Example #1
0
 def test_delete_of_existing_secret_deletes_secret(self):
     with ExistingAwsSecretTestFixture() as existing_secret:
         secret = AwsSecret(name=existing_secret.name)
         secret.delete()
         secret = self.secrets_mgr.describe_secret(
             SecretId=existing_secret.arn)
         self.assertIn('DeletedDate', secret)
Example #2
0
    def test_custom_secret_name(self):
        custom_named_secret = AwsSecret(
            name="dcp/bogo_component/{}/custom-secret-name".format(
                self.deployment_env))
        custom_named_secret.update('{"secret1":"custom"}')

        class BogoComponentCustomConfig(Config):
            def __init__(self, *args, **kwargs):
                # kwargs['secret_name'] = 'custom-secret-name'
                super(BogoComponentCustomConfig,
                      self).__init__('bogo_component',
                                     secret_name='custom-secret-name',
                                     **kwargs)

        config = BogoComponentCustomConfig(deployment=self.deployment_env,
                                           source='aws')
        self.assertEqual('custom', config.secret1)

        custom_named_secret.delete()
Example #3
0
 def test_delete_of_unknown_secret_raises_exception(self):
     secret = AwsSecret(name=self.UNKNOWN_SECRET)
     with self.assertRaises(RuntimeError):
         secret.delete()
Example #4
0
 def test_value_of_existing_deleted_secret_raises_exception(self):
     with ExistingAwsSecretTestFixture() as existing_secret:
         secret = AwsSecret(name=existing_secret.name)
         secret.delete()
         with self.assertRaisesRegex(RuntimeError, 'deleted'):
             x = secret.value  # noqa
Example #5
0
class TestConfig(unittest.TestCase):
    @classmethod
    def setUpClass(cls):
        # AwsSecret.debug_logging = True
        # To reduce eventual consistency issues, get everyone using the same Secrets Manager session
        cls.secrets_mgr = boto3.client("secretsmanager")
        cls.patcher = patch('dcplib.aws_secret.boto3.client')
        boto3_client = cls.patcher.start()
        boto3_client.return_value = cls.secrets_mgr

    @classmethod
    def tearDownClass(cls):
        AwsSecret.debug_logging = False
        cls.patcher.stop()

    def setUp(self):
        self.deployment_env = "bogo_env_{}".format(uuid.uuid4())
        self.aws_secret = AwsSecret(
            name="dcp/bogo_component/{}/secrets".format(self.deployment_env))
        self.aws_secret.update('{"secret1":"secret1_from_cloud"}')
        BogoComponentConfig.reset()

    def tearDown(self):
        self.aws_secret.delete()

    def test_from_file(self):
        with EnvironmentSetup(
            {'CONFIG_SOURCE': fixture_file_path('config.js')}):
            config = BogoComponentConfig(deployment=self.deployment_env)
            self.assertEqual('value_from_file', config.secret1)

    def test_from_aws(self):
        with EnvironmentSetup({'CONFIG_SOURCE': None}):
            config = BogoComponentConfig(deployment=self.deployment_env,
                                         source='aws')
            self.assertEqual('secret1_from_cloud', config.secret1)

    def test_custom_secret_name(self):
        custom_named_secret = AwsSecret(
            name="dcp/bogo_component/{}/custom-secret-name".format(
                self.deployment_env))
        custom_named_secret.update('{"secret1":"custom"}')

        class BogoComponentCustomConfig(Config):
            def __init__(self, *args, **kwargs):
                # kwargs['secret_name'] = 'custom-secret-name'
                super(BogoComponentCustomConfig,
                      self).__init__('bogo_component',
                                     secret_name='custom-secret-name',
                                     **kwargs)

        config = BogoComponentCustomConfig(deployment=self.deployment_env,
                                           source='aws')
        self.assertEqual('custom', config.secret1)

        custom_named_secret.delete()

    @patch('dcplib.config.AwsSecret')
    def test_singletonness(self, mock_AwsSecret):
        value_mock = PropertyMock(return_value='{"secret2": "foo"}')
        type(mock_AwsSecret()).value = value_mock

        config1 = BogoComponentConfig(deployment=self.deployment_env,
                                      source='aws')
        self.assertEqual('foo', config1.secret2)

        config2 = BogoComponentConfig(deployment=self.deployment_env,
                                      source='aws')
        self.assertEqual('foo', config2.secret2)

        value_mock.assert_called_once()

    # TRUTH TABLE
    # ITEM IS IN CONFIG | ITEM IS IN ENV | use_env IS SET | RESULT
    #        no         |       no       |       no       | exception
    #        no         |       no       |       yes      | exception
    #        no         |       yes      |       no       | exception
    #        no         |       yes      |       yes      | return env value
    #        yes        |       no       |       no       | return config value
    #        yes        |       no       |       yes      | return config value
    #        yes        |       yes      |       no       | return config value
    #        yes        |       yes      |       no       | return config value
    #        yes        |       yes      |       yes      | return env value

    def test_when_item_is_not_in_config_not_in_env_we_raise(self):
        with EnvironmentSetup({
                'CONFIG_SOURCE': None,
        }):
            with self.assertRaises(RuntimeError):
                config = BogoComponentConfig(deployment=self.deployment_env)
                print(config.secret_that_we_never_put_into_config)

    def test_when_item_is_not_in_config_but_is_in_env_and_use_env_is_not_set_we_raise(
            self):
        self.aws_secret.update('{}')
        with EnvironmentSetup({
                'CONFIG_SOURCE': None,
                'SECRET1': 'secret1_from_env'
        }):
            with self.assertRaises(RuntimeError):
                config = BogoComponentConfig(deployment=self.deployment_env)
                print(config.secret1)

    def test_when_item_is_not_in_config_but_is_in_env_and_use_env_is_set_we_use_env(
            self):
        self.aws_secret.update('{}')
        BogoComponentConfig.use_env = True
        with EnvironmentSetup({
                'CONFIG_SOURCE': None,
                'SECRET1': 'secret1_from_env'
        }):
            config = BogoComponentConfig(deployment=self.deployment_env)
            self.assertEqual('secret1_from_env', config.secret1)

    @unittest.skip("flaky test")
    def test_when_item_is_in_config_but_not_in_env_and_use_env_is_not_set_we_use_config(
            self):
        with EnvironmentSetup({
                'CONFIG_SOURCE': None,
        }):
            config = BogoComponentConfig(deployment=self.deployment_env)
            self.assertEqual('secret1_from_cloud', config.secret1)

    def test_when_item_is_in_config_but_not_in_env_and_use_env_is_set_we_use_config(
            self):
        BogoComponentConfig.use_env = True
        with EnvironmentSetup({
                'CONFIG_SOURCE': None,
                'SECRET1': 'secret1_from_env'
        }):
            config = BogoComponentConfig(deployment=self.deployment_env)
            self.assertEqual('secret1_from_env', config.secret1)

    def test_when_item_is_in_config_and_is_in_env_and_use_env_is_set_we_use_env(
            self):
        BogoComponentConfig.use_env = True
        with EnvironmentSetup({
                'CONFIG_SOURCE': None,
                'SECRET1': 'secret1_from_env'
        }):
            config = BogoComponentConfig(deployment=self.deployment_env)
            self.assertEqual('secret1_from_env', config.secret1)