def setUp(self):
self.entry = BaseEntry(
title="test",
path="/",
icon="1",
password="******",
url="https://127.0.0.1/",
meta={"key": "value"},
username="******",
)
self.kdb = create_kdb()
def test_parse_notes(self):
notes = "test: 123"
parsed = BaseEntry.parse_notes(notes)
self.assertEqual(parsed, {"test": "123"})
notes = "test: 123\nSome data here\n"
parsed = BaseEntry.parse_notes(notes)
self.assertEqual(parsed, {"test": "123", "Some": "datahere", "": ""})
notes = ""
parsed = BaseEntry.parse_notes(notes)
self.assertEqual(parsed, {})
def test_read_secrets(self):
base_path = "test/recursive/read/"
group_entry = BaseGroup(
title="root_group",
icon="42",
path=f"{base_path}root_group",
)
secret_entry = BaseEntry(
title="test_entry",
password="******",
icon="1",
path=f"{base_path}root_group/test_entry",
url="",
meta={"foo": "bar"},
username="******",
)
self.processor.write_group(group=group_entry)
self.processor.write_secret(entry=secret_entry)
self.processor.read_secrets(path=f"/{base_path}", recursive=True)
self.assertEqual(self.processor.kdb_groups[group_entry.path],
group_entry)
self.assertEqual(self.processor.kdb_entries[group_entry.path][0],
secret_entry)
def test_json_dump(self):
entry = BaseEntry(
title="test",
password="******",
url="https://1.tld",
username="",
path="",
icon=None,
meta={},
)
json_payload = entry.dump_json(indent=3)
self.assertEqual(
json_payload,
'{\n "title": "test",\n "path": "",\n "password": "******",\n '
'"meta": {},\n "icon": null,\n "username": "",\n "url": "https://1.tld"\n}',
)
def test_build_vault(self):
base_path = "test/recursive/build/"
group_entry = BaseGroup(
title="root_group",
icon="42",
path=f"{base_path}root_group",
)
secret_entry = BaseEntry(
title="test_entry",
password="******",
icon="1",
path=f"{base_path}root_group/test_entry",
url="",
meta={"foo": "bar"},
username="******",
)
self.processor.kdb_entries[group_entry.path] = [
secret_entry,
]
self.processor.kdb_groups[group_entry.path] = group_entry
self.processor.build_vault()
# TODO DRY
resp = self.processor.vault.secrets.kv.v2.read_secret_version(
path=f"{group_entry.path}/{self.processor.group_meta_label}")
data = resp["data"]["data"]
expected_data = group_entry.as_dict()
expected_data.pop("path")
expected_data.pop("title")
self.assertEqual(
data,
expected_data,
)
resp = self.processor.vault.secrets.kv.v2.read_secret_version(
path=f"{group_entry.path}/{secret_entry.title}")
data = resp["data"]["data"]
expected_data = secret_entry.as_dict()
expected_data.pop("path")
expected_data.pop("title")
self.assertEqual(
data,
expected_data,
)
def test_write_secret(self):
entry = BaseEntry(
title="root secret",
password="******",
icon="1",
path="root_secret",
url="",
meta={"foo": "bar"},
username="******",
)
self._test_write_secret(entry)
entry.title = "root2"
self._test_write_secret(entry, "/foo/bar/baz/")
entry.title = "root3"
self._test_write_secret(entry, "/foo/bar/baz/")
entry.title = "root4"
self._test_write_secret(entry, "/foo/")
try:
self._test_write_secret(entry, "/foo/ ")
except InvalidPath:
pass
def test_read_secret(self):
entry = BaseEntry(
title="test_read",
password="******",
icon="1",
path="test_read",
url="",
meta={"foo": "bar"},
username="******",
)
