def setUp(self, version):
self.srvcVault = HashiCorpVaultSecretProvider(vaultServer="http://vaultServer",
vaultToken="someToken",
apiVersion=version)
self.master = fakemaster.make_master(testcase=self, wantData=True)
self._http = self.successResultOf(
fakehttpclientservice.HTTPClientService.getFakeService(
self.master, self, 'http://vaultServer', headers={'X-Vault-Token': "someToken"}))
self.srvcVault.setServiceParent(self.master)
self.successResultOf(self.master.startService())
def setUp(self, version):
self.setUpTestReactor()
self.srvcVault = HashiCorpVaultSecretProvider(
vaultServer="http://vaultServer",
vaultToken="someToken",
apiVersion=version)
self.master = fakemaster.make_master(self, wantData=True)
self._http = yield fakehttpclientservice.HTTPClientService.getService(
self.master,
self,
'http://vaultServer',
headers={'X-Vault-Token': "someToken"})
yield self.srvcVault.setServiceParent(self.master)
yield self.master.startService()
class TestSecretInVaultHttpFakeBase(ConfigErrorsMixin, unittest.TestCase):
def setUp(self, version):
self.srvcVault = HashiCorpVaultSecretProvider(vaultServer="http://vaultServer",
vaultToken="someToken",
apiVersion=version)
self.master = fakemaster.make_master(testcase=self, wantData=True)
self._http = self.successResultOf(
fakehttpclientservice.HTTPClientService.getFakeService(
self.master, self, 'http://vaultServer', headers={'X-Vault-Token': "someToken"}))
self.srvcVault.setServiceParent(self.master)
self.successResultOf(self.master.startService())
@defer.inlineCallbacks
def tearDown(self):
yield self.srvcVault.stopService()
def masterConfig(secret_specifier):
c = {}
from buildbot.config import BuilderConfig
from buildbot.process.factory import BuildFactory
from buildbot.plugins import schedulers
c['schedulers'] = [
schedulers.ForceScheduler(name="force", builderNames=["testy"])
]
# note that as of December 2018, the vault docker image default to kv
# version 2 to be enabled by default
c['secretsProviders'] = [
HashiCorpVaultSecretProvider(vaultToken='my_vaulttoken',
vaultServer="http://localhost:8200",
apiVersion=2)
]
f = BuildFactory()
f.addStep(
ShellCommand(
command=Interpolate('echo {} | base64'.format(secret_specifier))))
c['builders'] = [
BuilderConfig(name="testy", workernames=["local1"], factory=f)
]
return c
class TestSecretInVaultHttpFakeBase(ConfigErrorsMixin, unittest.TestCase):
def setUp(self, version):
self.srvcVault = HashiCorpVaultSecretProvider(vaultServer="http://vaultServer",
vaultToken="someToken",
apiVersion=version)
self.master = fakemaster.make_master(testcase=self, wantData=True)
self._http = self.successResultOf(
fakehttpclientservice.HTTPClientService.getFakeService(
self.master, self, 'http://vaultServer', headers={'X-Vault-Token': "someToken"}))
self.srvcVault.setServiceParent(self.master)
self.successResultOf(self.master.startService())
@defer.inlineCallbacks
def tearDown(self):
yield self.srvcVault.stopService()
def setUp(self):
self.srvcVault = HashiCorpVaultSecretProvider(vaultServer="http://vaultServer",
vaultToken="someToken")
self.master = fakemaster.make_master(testcase=self, wantData=True)
self._http = self.successResultOf(
fakehttpclientservice.HTTPClientService.getFakeService(
self.master, self, 'http://vaultServer', headers={'X-Vault-Token': "someToken"}))
self.srvcVault.setServiceParent(self.master)
self.successResultOf(self.master.startService())
class TestSecretInVaultHttpFakeBase(ConfigErrorsMixin, TestReactorMixin,
unittest.TestCase):
@defer.inlineCallbacks
def setUp(self, version):
warnings.simplefilter('ignore')
self.setup_test_reactor()
self.srvcVault = HashiCorpVaultSecretProvider(
vaultServer="http://vaultServer",
vaultToken="someToken",
apiVersion=version)
self.master = fakemaster.make_master(self, wantData=True)
self._http = yield fakehttpclientservice.HTTPClientService.getService(
self.master,
self,
'http://vaultServer',
headers={'X-Vault-Token': "someToken"})
yield self.srvcVault.setServiceParent(self.master)
yield self.master.startService()
@defer.inlineCallbacks
def tearDown(self):
yield self.srvcVault.stopService()
def masterConfig():
c = {}
from buildbot.config import BuilderConfig
from buildbot.process.factory import BuildFactory
from buildbot.plugins import schedulers
c['schedulers'] = [
schedulers.ForceScheduler(name="force", builderNames=["testy"])
]
c['secretsProviders'] = [
HashiCorpVaultSecretProvider(vaultToken='my_vaulttoken',
vaultServer="http://localhost:8200")
]
f = BuildFactory()
f.addStep(ShellCommand(command=[Interpolate('echo %(secret:key)s')]))
c['builders'] = [
BuilderConfig(name="testy", workernames=["local1"], factory=f)
]
return c
class TestSecretInVaultHttpFake(ConfigErrorsMixin, unittest.TestCase):
def setUp(self):
self.srvcVault = HashiCorpVaultSecretProvider(vaultServer="http://vaultServer",
