Esempio n. 1
0
    def test_list_roles(self, test_label, requests_mocker):
        expected_status_code = 200
        role_names = ['hvac']
        mock_response = {
            'data': {
                'roles': role_names,
            },
        }

        mock_url = 'http://localhost:8200/v1/{mount_point}/roles'.format(
            mount_point=DEFAULT_MOUNT_POINT, )
        requests_mocker.register_uri(
            method='LIST',
            url=mock_url,
            status_code=expected_status_code,
            json=mock_response,
        )
        azure = Azure(adapter=JSONAdapter())
        list_roles_response = azure.list_roles(mount_point=DEFAULT_MOUNT_POINT)
        logging.debug('list_roles_response: %s' % list_roles_response)

        self.assertEqual(
            first=mock_response['data'],
            second=list_roles_response,
        )
Esempio n. 2
0
    def test_create_or_update_role(self, test_label, azure_roles,
                                   requests_mocker):
        expected_status_code = 204
        role_name = 'hvac'
        if azure_roles is None:
            azure_roles = [
                {
                    'role_name': "Contributor",
                    'scope':
                    "/subscriptions/95e675fa-307a-455e-8cdf-0a66aeaa35ae",
                },
            ]

        mock_url = 'http://localhost:8200/v1/{mount_point}/roles/{name}'.format(
            mount_point=DEFAULT_MOUNT_POINT,
            name=role_name,
        )
        requests_mocker.register_uri(
            method='POST',
            url=mock_url,
            status_code=expected_status_code,
            # json=mock_response,
        )
        azure = Azure(adapter=JSONAdapter())
        create_or_update_role_response = azure.create_or_update_role(
            name=role_name,
            azure_roles=azure_roles,
            mount_point=DEFAULT_MOUNT_POINT)
        logging.debug('create_or_update_role_response: %s' %
                      create_or_update_role_response)

        self.assertEqual(
            first=expected_status_code,
            second=create_or_update_role_response.status_code,
        )
Esempio n. 3
0
    def test_generate_credentials(self, test_label, requests_mocker):
        expected_status_code = 200
        role_name = 'hvac'
        mock_response = {
            'data': {
                'client_id': 'some_client_id',
                'client_secret': 'some_client_secret',
            },
        }

        mock_url = 'http://localhost:8200/v1/{mount_point}/creds/{name}'.format(
            mount_point=DEFAULT_MOUNT_POINT,
            name=role_name,
        )
        requests_mocker.register_uri(
            method='GET',
            url=mock_url,
            status_code=expected_status_code,
            json=mock_response,
        )
        azure = Azure(adapter=JSONAdapter())
        generate_credentials_response = azure.generate_credentials(
            name=role_name, mount_point=DEFAULT_MOUNT_POINT)
        logging.debug('generate_credentials_response: %s' %
                      generate_credentials_response)

        self.assertEqual(
            first=mock_response['data'],
            second=generate_credentials_response,
        )
Esempio n. 4
0
    def test_read_configuration(self, test_label, mount_point,
                                requests_mocker):
        expected_status_code = 200
        mock_response = {
            'lease_id': '',
            'warnings': None,
            'wrap_info': None,
            'auth': None,
            'lease_duration': 0,
            'request_id': '18ecf194-aba2-ba99-ebb5-1b90e5e231c7',
            'data': {
                'type': 'duo'
            },
            'renewable': False
        }

        mock_url = 'http://localhost:8200/v1/auth/{mount_point}/mfa_config'.format(
            mount_point=mount_point, )
        requests_mocker.register_uri(
            method='GET',
            url=mock_url,
            status_code=expected_status_code,
            json=mock_response,
        )
        mfa = Mfa(adapter=JSONAdapter())
        response = mfa.read_configuration(mount_point=mount_point, )
        self.assertEqual(
            first=mock_response,
            second=response,
        )
Esempio n. 5
0
    def test_list_roles(self, test_label, mount_point, requests_mocker):
        expected_status_code = 200
        mock_response = {
            'auth': None,
            'data': {
                'keys': [
                    'testrole'
                ]
            },
            'lease_duration': 0,
            'lease_id': '',
            'renewable': False,
            'request_id': '860a11a8-b835-cbab-7fce-de4edc4cf533',
            'warnings': None,
            'wrap_info': None
        }
        mock_url = 'http://localhost:8200/v1/auth/{mount_point}/role'.format(
            mount_point=mount_point
        )
        requests_mocker.register_uri(
            method='LIST',
            url=mock_url,
            status_code=expected_status_code,
            json=mock_response,
        )

