def test_create_role(self, test_label, mount_point, role_name, bound_service_account_names, bound_service_account_namespaces, requests_mocker): expected_status_code = 204 mock_url = 'http://localhost:8200/v1/auth/{0}/role/{1}'.format( 'kubernetes' if mount_point is None else mount_point, role_name, ) requests_mocker.register_uri( method='POST', url=mock_url, status_code=expected_status_code, ) client = Client() test_arguments = dict( name=role_name, bound_service_account_names=bound_service_account_names, bound_service_account_namespaces=bound_service_account_namespaces, ) if mount_point: test_arguments['mount_point'] = mount_point actual_response = client.create_kubernetes_role(**test_arguments) self.assertEquals( first=expected_status_code, second=actual_response.status_code, )
def test_create_role(self, test_label, mount_point, role_name, bound_service_account_names, bound_service_account_namespaces, requests_mocker): expected_status_code = 204 mock_url = 'http://localhost:8200/v1/auth/{0}/role/{1}'.format( 'kubernetes' if mount_point is None else mount_point, role_name, ) requests_mocker.register_uri( method='POST', url=mock_url, status_code=expected_status_code, ) client = Client() test_arguments = dict( name=role_name, bound_service_account_names=bound_service_account_names, bound_service_account_namespaces=bound_service_account_namespaces, ) if mount_point: test_arguments['mount_point'] = mount_point actual_response = client.create_kubernetes_role(**test_arguments) self.assertEquals( first=expected_status_code, second=actual_response.status_code, )
admin_policy_name = f"{project_prefix}-admin" vault_client.sys.create_or_update_policy( name=admin_policy_name, policy=admin_policy, ) # Create vault-app role with read-only policy vault_app_sa = k8s_client.read_namespaced_service_account( 'vault-app', 'platform') vault_app_sa_secret = k8s_client.read_namespaced_secret( vault_app_sa.secrets[0].name, "platform").data vault_app_sa_token = base64.b64decode(vault_app_sa_secret['token']).decode() vault_client.create_kubernetes_role( "vault-kubernetes", [vault_app_sa.metadata.name, "external-secrets"], ['platform'], mount_point="kubernetes", policies=[read_only_policy_name]) vault_client.sys.enable_secrets_engine(backend_type='kv', path=main_secret_path, options={'version': 2}) def gen_secret(length: int = 64): return secrets.token_urlsafe(length) # Feed init secrets secrets_list = { 'ak_admin_token': gen_secret(),