125 lines
2.8 KiB
Python
125 lines
2.8 KiB
Python
# -*- coding: utf-8 -*-
|
|
# type: ignore
|
|
from __future__ import annotations
|
|
|
|
import os
|
|
from unittest import mock
|
|
|
|
from keep_it_secret.ext import vault
|
|
|
|
|
|
@mock.patch.dict(
|
|
os.environ,
|
|
{
|
|
'VAULT_URL': 'https://vault.work/',
|
|
'VAULT_ROLE_ID': 'test_role_id',
|
|
'VAULT_SECRET_ID': 'test_secret_id',
|
|
},
|
|
)
|
|
def test_init():
|
|
# When
|
|
result = vault.AppRoleVaultSecrets()
|
|
|
|
# Then
|
|
assert result.client is None
|
|
|
|
|
|
@mock.patch.dict(
|
|
os.environ,
|
|
{
|
|
'VAULT_URL': 'https://vault.work/',
|
|
'VAULT_ROLE_ID': 'test_role_id',
|
|
'VAULT_SECRET_ID': 'test_secret_id',
|
|
'VAULT_CLIENT_CERT_PATH': '/tmp/vault_client_cert.pem',
|
|
'VAULT_CLIENT_KEY_PATH': '/tmp/vault_client_key.pem',
|
|
'VAULT_SERVER_CERT_PATH': '/tmp/vault_server_cert.pem',
|
|
},
|
|
)
|
|
def test_as_hvac_client_kwargs():
|
|
# Given
|
|
secrets = vault.AppRoleVaultSecrets()
|
|
|
|
# When
|
|
result = secrets.as_hvac_client_kwargs()
|
|
|
|
# Then
|
|
assert result == {
|
|
'url': 'https://vault.work/',
|
|
'cert': ('/tmp/vault_client_cert.pem', '/tmp/vault_client_key.pem'),
|
|
'verify': '/tmp/vault_server_cert.pem',
|
|
}
|
|
|
|
|
|
@mock.patch.dict(
|
|
os.environ,
|
|
{
|
|
'VAULT_URL': 'https://vault.work/',
|
|
'VAULT_ROLE_ID': 'test_role_id',
|
|
'VAULT_SECRET_ID': 'test_secret_id',
|
|
},
|
|
)
|
|
def test_as_hvac_client_kwargs_without_optional_fields():
|
|
# Given
|
|
secrets = vault.AppRoleVaultSecrets()
|
|
|
|
# When
|
|
result = secrets.as_hvac_client_kwargs()
|
|
|
|
# Then
|
|
assert result == {
|
|
'url': 'https://vault.work/',
|
|
}
|
|
|
|
|
|
@mock.patch.dict(
|
|
os.environ,
|
|
{
|
|
'VAULT_URL': 'https://vault.work/',
|
|
'VAULT_ROLE_ID': 'test_role_id',
|
|
'VAULT_SECRET_ID': 'test_secret_id',
|
|
},
|
|
)
|
|
def test_get_client_cache_miss(mock_hvac_client: mock.Mock,
|
|
hvac_client: mock.Mock):
|
|
# Given
|
|
mock_hvac_client.return_value = hvac_client
|
|
|
|
secrets = vault.AppRoleVaultSecrets()
|
|
|
|
# When
|
|
result = secrets.get_client()
|
|
|
|
# Then
|
|
assert result == hvac_client
|
|
|
|
assert secrets.client == hvac_client
|
|
|
|
mock_hvac_client.assert_called_once_with(**secrets.as_hvac_client_kwargs())
|
|
hvac_client.auth.approle.login.assert_called_once_with(
|
|
role_id='test_role_id',
|
|
secret_id='test_secret_id',
|
|
)
|
|
|
|
|
|
@mock.patch.dict(
|
|
os.environ,
|
|
{
|
|
'VAULT_URL': 'https://vault.work/',
|
|
'VAULT_ROLE_ID': 'test_role_id',
|
|
'VAULT_SECRET_ID': 'test_secret_id',
|
|
},
|
|
)
|
|
def test_get_client_cache_hit(mock_hvac_client: mock.Mock,
|
|
hvac_client: mock.Mock):
|
|
# Given
|
|
secrets = vault.AppRoleVaultSecrets()
|
|
secrets.client = hvac_client
|
|
|
|
# When
|
|
result = secrets.get_client()
|
|
|
|
# Then
|
|
assert result == hvac_client
|
|
|
|
mock_hvac_client.assert_not_called()
|