        app_role = AppRole(adapter=JSONAdapter())
        response = app_role.list_roles(
            mount_point=mount_point
        )

        self.assertEqual(
            first=mock_response,
            second=response
        )
Esempio n. 6
0
    def test_read_duo_behvaior_configuration(self, test_label, mount_point,
                                             requests_mocker):
        expected_status_code = 200
        mock_response = {
            'lease_id': '',
            'warnings': None,
            'wrap_info': None,
            'auth': None,
            'lease_duration': 0,
            'request_id': '7ea734e8-bbc4-e2de-2769-d052d6a320c6',
            'data': {
                'username_format': '%s',
                'push_info': '',
                'user_agent': ''
            },
            'renewable': False
        }

        mock_url = 'http://localhost:8200/v1/auth/{mount_point}/duo/config'.format(
            mount_point=mount_point, )
        requests_mocker.register_uri(
            method='GET',
            url=mock_url,
            status_code=expected_status_code,
            json=mock_response,
        )
        mfa = Mfa(adapter=JSONAdapter())
        response = mfa.read_duo_behavior_configuration(
            mount_point=mount_point, )
        self.assertEqual(
            first=mock_response,
            second=response,
        )
Esempio n. 7
0
 def test_list_groups(self, test_label, mount_point, requests_mocker):
     expected_status_code = 200
     mock_response = {
         'lease_id': '',
         'warnings': None,
         'wrap_info': None,
         'auth': None,
         'lease_duration': 0,
         'request_id': '89144def-b675-4c8a-590c-4f2ad4f1fae7',
         'data': {
             'keys': ['cats']
         },
         'renewable': False
     }
     mock_url = 'http://localhost:8200/v1/auth/{mount_point}/groups'.format(
         mount_point=mount_point, )
     requests_mocker.register_uri(
         method='LIST',
         url=mock_url,
         status_code=expected_status_code,
         json=mock_response,
     )
     ldap = Ldap(adapter=JSONAdapter())
     response = ldap.list_groups(mount_point=mount_point, )
     self.assertEqual(
         first=mock_response,
         second=response,
     )
Esempio n. 8
0
 def test_read_user(self, test_label, mount_point, requests_mocker):
     expected_status_code = 200
     username = '******'
     mock_response = {
         'lease_id': '',
         'warnings': None,
         'wrap_info': None,
         'auth': None,
         'lease_duration': 0,
         'request_id': 'c39914d5-70c1-b585-c6bd-ac8f0dcdf997',
         'data': {
             'policies': [],
             'groups': ''
         },
         'renewable': False
     }
     mock_url = 'http://localhost:8200/v1/auth/{mount_point}/users/{username}'.format(
         mount_point=mount_point,
         username=username,
     )
     requests_mocker.register_uri(
         method='GET',
         url=mock_url,
         status_code=expected_status_code,
         json=mock_response,
     )
     ldap = Ldap(adapter=JSONAdapter())
     response = ldap.read_user(
         mount_point=mount_point,
         username=username,
     )
     self.assertEqual(
         first=mock_response,
         second=response,
     )
Esempio n. 9
0
 def test_read_configuration(self, test_label, mount_point, requests_mocker):
     expected_status_code = 200
     mock_response = {
         'auth': None,
         'data': {
             'base_url': '',
             'max_ttl': 0,
             'organization': '',
             'ttl': 0
         },
         'lease_duration': 0,
         'lease_id': '',
         'renewable': False,
         'request_id': '860a11a8-b835-cbab-7fce-de4edc4cf533',
         'warnings': None,
         'wrap_info': None
     }
     mock_url = 'http://localhost:8200/v1/auth/{mount_point}/config'.format(
         mount_point=mount_point,
     )
     requests_mocker.register_uri(
         method='GET',
         url=mock_url,
         status_code=expected_status_code,
         json=mock_response,
     )
     github = Github(adapter=JSONAdapter())
     response = github.read_configuration(
         mount_point=mount_point,
     )
     self.assertEqual(
         first=mock_response,
         second=response,
     )
Esempio n. 10
0
    def test_destroy_secret_id(self, test_label, mount_point, requests_mocker):
        expected_status_code = 204
        role_name = 'testrole'
        secret_id = 'custom_secret'

