def test_auth_from_file(mock_auto_auth):
"""
Tests that auth_from_file calls auto_auth
"""
client = VaultAnyConfig()
client.auth_from_file("test.json")
mock_auto_auth.assert_called_once_with("test.json", ac_parser=None)
def configure(config_file, vault_config, vault_creds):
"""
Loads the configuration of the Slackbot
Args:
config_file: filename for the bot configuration file
vault_config: filename for the vault client configuration file
vault_creds: filename for the vault credentials file
"""
global config # pylint: disable=invalid-name
config_client = VaultAnyConfig(vault_config)
config_client.auth_from_file(vault_creds)
config = config_client.load(config_file)["ebr-trackerbot"]
log_level = logging.getLevelName(config.get("log_level", "ERROR"))
logging.basicConfig(level=log_level,
format="[%(asctime)s] [%(levelname)s] %(message)s",
datefmt="%Y-%m-%d %H:%M:%S")
if "api_url" not in config:
raise RuntimeError("Missing api url in configuration.")
if "slack_token" not in config:
raise RuntimeError("Missing Slack Token in configuration.")
default_slack_message_template = "Test *{{test}}* failed *{{count}}* in the last {{period}}\n"
config.setdefault("slack_message_template", default_slack_message_template)
config.setdefault("init_channel", "#test-slackbot")
config.setdefault("check_tests_delay", 86400) # in seconds, 86400 = 1 day
def test_auth_with_already_authenticated_and_passthrough(
mock_is_authenticated):
"""
Tests that the auto_auth will simply be bypassed when using an instance with passthrough set and the client is already authenticated
"""
mock_is_authenticated.return_value = True
client = VaultAnyConfig()
assert client.auto_auth("config.json")
def test_detect_kv_v2(contents, secret_key, gen_vault_response_kv1,
gen_vault_response_kv2):
"""
Tests that kv2 is detected correctly
"""
read_response_v1 = gen_vault_response_kv1(contents, secret_key)
read_response_v2 = gen_vault_response_kv2(contents, secret_key)
assert VaultAnyConfig._VaultAnyConfig__is_key_value_v2(read_response_v2)
assert not VaultAnyConfig._VaultAnyConfig__is_key_value_v2(
read_response_v1)
def test_load_no_vault_with_secrets(mock_load, gen_input_config):
"""
Basic test of the load function
"""
mock_load.return_value = gen_input_config()
input_config_edited = gen_input_config()
del input_config_edited["vault_secrets"]
client = VaultAnyConfig()
with pytest.warns(UserWarning):
assert client.load("in.json") == input_config_edited
mock_load.assert_called_with("in.json")
def test_dump_passthrough(
mock_hvac_client_read,
mock_dump,
mock_open_handle,
mock_chmod,
localhost_client,
gen_input_config,
gen_processed_config,
gen_vault_response_kv1,
file_path,
file_path_normalized,
file_contents,
secret_path,
):
"""
Tests a warning is thrown where there are files specified but the passthrough flag is set.
"""
mock_hvac_client_read.return_value = gen_vault_response_kv1()
with warns(UserWarning):
VaultAnyConfig().dump(gen_input_config(),
"out.json",
process_secret_files=True)
mock_dump.assert_called_once_with(gen_input_config(), "out.json")
mock_hvac_client_read.assert_not_called()
mock_open_handle.assert_not_called()
mock_chmod.assert_not_called()
def test_init_no_file(mock_hvac_client):
"""
Tests the init function without a config file (i.e. filling the parameters directly)
"""
client = VaultAnyConfig(url="http://localhost")
assert not client.pass_through_flag
mock_hvac_client.assert_called_with(url="http://localhost")
def test_init_passthrough_no_vault_config_section(mock_load):
"""
Tests that with a vault configuration where there is no vault_config section, the passthrough flag is set
"""
mock_load.return_value = {}
client = VaultAnyConfig(vault_config_in="test:\n", ac_parser="test_parser")
assert client.pass_through_flag
mock_load.assert_called_with("test:\n", ac_parser="test_parser")
def test_init_passthrough(mock_load, gen_vault_config):
"""
Tests that with a vault configuration where the vault_config section is empty, the passthrough flag is set
"""
mock_load.return_value = gen_vault_config(empty=True)
client = VaultAnyConfig(vault_config_in="test\n", ac_parser="test_parser")
assert client.pass_through_flag
mock_load.assert_called_with("test\n", ac_parser="test_parser")
def test_init_passthrough_file_no_vault_config_section(mock_load):
"""
Tests that with a vault configuration file where there is no vault_config section, the passthrough flag is set
"""
mock_load.return_value = {}
client = VaultAnyConfig(vault_config_file="config.json")
assert client.pass_through_flag
mock_load.assert_called_with("config.json")
def test_init_passthrough_file(mock_load, mock_isfile):
"""
Tests that with a vault configuration file where there is no vault_config section, the passthrough flag is set
"""
mock_isfile.return_value = True
mock_load.return_value = {}
client = VaultAnyConfig(vault_config_in="config.json")
assert client.pass_through_flag
mock_load.assert_called_with("config.json", ac_parser=None)
def test_init_with_file(mock_hvac_client, mock_load, gen_vault_config):
"""
Tests the init function with an init file
"""
mock_load.return_value = gen_vault_config()
client = VaultAnyConfig(vault_config_file="config.json")
assert not client.pass_through_flag
mock_load.assert_called_with("config.json")
mock_hvac_client.assert_called_with(url="http://localhost")
def test_init_passthrough_test_both_vault_config_in_and_vault_config_file(
mock_load):
"""
Tests that with a vault configuration in which both the vault_config_in and vault_config_file are set the vault_config_in parameter takes precedence.
