Example #1
0
    def test_default_file_vault(self, mock_prompt_secret, mock_file_secret,
                                mock_config):
        mock_prompt_secret.return_value = MagicMock(bytes=b'prompt1_password',
                                                    vault_id='default')
        mock_file_secret.return_value = MagicMock(bytes=b'file1_password',
                                                  vault_id='default')
        mock_config.DEFAULT_VAULT_PASSWORD_FILE = '/dev/null/faux/vault_password_file'
        mock_config.DEFAULT_VAULT_IDENTITY = 'default'

        res = cli.CLI.setup_vault_secrets(loader=self.fake_loader,
                                          vault_ids=[],
                                          create_new_password=False,
                                          ask_vault_pass=False)

        self.assertIsInstance(res, list)
        matches = vault.match_secrets(res, ['default'])
        # --vault-password-file/DEFAULT_VAULT_PASSWORD_FILE is higher precendce than prompts
        # if the same vault-id ('default') regardless of cli order since it didn't matter in 2.3

        self.assertEqual(matches[0][1].bytes, b'file1_password')
        self.assertEqual(len(matches), 1)

        res = cli.CLI.setup_vault_secrets(loader=self.fake_loader,
                                          vault_ids=[],
                                          create_new_password=False,
                                          ask_vault_pass=True,
                                          auto_prompt=True)

        self.assertIsInstance(res, list)
        matches = vault.match_secrets(res, ['default'])
        self.assertEqual(matches[0][1].bytes, b'file1_password')
        self.assertEqual(matches[1][1].bytes, b'prompt1_password')
        self.assertEqual(len(matches), 2)
Example #2
0
    def test_default_file_vault_identity_list(self, mock_prompt_secret,
                                              mock_file_secret):
        default_vault_ids = [
            'some_prompt@prompt', 'some_file@/dev/null/secret'
        ]

        mock_prompt_secret.return_value = MagicMock(
            bytes=b'some_prompt_password', vault_id='some_prompt')

        filename = '/dev/null/secret'
        mock_file_secret.return_value = MagicMock(bytes=b'some_file_password',
                                                  vault_id='some_file',
                                                  filename=filename)

        vault_ids = default_vault_ids
        res = cli.CLI.setup_vault_secrets(loader=self.fake_loader,
                                          vault_ids=vault_ids,
                                          create_new_password=False,
                                          ask_vault_pass=True)

        self.assertIsInstance(res, list)
        matches = vault.match_secrets(res, ['some_file'])
        # --vault-password-file/DEFAULT_VAULT_PASSWORD_FILE is higher precendce than prompts
        # if the same vault-id ('default') regardless of cli order since it didn't matter in 2.3
        self.assertEqual(matches[0][1].bytes, b'some_file_password')
        matches = vault.match_secrets(res, ['some_prompt'])
        self.assertEqual(matches[0][1].bytes, b'some_prompt_password')
Example #3
0
 def _assert_ids(self, vault_id_names, res, password=b'prompt1_password'):
     self.assertIsInstance(res, list)
     len_ids = len(vault_id_names)
     matches = vault.match_secrets(res, vault_id_names)
     self.assertEqual(len(res), len_ids)
     self.assertEqual(len(matches), len_ids)
     for index, prompt in enumerate(vault_id_names):
         self.assertIn(prompt, [x[0] for x in matches])
         # simple mock, same password/prompt for each mock_prompt_secret
         self.assertEqual(matches[index][1].bytes, password)
Example #4
0
    def test_prompt_no_tty(self, mock_prompt_secret):
        self.mock_isatty.return_value = False
        mock_prompt_secret.return_value = MagicMock(bytes=b'prompt1_password',
                                                    vault_id='prompt1')
        res = cli.CLI.setup_vault_secrets(loader=self.fake_loader,
                                          vault_ids=['prompt1@prompt'],
                                          ask_vault_pass=True)

        self.assertIsInstance(res, list)
        self.assertEqual(len(res), 0)
        matches = vault.match_secrets(res, ['prompt1'])
        self.assertEquals(len(matches), 0)
Example #5
0
    def test_prompt_new_password_vault_id_prompt(self, mock_prompt_secret):
        mock_prompt_secret.return_value = MagicMock(bytes=b'prompt1_password',
                                                    vault_id='some_vault_id')

        res = cli.CLI.setup_vault_secrets(loader=self.fake_loader,
                                          vault_ids=['some_vault_id@prompt'],
                                          create_new_password=True,
                                          ask_vault_pass=False)

        self.assertIsInstance(res, list)
        match = vault.match_secrets(res, ['some_vault_id'])[0][1]
        self.assertEqual(match.bytes, b'prompt1_password')
Example #6
0
    def test_ansible_vault_encrypted_unicode(self):
        plaintext = 'This is a string we are going to encrypt.'
        avu = objects.AnsibleVaultEncryptedUnicode.from_plaintext(plaintext, vault=self.vault,
                                                                  secret=vault.match_secrets(self.vault_secrets, ['vault_secret'])[0][1])

        yaml_out = self._dump_string(avu, dumper=self.dumper)
        stream = self._build_stream(yaml_out)
        loader = self._loader(stream)

        data_from_yaml = loader.get_single_data()

        self.assertEqual(plaintext, data_from_yaml.data)
Example #7
0
    def test(self):
        plaintext = 'This is a string we are going to encrypt.'
        avu = objects.AnsibleVaultEncryptedUnicode.from_plaintext(plaintext, vault=self.vault,
                                                                  secret=vault.match_secrets(self.vault_secrets, ['vault_secret'])[0][1])

        yaml_out = self._dump_string(avu, dumper=self.dumper)
        stream = self._build_stream(yaml_out)
        loader = self._loader(stream)