        mock_url = 'http://localhost:8200/v1/auth/{mount_point}/role/{role_name}/secret-id/destroy'.format(
            mount_point=mount_point,
            role_name=role_name
        )
        requests_mocker.register_uri(
            method='POST',
            url=mock_url,
            status_code=expected_status_code,
        )

        app_role = AppRole(adapter=JSONAdapter())
        response = app_role.destroy_secret_id(
            role_name=role_name,
            secret_id=secret_id,
            mount_point=mount_point
        )

        self.assertEqual(
            first=expected_status_code,
            second=response.status_code
        )
Esempio n. 11
0
 def test_list_users(self, test_label, mount_point, requests_mocker):
     expected_status_code = 200
     mock_response = {
         'lease_id': '',
         'warnings': None,
         'wrap_info': None,
         'auth': None,
         'lease_duration': 0,
         'request_id': '0c34cc02-2f75-7deb-a531-33cf7434a729',
         'data': {
             'keys': ['somedude']
         },
         'renewable': False
     }
     mock_url = 'http://localhost:8200/v1/auth/{mount_point}/users'.format(
         mount_point=mount_point, )
     requests_mocker.register_uri(
         method='LIST',
         url=mock_url,
         status_code=expected_status_code,
         json=mock_response,
     )
     ldap = Ldap(adapter=JSONAdapter())
     response = ldap.list_users(mount_point=mount_point, )
     self.assertEqual(
         first=mock_response,
         second=response,
     )
Esempio n. 12
0
    def test_destroy_secret_id_accessor(self, test_label, mount_point, requests_mocker):
        expected_status_code = 204
        role_name = 'testrole'
        secret_id_accessor = '84896a0c-1347-aa90-a4f6-aca8b7558780'

        mock_url = 'http://localhost:8200/v1/auth/{mount_point}/role/{role_name}/secret-id-accessor/destroy'.format(
            mount_point=mount_point,
            role_name=role_name
        )
        requests_mocker.register_uri(
            method='POST',
            url=mock_url,
            status_code=expected_status_code,
        )

        app_role = AppRole(adapter=JSONAdapter())
        response = app_role.destroy_secret_id_accessor(
            role_name=role_name,
            secret_id_accessor=secret_id_accessor,
            mount_point=mount_point
        )

