_without_optional_fields():
+    # Given
+    secrets = vault.AppRoleVaultSecrets()
+
+    # When
+    result = secrets.as_hvac_client_kwargs()
+
+    # Then
+    assert result == {
+        'url': 'https://vault.work/',
+    }
+
+
+@mock.patch.dict(
+    os.environ,
+    {
+        'VAULT_URL': 'https://vault.work/',
+        'VAULT_ROLE_ID': 'test_role_id',
+        'VAULT_SECRET_ID': 'test_secret_id',
+    },
+)
+def test_get_client_cache_miss(mock_hvac_client: mock.Mock,
+                               hvac_client: mock.Mock):
+    # Given
+    mock_hvac_client.return_value = hvac_client
+
+    secrets = vault.AppRoleVaultSecrets()
+
+    # When
+    result = secrets.get_client()
+
+    # Then
+    assert result == hvac_client
+
+    assert secrets.client == hvac_client
+
+    mock_hvac_client.assert_called_once_with(**secrets.as_hvac_client_kwargs())
+    hvac_client.auth.approle.login.assert_called_once_with(
+        role_id='test_role_id',
+        secret_id='test_secret_id',
+    )
+
+
+@mock.patch.dict(
+    os.environ,
+    {
+        'VAULT_URL': 'https://vault.work/',
+        'VAULT_ROLE_ID': 'test_role_id',
+        'VAULT_SECRET_ID': 'test_secret_id',
+    },
+)
+def test_get_client_cache_hit(mock_hvac_client: mock.Mock,
+                              hvac_client: mock.Mock):
+    # Given
+    secrets = vault.AppRoleVaultSecrets()
+    secrets.client = hvac_client
+
+    # When
+    result = secrets.get_client()
+
+    # Then
+    assert result == hvac_client
+
+    mock_hvac_client.assert_not_called()

tests/ext/vault/test_VaultSecrets.py

@@ -5,22 +5,16 @@ from __future__ import annotations
 import os
 from unittest import mock
 
-import pytest
-from pytest_mock import MockerFixture
-
 from keep_it_secret.ext import vault
 
 
-@pytest.fixture
-def mock_hvac_client(mocker: MockerFixture) -> mock.Mock:
-    return mocker.patch.object(vault.hvac, 'Client')
-
-
-@pytest.fixture
-def hvac_client() -> mock.Mock:
-    return mock.Mock()
-
-
+@mock.patch.dict(
+    os.environ,
+    {
+        'VAULT_URL': 'https://vault.work/',
+        'VAULT_TOKEN': 'test_vault_token',
+    },
+)
 def test_init():
     # When
     result = vault.VaultSecrets()
@@ -76,6 +70,13 @@ def test_as_hvac_client_kwargs_without_optional_fields():
     }
 
 
+@mock.patch.dict(
+    os.environ,
+    {
+        'VAULT_URL': 'https://vault.work/',
+        'VAULT_TOKEN': 'test_vault_token',
+    },
+)
 def test_get_client_cache_miss(mock_hvac_client: mock.Mock,
                                hvac_client: mock.Mock):
     # Given
@@ -94,6 +95,13 @@ def test_get_client_cache_miss(mock_hvac_client: mock.Mock,
     mock_hvac_client.assert_called_once_with(**secrets.as_hvac_client_kwargs())
 
 
+@mock.patch.dict(
+    os.environ,
+    {
+        'VAULT_URL': 'https://vault.work/',
+        'VAULT_TOKEN': 'test_vault_token',
+    },
+)
 def test_get_client_cache_hit(mock_hvac_client: mock.Mock,
                               hvac_client: mock.Mock):
     # Given