vaultToken="someToken")
self.master = fakemaster.make_master(testcase=self, wantData=True)
self._http = self.successResultOf(
fakehttpclientservice.HTTPClientService.getFakeService(
self.master, self, 'http://vaultServer', headers={'X-Vault-Token': "someToken"}))
self.srvcVault.setServiceParent(self.master)
self.successResultOf(self.master.startService())
@defer.inlineCallbacks
def tearDown(self):
yield self.srvcVault.stopService()
@defer.inlineCallbacks
def testGetValue(self):
self._http.expect(method='get', ep='/v1/secret/value', params=None,
data=None, json=None, code=200,
content_json={"data": {"value": "value1"}})
value = yield self.srvcVault.get("value")
self.assertEqual(value, "value1")
@defer.inlineCallbacks
def testGetValueNotFound(self):
self._http.expect(method='get', ep='/v1/secret/value', params=None,
data=None, json=None, code=200,
content_json={"data": {"valueNotFound": "value1"}})
value = yield self.srvcVault.get("value")
self.assertEqual(value, None)
@defer.inlineCallbacks
def testGetError(self):
self._http.expect(method='get', ep='/v1/secret/valueNotFound', params=None,
data=None, json=None, code=404,
content_json={"data": {"valueNotFound": "value1"}})
yield self.assertFailure(self.srvcVault.get("valueNotFound"), KeyError)
def testCheckConfigSecretInVaultService(self):
self.assertEqual(self.srvcVault.name, "SecretInVault")
self.assertEqual(self.srvcVault.vaultServer, "http://vaultServer")
self.assertEqual(self.srvcVault.vaultToken, "someToken")
def testCheckConfigErrorSecretInVaultService(self):
self.assertRaisesConfigError("vaultServer must be a string while it is",
self.srvcVault.checkConfig)
def testCheckConfigErrorSecretInVaultServiceWrongServerAddress(self):
self.assertRaisesConfigError("vaultToken must be a string while it is",
lambda: self.srvcVault.checkConfig(vaultServer="serveraddr",))
@defer.inlineCallbacks
def testReconfigSecretInVaultService(self):
self._http = self.successResultOf(
fakehttpclientservice.HTTPClientService.getFakeService(
self.master, self, 'serveraddr', headers={'X-Vault-Token': "someToken"}))
yield self.srvcVault.reconfigService(vaultServer="serveraddr",
vaultToken="someToken")
self.assertEqual(self.srvcVault.vaultServer, "serveraddr")
self.assertEqual(self.srvcVault.vaultToken, "someToken")
class TestSecretInVaultHttpFake(ConfigErrorsMixin, unittest.TestCase):
def setUp(self):
self.srvcVault = HashiCorpVaultSecretProvider(
vaultServer="http://vaultServer", vaultToken="someToken")
self.master = fakemaster.make_master(testcase=self, wantData=True)
self._http = self.successResultOf(
fakehttpclientservice.HTTPClientService.getFakeService(
self.master,
self,
'http://vaultServer',
headers={'X-Vault-Token': "someToken"}))
self.srvcVault.setServiceParent(self.master)
self.successResultOf(self.master.startService())
@defer.inlineCallbacks
def tearDown(self):
yield self.srvcVault.stopService()
@defer.inlineCallbacks
def testGetValue(self):
self._http.expect(method='get',
ep='/v1/secret/value',
params=None,
data=None,
json=None,
code=200,
content_json={"data": {
"value": "value1"
}})
value = yield self.srvcVault.get("value")
self.assertEqual(value, "value1")
@defer.inlineCallbacks
def testGetValueNotFound(self):
self._http.expect(method='get',
ep='/v1/secret/value',
params=None,
data=None,
json=None,
code=200,
content_json={"data": {
"valueNotFound": "value1"
}})
value = yield self.srvcVault.get("value")
self.assertEqual(value, None)
@defer.inlineCallbacks
def testGetError(self):
self._http.expect(method='get',
ep='/v1/secret/valueNotFound',
params=None,
data=None,
json=None,
code=404,
content_json={"data": {
"valueNotFound": "value1"
}})
yield self.assertFailure(self.srvcVault.get("valueNotFound"), KeyError)
def testCheckConfigSecretInVaultService(self):
self.assertEqual(self.srvcVault.name, "SecretInVault")
self.assertEqual(self.srvcVault.vaultServer, "http://vaultServer")
self.assertEqual(self.srvcVault.vaultToken, "someToken")
def testCheckConfigErrorSecretInVaultService(self):
self.assertRaisesConfigError(
"vaultServer must be a string while it is",
self.srvcVault.checkConfig)
def testCheckConfigErrorSecretInVaultServiceWrongServerAddress(self):
self.assertRaisesConfigError(
"vaultToken must be a string while it is",
lambda: self.srvcVault.checkConfig(vaultServer="serveraddr", ))
@defer.inlineCallbacks
def testReconfigSecretInVaultService(self):
self._http = self.successResultOf(
fakehttpclientservice.HTTPClientService.getFakeService(
self.master,
self,
'serveraddr',
headers={'X-Vault-Token': "someToken"}))
yield self.srvcVault.reconfigService(vaultServer="serveraddr",
vaultToken="someToken")
self.assertEqual(self.srvcVault.vaultServer, "serveraddr")
self.assertEqual(self.srvcVault.vaultToken, "someToken")