        self.assertEqual(
            first=expected_status_code,
            second=response.status_code
        )
Esempio n. 13
0
 def test_read_group(self, test_label, mount_point, requests_mocker):
     expected_status_code = 200
     group_name = 'hvac'
     mock_response = {
         'lease_id': '',
         'warnings': None,
         'wrap_info': None,
         'auth': None,
         'lease_duration': 0,
         'request_id': '448bc87c-e948-ac5f-907c-9b01fb9d26c6',
         'data': {
             'policies': []
         },
         'renewable': False
     }
     mock_url = 'http://localhost:8200/v1/auth/{mount_point}/groups/{name}'.format(
         mount_point=mount_point,
         name=group_name,
     )
     requests_mocker.register_uri(
         method='GET',
         url=mock_url,
         status_code=expected_status_code,
         json=mock_response,
     )
     ldap = Ldap(adapter=JSONAdapter())
     response = ldap.read_group(
         name=group_name,
         mount_point=mount_point,
     )
     self.assertEqual(
         first=mock_response,
         second=response,
     )
Esempio n. 14
0
 def test_read_team_mapping(self, test_label, mount_point, requests_mocker):
     expected_status_code = 200
     team_name = 'hvac'
     mock_response = {
         'auth': None,
         'data': {
             'key': 'SOME_TEAM',
             'value': 'some-team-policy'
         },
         'lease_duration': 0,
         'lease_id': '',
         'renewable': False,
         'request_id': '50346cc8-34e7-f2ea-f36a-fcb9d45c1676',
         'warnings': None,
         'wrap_info': None
     }
     mock_url = 'http://localhost:8200/v1/auth/{mount_point}/map/teams/{team_name}'.format(
         mount_point=mount_point,
         team_name=team_name,
     )
     requests_mocker.register_uri(
         method='GET',
         url=mock_url,
         status_code=expected_status_code,
         json=mock_response,
     )
     github = Github(adapter=JSONAdapter())
     response = github.read_team_mapping(
         team_name=team_name,
         mount_point=mount_point,
     )
     self.assertEqual(
         first=mock_response,
         second=response,
     )
Esempio n. 15
0
 def test_read_user_mapping(self, test_label, mount_point, requests_mocker):
     expected_status_code = 200
     user_name = 'hvac'
     mock_response = {
         'auth': None,
         'data': None,
         'lease_duration': 0,
         'lease_id': '',
         'renewable': False,
         'request_id': '71ec6e1b-6d4e-6374-ddc2-ff1cdd860e60',
         'warnings': None,
         'wrap_info': None
     }
     mock_url = 'http://localhost:8200/v1/auth/{mount_point}/map/users/{user_name}'.format(
         mount_point=mount_point,
         user_name=user_name,
     )
     requests_mocker.register_uri(
         method='GET',
         url=mock_url,
         status_code=expected_status_code,
         json=mock_response,
     )
     github = Github(adapter=JSONAdapter())
     response = github.read_user_mapping(
         user_name=user_name,
         mount_point=mount_point,
     )
     self.assertEqual(
         first=mock_response,
         second=response,
     )
Esempio n. 16
0
    def test_create_custom_secret_id(self, test_label, mount_point, raises, requests_mocker):
        expected_status_code = 200
        role_name = 'testrole'
        secret_id = 'custom_secret'

        mock_response = {
            'auth': None,
            'data': {
                'secret_id': secret_id,
                'secret_id_accessor': '84896a0c-1347-aa90-a4f6-aca8b7558780'
            },
            'lease_duration': 0,
            'lease_id': '',
            'renewable': False,
            'request_id': '860a11a8-b835-cbab-7fce-de4edc4cf533',
            'warnings': None,
            'wrap_info': None
        }
        mock_url = 'http://localhost:8200/v1/auth/{mount_point}/role/{role_name}/custom-secret-id'.format(
            mount_point=mount_point,
            role_name=role_name
        )
        requests_mocker.register_uri(
            method='POST',
            url=mock_url,
            status_code=expected_status_code,
            json=mock_response,
        )

        app_role = AppRole(adapter=JSONAdapter())

        if raises is not None:
            with self.assertRaises(raises) as cm:
                app_role.create_custom_secret_id(
                    role_name=role_name,
                    secret_id=secret_id,
                    cidr_list=['127.0.0.1/32'],
                    metadata="metadata string",
                    mount_point=mount_point
                )
            self.assertIn(
                member='unsupported metadata argument',
                container=str(cm.exception)
            )
        else:
            response = app_role.create_custom_secret_id(
                role_name=role_name,
                secret_id=secret_id,
                cidr_list=['127.0.0.1/32'],
                mount_point=mount_point
            )

