def test_get_secret_string_no_current(self):
response = {}
versions = {'01234567890123456789012345678901': ['NOTCURRENT']}
version_response = {'Name': 'test'}
cache = SecretCache(
client=self.get_client(response, versions, version_response))
self.assertIsNone(cache.get_secret_string('test'))
def test_get_secret_string_empty(self):
response = {}
versions = {'01234567890123456789012345678901': ['AWSCURRENT']}
version_response = {}
cache = SecretCache(
client=self.get_client(response, versions, version_response))
self.assertIsNone(cache.get_secret_string('test'))
def test_get_secret_string(self):
secret = 'mysecret'
response = {}
versions = {'01234567890123456789012345678901': ['AWSCURRENT']}
version_response = {'SecretString': secret}
cache = SecretCache(
client=self.get_client(response, versions, version_response))
for _ in range(10):
self.assertEqual(secret, cache.get_secret_string('test'))
def test_get_secret_binary(self):
secret = b'01010101'
response = {}
versions = {'01234567890123456789012345678901': ['AWSCURRENT']}
version_response = {'SecretBinary': secret}
cache = SecretCache(
client=self.get_client(response, versions, version_response))
for _ in range(10):
self.assertEqual(secret, cache.get_secret_binary('test'))
def test_get_secret_binary(self, client, secret_binary):
cache = SecretCache(client=client)
secret = client.get_secret_value(
SecretId=secret_binary['ARN'])['SecretBinary']
for _ in range(10):
assert cache.get_secret_binary("{0}{1}{2}".format(
TestAwsSecretsManagerCachingInteg.fixture_prefix,
inspect.stack()[0][3],
TestAwsSecretsManagerCachingInteg.uuid_suffix)) == secret
def test_get_secret_string_stage(self, client, secret_string_stage):
cache = SecretCache(client=client)
secret = client.get_secret_value(
SecretId=secret_string_stage['ARN'],
VersionStage='AWSPREVIOUS')['SecretString']
for _ in range(10):
assert cache.get_secret_string(
"{0}{1}{2}".format(
TestAwsSecretsManagerCachingInteg.fixture_prefix,
inspect.stack()[0][3],
TestAwsSecretsManagerCachingInteg.uuid_suffix),
'AWSPREVIOUS') == secret
def test_calls_hook_binary(self):
secret = b'01010101'
hooked_secret = secret + b'1111111100000000'
response = {}
versions = {
'01234567890123456789012345678901': ['AWSCURRENT']
}
version_response = {'SecretBinary': secret}
hook = DummySecretCacheHook()
config = SecretCacheConfig(secret_cache_hook=hook)
cache = SecretCache(config=config, client=self.get_client(response,
versions,
version_response))
for _ in range(10):
self.assertEqual(hooked_secret, cache.get_secret_binary('test')[0:24])
def test_get_secret_string_exception(self):
client = botocore.session.get_session().create_client(
'secretsmanager', region_name='us-west-2')
stubber = Stubber(client)
cache = SecretCache(client=client)
for _ in range(3):
stubber.add_client_error('describe_secret')
stubber.activate()
self.assertRaises(ClientError, cache.get_secret_binary, 'test')
def test_calls_hook_string(self):
secret = 'mysecret'
hooked_secret = secret + "+hook_put+hook_get"
response = {}
versions = {
'01234567890123456789012345678901': ['AWSCURRENT']
}
version_response = {'SecretString': secret}
hook = DummySecretCacheHook()
config = SecretCacheConfig(secret_cache_hook=hook)
cache = SecretCache(config=config, client=self.get_client(response,
versions,
version_response))
for _ in range(10):
fetched_secret = cache.get_secret_string('test')
self.assertTrue(fetched_secret.startswith(hooked_secret))
def test_get_secret_string_refresh(self, client, secret_string):
cache = SecretCache(
config=SecretCacheConfig(secret_refresh_interval=1), client=client)
secret = client.get_secret_value(
SecretId=secret_string['ARN'])['SecretString']
for _ in range(10):
assert cache.get_secret_string("{0}{1}{2}".format(
TestAwsSecretsManagerCachingInteg.fixture_prefix,
inspect.stack()[0][3],
TestAwsSecretsManagerCachingInteg.uuid_suffix)) == secret
client.put_secret_value(SecretId=secret_string['ARN'],
SecretString='test2',
VersionStages=['AWSCURRENT'])
time.sleep(2)
secret = client.get_secret_value(
SecretId=secret_string['ARN'])['SecretString']
for _ in range(10):
assert cache.get_secret_string("{0}{1}{2}".format(
TestAwsSecretsManagerCachingInteg.fixture_prefix,
