def test_oneof_valid(self): parser = config.OneOf(ONE=1, TWO=2, THREE=3) self.assertEqual(parser("ONE"), 1) self.assertEqual(parser("TWO"), 2) self.assertEqual(parser("THREE"), 3)
def test_oneof_invalid(self): parser = config.OneOf(ONE=1, TWO=2, THREE=3) with self.assertRaises(ValueError): parser("") with self.assertRaises(ValueError): parser("FOUR")
def main(): arg_parser = argparse.ArgumentParser() arg_parser.add_argument("config_file", type=argparse.FileType("r"), help="path to a configuration file") arg_parser.add_argument("--debug", default=False, action="store_true", help="enable debug logging") arg_parser.add_argument( "--once", default=False, action="store_true", help="only run the fetcher once rather than as a daemon", ) args = arg_parser.parse_args() if args.debug: level = logging.DEBUG else: level = logging.INFO logging.basicConfig(format="%(asctime)s:%(levelname)s:%(message)s", level=level) parser = configparser.RawConfigParser() parser.readfp(args.config_file) # pylint: disable=deprecated-method fetcher_config = dict(parser.items("secret-fetcher")) cfg = config.parse_config( fetcher_config, { "vault": { "url": config.String, "role": config.String, "auth_type": config.Optional( config.OneOf(**VaultClientFactory.auth_types()), default=VaultClientFactory.auth_types()["aws"], ), "mount_point": config.Optional(config.String, default="aws-ec2"), }, "output": { "path": config.Optional(config.String, default="/var/local/secrets.json"), "owner": config.Optional(config.UnixUser, default=0), "group": config.Optional(config.UnixGroup, default=0), "mode": config.Optional(config.Integer(base=8), default=0o400), }, "secrets": config.Optional(config.TupleOf(config.String), default=[]), }, ) # pylint: disable=maybe-no-member client_factory = VaultClientFactory(cfg.vault.url, cfg.vault.role, cfg.vault.auth_type, cfg.vault.mount_point) if args.once: logger.info("Running secret fetcher once") fetch_secrets(cfg, client_factory) else: logger.info("Running secret fetcher as a daemon") while True: soonest_expiration = fetch_secrets(cfg, client_factory) time_til_expiration = soonest_expiration - datetime.datetime.utcnow( ) time_to_sleep = time_til_expiration - VAULT_TOKEN_PREFETCH_TIME time.sleep(max(int(time_to_sleep.total_seconds()), 1))