            self.assertEqual(
                first=mock_response,
                second=response
            )
Esempio n. 17
0
 def test_login(self, label, test_params, raises, requests_mocker):
     test_policies = [
         "default",
     ]
     expected_status_code = 200
     mock_url = 'http://localhost:8200/v1/auth/{mount_point}/login/{username}'.format(
         mount_point=self.TEST_MOUNT_POINT,
         username=self.TEST_USERNAME,
     )
     mock_response = {
       "lease_id": "",
       "data": None,
       "warnings": None,
       "auth": {
         "client_token": "64d2a8f2-2a2f-5688-102b-e6088b76e344",
         "accessor": "18bb8f89-826a-56ee-c65b-1736dc5ea27d",
         "policies": ["default"],
         "metadata": {
           "username": self.TEST_USERNAME,
           "policies": "default"
         },
       },
       "lease_duration": 7200,
       "renewable": True,
     }
     requests_mocker.register_uri(
         method='POST',
         url=mock_url,
         status_code=expected_status_code,
         json=mock_response,
     )
     okta = Okta(adapter=JSONAdapter())
     if raises is not None:
         with self.assertRaises(raises):
             okta.login(
                 username=self.TEST_USERNAME,
                 password='******',
                 mount_point=self.TEST_MOUNT_POINT,
                 **test_params
             )
     else:
         login_response = okta.login(
                 username=self.TEST_USERNAME,
                 password='******',
                 mount_point=self.TEST_MOUNT_POINT,
                 **test_params
         )
         logging.debug('login_response: %s' % login_response)
         self.assertEqual(
             first=login_response['auth']['policies'],
             second=test_policies,
         )
Esempio n. 18
0
 def test_login(self, label, test_params, raises, requests_mocker):
     role_name = 'hvac'
     test_policies = [
         "default",
         "dev",
         "prod",
     ]
     expected_status_code = 200
     mock_url = 'http://localhost:8200/v1/auth/{mount_point}/login'.format(
         mount_point=self.TEST_MOUNT_POINT, )
     mock_response = {
         "auth": {
             "client_token": "38fe9691-e623-7238-f618-c94d4e7bc674",
             "accessor": "78e87a38-84ed-2692-538f-ca8b9f400ab3",
             "policies": test_policies,
             "metadata": {
                 "role": role_name,
                 "service_account_name": "vault-auth",
                 "service_account_namespace": "default",
                 "service_account_secret_name": "vault-auth-token-pd21c",
                 "service_account_uid":
                 "aa9aa8ff-98d0-11e7-9bb7-0800276d99bf"
             },
             "lease_duration": 2764800,
             "renewable": True,
         },
     }
     requests_mocker.register_uri(
         method='POST',
         url=mock_url,
         status_code=expected_status_code,
         json=mock_response,
     )
     kubernetes = Kubernetes(adapter=JSONAdapter())
     if raises is not None:
         with self.assertRaises(raises):
             kubernetes.login(role=role_name,
                              jwt='my-jwt',
                              mount_point=self.TEST_MOUNT_POINT,
                              **test_params)
     else:
         login_response = kubernetes.login(
             role=role_name,
             jwt='my-jwt',
             mount_point=self.TEST_MOUNT_POINT,
             **test_params)
         logging.debug('login_response: %s' % login_response)
         self.assertEqual(
             first=login_response['auth']['policies'],
             second=test_policies,
         )
Esempio n. 19
0
    def test_generate_credentials(self,
                                  test_label,
                                  role_name='hvac-test-role',
                                  mount_point=DEFAULT_MOUNT_POINT,
                                  endpoint='creds',
                                  raises=None,
                                  exception_msg=''):
        expected_status_code = 200
        mock_response = {
            "data": {
                "access_key": "AKIA...",
                "secret_key": "xlCs...",
                "security_token": None
            }
        }
        mock_url = 'http://localhost:8200/v1/{mount_point}/creds/{role_name}'.format(
            mount_point=mount_point,
            role_name=role_name,
        )
        logging.debug('Mocking URL: %s' % mock_url)
        aws = Aws(adapter=JSONAdapter())
        with requests_mock.mock() as requests_mocker:
            requests_mocker.register_uri(
                method='GET',
                url=mock_url,
                status_code=expected_status_code,
                json=mock_response,
            )

            if raises:
                with self.assertRaises(raises) as cm:
                    aws.generate_credentials(
                        name=role_name,
                        endpoint=endpoint,
                        mount_point=mount_point,
                    )
                self.assertIn(
                    member=exception_msg,
                    container=str(cm.exception),
                )
            else:
                gen_creds_response = aws.generate_credentials(
                    name=role_name,
                    endpoint=endpoint,
                    mount_point=mount_point,
                )
                logging.debug('gen_creds_response: %s' % gen_creds_response)
                self.assertEqual(
                    first=mock_response,
                    second=gen_creds_response,
                )
Esempio n. 20
0
    def test_read_role(self, test_label, mount_point, requests_mocker):
        expected_status_code = 200
        role_name = 'testrole'

