def test_unlimited_use_token_no_decrement(json_success, cache_unlimited): """ Given unlimited-use token, function should succeed not del cache or decrement """ mock = _mock_json_response(json_success) expected_headers = { "X-Vault-Token": "test", "Content-Type": "application/json" } with patch.object(vault, "get_cache") as mock_get_cache: mock_get_cache.return_value = cache_unlimited with patch("requests.request", mock): with patch.object(vault, "del_cache") as mock_del_cache: with patch.object(vault, "write_cache") as mock_write_cache: vault_return = vault.make_request("/secret/my/secret", "key") mock.assert_called_with( "/secret/my/secret", "http://127.0.0.1:8200/key", headers=expected_headers, verify=ANY, ) assert ( not mock_del_cache.called ), "del cache should not be called for unlimited use token" assert ( not mock_write_cache.called ), "write cache should not be called for unlimited use token" assert vault_return.json() == json_success assert mock.call_count == 1
def test_multi_use_token_last_use(json_success, cache_uses_last): """ Given last use of multi-use token, function should succeed and flush token cache """ mock = _mock_json_response(json_success) expected_headers = { "X-Vault-Token": "test", "Content-Type": "application/json" } with patch.object(vault, "get_cache") as mock_get_cache: mock_get_cache.return_value = cache_uses_last with patch("requests.request", mock): with patch.object(vault, "del_cache") as mock_del_cache: with patch.object(vault, "write_cache") as mock_write_cache: vault_return = vault.make_request("/secret/my/secret", "key") mock.assert_called_with( "/secret/my/secret", "http://127.0.0.1:8200/key", headers=expected_headers, verify=ANY, ) mock_del_cache.assert_called() assert vault_return.json() == json_success assert mock.call_count == 1
def test_multi_use_token_successful_run(json_success, cache_uses): """ Given multi-use token, function should get secret and decrement token """ expected_cache_write = { "url": "http://127.0.0.1:8200", "token": "test", "verify": None, "namespace": None, "uses": 9, "lease_duration": 100, "issued": 3000, "unlimited_use_token": False, } mock = _mock_json_response(json_success) expected_headers = { "X-Vault-Token": "test", "Content-Type": "application/json" } with patch.object(vault, "get_cache") as mock_get_cache: mock_get_cache.return_value = copy(cache_uses) with patch("requests.request", mock): with patch.object(vault, "del_cache") as mock_del_cache: with patch.object(vault, "write_cache") as mock_write_cache: vault_return = vault.make_request("/secret/my/secret", "key") mock.assert_called_with( "/secret/my/secret", "http://127.0.0.1:8200/key", headers=expected_headers, verify=ANY, ) mock_write_cache.assert_called_with(expected_cache_write) assert vault_return.json() == json_success assert mock.call_count == 1
def test_make_request_single_use_token_run_auth_error(json_denied, cache_single): """ Given single use token in __context__ and login error, function should request token and re-run """ # Disable logging because simulated http failures are logged as errors logging.disable(logging.CRITICAL) mock = _mock_json_response(json_denied, status_code=400) supplied_context = {"vault_token": cache_single} expected_headers = { "X-Vault-Token": "test", "Content-Type": "application/json" } with patch.dict(vault.__context__, supplied_context): with patch("requests.request", mock): with patch.object(vault, "del_cache") as mock_del_cache: vault_return = vault.make_request("/secret/my/secret", "key") assert vault.__context__ == {} mock.assert_called_with( "/secret/my/secret", "http://127.0.0.1:8200/key", headers=expected_headers, verify=ANY, ) assert vault_return.json() == json_denied mock_del_cache.assert_called() assert mock.call_count == 2 logging.disable(logging.NOTSET)
def test_make_request_single_use_token_run_ok(self): """ Given single use token in __context__, function should run successful secret lookup with no other modifications """ mock = self._mock_json_response(self.json_success) supplied_context = {"vault_token": copy(self.cache_single)} expected_headers = {"X-Vault-Token": "test", "Content-Type": "application/json"} with patch.dict(vault.__context__, supplied_context): with patch("requests.request", mock): vault_return = vault.make_request("/secret/my/secret", "key") self.assertEqual(vault.__context__, {}) mock.assert_called_with( "/secret/my/secret", "http://127.0.0.1:8200/key", headers=expected_headers, verify=ANY, ) self.assertEqual(vault_return.json(), self.json_success)
def test_request_with_namespace(json_success, cache_single_namespace): """ Test request with namespace configured """ mock = _mock_json_response(json_success) expected_headers = { "X-Vault-Token": "test", "X-Vault-Namespace": "test_namespace", "Content-Type": "application/json", } supplied_config = {"namespace": "test_namespace"} supplied_context = {"vault_token": copy(cache_single_namespace)} with patch.dict(vault.__context__, supplied_context): with patch.dict(vault.__opts__["vault"], supplied_config): with patch("requests.request", mock): vault_return = vault.make_request("/secret/my/secret", "key") mock.assert_called_with( "/secret/my/secret", "http://127.0.0.1:8200/key", headers=expected_headers, verify=ANY, ) assert vault_return.json() == json_success