def test_legacy_strongbox_secrets(self, deployment, app_spec):
config = mock.create_autospec(Configuration([]), spec_set=True)
config.strongbox_init_container_image = STRONGBOX_IMAGE
app_spec = app_spec._replace(
strongbox=StrongboxSpec(enabled=True,
iam_role="iam_role",
aws_region="eu-west-1",
groups=["group1", "group2"]))
generic_init_secrets = mock.create_autospec(GenericInitSecrets(config),
spec_set=True,
instance=True)
generic_init_secrets.supports.side_effect = lambda _type: _type == 'strongbox'
secrets = Secrets(
config,
mock.create_autospec(KubernetesSecrets(),
spec_set=True,
instance=True), generic_init_secrets)
expected_spec = SecretsSpec(
type="strongbox",
parameters={
"AWS_REGION": "eu-west-1",
"SECRET_GROUPS": "group1,group2"
},
annotations={"iam.amazonaws.com/role": "iam_role"})
secrets.apply(deployment, app_spec)
generic_init_secrets.apply.assert_called_once_with(
deployment, app_spec, expected_spec)
def test_app_spec_secrets(self, deployment, app_spec):
config = mock.create_autospec(Configuration([]), spec_set=True)
app_spec = app_spec._replace(secrets=APP_SPEC_SECRETS)
generic_init_secrets = mock.create_autospec(GenericInitSecrets(config),
spec_set=True,
instance=True)
secrets = Secrets(
config,
mock.create_autospec(KubernetesSecrets(),
spec_set=True,
instance=True), generic_init_secrets)
expected_spec = APP_SPEC_SECRETS[0]
secrets.apply(deployment, app_spec)
generic_init_secrets.apply.assert_called_once_with(
deployment, app_spec, expected_spec)
def test_default_secrets(self, deployment, app_spec):
config = mock.create_autospec(Configuration([]), spec_set=True)
config.secret_init_containers = {"default": DEFAULT_IMAGE}
generic_init_secrets = mock.create_autospec(GenericInitSecrets(config),
spec_set=True,
instance=True)
generic_init_secrets.supports.side_effect = lambda _type: _type == 'default'
secrets = Secrets(
config,
mock.create_autospec(KubernetesSecrets(),
spec_set=True,
instance=True), generic_init_secrets)
expected_spec = SecretsSpec(type="default",
parameters={},
annotations={})
secrets.apply(deployment, app_spec)
generic_init_secrets.apply.assert_called_once_with(
deployment, app_spec, expected_spec)
def secrets(self, config, kubernetes_secrets, generic_init_secrets,
strongbox_secrets):
return Secrets(config, kubernetes_secrets, generic_init_secrets,
strongbox_secrets)
def secrets(self, config):
return mock.create_autospec(Secrets(config, None, None, None),
spec_set=True,
instance=True)