def test_get_variable_invokes_http_client_correctly(self, mock_http_client):
api = Api(url='http://localhost', login_id='mylogin', api_key='apikey')
def mock_auth():
return 'apitoken'
api.authenticate = mock_auth
api.get_variable('myvar')
self.verify_http_call(mock_http_client, HttpVerb.GET, ConjurEndpoint.SECRETS,
kind='variable',
identifier='myvar',
ssl_verify=True)
if not os.path.exists(token_file):
sleep(5)
continue
with open(token_file, 'r') as f:
api_token = f.read()
# if there is no token wait for 5 seconds and run new cycle
if api_token == '':
sleep(5)
continue
# Small hack
# We don't use Client here, because it requires login_id and
# tries to authenticate by itself (what already done by k8s
# authenticator)
# Instead, we use the API library directly
# But it also tries to authenticate by itself, so we put token
# inside _api_token variable, and renew api_token_expiration time
# to avoid unnecessary authentication
client = Api(url=url, account=account, ca_bundle=cert_path)
client._api_token = api_token
client.api_token_expiration = datetime.now() + timedelta(
minutes=client.API_TOKEN_DURATION)
for secret in secrets:
value = client.get_variable(secret)
with open(secrets[secret], 'w') as f:
f.write(value.decode("utf-8"))
print("Value %s has written" % secrets[secret])
sleep(timeout)