def test_destroy_secret_id(self, test_label, mount_point, requests_mocker):
expected_status_code = 204
role_name = 'testrole'
secret_id = 'custom_secret'
mock_url = 'http://localhost:8200/v1/auth/{mount_point}/role/{role_name}/secret-id/destroy'.format(
mount_point=mount_point,
role_name=role_name
)
requests_mocker.register_uri(
method='POST',
url=mock_url,
status_code=expected_status_code,
)
app_role = AppRole(adapter=JSONAdapter())
response = app_role.destroy_secret_id(
role_name=role_name,
secret_id=secret_id,
mount_point=mount_point
)
self.assertEqual(
first=expected_status_code,
second=response.status_code
)
def test_list_roles(self, test_label, mount_point, requests_mocker):
expected_status_code = 200
mock_response = {
'auth': None,
'data': {
'keys': [
'testrole'
]
},
'lease_duration': 0,
'lease_id': '',
'renewable': False,
'request_id': '860a11a8-b835-cbab-7fce-de4edc4cf533',
'warnings': None,
'wrap_info': None
}
mock_url = 'http://localhost:8200/v1/auth/{mount_point}/role'.format(
mount_point=mount_point
)
requests_mocker.register_uri(
method='LIST',
url=mock_url,
status_code=expected_status_code,
json=mock_response,
)
app_role = AppRole(adapter=JSONAdapter())
response = app_role.list_roles(
mount_point=mount_point
)
self.assertEqual(
first=mock_response,
second=response
)
def test_destroy_secret_id_accessor(self, test_label, mount_point, requests_mocker):
expected_status_code = 204
role_name = 'testrole'
secret_id_accessor = '84896a0c-1347-aa90-a4f6-aca8b7558780'
mock_url = 'http://localhost:8200/v1/auth/{mount_point}/role/{role_name}/secret-id-accessor/destroy'.format(
mount_point=mount_point,
role_name=role_name
)
requests_mocker.register_uri(
method='POST',
url=mock_url,
status_code=expected_status_code,
)
app_role = AppRole(adapter=JSONAdapter())
response = app_role.destroy_secret_id_accessor(
role_name=role_name,
secret_id_accessor=secret_id_accessor,
mount_point=mount_point
)
self.assertEqual(
first=expected_status_code,
second=response.status_code
)
def test_create_custom_secret_id(self, test_label, mount_point, raises, requests_mocker):
expected_status_code = 200
role_name = 'testrole'
secret_id = 'custom_secret'
mock_response = {
'auth': None,
'data': {
'secret_id': secret_id,
'secret_id_accessor': '84896a0c-1347-aa90-a4f6-aca8b7558780'
},
'lease_duration': 0,
'lease_id': '',
'renewable': False,
'request_id': '860a11a8-b835-cbab-7fce-de4edc4cf533',
'warnings': None,
'wrap_info': None
}
mock_url = 'http://localhost:8200/v1/auth/{mount_point}/role/{role_name}/custom-secret-id'.format(
mount_point=mount_point,
role_name=role_name
)
requests_mocker.register_uri(
method='POST',
url=mock_url,
status_code=expected_status_code,
json=mock_response,
)
app_role = AppRole(adapter=JSONAdapter())
if raises is not None:
with self.assertRaises(raises) as cm:
app_role.create_custom_secret_id(
role_name=role_name,
secret_id=secret_id,
cidr_list=['127.0.0.1/32'],
metadata="metadata string",
mount_point=mount_point
)
self.assertIn(
member='unsupported metadata argument',
container=str(cm.exception)
)
else:
response = app_role.create_custom_secret_id(
role_name=role_name,
secret_id=secret_id,
cidr_list=['127.0.0.1/32'],
mount_point=mount_point
)
self.assertEqual(
first=mock_response,
second=response
)
def test_read_role(self, test_label, mount_point, requests_mocker):
expected_status_code = 200
role_name = 'testrole'
mock_response = {
'auth': None,
'data': {
'bind_secret_id': True,
'local_secret_ids': False,
'secret_id_bound_cidrs': None,
'secret_id_num_uses': 0,
'secret_id_ttl': 0,
'token_bound_cidrs': None,
'token_explicit_max_ttl': 0,
'token_max_ttl': 0,
'token_no_default_poolicy': False,
'token_num_uses': 0,
'token_period': 14400,
'token_policies': None,
'token_ttl': 0,
'token_type': "default"
},
'lease_duration': 0,
'lease_id': '',
'renewable': False,
'request_id': '860a11a8-b835-cbab-7fce-de4edc4cf533',
'warnings': None,
'wrap_info': None
}
mock_url = 'http://localhost:8200/v1/auth/{mount_point}/role/{role_name}'.format(
mount_point=mount_point,
role_name=role_name
)
requests_mocker.register_uri(
method='GET',
url=mock_url,
status_code=expected_status_code,
json=mock_response,
)
app_role = AppRole(adapter=JSONAdapter())
response = app_role.read_role(
role_name="testrole",
mount_point=mount_point
)
self.assertEqual(
first=mock_response,
second=response
)
def test_login(self, test_label, mount_point, requests_mocker):
expected_status_code = 200
role_id = 'test_role_id'
secret_id = 'custom_secret'
mock_response = {
'data': None,
'auth': {
'renewable': True,
'lease_duration': 1200,
'metadata': None,
'token_policies': ['default'],
'accessor': 'fd6c9a00-d2dc-3b11-0be5-af7ae0e1d374',
'client_token': '5b1a0318-679c-9c45-e5c6-d1b9a9035d49'
},
'lease_duration': 0,