        data_from_yaml = loader.get_single_data()

        self.assertEqual(plaintext, data_from_yaml.data)
Example #8
0
    def test_prompt(self, mock_prompt_secret):
        mock_prompt_secret.return_value = MagicMock(bytes=b'prompt1_password',
                                                    vault_id='prompt1')

        res = cli.CLI.setup_vault_secrets(loader=self.fake_loader,
                                          vault_ids=['prompt1@prompt'],
                                          ask_vault_pass=True)

        self.assertIsInstance(res, list)
        matches = vault.match_secrets(res, ['prompt1'])
        self.assertIn('prompt1', [x[0] for x in matches])
        match = matches[0][1]
        self.assertEqual(match.bytes, b'prompt1_password')
Example #9
0
    def test_multiple_matches(self):
        secrets = [('vault_id1', TextVaultSecret('password1')),
                   ('vault_id2', TextVaultSecret('password2')),
                   ('vault_id1', TextVaultSecret('password3')),
                   ('vault_id4', TextVaultSecret('password4'))]
        vault_ids = ['vault_id1', 'vault_id4']
        matches = vault.match_secrets(secrets, vault_ids)

        self.assertEqual(len(matches), 3)
        expected = [('vault_id1', TextVaultSecret('password1')),
                    ('vault_id1', TextVaultSecret('password3')),
                    ('vault_id4', TextVaultSecret('password4'))]
        self.assertEqual([x for x, y in matches], [a for a, b in expected])
Example #10
0
 def test_password_file(self, mock_file_secret):
     filename = '/dev/null/secret'
     mock_file_secret.return_value = MagicMock(bytes=b'file1_password',
                                               vault_id='file1',
                                               filename=filename)
     res = cli.CLI.setup_vault_secrets(
         loader=self.fake_loader,
         vault_ids=['secret1@%s' % filename, 'secret2'],
         vault_password_files=[filename])
     self.assertIsInstance(res, list)
     matches = vault.match_secrets(res, ['secret1'])
     self.assertIn('secret1', [x[0] for x in matches])
     match = matches[0][1]
     self.assertEqual(match.bytes, b'file1_password')
Example #11
0
    def test_multiple_matches(self):
        secrets = [('vault_id1', TextVaultSecret('password1')),
                   ('vault_id2', TextVaultSecret('password2')),
                   ('vault_id1', TextVaultSecret('password3')),
                   ('vault_id4', TextVaultSecret('password4'))]
        vault_ids = ['vault_id1', 'vault_id4']
        matches = vault.match_secrets(secrets, vault_ids)

        self.assertEqual(len(matches), 3)
        expected = [('vault_id1', TextVaultSecret('password1')),
                    ('vault_id1', TextVaultSecret('password3')),
                    ('vault_id4', TextVaultSecret('password4'))]
        self.assertEqual([x for x, y in matches],
                         [a for a, b in expected])
Example #12
0
    def test_prompt_no_tty(self, mock_prompt_secret):
        self.mock_isatty.return_value = False
        mock_prompt_secret.return_value = MagicMock(
            bytes=b'prompt1_password',
            vault_id='prompt1',
            name='bytes_should_be_prompt1_password',
            spec=vault.PromptVaultSecret)
        res = cli.CLI.setup_vault_secrets(loader=self.fake_loader,
                                          vault_ids=['prompt1@prompt'],
                                          ask_vault_pass=True,
                                          auto_prompt=False)

        self.assertIsInstance(res, list)
        self.assertEqual(len(res), 2)
        matches = vault.match_secrets(res, ['prompt1'])
        self.assertIn('prompt1', [x[0] for x in matches])
        self.assertEquals(len(matches), 1)
Example #13
0
    def test_prompt_no_tty_and_password_file(self, mock_prompt_secret,
                                             mock_file_secret):
        self.mock_isatty.return_value = False
        mock_prompt_secret.return_value = MagicMock(bytes=b'prompt1_password',
                                                    vault_id='prompt1')
        filename = '/dev/null/secret'
        mock_file_secret.return_value = MagicMock(bytes=b'file1_password',
                                                  vault_id='file1',
                                                  filename=filename)

        res = cli.CLI.setup_vault_secrets(
            loader=self.fake_loader,
            vault_ids=['prompt1@prompt', 'file1@/dev/null/secret'],
            ask_vault_pass=True)

        self.assertIsInstance(res, list)
        matches = vault.match_secrets(res, ['file1'])
        self.assertIn('file1', [x[0] for x in matches])
        self.assertNotIn('prompt1', [x[0] for x in matches])
        match = matches[0][1]
        self.assertEqual(match.bytes, b'file1_password')
Example #14
0
 def test_empty_secrets(self):
     matches = vault.match_secrets([], ['vault_id_1'])
     self.assertEqual(matches, [])
Example #15
0
 def test_empty_secrets(self):
     matches = vault.match_secrets([], ['vault_id_1'])
     self.assertEqual(matches, [])
Example #16
0
 def test_no_matches(self):
     secret = TextVaultSecret('password')
     matches = vault.match_secrets([('default', secret)], ['not_default'])
     self.assertEquals(matches, [])
Example #17
0
 def test_single_match(self):
     secret = TextVaultSecret('password')
     matches = vault.match_secrets([('default', secret)], ['default'])
     self.assertEquals(matches, [('default', secret)])
Example #18
0
 def test_no_matches(self):
     secret = TextVaultSecret('password')
     matches = vault.match_secrets([('default', secret)], ['not_default'])
     self.assertEquals(matches, [])
Example #19
0
 def test_single_match(self):
     secret = TextVaultSecret('password')
     matches = vault.match_secrets([('default', secret)], ['default'])
     self.assertEquals(matches, [('default', secret)])