inspect.stack()[0][3],
TestAwsSecretsManagerCachingInteg.uuid_suffix)) == secret
def test_string_with_additional_kwargs(self):
secret = 'not json'
response = {}
versions = {'01234567890123456789012345678901': ['AWSCURRENT']}
version_response = {'SecretString': secret}
cache = SecretCache(
client=self.get_client(response, versions, version_response))
@InjectSecretString('test', cache)
def function_to_be_decorated(arg1, arg2, arg3):
self.assertEqual(arg1, secret)
self.assertEqual(arg2, 'foo')
self.assertEqual(arg3, 'bar')
function_to_be_decorated(arg2='foo', arg3='bar')
def test_invalid_json(self):
secret = 'not json'
response = {}
versions = {'01234567890123456789012345678901': ['AWSCURRENT']}
version_response = {'SecretString': secret}
cache = SecretCache(
client=self.get_client(response, versions, version_response))
with self.assertRaises((RuntimeError, json.decoder.JSONDecodeError)):
@InjectKeywordedSecretString(secret_id='test',
cache=cache,
func_username='******',
func_passsword='password')
def function_to_be_decorated(func_username,
func_password,
keyworded_argument='foo'):
return
function_to_be_decorated()
def test_missing_key(self):
secret = {'username': '******'}
secret_string = json.dumps(secret)
response = {}
versions = {'01234567890123456789012345678901': ['AWSCURRENT']}
version_response = {'SecretString': secret_string}
cache = SecretCache(
client=self.get_client(response, versions, version_response))
with self.assertRaises((RuntimeError, ValueError)):
@InjectKeywordedSecretString(secret_id='test',
cache=cache,
func_username='******',
func_passsword='password')
def function_to_be_decorated(func_username,
func_password,
keyworded_argument='foo'):
return
function_to_be_decorated()
def test_valid_json_with_mixed_args(self):
secret = {'username': '******', 'password': '******'}
secret_string = json.dumps(secret)
response = {}
versions = {'01234567890123456789012345678901': ['AWSCURRENT']}
version_response = {'SecretString': secret_string}
cache = SecretCache(
client=self.get_client(response, versions, version_response))
@InjectKeywordedSecretString(secret_id='test',
cache=cache,
arg2='username',
arg3='password')
def function_to_be_decorated(arg1, arg2, arg3, arg4='bar'):
self.assertEqual(arg1, 'foo')
self.assertEqual(secret['username'], arg2)
self.assertEqual(secret['password'], arg3)
self.assertEqual(arg4, 'bar')
function_to_be_decorated('foo')
def test_valid_json_with_no_secret_kwarg(self):
secret = {'username': '******', 'password': '******'}
secret_string = json.dumps(secret)
response = {}
versions = {'01234567890123456789012345678901': ['AWSCURRENT']}
version_response = {'SecretString': secret_string}
cache = SecretCache(
client=self.get_client(response, versions, version_response))
@InjectKeywordedSecretString('test',
cache=cache,
func_username='******',
func_password='******')
def function_to_be_decorated(func_username,
func_password,
keyworded_argument='foo'):
self.assertEqual(secret['username'], func_username)
self.assertEqual(secret['password'], func_password)
self.assertEqual(keyworded_argument, 'foo')
function_to_be_decorated()
def test_get_secret_string_empty(self, client, secret_binary):
cache = SecretCache(client=client)
assert cache.get_secret_string("{0}{1}{2}".format(
TestAwsSecretsManagerCachingInteg.fixture_prefix,
inspect.stack()[0][3],
TestAwsSecretsManagerCachingInteg.uuid_suffix)) is None
def test_get_secret_string_multiple(self):
cache = SecretCache(client=self.get_client())
for _ in range(100):
self.assertIsNone(cache.get_secret_string('test'))
def test_get_secret_binary_no_versions(self):
cache = SecretCache(client=self.get_client())
self.assertIsNone(cache.get_secret_binary('test'))
def test_default_session(self):
try:
SecretCache()
except NoRegionError:
pass
def test_client_stub(self):
SecretCache(client=self.get_client())
def test_get_secret_string_no_versions(self):
response = {'Name': 'test'}
cache = SecretCache(client=self.get_client(response))
self.assertIsNone(cache.get_secret_string('test'))
def test_get_secret_string_none(self):
cache = SecretCache(client=self.get_client())
self.assertIsNone(cache.get_secret_string('test'))