class HashiVaultAuthMethodFake(HashiVaultAuthMethodBase):
NAME = 'fake'
OPTIONS = []
def __init__(self, option_adapter, warning_callback):
super(HashiVaultAuthMethodFake, self).__init__(option_adapter,
warning_callback)
validate = mock.MagicMock()
authenticate = mock.MagicMock()
def test_vault_token_create_passthru_options(
self, vault_token_create_lookup, mock_authenticator, minimal_vars,
pass_thru_options, token_create_response):
client = mock.MagicMock()
client.auth.token.create.return_value = token_create_response
with mock.patch.object(vault_token_create_lookup,
'authenticator',
new=mock_authenticator):
with mock.patch.object(vault_token_create_lookup.helper,
'get_vault_client',
return_value=client):
result = vault_token_create_lookup.run(terms=[],
variables=minimal_vars,
**pass_thru_options)
client.create_token.assert_not_called()
client.auth.token.create.assert_called_once()
assert result[0] == token_create_response, (
"lookup result did not match expected result:\nlookup: %r\nexpected: %r"
% (result, token_create_response))
if sys.version_info < (3, 8):
# TODO: remove when python < 3.8 is dropped
assert pass_thru_options.items(
) <= client.auth.token.create.call_args[1].items()
else:
assert pass_thru_options.items(
) <= client.auth.token.create.call_args.kwargs.items()
def boto_mocks(aws_access_key, aws_secret_key, aws_session_token):
class botocore_profile_not_found(Exception):
pass
credentials = mock.MagicMock(access_key=aws_access_key,
secret_key=aws_secret_key,
token=aws_session_token)
mock_session = mock.MagicMock(get_credentials=mock.MagicMock(
return_value=credentials))
def _Session(profile_name):
if profile_name == 'missing_profile':
raise botocore_profile_not_found
return mock_session
boto3 = mock.MagicMock()
boto3.session.Session = mock.MagicMock(side_effect=_Session)
botocore = mock.MagicMock()
botocore.exceptions.ProfileNotFound = botocore_profile_not_found
return mock.MagicMock(botocore=botocore,
boto3=boto3,
session=mock_session,
credentials=credentials)
def test_vault_token_create_legacy_options(self, vault_token_create_lookup,
mock_authenticator,
minimal_vars, pass_thru_options,
legacy_option_translation,
token_create_response):
client = mock.MagicMock()
client.create_token.return_value = token_create_response
with mock.patch.object(vault_token_create_lookup,
'authenticator',
new=mock_authenticator):
with mock.patch.object(vault_token_create_lookup.helper,
'get_vault_client',
return_value=client):
result = vault_token_create_lookup.run(terms=[],
variables=minimal_vars,
orphan=True,
**pass_thru_options)
client.auth.token.create.assert_not_called()
client.create_token.assert_called_once()
assert result[0] == token_create_response, (
"lookup result did not match expected result:\nlookup: %r\nexpected: %r"
% (result, token_create_response))
if sys.version_info < (3, 8):
# TODO: remove when python < 3.8 is dropped
call_kwargs = client.create_token.call_args[1]
else:
call_kwargs = client.create_token.call_args.kwargs
for name, legacy in legacy_option_translation.items():
assert name not in call_kwargs, (
"'%s' was found in call to legacy method, should be '%s'"
% (name, legacy))
assert legacy in call_kwargs, (
"'%s' (from '%s') was not found in call to legacy method"
% (legacy, name))
assert call_kwargs[legacy] == pass_thru_options.get(
name
), ("Expected legacy param '%s' not found or value did not match:\nvalue: %r\nexpected: %r"
% (
legacy,
call_kwargs.get(legacy),
pass_thru_options.get(name),
))
def test_vault_token_create_legacy_fallback(
self, vault_token_create_lookup, mock_authenticator, minimal_vars,
pass_thru_options, token_create_response):
client = mock.MagicMock()
client.create_token.side_effect = AttributeError
client.auth.token.create.return_value = token_create_response
with mock.patch(
'ansible_collections.community.hashi_vault.plugins.lookup.vault_token_create.display.warning'
) as warning:
with mock.patch.object(vault_token_create_lookup,
'authenticator',
new=mock_authenticator):
with mock.patch.object(vault_token_create_lookup.helper,
'get_vault_client',
return_value=client):
result = vault_token_create_lookup.run(
terms=[],
variables=minimal_vars,
orphan=True,
**pass_thru_options)
warning.assert_called_once_with(
"'create_token' method was not found. Attempting method that requires root privileges."
)
client.auth.token.create.assert_called_once()
assert result[0] == token_create_response, (
"lookup result did not match expected result:\nlookup: %r\nexpected: %r"
% (result, token_create_response))
# we're retesting that expected options were passed, even though there's a separate test for that,
# to ensure that nothing in the original legacy attempt mutates the non-legacy options during fallback
if sys.version_info < (3, 8):
# TODO: remove when python < 3.8 is dropped
assert pass_thru_options.items(
) <= client.auth.token.create.call_args[1].items()
else:
assert pass_thru_options.items(
) <= client.auth.token.create.call_args.kwargs.items()
def deprecator():
return mock.MagicMock()
def warner():
return mock.MagicMock()
from __future__ import (absolute_import, division, print_function)
from _pytest.fixtures import fixture
from _pytest.python_api import raises
__metaclass__ = type
import os
import pytest
from ansible_collections.community.hashi_vault.tests.unit.compat import mock
try:
import hvac
except ImportError:
# python 2.6, which isn't supported anyway
hvac = mock.MagicMock()
from ansible_collections.community.hashi_vault.plugins.module_utils._auth_method_token import (
HashiVaultAuthMethodToken, )
from ansible_collections.community.hashi_vault.plugins.module_utils._hashi_vault_common import (
HashiVaultAuthMethodBase,
HashiVaultValueError,
)
@pytest.fixture
def option_dict():
return {
'auth_method': 'fake',
'token': None,
def mock_authenticator():
return mock.MagicMock(validate=lambda: True,
authenticate=lambda client: 'dummy')
def fake_auth_class(adapter):
return HashiVaultAuthMethodFake(adapter, mock.MagicMock())