"""
mock_load.return_value = {}
client = VaultAnyConfig(vault_config_in="test:\n",
vault_config_file="config.json",
ac_parser="test_parser")
assert client.pass_through_flag
mock_load.assert_called_with("test:\n", ac_parser="test_parser")
def __init__(self,
config,
vault_config,
vault_creds,
config_format=None,
load_certs=False):
"""
Args:
config{str} -- [File path to configuration or a string containing the configuration] (default: {'config.yaml'})
vault_config {str} -- [File path to configuration or a string containing the configuration] (default: {'vault.yaml'})
vault_creds {str} -- [File path to configuration or a string containing the configuration](default: {'vault.yaml'})
load_certs {bool} -- Automatically load certificate and key files during configuration (default: {False})
config_format {str} -- Specifies the parser to use when reading the configuration, only needed if reading a string. See the ac_parser option
in python-anyconfig for available formats. Common ones are `json` and `yaml`.
"""
config_client = VaultAnyConfig(vault_config, ac_parser=config_format)
config_client.auto_auth(vault_creds, ac_parser=config_format)
if os.path.isfile(config):
self.config = config_client.load(config,
process_secret_files=load_certs)
else:
self.config = config_client.loads(config,
process_secret_files=load_certs,
ac_parser=config_format)
# Elastic Search
elastic_config = self.config["elastic"]
self.connect_elastic(elastic_config)
self.ES_INDEX = elastic_config["index"]
def main():
"""
Main entrypoint
"""
args = parse_args(sys.argv[1:])
client = VaultAnyConfig(vault_config_in=args.vault_config)
client.auto_auth(args.vault_creds)
config = client.load(args.in_file, process_secret_files=args.secret_files_write, ac_parser=args.file_type)
client.dump(config, args.out_file, process_secret_files=args.secret_files_write, ac_parser=args.file_type)
def test_init_string(mock_hvac, parser_dump_function, parser_name):
"""
Tests that using a string to initialize the client will work
"""
test_config = {
"vault_config": {
"test_value": 1,
"test_value2": "value2"
},
"extra_stuff": "test_me"
}
VaultAnyConfig(vault_config_in=parser_dump_function(test_config),
ac_parser=parser_name)
mock_hvac.assert_called_once_with(test_value=1, test_value2="value2")
def test_auto_auth(mock_auth_approle, mock_is_authenticated,
parser_dump_function, parser_name):
"""
Tests that string inputs to auto_auth will be correctly parsed
"""
creds = {
"vault_creds": {
"auth_method": "approle",
"role_id": "test_jim_bob",
"secret_id": "test_123password"
}
}
mock_is_authenticated.return_value = False
VaultAnyConfig(url="http://localhost").auto_auth(
parser_dump_function(creds), ac_parser=parser_name)
mock_auth_approle.assert_called_with(
role_id=creds["vault_creds"]["role_id"],
secret_id=creds["vault_creds"]["secret_id"])
mock_is_authenticated.assert_called_with()
def test_init_passthrough_args(gen_vault_config):
"""
Tests that with an empty argument set, the passthrough flag is set
"""
client = VaultAnyConfig(**gen_vault_config(empty=True)["vault_config"])
assert client.pass_through_flag
def localhost_client(mock_hvac_client):
"""
Configures a mock instance of the HVAC client
"""
return VaultAnyConfig(url="http://localhost")
def test_auth_with_passthrough():
"""
Tests that the auto_auth will simply be bypassed when using an instance with passthrough
"""
client = VaultAnyConfig()
assert client.auto_auth("config.json")