def test_sync_all_secrets(mock: Mock, secrets_manager: SecretsManager):
secrets_manager.config.include_repositories = [
"testghuser/test-repo-1",
"testghuser/test-repo-2",
]
secrets_manager.config.global_secrets.secrets = []
local_secret = Secret(name="temp", value="val")
secrets_manager.add_secret(local_secret.name, local_secret.value, "testghuser/test-repo-1")
global_secret = Secret(name='temp2', value='val2')
secrets_manager.add_secret(global_secret.name, global_secret.value)
FROZEN.tick()
secrets_manager.sync_secrets()
mock.assert_any_call(
local_secret, "testghuser/test-repo-1", secrets_manager.config.github_token
)
mock.assert_any_call(
global_secret, "testghuser/test-repo-1", secrets_manager.config.github_token
)
mock.assert_any_call(
global_secret, "testghuser/test-repo-2", secrets_manager.config.github_token
)
assert mock.call_count == 3
expect_local_sync_record = SyncRecord(secret_name="temp")
expect_global_sync_record = SyncRecord(secret_name="temp2")
assert sorted(secrets_manager.config.repository_secrets_last_synced[
"testghuser/test-repo-1"
], key=lambda rec: rec.secret_name) == [expect_local_sync_record, expect_global_sync_record]
assert secrets_manager.config.repository_secrets_last_synced[
"testghuser/test-repo-2"
] == [expect_global_sync_record]
FROZEN.move_to(TEST_TIME)
def test_update_repository_secret(secrets_manager: SecretsManager):
expect_secret = Secret(name="c", value="d")
FROZEN.tick()
expect_secret.update('e')
assert not secrets_manager.add_secret('c', 'e', 'this/that')
assert secrets_manager.config.repository_secrets.secrets['this/that'][0] == expect_secret
FROZEN.move_to(TEST_TIME)
def test_update_global_secret(secrets_manager: SecretsManager):
expect_secret = Secret(name="a", value="b")
FROZEN.tick()
expect_secret.update('c')
assert not secrets_manager.add_secret('a', 'c')
assert secrets_manager.config.global_secrets.secrets[-1] == expect_secret
FROZEN.move_to(TEST_TIME)
def test_local_secret_already_synced(mock: Mock, secrets_manager: SecretsManager):
secrets_manager.config.include_repositories = [
"testghuser/test-repo-1",
"testghuser/test-repo-2",
]
secret = Secret(name="temp", value="val")
secrets_manager.add_secret(secret.name, secret.value, "testghuser/test-repo-1")
FROZEN.tick()
sync_record = SyncRecord(secret_name="temp")
secrets_manager.config.repository_secrets_last_synced["testghuser/test-repo-1"] = [
sync_record
]
FROZEN.tick()
secrets_manager.sync_secret("temp")
mock.assert_not_called()
FROZEN.move_to(TEST_TIME)
def add_secret(self,
name: str,
value: HasStr,
repository: Optional[str] = None) -> bool:
secret = Secret(name=name, value=str(value))
if repository is not None:
created = self.config.repository_secrets.add_secret(
secret, repository)
created_str = sty.created() if created else sty.updated()
print(
f"{created_str} secret {sty.name_style(name)} for repository {sty.name_style(repository)}"
)
else:
created = self.config.global_secrets.add_secret(secret)
created_str = sty.created() if created else sty.updated()
print(
f"{created_str} {sty.global_()} secret {sty.name_style(name)}")
return created
def test_sync_local_secret(mock: Mock, secrets_manager: SecretsManager):
secrets_manager.config.include_repositories = [
"testghuser/test-repo-1",
"testghuser/test-repo-2",
]
secret = Secret(name="temp", value="val")
secrets_manager.add_secret(secret.name, secret.value, "testghuser/test-repo-1")
FROZEN.tick()
secrets_manager.sync_secret("temp")
mock.assert_any_call(
secret, "testghuser/test-repo-1", secrets_manager.config.github_token
)
assert mock.call_count == 1
expect_sync_record = SyncRecord(secret_name="temp")
assert secrets_manager.config.repository_secrets_last_synced[
"testghuser/test-repo-1"
] == [expect_sync_record]
assert (
"testghuser/test-repo-2"
not in secrets_manager.config.repository_secrets_last_synced
)
FROZEN.move_to(TEST_TIME)
def test_update_secret():
name = "testghuser/test-repo-1"
secret = Secret(name='TEST_UPDATE_SECRET', value='abc')
assert not git.update_secret(secret, name, GH_TOKEN)
def test_remove_repository_secret(secrets_manager: SecretsManager):
secrets_manager.remove_secret("c", "this/that")
assert secrets_manager.config.repository_secrets.secrets["this/that"] == [
Secret(name="e", value="f")
]
def test_add_repository_secret(secrets_manager: SecretsManager):
assert secrets_manager.add_secret("woo", "baby", "my/repo")
assert secrets_manager.config.repository_secrets.secrets["my/repo"] == [
Secret(name="woo", value="baby")
]
def test_add_global_secret(secrets_manager: SecretsManager):
assert secrets_manager.add_secret("woo", "baby")
assert secrets_manager.config.global_secrets.secrets[-1] == Secret(
name="woo", value="baby"
)