def test_should_catch_service_account_invalid_abort_the_run(hvac):
    config = {
        "vault_addr": "http://someaddr.com",
        "vault_sa_role": "invalid",
        "vault_kv_version": "1",
    }

    fake_client = MagicMock()
    fake_client.auth_kubernetes.side_effect = InvalidRequest()
    hvac.Client.return_value = fake_client

    with pytest.raises(InvalidExperiment):
        create_vault_client(config)
def test_should_catch_approle_invalid_secret_id_abort_the_run(hvac):
    config = {
        "vault_addr": "http://someaddr.com",
        "vault_role_id": "mighty_id",
        "vault_role_secret": "expired",
    }

    fake_client = MagicMock()
    fake_client.auth_approle.side_effect = InvalidRequest()
    hvac.Client.return_value = fake_client

    with pytest.raises(InvalidExperiment):
        create_vault_client(config)
    assert vault_client.token == fake_auth_object["auth"]["client_token"]
    fake_client.auth_approle.assert_called_with(
        config["vault_role_id"], config["vault_role_secret"]
    )


@patch("chaoslib.secret.hvac")
def test_should_catch_approle_invalid_secret_id_abort_the_run(hvac):
    config = {
        "vault_addr": "http://someaddr.com",
        "vault_role_id": "mighty_id",
        "vault_role_secret": "expired",
    }

    fake_client = MagicMock()
    fake_client.auth_approle.side_effect = InvalidRequest()
    hvac.Client.return_value = fake_client

    with pytest.raises(InvalidExperiment):
        create_vault_client(config)


@patch("chaoslib.secret.hvac")
def test_should_auth_with_token(hvac):
    config = {
        "vault_addr": "http://someaddr.com",
        "vault_token": "not_awesome_token",
        "vault_kv_version": "1",
    }

    fake_client = MagicMock()