'lease_id': '',
'renewable': False,
'request_id': '860a11a8-b835-cbab-7fce-de4edc4cf533',
'warnings': None,
'wrap_info': None
}
mock_url = 'http://localhost:8200/v1/auth/{mount_point}/login'.format(
mount_point=mount_point,
)
requests_mocker.register_uri(
method='POST',
url=mock_url,
status_code=expected_status_code,
json=mock_response,
)
app_role = AppRole(adapter=JSONAdapter())
response = app_role.login(
role_id=role_id,
secret_id=secret_id,
mount_point=mount_point
)
self.assertEqual(
first=mock_response,
second=response
)
def test_list_secret_id_accessors(self, test_label, mount_point, requests_mocker):
expected_status_code = 200
role_name = 'testrole'
mock_response = {
'auth': None,
'data': {
'keys': [
'ce102d2a-8253-c437-bf9a-aceed4241491',
'a1c8dee4-b869-e68d-3520-2040c1a0849a',
'be83b7e2-044c-7244-07e1-47560ca1c787',
'84896a0c-1347-aa90-a4f6-aca8b7558780',
'239b1328-6523-15e7-403a-a48038cdc45a'
]
},
'lease_duration': 0,
'lease_id': '',
'renewable': False,
'request_id': '860a11a8-b835-cbab-7fce-de4edc4cf533',
'warnings': None,
'wrap_info': None
}
mock_url = 'http://localhost:8200/v1/auth/{mount_point}/role/{role_name}/secret-id'.format(
mount_point=mount_point,
role_name=role_name
)
requests_mocker.register_uri(
method='LIST',
url=mock_url,
status_code=expected_status_code,
json=mock_response,
)
app_role = AppRole(adapter=JSONAdapter())
response = app_role.list_secret_id_accessors(
role_name=role_name,
mount_point=mount_point
)
self.assertEqual(
first=mock_response,
second=response
)
def test_read_secret_id_accessor(self, test_label, mount_point, requests_mocker):
expected_status_code = 200
role_name = 'testrole'
secret_id = 'custom_secret'
secret_id_accessor = '84896a0c-1347-aa90-a4f6-aca8b7558780'
mock_response = {
'auth': None,
'data': {
'secret_id': secret_id,
'secret_id_accessor': '84896a0c-1347-aa90-a4f6-aca8b7558780'
},
'lease_duration': 0,
'lease_id': '',
'renewable': False,
'request_id': '860a11a8-b835-cbab-7fce-de4edc4cf533',
'warnings': None,
'wrap_info': None
}
mock_url = 'http://localhost:8200/v1/auth/{mount_point}/role/{role_name}/secret-id-accessor/lookup'.format(
mount_point=mount_point,
role_name=role_name
)
requests_mocker.register_uri(
method='POST',
url=mock_url,
status_code=expected_status_code,
json=mock_response,
)
app_role = AppRole(adapter=JSONAdapter())
response = app_role.read_secret_id_accessor(
role_name=role_name,
secret_id_accessor=secret_id_accessor,
mount_point=mount_point
)
self.assertEqual(
first=mock_response,
second=response
)
def test_create_or_update_approle(self, test_label, mount_point, token_type, raises, requests_mocker):
expected_status_code = 204
role_name = 'testrole'
mock_url = 'http://localhost:8200/v1/auth/{mount_point}/role/{role_name}'.format(
mount_point=mount_point,
role_name=role_name
)
requests_mocker.register_uri(
method='POST',
url=mock_url,
status_code=expected_status_code,
)
app_role = AppRole(adapter=JSONAdapter())
if raises is not None:
with self.assertRaises(raises) as cm:
app_role.create_or_update_approle(
role_name=role_name,
token_policies=['default'],
token_type=token_type,
mount_point=mount_point
)
self.assertIn(
member='unsupported token_type',
container=str(cm.exception)
)
else:
response = app_role.create_or_update_approle(
role_name=role_name,
token_policies=['default'],
mount_point=mount_point
)
self.assertEqual(
first=expected_status_code,
second=response.status_code
)
def test_read_role_id(self, test_label, mount_point, requests_mocker):
expected_status_code = 200
role_name = 'testrole'
mock_response = {
'auth': None,
'data': {
'role_id': 'e5a7b66e-5d08-da9c-7075-71984634b882'
},
'lease_duration': 0,
'lease_id': '',
'renewable': False,
'request_id': '860a11a8-b835-cbab-7fce-de4edc4cf533',
'warnings': None,
'wrap_info': None
}
mock_url = 'http://localhost:8200/v1/auth/{mount_point}/role/{role_name}/role-id'.format(
mount_point=mount_point,
role_name=role_name
)
requests_mocker.register_uri(
method='GET',
url=mock_url,
status_code=expected_status_code,
json=mock_response,
)
app_role = AppRole(adapter=JSONAdapter())
response = app_role.read_role_id(
role_name=role_name,
mount_point=mount_point
)
self.assertEqual(
first=mock_response,
second=response
)
def test_delete_role(self, test_label, mount_point, requests_mocker):
expected_status_code = 204
role_name = 'testrole'
mock_url = 'http://localhost:8200/v1/auth/{mount_point}/role/{role_name}'.format(
mount_point=mount_point,
role_name=role_name
)
requests_mocker.register_uri(
method='DELETE',
url=mock_url,
status_code=expected_status_code,
)
app_role = AppRole(adapter=JSONAdapter())
response = app_role.delete_role(
role_name=role_name,
mount_point=mount_point
)
self.assertEqual(
first=expected_status_code,
second=response.status_code
)