def test_delete_of_existing_secret_deletes_secret(self):
with ExistingAwsSecretTestFixture() as existing_secret:
secret = AwsSecret(name=existing_secret.name)
secret.delete()
secret = self.secrets_mgr.describe_secret(
SecretId=existing_secret.arn)
self.assertIn('DeletedDate', secret)
def test_custom_secret_name(self):
custom_named_secret = AwsSecret(
name="dcp/bogo_component/{}/custom-secret-name".format(
self.deployment_env))
custom_named_secret.update('{"secret1":"custom"}')
class BogoComponentCustomConfig(Config):
def __init__(self, *args, **kwargs):
# kwargs['secret_name'] = 'custom-secret-name'
super(BogoComponentCustomConfig,
self).__init__('bogo_component',
secret_name='custom-secret-name',
**kwargs)
config = BogoComponentCustomConfig(deployment=self.deployment_env,
source='aws')
self.assertEqual('custom', config.secret1)
custom_named_secret.delete()
def test_delete_of_unknown_secret_raises_exception(self):
secret = AwsSecret(name=self.UNKNOWN_SECRET)
with self.assertRaises(RuntimeError):
secret.delete()
def test_value_of_existing_deleted_secret_raises_exception(self):
with ExistingAwsSecretTestFixture() as existing_secret:
secret = AwsSecret(name=existing_secret.name)
secret.delete()
with self.assertRaisesRegex(RuntimeError, 'deleted'):
x = secret.value # noqa
class TestConfig(unittest.TestCase):
@classmethod
def setUpClass(cls):
# AwsSecret.debug_logging = True
# To reduce eventual consistency issues, get everyone using the same Secrets Manager session
cls.secrets_mgr = boto3.client("secretsmanager")
cls.patcher = patch('dcplib.aws_secret.boto3.client')
boto3_client = cls.patcher.start()
boto3_client.return_value = cls.secrets_mgr
@classmethod
def tearDownClass(cls):
AwsSecret.debug_logging = False
cls.patcher.stop()
def setUp(self):
self.deployment_env = "bogo_env_{}".format(uuid.uuid4())
self.aws_secret = AwsSecret(
name="dcp/bogo_component/{}/secrets".format(self.deployment_env))
self.aws_secret.update('{"secret1":"secret1_from_cloud"}')
BogoComponentConfig.reset()
def tearDown(self):
self.aws_secret.delete()
def test_from_file(self):
with EnvironmentSetup(
{'CONFIG_SOURCE': fixture_file_path('config.js')}):
config = BogoComponentConfig(deployment=self.deployment_env)
self.assertEqual('value_from_file', config.secret1)
def test_from_aws(self):
with EnvironmentSetup({'CONFIG_SOURCE': None}):
config = BogoComponentConfig(deployment=self.deployment_env,
source='aws')
self.assertEqual('secret1_from_cloud', config.secret1)
def test_custom_secret_name(self):
custom_named_secret = AwsSecret(
name="dcp/bogo_component/{}/custom-secret-name".format(
self.deployment_env))
custom_named_secret.update('{"secret1":"custom"}')
class BogoComponentCustomConfig(Config):
def __init__(self, *args, **kwargs):
# kwargs['secret_name'] = 'custom-secret-name'
super(BogoComponentCustomConfig,
self).__init__('bogo_component',
secret_name='custom-secret-name',
**kwargs)
config = BogoComponentCustomConfig(deployment=self.deployment_env,
source='aws')
self.assertEqual('custom', config.secret1)
custom_named_secret.delete()
@patch('dcplib.config.AwsSecret')
def test_singletonness(self, mock_AwsSecret):
value_mock = PropertyMock(return_value='{"secret2": "foo"}')
type(mock_AwsSecret()).value = value_mock
config1 = BogoComponentConfig(deployment=self.deployment_env,
source='aws')
self.assertEqual('foo', config1.secret2)
config2 = BogoComponentConfig(deployment=self.deployment_env,
source='aws')
self.assertEqual('foo', config2.secret2)
value_mock.assert_called_once()
# TRUTH TABLE
# ITEM IS IN CONFIG | ITEM IS IN ENV | use_env IS SET | RESULT
# no | no | no | exception
# no | no | yes | exception
# no | yes | no | exception
# no | yes | yes | return env value
# yes | no | no | return config value
# yes | no | yes | return config value
# yes | yes | no | return config value
# yes | yes | no | return config value
# yes | yes | yes | return env value
def test_when_item_is_not_in_config_not_in_env_we_raise(self):
with EnvironmentSetup({
'CONFIG_SOURCE': None,
}):
with self.assertRaises(RuntimeError):
config = BogoComponentConfig(deployment=self.deployment_env)
print(config.secret_that_we_never_put_into_config)
def test_when_item_is_not_in_config_but_is_in_env_and_use_env_is_not_set_we_raise(
self):
self.aws_secret.update('{}')
with EnvironmentSetup({
'CONFIG_SOURCE': None,
'SECRET1': 'secret1_from_env'
}):
with self.assertRaises(RuntimeError):
config = BogoComponentConfig(deployment=self.deployment_env)
print(config.secret1)
def test_when_item_is_not_in_config_but_is_in_env_and_use_env_is_set_we_use_env(
self):
self.aws_secret.update('{}')
BogoComponentConfig.use_env = True
with EnvironmentSetup({
'CONFIG_SOURCE': None,
'SECRET1': 'secret1_from_env'
}):
config = BogoComponentConfig(deployment=self.deployment_env)
self.assertEqual('secret1_from_env', config.secret1)
@unittest.skip("flaky test")
def test_when_item_is_in_config_but_not_in_env_and_use_env_is_not_set_we_use_config(
self):
with EnvironmentSetup({
'CONFIG_SOURCE': None,
}):
config = BogoComponentConfig(deployment=self.deployment_env)
self.assertEqual('secret1_from_cloud', config.secret1)
def test_when_item_is_in_config_but_not_in_env_and_use_env_is_set_we_use_config(
self):
BogoComponentConfig.use_env = True
with EnvironmentSetup({
'CONFIG_SOURCE': None,
'SECRET1': 'secret1_from_env'
}):
config = BogoComponentConfig(deployment=self.deployment_env)
self.assertEqual('secret1_from_env', config.secret1)
def test_when_item_is_in_config_and_is_in_env_and_use_env_is_set_we_use_env(
self):
BogoComponentConfig.use_env = True
with EnvironmentSetup({
'CONFIG_SOURCE': None,
'SECRET1': 'secret1_from_env'
}):
config = BogoComponentConfig(deployment=self.deployment_env)
self.assertEqual('secret1_from_env', config.secret1)