        mock_response = {
            'auth': None,
            'data': {
                'bind_secret_id': True,
                'local_secret_ids': False,
                'secret_id_bound_cidrs': None,
                'secret_id_num_uses': 0,
                'secret_id_ttl': 0,
                'token_bound_cidrs': None,
                'token_explicit_max_ttl': 0,
                'token_max_ttl': 0,
                'token_no_default_poolicy': False,
                'token_num_uses': 0,
                'token_period': 14400,
                'token_policies': None,
                'token_ttl': 0,
                'token_type': "default"
            },
            'lease_duration': 0,
            'lease_id': '',
            'renewable': False,
            'request_id': '860a11a8-b835-cbab-7fce-de4edc4cf533',
            'warnings': None,
            'wrap_info': None
        }
        mock_url = 'http://localhost:8200/v1/auth/{mount_point}/role/{role_name}'.format(
            mount_point=mount_point,
            role_name=role_name
        )
        requests_mocker.register_uri(
            method='GET',
            url=mock_url,
            status_code=expected_status_code,
            json=mock_response,
        )

        app_role = AppRole(adapter=JSONAdapter())
        response = app_role.read_role(
            role_name="testrole",
            mount_point=mount_point
        )

        self.assertEqual(
            first=mock_response,
            second=response
        )
Esempio n. 21
0
 def test_configure(self, test_label, mount_point, requests_mocker):
     expected_status_code = 204
     mock_url = 'http://localhost:8200/v1/auth/{mount_point}/mfa_config'.format(
         mount_point=mount_point, )
     requests_mocker.register_uri(
         method='POST',
         url=mock_url,
         status_code=expected_status_code,
     )
     mfa = Mfa(adapter=JSONAdapter())
     response = mfa.configure(mount_point=mount_point, )
     self.assertEqual(
         first=expected_status_code,
         second=response.status_code,
     )
Esempio n. 22
0
 def test_login(self, label, test_params, raises, requests_mocker):
     role_name = 'hvac'
     test_policies = [
         "default",
         "dev",
         "prod",
     ]
     expected_status_code = 200
     mock_url = 'http://localhost:8200/v1/auth/{mount_point}/login'.format(
         mount_point=self.TEST_MOUNT_POINT,
     )
     mock_response = {
         "auth": {
             "client_token": "f33f8c72-924e-11f8-cb43-ac59d697597c",
             "accessor": "0e9e354a-520f-df04-6867-ee81cae3d42d",
             "policies": test_policies,
             "lease_duration": 2764800,
             "renewable": True,
         },
     }
     requests_mocker.register_uri(
         method='POST',
         url=mock_url,
         status_code=expected_status_code,
         json=mock_response,
     )
     azure = Azure(adapter=JSONAdapter())
     if raises is not None:
         with self.assertRaises(raises):
             azure.login(
                 role=role_name,
                 jwt='my-jwt',
                 mount_point=self.TEST_MOUNT_POINT,
                 **test_params
             )
     else:
         login_response = azure.login(
             role=role_name,
             jwt='my-jwt',
             mount_point=self.TEST_MOUNT_POINT,
             **test_params
         )
         logging.debug('login_response: %s' % login_response)
         self.assertEqual(
             first=login_response['auth']['policies'],
             second=test_policies,
         )
Esempio n. 23
0
 def test_read_configuration(self, test_label, mount_point,
                             requests_mocker):
     expected_status_code = 200
     mock_response = {
         'lease_id': '',
         'warnings': None,
         'wrap_info': None,
         'auth': None,
         'lease_duration': 0,
         'request_id': 'dd7c3635-8e1c-d454-7381-bf11970fe8de',
         'data': {
             'binddn': '',
             'certificate': '',
             'deny_null_bind': True,
             'starttls': False,
             'case_sensitive_names': False,
             'userattr': '',
             'insecure_tls': False,
             'userdn': '',
             'url': 'ldap://ldap.python-hvac.org',
             'groupfilter': '',
             'tls_max_version': 'tls12',
             'tls_min_version': 'tls12',
             'groupdn': '',
             'groupattr': '',
             'upndomain': '',
             'discoverdn': False
         },
         'renewable': False
     }
     mock_url = 'http://localhost:8200/v1/auth/{mount_point}/config'.format(
         mount_point=mount_point, )
     requests_mocker.register_uri(
         method='GET',
         url=mock_url,
         status_code=expected_status_code,
         json=mock_response,
     )
     ldap = Ldap(adapter=JSONAdapter())
     response = ldap.read_configuration(mount_point=mount_point, )
     self.assertEqual(
         first=mock_response,
         second=response,
     )
Esempio n. 24
0
    def test_login(self, test_label, mount_point, requests_mocker):
        expected_status_code = 200
        role_id = 'test_role_id'
        secret_id = 'custom_secret'

