def test_oneof_invalid(self):
parser = config.OneOf(ONE=1, TWO=2, THREE=3)
with self.assertRaises(ValueError):
parser("")
with self.assertRaises(ValueError):
parser("FOUR")
def main() -> None:
arg_parser = argparse.ArgumentParser()
arg_parser.add_argument(
"config_file", type=argparse.FileType("r"), help="path to a configuration file"
)
arg_parser.add_argument(
"--debug", default=False, action="store_true", help="enable debug logging"
)
arg_parser.add_argument(
"--once",
default=False,
action="store_true",
help="only run the fetcher once rather than as a daemon",
)
args = arg_parser.parse_args()
if args.debug:
level = logging.DEBUG
else:
level = logging.INFO
logging.basicConfig(format="%(asctime)s:%(levelname)s:%(message)s", level=level)
parser = configparser.RawConfigParser(interpolation=EnvironmentInterpolation())
parser.read_file(args.config_file)
fetcher_config = dict(parser.items("secret-fetcher"))
cfg = config.parse_config(
fetcher_config,
{
"vault": {
"url": config.DefaultFromEnv(config.String, "BASEPLATE_DEFAULT_VAULT_URL"),
"role": config.String,
"auth_type": config.Optional(
config.OneOf(**VaultClientFactory.auth_types()),
default=VaultClientFactory.auth_types()["aws"],
),
"mount_point": config.DefaultFromEnv(
config.String, "BASEPLATE_VAULT_MOUNT_POINT", fallback="aws-ec2"
),
},
"output": {
"path": config.Optional(config.String, default="/var/local/secrets.json"),
"owner": config.Optional(config.UnixUser, default=0),
"group": config.Optional(config.UnixGroup, default=0),
"mode": config.Optional(config.Integer(base=8), default=0o400), # type: ignore
},
"secrets": config.Optional(config.TupleOf(config.String), default=[]),
"callback": config.Optional(config.String),
},
)
# pylint: disable=maybe-no-member
client_factory = VaultClientFactory(
cfg.vault.url, cfg.vault.role, cfg.vault.auth_type, cfg.vault.mount_point
)
if args.once:
logger.info("Running secret fetcher once")
fetch_secrets(cfg, client_factory)
trigger_callback(cfg.callback, cfg.output.path)
else:
logger.info("Running secret fetcher as a daemon")
last_proc = None
while True:
soonest_expiration = fetch_secrets(cfg, client_factory)
last_proc = trigger_callback(cfg.callback, cfg.output.path, last_proc)
time_til_expiration = soonest_expiration - datetime.datetime.utcnow()
time_to_sleep = time_til_expiration - VAULT_TOKEN_PREFETCH_TIME
time.sleep(max(int(time_to_sleep.total_seconds()), 1))
def test_oneof_valid(self):
parser = config.OneOf(ONE=1, TWO=2, THREE=3)
self.assertEqual(parser("ONE"), 1)
self.assertEqual(parser("TWO"), 2)
self.assertEqual(parser("THREE"), 3)