self.processor.write_secret(entry)
self.processor.read_secret(f"/{entry.path}")
self.assertEqual(self.processor.kdb_entries[""][0], entry)
def _test_entry(
self,
entry_name,
icon,
expected_path,
parent_group=None,
group_name=None,
):
if group_name:
kdb_group = create_kdb_group(
self.kdb,
group_name=group_name,
icon=icon,
parent_group=parent_group or self.kdb.root_group,
)
elif parent_group:
kdb_group = parent_group
else:
kdb_group = self.kdb.root_group
entry_data = {
"title": entry_name,
"icon": icon,
"password": "******",
"url": "https://127.0.0.1/",
"username": "******",
"notes": "FOO: bar\n Baz Fuz",
}
kdb_entry = create_kdb_entry(self.kdb,
parent_group=kdb_group,
**entry_data)
base_entry = BaseEntry.from_kdb_entry(kdb_entry)
dict_entry = base_entry.as_dict()
self.assertEqual(
dict_entry,
{
"path": expected_path,
"title": entry_name,
"icon": icon,
"password": "******",
"url": "https://127.0.0.1/",
"username": "******",
"meta": {
"FOO": "bar",
"": "BazFuz"
},
},
)
return kdb_group, kdb_entry
def test_from_kdb_entry(self):
self._test_entry("test1", "1", "test1")
group, _ = self._test_entry("test2",
"1",
"foo/test2",
group_name="foo")
_, entry = self._test_entry("test3",
"1",
"foo/bar/test3",
parent_group=group,
group_name="bar")
base_entry = BaseEntry.from_kdb_entry(entry)
self.assertEqual(base_entry.group_path, "foo/bar")
def write_secret(self, entry: BaseEntry, base_path="/"):
data = entry.as_dict()
data.pop("title", None)
path = base_path + data.pop("path")
path = path.encode("utf-8").decode("utf-8", "ignore").strip()
try:
self.vault.secrets.kv.create_or_update_secret(
path=path,
secret=data,
)
except (vault_errors.InvalidRequest, vault_errors.InvalidPath) as err:
print("ERROR F**K ", err)
log_data = copy(data)
log_data["password"] = "******"
logger.exception(
f"Cant write secret '{err}', path: '{path}' data: '{log_data}''"
)
def test_load_entry(self):
kdb_entry = self.kdb.entries[0]
self.processor._load_entry_from_kdb(kdb_entry)
self.assertTrue("" in self.processor.kdb_entries)
self.assertEqual(len(self.processor.kdb_entries[""]), 1)
entry = self.processor.kdb_entries[""][0]
self.assertIsInstance(entry, BaseEntry)
self.assertEqual(
entry,
BaseEntry(
title="root_entry",
username="******",
meta={},
icon="1",
password="******",
url="https://127.0.0.1/",
path="root_entry",
),
)
def read_secret(self, path: str):
try:
resp_ = self.vault.secrets.kv.v2.read_secret_version(path=path)
logger.debug(f"Processing read secret {path}")
except vault_errors.Forbidden as err:
logger.debug(f"Failed to read secret {path} - {err}")
return
data = resp_.get("data", {}).get("data")
path_ = copy(path).lstrip("/")
g_path, title = path_.rsplit("/", 1) if "/" in path_ else ["", path_]
if title == self.__g_meta_label:
_, title = g_path.rsplit("/", 1) if "/" in g_path else ["", g_path]
group = BaseGroup(title=title, path=g_path, **data)
self.kdb_groups[g_path] = group
else:
try:
entry = BaseEntry(**data, path=path_, title=title)
self.kdb_entries.setdefault(g_path, []).append(
entry) # TODO make method move to mixin
except TypeError as err:
logger.info(
f"Secret configured improperly {err} {data} {path_} {title}"
)
def _load_entry_from_kdb(self, entry: Entry):
entry_ = BaseEntry.from_kdb_entry(entry)