        mock_response = {
            'data': None,
            'auth': {
                'renewable': True,
                'lease_duration': 1200,
                'metadata': None,
                'token_policies': ['default'],
                'accessor': 'fd6c9a00-d2dc-3b11-0be5-af7ae0e1d374',
                'client_token': '5b1a0318-679c-9c45-e5c6-d1b9a9035d49'
            },
            'lease_duration': 0,
            'lease_id': '',
            'renewable': False,
            'request_id': '860a11a8-b835-cbab-7fce-de4edc4cf533',
            'warnings': None,
            'wrap_info': None
        }
        mock_url = 'http://localhost:8200/v1/auth/{mount_point}/login'.format(
            mount_point=mount_point,
        )
        requests_mocker.register_uri(
            method='POST',
            url=mock_url,
            status_code=expected_status_code,
            json=mock_response,
        )

        app_role = AppRole(adapter=JSONAdapter())
        response = app_role.login(
            role_id=role_id,
            secret_id=secret_id,
            mount_point=mount_point
        )

        self.assertEqual(
            first=mock_response,
            second=response
        )
Esempio n. 25
0
    def test_list_secret_id_accessors(self, test_label, mount_point, requests_mocker):
        expected_status_code = 200
        role_name = 'testrole'

        mock_response = {
            'auth': None,
            'data': {
                'keys': [
                    'ce102d2a-8253-c437-bf9a-aceed4241491',
                    'a1c8dee4-b869-e68d-3520-2040c1a0849a',
                    'be83b7e2-044c-7244-07e1-47560ca1c787',
                    '84896a0c-1347-aa90-a4f6-aca8b7558780',
                    '239b1328-6523-15e7-403a-a48038cdc45a'
                ]
            },
            'lease_duration': 0,
            'lease_id': '',
            'renewable': False,
            'request_id': '860a11a8-b835-cbab-7fce-de4edc4cf533',
            'warnings': None,
            'wrap_info': None
        }
        mock_url = 'http://localhost:8200/v1/auth/{mount_point}/role/{role_name}/secret-id'.format(
            mount_point=mount_point,
            role_name=role_name
        )
        requests_mocker.register_uri(
            method='LIST',
            url=mock_url,
            status_code=expected_status_code,
            json=mock_response,
        )

        app_role = AppRole(adapter=JSONAdapter())
        response = app_role.list_secret_id_accessors(
            role_name=role_name,
            mount_point=mount_point
        )

        self.assertEqual(
            first=mock_response,
            second=response
        )
Esempio n. 26
0
 def test_configure(self, test_label, mount_point, requests_mocker):
     expected_status_code = 204
     mock_url = 'http://localhost:8200/v1/auth/{mount_point}/config'.format(
         mount_point=mount_point, )
     requests_mocker.register_uri(
         method='POST',
         url=mock_url,
         status_code=expected_status_code,
     )
     ldap = Ldap(adapter=JSONAdapter())
     response = ldap.configure(
         user_dn='dc=users,cn=hvac,cn=network',
         group_dn='ou=groups,cn=hvac,cn=network',
         url='ldaps://ldap.python-hvac.org',
         mount_point=mount_point,
     )
     self.assertEqual(
         first=expected_status_code,
         second=response.status_code,
     )
Esempio n. 27
0
    def test_read_secret_id_accessor(self, test_label, mount_point, requests_mocker):
        expected_status_code = 200
        role_name = 'testrole'
        secret_id = 'custom_secret'
        secret_id_accessor = '84896a0c-1347-aa90-a4f6-aca8b7558780'

        mock_response = {
            'auth': None,
            'data': {
                'secret_id': secret_id,
                'secret_id_accessor': '84896a0c-1347-aa90-a4f6-aca8b7558780'
            },
            'lease_duration': 0,
            'lease_id': '',
            'renewable': False,
            'request_id': '860a11a8-b835-cbab-7fce-de4edc4cf533',
            'warnings': None,
            'wrap_info': None
        }
        mock_url = 'http://localhost:8200/v1/auth/{mount_point}/role/{role_name}/secret-id-accessor/lookup'.format(
            mount_point=mount_point,
            role_name=role_name
        )
        requests_mocker.register_uri(
            method='POST',
            url=mock_url,
            status_code=expected_status_code,
            json=mock_response,
        )

        app_role = AppRole(adapter=JSONAdapter())
        response = app_role.read_secret_id_accessor(
            role_name=role_name,
            secret_id_accessor=secret_id_accessor,
            mount_point=mount_point
        )

        self.assertEqual(
            first=mock_response,
            second=response
        )
Esempio n. 28
0
 def test_login(self, test_label, mount_point, requests_mocker):
     expected_status_code = 200
     username = '******'
     mock_response = {
         'lease_id': '',
         'warnings': None,
         'wrap_info': None,
         'auth': {
             'entity_id': '5bc030bc-2000-1176-aafb-82747ae9c874',
             'lease_duration': 2764800,
             'policies': ['default', 'test-ldap-policy'],
             'client_token': '5a01125e-d823-578e-86c8-049bea022b9e',
             'accessor': '71f512de-18ab-af6e-02f7-e37b3aa48780',
             'renewable': True,
             'metadata': {
                 'username': '******'
             }
         },
         'lease_duration': 0,
         'request_id': 'c7a85e6c-fb1f-1d97-83a1-63746cb65551',
         'data': {},
         'renewable': False
     }
     mock_url = 'http://localhost:8200/v1/auth/{mount_point}/login/{username}'.format(
         mount_point=mount_point,
         username=username,
     )
     requests_mocker.register_uri(
         method='POST',
         url=mock_url,
         status_code=expected_status_code,
         json=mock_response,
     )
     ldap = Ldap(adapter=JSONAdapter())
     response = ldap.login(mount_point=mount_point,
                           username=username,
                           password='******')
     self.assertEqual(
         first=mock_response,
         second=response,
     )
Esempio n. 29
0
 def test_login(self, test_label, mount_point, requests_mocker):
     mock_response = {
         'auth': {
             'accessor': 'f578d442-94ec-11e8-afe4-0af6a65f93f6',
             'client_token': 'edf5c2c0-94ec-11e8-afe4-0af6a65f93f6',
             'entity_id': 'f9268760-94ec-11e8-afe4-0af6a65f93f6',
             'lease_duration': 3600,
             'metadata': {'org': 'hvac', 'username': '******'},
             'policies': ['default', ],
             'renewable': True,
             'token_policies': ['default']
         },
         'data': None,
         'lease_duration': 0,
         'lease_id': '',
         'renewable': False,
         'request_id': '488cf309-2f81-cc04-51bf-c43063d309eb',
         'warnings': None,
         'wrap_info': None
     }
     mock_url = 'http://localhost:8200/v1/auth/{mount_point}/login'.format(
         mount_point=mount_point,
     )
     requests_mocker.register_uri(
         method='POST',
         url=mock_url,
         json=mock_response,
     )
     github = Github(adapter=JSONAdapter())
     response = github.login(
         token='valid-token',
         mount_point=mount_point,
     )
     self.assertEqual(
         first=mock_response,
         second=response,
     )
     self.assertEqual(
         first=mock_response['auth']['client_token'],
         second=github._adapter.token,
     )
Esempio n. 30
0
 def test_map_team(self, test_label, mount_point, requests_mocker):
     expected_status_code = 204
     team_name = 'hvac'
     mock_url = 'http://localhost:8200/v1/auth/{mount_point}/map/teams/{team_name}'.format(
         mount_point=mount_point,
         team_name=team_name,
     )
     requests_mocker.register_uri(
         method='POST',
         url=mock_url,
         status_code=expected_status_code,
     )
     github = Github(adapter=JSONAdapter())
     response = github.map_team(
         team_name=team_name,
         mount_point=mount_point,
     )
     self.assertEqual(
         first=expected_status_code,
         second=response.status_code,
     )