self.kdb_entries.setdefault(entry_.group_path, []).append(entry_)
class TestBaseEntry(TestCase):
def setUp(self):
self.entry = BaseEntry(
title="test",
path="/",
icon="1",
password="******",
url="https://127.0.0.1/",
meta={"key": "value"},
username="******",
)
self.kdb = create_kdb()
def test_creation(self):
entry = self.entry
self.assertEqual(entry.path, "/")
self.assertEqual(entry.title, "test")
self.assertEqual(entry.icon, "1")
self.assertEqual(entry.password, "test123")
self.assertEqual(entry.url, "https://127.0.0.1/")
self.assertEqual(entry.username, "tester")
self.assertEqual(entry.meta, {"key": "value"})
def test_to_dict(self):
entry = self.entry.as_dict()
self.assertIsInstance(entry, dict)
self.assertEqual(
entry,
{
"path": "/",
"title": "test",
"icon": "1",
"password": "******",
"url": "https://127.0.0.1/",
"username": "******",
"meta": {
"key": "value"
},
},
)
def _test_entry(
self,
entry_name,
icon,
expected_path,
parent_group=None,
group_name=None,
):
if group_name:
kdb_group = create_kdb_group(
self.kdb,
group_name=group_name,
icon=icon,
parent_group=parent_group or self.kdb.root_group,
)
elif parent_group:
kdb_group = parent_group
else:
kdb_group = self.kdb.root_group
entry_data = {
"title": entry_name,
"icon": icon,
"password": "******",
"url": "https://127.0.0.1/",
"username": "******",
"notes": "FOO: bar\n Baz Fuz",
}
kdb_entry = create_kdb_entry(self.kdb,
parent_group=kdb_group,
**entry_data)
base_entry = BaseEntry.from_kdb_entry(kdb_entry)
dict_entry = base_entry.as_dict()
self.assertEqual(
dict_entry,
{
"path": expected_path,
"title": entry_name,
"icon": icon,
"password": "******",
"url": "https://127.0.0.1/",
"username": "******",
"meta": {
"FOO": "bar",
"": "BazFuz"
},
},
)
return kdb_group, kdb_entry
def test_from_kdb_entry(self):
self._test_entry("test1", "1", "test1")
group, _ = self._test_entry("test2",
"1",
"foo/test2",
group_name="foo")
_, entry = self._test_entry("test3",
"1",
"foo/bar/test3",
parent_group=group,
group_name="bar")
base_entry = BaseEntry.from_kdb_entry(entry)
self.assertEqual(base_entry.group_path, "foo/bar")
def test_json_dump(self):
entry = BaseEntry(
title="test",
password="******",
url="https://1.tld",
username="",
path="",
icon=None,
meta={},
)
json_payload = entry.dump_json(indent=3)
self.assertEqual(
json_payload,
'{\n "title": "test",\n "path": "",\n "password": "******",\n '
'"meta": {},\n "icon": null,\n "username": "",\n "url": "https://1.tld"\n}',
)
def test_parse_notes(self):
notes = "test: 123"
parsed = BaseEntry.parse_notes(notes)
self.assertEqual(parsed, {"test": "123"})
notes = "test: 123\nSome data here\n"
parsed = BaseEntry.parse_notes(notes)
self.assertEqual(parsed, {"test": "123", "Some": "datahere", "": ""})
notes = ""
parsed = BaseEntry.parse_notes(notes)
self.assertEqual(parsed, {})
def test_dump_notes(self):
meta = {"Foo": "Bar", "Baz": {"Nested": "Not Supported yet"}}
notes = BaseEntry.dump_notes(meta)
self.assertEqual(notes,
"Foo: Bar\nBaz: {'Nested': 'Not Supported yet'}")
def test_dump_notes(self):
meta = {"Foo": "Bar", "Baz": {"Nested": "Not Supported yet"}}
notes = BaseEntry.dump_notes(meta)
self.assertEqual(notes,
"Foo: Bar\nBaz: {'Nested': 'Not Supported yet'}")